title: Detect Activity to Known Malicious Indicator - http://185.244.182.35/arm7 id: auto-315af08c1510824f8fe9b674677f9c4c324f7ce35b69aa12e09a06a0fc346eb5 status: experimental description: Detects traffic or activity related to http://185.244.182.35/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.244.182.35/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://libss.0x504.com/linux_mips64el id: auto-c5a8ff662e7ae00fc8e2a2e742bda9b84a3f2416f1248560891fcaa523da12a8 status: experimental description: Detects traffic or activity related to http://libss.0x504.com/linux_mips64el which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://libss.0x504.com/linux_mips64el*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://libss.0x504.com/linux_arm6 id: auto-42305020c8adfee394f8132c26b39fe1d98ff955484e349e2307e98600a504f9 status: experimental description: Detects traffic or activity related to http://libss.0x504.com/linux_arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://libss.0x504.com/linux_arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://libss.0x504.com/linux_ppc64 id: auto-7ef5e087cea1476d940d50270ccecde30d581a424f2fab8a3e5ef34ebf3de463 status: experimental description: Detects traffic or activity related to http://libss.0x504.com/linux_ppc64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://libss.0x504.com/linux_ppc64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://libss.0x504.com/linux_ppc64el id: auto-1ccaf56732b83269d07db13349eaeee15cf2ad301417740ec3f452d9606b1def status: experimental description: Detects traffic or activity related to http://libss.0x504.com/linux_ppc64el which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://libss.0x504.com/linux_ppc64el*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://libss.0x504.com/linux_arm5 id: auto-a38c751d013bbc3aa9ddc58c6636f41f91ad1ca4f9f1d9fc1da3c5a037c4d514 status: experimental description: Detects traffic or activity related to http://libss.0x504.com/linux_arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://libss.0x504.com/linux_arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://libss.0x504.com/linux_mips_softfloat id: auto-c234d5dea5667783e5078948189c0ce55ba769bf459806e18706315458791717 status: experimental description: Detects traffic or activity related to http://libss.0x504.com/linux_mips_softfloat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://libss.0x504.com/linux_mips_softfloat*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://libss.0x504.com/linux_mips64 id: auto-d3d56ea4901a75f61625263a6318e1347ecf382d41422e7cfcf124fee9770936 status: experimental description: Detects traffic or activity related to http://libss.0x504.com/linux_mips64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://libss.0x504.com/linux_mips64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://libss.0x504.com/linux_aarch64 id: auto-5274895d194bba59d9e9633fc7ea342f744d0c9f3715bc307a67a729d75327dd status: experimental description: Detects traffic or activity related to http://libss.0x504.com/linux_aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://libss.0x504.com/linux_aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://libss.0x504.com/linux_amd64 id: auto-0baafc76b7836af3d378dbea82397b9dee8b3432065734532c469d4cac4bb5e8 status: experimental description: Detects traffic or activity related to http://libss.0x504.com/linux_amd64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://libss.0x504.com/linux_amd64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://libss.0x504.com/linux_mipsel_softfloat id: auto-30ecfb037e78004b009c2e9d0ff41b05fe4748a9b0f4234689b9b0e598beda88 status: experimental description: Detects traffic or activity related to http://libss.0x504.com/linux_mipsel_softfloat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://libss.0x504.com/linux_mipsel_softfloat*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://libss.0x504.com/linux_386 id: auto-1ab19ce57b5be28881e056bad4a734b8974ad926c4453a1011399aa3ae773b5e status: experimental description: Detects traffic or activity related to http://libss.0x504.com/linux_386 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://libss.0x504.com/linux_386*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://libss.0x504.com/linux_mipsel_hardfloat id: auto-e0dc9dbdc08971ebefc1c52fe4b10de811c747db1cf2167c293084b506a1db41 status: experimental description: Detects traffic or activity related to http://libss.0x504.com/linux_mipsel_hardfloat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://libss.0x504.com/linux_mipsel_hardfloat*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://libss.0x504.com/linux_mips_hardfloat id: auto-9355ad813bf3e2d63b0c934dabf31f9e16bcd00fd5ccb49b0d6b6f80d4cd27bf status: experimental description: Detects traffic or activity related to http://libss.0x504.com/linux_mips_hardfloat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://libss.0x504.com/linux_mips_hardfloat*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://libss.0x504.com/linux_arm7 id: auto-d426aac288e27cd21984e728b98cc5143f201309a3a6a26eb567d25e8efca856 status: experimental description: Detects traffic or activity related to http://libss.0x504.com/linux_arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://libss.0x504.com/linux_arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://libss.0x504.com/cccc.sh id: auto-9aea25e7a0b881b3bc207584cdd679d5869e2021efcff156d6acbb1995e55628 status: experimental description: Detects traffic or activity related to http://libss.0x504.com/cccc.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://libss.0x504.com/cccc.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://raw.flameblox.com/nuclear.x86_64 id: auto-ba625309bec197c813f43105f800a39db6ca0e36d777098df12522d34b9927fe status: experimental description: Detects traffic or activity related to http://raw.flameblox.com/nuclear.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://raw.flameblox.com/nuclear.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://raw.flameblox.com/nuclear.arm7 id: auto-15a309c2d8288c49b645c95e0328c04ca4c2adc98cfbd6f9f5cc81cd2ebf8f44 status: experimental description: Detects traffic or activity related to http://raw.flameblox.com/nuclear.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://raw.flameblox.com/nuclear.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://raw.flameblox.com/nuclear.ppc id: auto-c1ba98390683604b0c7b9e60734e9f75b5928d9704da6d0fc9d0ce7a254c2aa7 status: experimental description: Detects traffic or activity related to http://raw.flameblox.com/nuclear.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://raw.flameblox.com/nuclear.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://raw.flameblox.com/nuclear.mips id: auto-8ba64696dad6371f32d94e52cc3e7c66cdba629c1640bbfa588e0bda76e2876e status: experimental description: Detects traffic or activity related to http://raw.flameblox.com/nuclear.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://raw.flameblox.com/nuclear.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://raw.flameblox.com/nuclear.mpsl id: auto-d0ccd1cd679ed6c85f1a37b88cb2fa3efeb7dedae2325a0d852467b4697fffc1 status: experimental description: Detects traffic or activity related to http://raw.flameblox.com/nuclear.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://raw.flameblox.com/nuclear.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://raw.flameblox.com/nuclear.arc id: auto-cfd2e7a8fe27e4795b9982e408328ff6b617b492d5272d766f46c5d24504ce7d status: experimental description: Detects traffic or activity related to http://raw.flameblox.com/nuclear.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://raw.flameblox.com/nuclear.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://raw.flameblox.com/nuclear.spc id: auto-fbd9ca0523b22cd1c8f702eedcad0bbb8b7e41bb4dae72e0a992e1104660d15f status: experimental description: Detects traffic or activity related to http://raw.flameblox.com/nuclear.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://raw.flameblox.com/nuclear.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://raw.flameblox.com/nuclear.m68k id: auto-0504b3dcd73a3e0c3b3511309c07ee98f4941ecf50dfa910da42d451a204b703 status: experimental description: Detects traffic or activity related to http://raw.flameblox.com/nuclear.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://raw.flameblox.com/nuclear.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://raw.flameblox.com/nuclear.i686 id: auto-b1ec10457dc4c5349612e6cf99d91d09a3e486d025c7f6d972e56c834370bfb9 status: experimental description: Detects traffic or activity related to http://raw.flameblox.com/nuclear.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://raw.flameblox.com/nuclear.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://raw.flameblox.com/nuclear.arm id: auto-0e1178f23f19b926fb59f0ae1b0648609c69843354cdfd68ab9e9172b726689d status: experimental description: Detects traffic or activity related to http://raw.flameblox.com/nuclear.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://raw.flameblox.com/nuclear.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://raw.flameblox.com/nuclear.arm5 id: auto-99e12d2bf93e8907fdbd2ba220fedfe4feaae5d20915bfbd52fb7d16ea1f0e8a status: experimental description: Detects traffic or activity related to http://raw.flameblox.com/nuclear.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://raw.flameblox.com/nuclear.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://raw.flameblox.com/nuclear.sh4 id: auto-d04082eb342c8516cfbe7df73dd9a583e7271eb68ac19f8b9d37c7ba327ba7f4 status: experimental description: Detects traffic or activity related to http://raw.flameblox.com/nuclear.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://raw.flameblox.com/nuclear.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://raw.flameblox.com/nuclear.arm6 id: auto-2ec730d80acb5ed2afacd18264adda1ff63bae71dfc78d46665144061a5d83c5 status: experimental description: Detects traffic or activity related to http://raw.flameblox.com/nuclear.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://raw.flameblox.com/nuclear.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://raw.flameblox.com/nuclear.x86 id: auto-0e3a6412a71edc6657b2e75f5bd4a9e825303cd1b774a9dcdcdfd26dd4a1e395 status: experimental description: Detects traffic or activity related to http://raw.flameblox.com/nuclear.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://raw.flameblox.com/nuclear.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://tkthisww.space/bins/Space.i686 id: auto-9f03fb42a2afd6f4956928ff04a4730dd55a526efe55e64a19be06fbab625a29 status: experimental description: Detects traffic or activity related to http://tkthisww.space/bins/Space.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://tkthisww.space/bins/Space.i686*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://tkthisww.space/bins/Space.arc id: auto-675af93c1a2a10ab945624a72e34259e43cb5810f786f57125ccfae3d63a745b status: experimental description: Detects traffic or activity related to http://tkthisww.space/bins/Space.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://tkthisww.space/bins/Space.arc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://tkthisww.space/bins/Space.arm6 id: auto-a2bd9426f0bde16f13ee6967dfd792cd0a841143e47da5bd7023c4bfd3bd032f status: experimental description: Detects traffic or activity related to http://tkthisww.space/bins/Space.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://tkthisww.space/bins/Space.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://tkthisww.space/bins/Space.m68k id: auto-2d7ac22ee653883a191c3d174b82dd2f8f9af12476152c169f106fa55e2fe47a status: experimental description: Detects traffic or activity related to http://tkthisww.space/bins/Space.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://tkthisww.space/bins/Space.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://tkthisww.space/bins/Space.spc id: auto-56b6b1ed837f6f4a408b237479aa3afec060188fe48e759695e47056bf0ec686 status: experimental description: Detects traffic or activity related to http://tkthisww.space/bins/Space.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://tkthisww.space/bins/Space.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://tkthisww.space/bins/Space.x86 id: auto-076baff1055ab8fffe262660133744438ccf5895090f833dc7e64122985d1a50 status: experimental description: Detects traffic or activity related to http://tkthisww.space/bins/Space.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://tkthisww.space/bins/Space.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://tkthisww.space/bins/Space.mpsl id: auto-9e77ca97fbdc23bb472189df1e4dbb1264295b79fe98672cb3ee70e8a6de4ea5 status: experimental description: Detects traffic or activity related to http://tkthisww.space/bins/Space.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://tkthisww.space/bins/Space.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://tkthisww.space/bins/Space.arm5 id: auto-5ada2c2dd53944893375e077c1e660b6b91951030ce4b8ac391ed5d3fe7afd9f status: experimental description: Detects traffic or activity related to http://tkthisww.space/bins/Space.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://tkthisww.space/bins/Space.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://tkthisww.space/1.sh id: auto-d69fd33acf6acce991afda79bc385e0830d5a473f8a7002c7bb806ac4cc903e1 status: experimental description: Detects traffic or activity related to http://tkthisww.space/1.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://tkthisww.space/1.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://tkthisww.space/bins/Space.x86_64 id: auto-428ae69706e56479c0af78d379bcc94bdf913ad8848fc386c0d2f1151b98e81a status: experimental description: Detects traffic or activity related to http://tkthisww.space/bins/Space.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://tkthisww.space/bins/Space.x86_64*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://tkthisww.space/bins/Space.sh4 id: auto-6d1818bfd3fc5dbfc9677b941c1477376514050453d28fb945a827ee16c209c1 status: experimental description: Detects traffic or activity related to http://tkthisww.space/bins/Space.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://tkthisww.space/bins/Space.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://tkthisww.space/bins/Space.arm id: auto-d08ec0eb1d13c396d058083a44b07bf6198dc9173cd74da65bb71e22201e8b85 status: experimental description: Detects traffic or activity related to http://tkthisww.space/bins/Space.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://tkthisww.space/bins/Space.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://tkthisww.space/bins/Space.ppc id: auto-1773ae52c6be196760babc4179cef9fd6fbd0ccc410a8084d15f542ba0868926 status: experimental description: Detects traffic or activity related to http://tkthisww.space/bins/Space.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://tkthisww.space/bins/Space.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://tkthisww.space/bins/Space.arm7 id: auto-41c02350e846ae0409d732957d3bea1e80fccd409eb67383c4998af0deb69b97 status: experimental description: Detects traffic or activity related to http://tkthisww.space/bins/Space.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://tkthisww.space/bins/Space.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://tkthisww.space/bins/Space.mips id: auto-dde08d4d8bd1f6869ffc16f0775db3abd06a5ff49460c77902357db6c1e0ae7b status: experimental description: Detects traffic or activity related to http://tkthisww.space/bins/Space.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://tkthisww.space/bins/Space.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pornily.ai/bins/violetm68k id: auto-88d937b7b85ab8168f9fdec27ce74cf447f56e28ed589bde65db212eb21d9ae4 status: experimental description: Detects traffic or activity related to http://pornily.ai/bins/violetm68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pornily.ai/bins/violetm68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pornily.ai/bins/violetarm id: auto-d60418b7f85178cf635db2804ec3d660b7c2c639f9bd2ac00db14a6f7b7f4835 status: experimental description: Detects traffic or activity related to http://pornily.ai/bins/violetarm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pornily.ai/bins/violetarm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pornily.ai/bins/violetarm5 id: auto-c5ae52fcc5ec9aaab301ae6826b5a363a6b5097b690c3b899571c81558bfc222 status: experimental description: Detects traffic or activity related to http://pornily.ai/bins/violetarm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pornily.ai/bins/violetarm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pornily.ai/bins/violetmpsl id: auto-12bc1fcaacbfc49579d9d02492ed90cc287acc564b532ccc48bf721f48cf323e status: experimental description: Detects traffic or activity related to http://pornily.ai/bins/violetmpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pornily.ai/bins/violetmpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pornily.ai/bins/violetsh4 id: auto-12a0d54f5cacf899a48044de437ef32d3f2d4e49c2230bd6e09bac2d6e301a04 status: experimental description: Detects traffic or activity related to http://pornily.ai/bins/violetsh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pornily.ai/bins/violetsh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pornily.ai/bins/violetspc id: auto-f7b588d29ac343be22042a9a1155a3bb638fbdd8d056a4cfb8529b72f259a2d1 status: experimental description: Detects traffic or activity related to http://pornily.ai/bins/violetspc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pornily.ai/bins/violetspc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pornily.ai/bins/violetx86 id: auto-32baaf5701917e569a5bf31cdda0ee2484c9f44f19f01598f29be5ad03524673 status: experimental description: Detects traffic or activity related to http://pornily.ai/bins/violetx86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pornily.ai/bins/violetx86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pornily.ai/bins/violetarm6 id: auto-9607a5de6142aec9289d863b94b0f1a7f39038e0f13a4bd917c7ac3d597aa8c9 status: experimental description: Detects traffic or activity related to http://pornily.ai/bins/violetarm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pornily.ai/bins/violetarm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pornily.ai/bins/violetarm7 id: auto-6128f598cae199b5c5cb57c11b396dafb3f014301e1fe490e5e75fc33ea3152c status: experimental description: Detects traffic or activity related to http://pornily.ai/bins/violetarm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pornily.ai/bins/violetarm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pornily.ai/bins/violetppc id: auto-7a8d3d0464aca8483ed5847de8a9f117015cd5159efc49984f371495deadf7eb status: experimental description: Detects traffic or activity related to http://pornily.ai/bins/violetppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pornily.ai/bins/violetppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pornily.ai/bins/violetmips id: auto-ffb87d634dfa18ef20a670b5c4a0d6602a0c69b81db84cf0b7870ab7b8024df1 status: experimental description: Detects traffic or activity related to http://pornily.ai/bins/violetmips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pornily.ai/bins/violetmips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/titanjr.ppc440 id: auto-85cbab26ddec4c881b52250f909e5c765acebca3c153d84095ed7000475abe69 status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/titanjr.ppc440 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/titanjr.ppc440*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/huhu/titanjr.arm7 id: auto-ade451ca904822e5a8150dd82111656f160d04d13c32d7739b454adccc9d06cf status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/huhu/titanjr.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/huhu/titanjr.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/titanjr.spc id: auto-86370d7dc1bc2fb7fe0c8e40ffe6511fd1d19ec3d0d83a2a0bbbc15584185e21 status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/titanjr.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/titanjr.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/titanjr.x86_64 id: auto-ceccf17247379c25247d3829ead437ebc9b5862b8c590a4030df34682837b1d0 status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/titanjr.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/titanjr.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/huhu/titanjr.sh4 id: auto-01479cf878c78d32a8dac5af491c70fbe1b3f6e963467e8f4cf25a2ef155f4fc status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/huhu/titanjr.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/huhu/titanjr.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/titanjr.arc id: auto-86712a03b03ce86b5ac6e12d0e6dd713da4426b9657cef9a8e6bbca953e6c789 status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/titanjr.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/titanjr.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/titanjr.sh4 id: auto-f465c33b26ba8e9237c27d04a869f938b545bc4435f5547db2ff16d01db0f34c status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/titanjr.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/titanjr.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/huhu/titanjr.spc id: auto-52077546341106ba9a00bcb1a7e838302e5596b8c9d31983f716a53687e2b06d status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/huhu/titanjr.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/huhu/titanjr.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/titanjr.x86_32 id: auto-fce7c09fcae0e6c2d1bf7262e4485090dde98f8150bd4e82ffefeee9f3219420 status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/titanjr.x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/titanjr.x86_32*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/huhu/titanjr.m68k id: auto-acf06f1cfb092d203182a6a288e6e1191cf0950b7e2f2d952c9da89eef48964a status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/huhu/titanjr.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/huhu/titanjr.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/titanjr.arm6 id: auto-0ebaea4877851cfca124d0ad11293b3ecf41b43b25e614b1210dc93393b7d072 status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/titanjr.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/titanjr.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/titanjr.i486 id: auto-ea143520c363a3eca91854ac515cc03655fdaecf0ed045b196ec8ac9ede469b8 status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/titanjr.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/titanjr.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/titanjr.arm7 id: auto-4bb5394f21eb647c222759161067ef0ca2ffd5bdb5894230a29a3e11ce32eee6 status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/titanjr.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/titanjr.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/huhu/titanjr.mipsl id: auto-fd328289a4e6a261742e32555a04a3e43b7a9bc9871b045b6928d8add2831adc status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/huhu/titanjr.mipsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/huhu/titanjr.mipsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/titanjr.ppc id: auto-9bc8df49bd64ac9fecdaccf09fe9592dc22091f2f8c30d2fc01e23454c53f11a status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/titanjr.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/titanjr.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/huhu/titanjr.x86_64 id: auto-d7bc6d92bc727dc8eb59ed684137f7696b0eca2523556c185048541bb819428e status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/huhu/titanjr.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/huhu/titanjr.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/titanjr.arm id: auto-6c480836082ca2c06b3e64127064abd8e9d35b98079e15c06f01158b8146334e status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/titanjr.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/titanjr.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/huhu/titanjr.mips id: auto-78b6e3c10def85058a26a99697fadb1ef73000be913101785385f64602689e66 status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/huhu/titanjr.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/huhu/titanjr.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/huhu/titanjr.arm5 id: auto-ab053ebbf4377d8acf91b5f5f694d809e52f428de5534516e394702c630acef8 status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/huhu/titanjr.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/huhu/titanjr.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/huhu/titanjr.i486 id: auto-af210585a92e014e6e28a3cd0feba5ba8dd6537830fb3eed19a79fa4565e1397 status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/huhu/titanjr.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/huhu/titanjr.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/huhu/titanjr.arc id: auto-ab7be1a8136282a63a7f9eed04055c41f3fd974ed0f140099ccb175516b06732 status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/huhu/titanjr.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/huhu/titanjr.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/huhu/titanjr.arm6 id: auto-7f6541d93004a494276a0d36427f58b20dc2456cfca6107d43df37c0f8c33b7c status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/huhu/titanjr.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/huhu/titanjr.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/huhu/titanjr.ppc440 id: auto-9165d7a3bb1bf384bfe79d14a33ce4075058a7e70c3c85fef67ccdd4a510cdf9 status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/huhu/titanjr.ppc440 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/huhu/titanjr.ppc440*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/titanjr.m68k id: auto-0f3d2faa47e5d1cb93224e11aa190058d1c5f64f84ca619656cd03e85cf636b6 status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/titanjr.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/titanjr.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/titanjr.arm5 id: auto-a12d6ff201b0fbc86deebe699090d9d4668491549cd19450060d03bdab49ce9c status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/titanjr.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/titanjr.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/titanjr.i686 id: auto-0be8ce1ecd1b68e9f3a897d88867ff02a372bdfff4ab0dc32035cb34f4d3263c status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/titanjr.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/titanjr.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/huhu/titanjr.i686 id: auto-db39784a21a208929184ec568d8a87ebc7690e6aef4123d59c6e5b5ec224c67e status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/huhu/titanjr.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/huhu/titanjr.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/titanjr.mips id: auto-020d164751220a95d2d9ce2869a6891a2e1e8594d00a396fcc9cc052ffc996aa status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/titanjr.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/titanjr.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/huhu/titanjr.x86_32 id: auto-52e2a97f33bd9914f351e71904e5ebab23869d65de0dbc0498102e7254313cbb status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/huhu/titanjr.x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/huhu/titanjr.x86_32*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/titanjr.mipsl id: auto-89e8500cd9b0a836a85bf71e6325f0b7f5ebd29b22bba049700c3999014f4080 status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/titanjr.mipsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/titanjr.mipsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/huhu/titanjr.arm id: auto-339e0a3461f172a8030e17ef279667009d6070502c3fabf656e38c22018e1de4 status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/huhu/titanjr.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/huhu/titanjr.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chanchanmiraixd.duckdns.org/huhu/titanjr.ppc id: auto-f206f9f57505dd8c0731b0e327eda02d64100dc26d68bdd1060f909963bed35d status: experimental description: Detects traffic or activity related to http://chanchanmiraixd.duckdns.org/huhu/titanjr.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chanchanmiraixd.duckdns.org/huhu/titanjr.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.45-90-98-218.plesk.page/yakuza.m68k id: auto-d306e8db51620bf79809b926c689db1236fd1cc32b2e99f135e1edecae2780f4 status: experimental description: Detects traffic or activity related to http://www.45-90-98-218.plesk.page/yakuza.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.45-90-98-218.plesk.page/yakuza.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.sh4 id: auto-e0e527f1055817f756dbf76e9646ab0c587ed5a8303d79ff1056fff60b603b83 status: experimental description: Detects traffic or activity related to http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.45-90-98-218.plesk.page/yakuza.arm5 id: auto-2e31dbfaaf65e290f5da86fdc1efc664989696ce4643f205d0f273623e2962d7 status: experimental description: Detects traffic or activity related to http://www.45-90-98-218.plesk.page/yakuza.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.45-90-98-218.plesk.page/yakuza.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.mips id: auto-d6a36ccc73a3fe1f50ec30c202b76710658390b5bd1c22645d6f3b24bd5e1c0b status: experimental description: Detects traffic or activity related to http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.m68k id: auto-c17e3347bd45d633e7f510c3078a460fd1542d2804c462bfcb400bb77ee521ce status: experimental description: Detects traffic or activity related to http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.arm6 id: auto-cf85006fa0804b84ff54c9656915e7d3ed6cd0e957a3d1a1883a9ac682a43633 status: experimental description: Detects traffic or activity related to http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.spc id: auto-623236a8dddeccde2f1220b626c1c186542c6efcf0979fa124bdfd9bab41977a status: experimental description: Detects traffic or activity related to http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.arm id: auto-3fd4ee1fa23a66160141c62abe7602c103a17ede3c12936aa9b5334159154d8a status: experimental description: Detects traffic or activity related to http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://musing-visvesvaraya.45-90-98-218.plesk.page/scanner.arm7 id: auto-560eaeed7d81d2dbd50cc44149f13be83f68f184ab3bf0e774793b739aa13c71 status: experimental description: Detects traffic or activity related to http://musing-visvesvaraya.45-90-98-218.plesk.page/scanner.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://musing-visvesvaraya.45-90-98-218.plesk.page/scanner.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.45-90-98-218.plesk.page/yakuza.mips id: auto-8054c3678aeddb92c3e82de306b11674b81680bf0d665edf64a6d1b59cde261f status: experimental description: Detects traffic or activity related to http://www.45-90-98-218.plesk.page/yakuza.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.45-90-98-218.plesk.page/yakuza.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.45-90-98-218.plesk.page/scanner.arm7 id: auto-20e64fb01f40605cc7e0fa67a58c100202ed032b938cd8cf507f49fddc4e1cf6 status: experimental description: Detects traffic or activity related to http://www.45-90-98-218.plesk.page/scanner.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.45-90-98-218.plesk.page/scanner.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.45-90-98-218.plesk.page/yakuza.arm7 id: auto-24fc434f0d1a6c231c527313248ccc11f95b055e796c4886bb72b69fd888e1fa status: experimental description: Detects traffic or activity related to http://www.45-90-98-218.plesk.page/yakuza.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.45-90-98-218.plesk.page/yakuza.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.arm5 id: auto-0eb6208e1e99b2d456fd29f0b5af93e611dfa4aa6d52e9d7506b01a41c9aea35 status: experimental description: Detects traffic or activity related to http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.45-90-98-218.plesk.page/yakuza.mpsl id: auto-18004f584cd8f29ada223102c8f6bddb37c3af669ddbabe57cd22fd8f7c82d27 status: experimental description: Detects traffic or activity related to http://www.45-90-98-218.plesk.page/yakuza.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.45-90-98-218.plesk.page/yakuza.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://musing-visvesvaraya.45-90-98-218.plesk.page/sc.sh id: auto-60c505c0d50b1c2a77301ab3d3b20fc62b23ce23400e5d0b8b1df695505e6d9d status: experimental description: Detects traffic or activity related to http://musing-visvesvaraya.45-90-98-218.plesk.page/sc.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://musing-visvesvaraya.45-90-98-218.plesk.page/sc.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.45-90-98-218.plesk.page/yakuza.x86 id: auto-540ec3de8d7c29ea50eef675acde16e6a90063d4db0f98c52d69a7ce4047d5a1 status: experimental description: Detects traffic or activity related to http://www.45-90-98-218.plesk.page/yakuza.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.45-90-98-218.plesk.page/yakuza.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.45-90-98-218.plesk.page/yakuza.arm6 id: auto-3a32aff20e2c80a2a52a4f6e5911dbf4323683307dc7711801d2bd71184c73f9 status: experimental description: Detects traffic or activity related to http://www.45-90-98-218.plesk.page/yakuza.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.45-90-98-218.plesk.page/yakuza.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.mpsl id: auto-de118103bec290e94ee72d77e6cd14df63186b79e5a6ca8c6c3fa2797ab1160b status: experimental description: Detects traffic or activity related to http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.45-90-98-218.plesk.page/sc.sh id: auto-5909a92df9dc33f887cca9b51b20104ad47608015c779fa71a871c1f46f09dff status: experimental description: Detects traffic or activity related to http://www.45-90-98-218.plesk.page/sc.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.45-90-98-218.plesk.page/sc.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.arm7 id: auto-d5bc2aeaeb0b7866eac9bcd6163239dead1e1da87c661c59ed65d1a9d250446a status: experimental description: Detects traffic or activity related to http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.x86 id: auto-6d626b5ad004da6c48050994ecc07667868555c711124c2af66b9c768545c963 status: experimental description: Detects traffic or activity related to http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.45-90-98-218.plesk.page/yakuza.spc id: auto-6476b0ea56ef30c7166e7bc8ed9f0ed42a1aca0df6a99f40d6927f8630162e88 status: experimental description: Detects traffic or activity related to http://www.45-90-98-218.plesk.page/yakuza.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.45-90-98-218.plesk.page/yakuza.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.45-90-98-218.plesk.page/yakuza.arm id: auto-3ee859dba3e0e5bfd3f2d93ffdb4d7673ef29361a7afd2da089cd0494da6252d status: experimental description: Detects traffic or activity related to http://www.45-90-98-218.plesk.page/yakuza.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.45-90-98-218.plesk.page/yakuza.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.ppc id: auto-bdae096dcd81b232a6886b42a615f65b3e1ab85c149c3fd5fc78890c8d455534 status: experimental description: Detects traffic or activity related to http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://musing-visvesvaraya.45-90-98-218.plesk.page/yakuza.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.45-90-98-218.plesk.page/yakuza.sh4 id: auto-726c54ecf4ee9ab2397635e5c4c0a29d91cfd4951aa2178dd65ac149dd407a03 status: experimental description: Detects traffic or activity related to http://www.45-90-98-218.plesk.page/yakuza.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.45-90-98-218.plesk.page/yakuza.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.45-90-98-218.plesk.page/yakuza.ppc id: auto-f07c29e9086ef6d555cc71bdcb9dd7a0197973c48c65d524569f70042010899c status: experimental description: Detects traffic or activity related to http://www.45-90-98-218.plesk.page/yakuza.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.45-90-98-218.plesk.page/yakuza.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bobnet.exiled.fit/main_mpsl id: auto-a7f82e35aa823b0904a3d07b14ac027dc25b7926eb90c58925fa20aeead9fb9e status: experimental description: Detects traffic or activity related to http://bobnet.exiled.fit/main_mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bobnet.exiled.fit/main_mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bobnet.exiled.fit/main_arm7 id: auto-68aa5baaa816bd3529d3db6b0ddb6b0581b43d8b4122e3f37ae5bd387926e686 status: experimental description: Detects traffic or activity related to http://bobnet.exiled.fit/main_arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bobnet.exiled.fit/main_arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bobnet.exiled.fit/main_arm6 id: auto-f1715ccbdb48de1ada57a324243d8325ccdcd8c84b568805c9a2d61cdf9de28a status: experimental description: Detects traffic or activity related to http://bobnet.exiled.fit/main_arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bobnet.exiled.fit/main_arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bobnet.exiled.fit/main_arm id: auto-6669d1d6b570cd90984daef2590b9652e1ffd424afa82498a76bb406658f3861 status: experimental description: Detects traffic or activity related to http://bobnet.exiled.fit/main_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bobnet.exiled.fit/main_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bobnet.exiled.fit/main_x86 id: auto-7241bc6a8dd4ba528184824229525056179d0d3a179987b9612c9c6ba0b64a3c status: experimental description: Detects traffic or activity related to http://bobnet.exiled.fit/main_x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bobnet.exiled.fit/main_x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bobnet.exiled.fit/main_x86_64 id: auto-e2af689376f6e6e7cc3292d8ed662d97f50ba13b9d0b0b3f76e2b3882a2da1ca status: experimental description: Detects traffic or activity related to http://bobnet.exiled.fit/main_x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bobnet.exiled.fit/main_x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bobnet.exiled.fit/main_sh4 id: auto-3c5bc1747be7a66e567f86a50151dfa20bf0319d9b58722686b0fef3b3fb35e0 status: experimental description: Detects traffic or activity related to http://bobnet.exiled.fit/main_sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bobnet.exiled.fit/main_sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bobnet.exiled.fit/main_m68k id: auto-ebc514ee9f6afe38523c7a53a16b253521938f490174a20f24805835ea5e273e status: experimental description: Detects traffic or activity related to http://bobnet.exiled.fit/main_m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bobnet.exiled.fit/main_m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bobnet.exiled.fit/main_mips id: auto-029e6d03938401303c7e096e5b349d8757ad9f2286c9bdb06f91f1bb67823c50 status: experimental description: Detects traffic or activity related to http://bobnet.exiled.fit/main_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bobnet.exiled.fit/main_mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bobnet.exiled.fit/main_ppc id: auto-ee70101ef23e2baf9137aab829c0e503b67f0a5fefab9db570bc0e96be71673f status: experimental description: Detects traffic or activity related to http://bobnet.exiled.fit/main_ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bobnet.exiled.fit/main_ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bobnet.exiled.fit/main_arm5 id: auto-82e3e0265f42a481c8df4f4a3981f19a2a6d23d431674a99e37ad4cece66f60e status: experimental description: Detects traffic or activity related to http://bobnet.exiled.fit/main_arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bobnet.exiled.fit/main_arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asteriaproject.dstat.click/bins/mips id: auto-72d8df70eeb78ddea18e770aa97b7ebce4241da8ce5632fbc95d5710c99dda86 status: experimental description: Detects traffic or activity related to http://asteriaproject.dstat.click/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asteriaproject.dstat.click/bins/mips*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asteriaproject.dstat.click/bins/mipsel id: auto-aa1e7477cdc5033b2f8daf543b855a160c709d6cf0935f19eb47b3925a48599c status: experimental description: Detects traffic or activity related to http://asteriaproject.dstat.click/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asteriaproject.dstat.click/bins/mipsel*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asteriaproject.dstat.click/bins/arm6 id: auto-3953b62895a96ac18279181c565fde0ab2e8d63cbf533f4a1994afa54c93d739 status: experimental description: Detects traffic or activity related to http://asteriaproject.dstat.click/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asteriaproject.dstat.click/bins/arm6*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asteriaproject.dstat.click/bins/x86_64 id: auto-3d4fc365913d73f8b83b60b98d5c7229b7b670ad361ab2e1bb1762b8cfea819e status: experimental description: Detects traffic or activity related to http://asteriaproject.dstat.click/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asteriaproject.dstat.click/bins/x86_64*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asteriaproject.dstat.click/bins/arm5 id: auto-b410d78a9d73e118bb50dd5941aa3712217426473bda24184ed29b02c9ac5922 status: experimental description: Detects traffic or activity related to http://asteriaproject.dstat.click/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asteriaproject.dstat.click/bins/arm5*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asteriaproject.dstat.click/bins/sh4 id: auto-2b309e4e30b48d897f0199c5b84333c494af3d4cea69e892cfc8851f169bd979 status: experimental description: Detects traffic or activity related to http://asteriaproject.dstat.click/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asteriaproject.dstat.click/bins/sh4*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asteriaproject.dstat.click/bins/arm id: auto-b8ab4b42037939c8e641f962801fe321ef0886094d63a55527679d85a923b715 status: experimental description: Detects traffic or activity related to http://asteriaproject.dstat.click/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asteriaproject.dstat.click/bins/arm*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asteriaproject.dstat.click/bins/x86 id: auto-98428d68e948f3dca6194cd0963009f35cf72d4018f2d85f4424e425f55288dc status: experimental description: Detects traffic or activity related to http://asteriaproject.dstat.click/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asteriaproject.dstat.click/bins/x86*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asteriaproject.dstat.click/bins/ppc id: auto-a2add71a44a6553ff66a352703977383c2d4637ac703cd6d3344a991978cd61b status: experimental description: Detects traffic or activity related to http://asteriaproject.dstat.click/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asteriaproject.dstat.click/bins/ppc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asteriaproject.dstat.click/bins/spc id: auto-495082c5770418f1c6180844f44e218936f75ade982fc0e21f4bc1632cfc2f8e status: experimental description: Detects traffic or activity related to http://asteriaproject.dstat.click/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asteriaproject.dstat.click/bins/spc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asteriaproject.dstat.click/bins/arm7 id: auto-83089bd32f2c3834745be43ca5ccdfbbed0408f9da7a7e6c7ae117f92b2fc769 status: experimental description: Detects traffic or activity related to http://asteriaproject.dstat.click/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asteriaproject.dstat.click/bins/arm7*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asteriaproject.dstat.click/bins/m68k id: auto-ba34a33fb317bc20f01af2a17c49fb911ee003c50b1f419c64d080da3e242498 status: experimental description: Detects traffic or activity related to http://asteriaproject.dstat.click/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asteriaproject.dstat.click/bins/m68k*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://coolcams.duckdns.org/bins/mipsel id: auto-7c94d5ff8b00ca6986690c329bfb9d058ca9af3142b669ded65ea818dba6ce00 status: experimental description: Detects traffic or activity related to http://coolcams.duckdns.org/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://coolcams.duckdns.org/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r34fa352.duckdns.org/bins/x86 id: auto-14c4282293a5d656ec7649b6990f56138f254a09f6186d6da81537af2b0ade6f status: experimental description: Detects traffic or activity related to http://r34fa352.duckdns.org/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r34fa352.duckdns.org/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://s8.vizja.cc/bins/sh4 id: auto-f9aca5d775acad30e9b952ebdd2d44bb520824c3bfcd95bbe142bb682707b9b4 status: experimental description: Detects traffic or activity related to http://s8.vizja.cc/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://s8.vizja.cc/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r34fa352.duckdns.org/bins/arm7 id: auto-087c457e656b9a809b01b76f002224cd3e6c0b803bf3be61bc398e7291522b04 status: experimental description: Detects traffic or activity related to http://r34fa352.duckdns.org/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r34fa352.duckdns.org/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://s8.vizja.cc/bins/arm5 id: auto-aadc1353d6ddf7591c836b43dd1d70e3db4c8412947bf9db440c53b965b1447a status: experimental description: Detects traffic or activity related to http://s8.vizja.cc/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://s8.vizja.cc/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://s8.vizja.cc/bins/x86_64 id: auto-5027553d4f982b382f7672724884273366be52ab4e87a719669c35a955a4146a status: experimental description: Detects traffic or activity related to http://s8.vizja.cc/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://s8.vizja.cc/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r34fa352.duckdns.org/bins/arm6 id: auto-32c9f356f3a58f558ed885602c6301fd53c4aa1ea212628677fc9d2a419eae9f status: experimental description: Detects traffic or activity related to http://r34fa352.duckdns.org/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r34fa352.duckdns.org/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.coolcams.duckdns.org/bins/mipsel id: auto-9e2312547ec7082dadcfb2b71978282fe3ae9023ddd72e75f70a7155f53ee010 status: experimental description: Detects traffic or activity related to http://www.coolcams.duckdns.org/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.coolcams.duckdns.org/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://coolcams.duckdns.org/bins/mips id: auto-f9b23e00cfd2855ff2664273b13ff49b74c14ca23c019aba739235bb22c691b3 status: experimental description: Detects traffic or activity related to http://coolcams.duckdns.org/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://coolcams.duckdns.org/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://coolcams.duckdns.org/bins/x86_64 id: auto-880bf9ff5039a0c47e706d3f07db6997c72c83025f6a59ca552828daee722911 status: experimental description: Detects traffic or activity related to http://coolcams.duckdns.org/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://coolcams.duckdns.org/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r34fa352.duckdns.org/bins/spc id: auto-318e07910654e88cb74de09374814d0d8559a05f01981f89077b88921fd1e17e status: experimental description: Detects traffic or activity related to http://r34fa352.duckdns.org/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r34fa352.duckdns.org/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://coolcams.duckdns.org/bins/m68k id: auto-15a6512462c1e79efcb289ff635a9c7dc787372fd43beeba1587c0ccfd7bf761 status: experimental description: Detects traffic or activity related to http://coolcams.duckdns.org/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://coolcams.duckdns.org/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r34fa352.duckdns.org/bins/mipsel id: auto-621756a5834af6ced2bbb7ecdedb98af883f5a3e773cede164ac0812dfb149ca status: experimental description: Detects traffic or activity related to http://r34fa352.duckdns.org/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r34fa352.duckdns.org/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r34fa352.duckdns.org/bins/sh4 id: auto-70289ba5e8b799faa139c8db8cf521cdf05da5fdeba742d46b08f1485986ce84 status: experimental description: Detects traffic or activity related to http://r34fa352.duckdns.org/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r34fa352.duckdns.org/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r34fa352.duckdns.org/bins/mips id: auto-e2c63b3c166e480d7c861f801e7b3f86d950a001869b9f6cf466e91c71ecb433 status: experimental description: Detects traffic or activity related to http://r34fa352.duckdns.org/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r34fa352.duckdns.org/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r34fa352.duckdns.org/bins/arm5 id: auto-cf51ff97e1bbfbc65790064d349e0fb05be2673ceb3b1b03143940c22c553f40 status: experimental description: Detects traffic or activity related to http://r34fa352.duckdns.org/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r34fa352.duckdns.org/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r34fa352.duckdns.org/bins/m68k id: auto-de9002675dc8bbbe981beb73a72238a2a31fef2fc6159a55dd96834b1a1b1ceb status: experimental description: Detects traffic or activity related to http://r34fa352.duckdns.org/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r34fa352.duckdns.org/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://coolcams.duckdns.org/bins/arm id: auto-4bd5e1aad82910b79279eddc3c7984a0d6a5d9dbf34678a55b3772d1883a9fbc status: experimental description: Detects traffic or activity related to http://coolcams.duckdns.org/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://coolcams.duckdns.org/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.coolcams.duckdns.org/bins/ppc id: auto-31b3472a0573d542fbae0a831f99a892c86f49c91edcabced1968d26b1e21b98 status: experimental description: Detects traffic or activity related to http://www.coolcams.duckdns.org/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.coolcams.duckdns.org/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.r34fa352.duckdns.org/bins/mips id: auto-30a92d06fbbd019a11326430277d966350e48029d3a63fa5cfde8f83c35b9ada status: experimental description: Detects traffic or activity related to http://www.r34fa352.duckdns.org/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.r34fa352.duckdns.org/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r34fa352.duckdns.org/bins/arm id: auto-632f0c79db7ac4379885546b22a47b960270b67672d23b893a3dd71461831096 status: experimental description: Detects traffic or activity related to http://r34fa352.duckdns.org/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r34fa352.duckdns.org/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.r34fa352.duckdns.org/bins/arm5 id: auto-bb990cb5359610c870a772ee63fb8721bca9820f3ffb778320b0cc77ebeb5bbd status: experimental description: Detects traffic or activity related to http://www.r34fa352.duckdns.org/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.r34fa352.duckdns.org/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.coolcams.duckdns.org/bins/arm7 id: auto-0dce0c44f71c00eecc2936a995bcaf91b64d3796a70fd031e98dba5ce4bf8119 status: experimental description: Detects traffic or activity related to http://www.coolcams.duckdns.org/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.coolcams.duckdns.org/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.coolcams.duckdns.org/bins/sh4 id: auto-82c92199e76fe700ac32a093754db6a474a6f868ff29360d2b5ce086af6c1185 status: experimental description: Detects traffic or activity related to http://www.coolcams.duckdns.org/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.coolcams.duckdns.org/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://s8.vizja.cc/bins/arm id: auto-b09b96389b2c77c561b01785aa121251a4dffd5f93993ab3d8d2a94ba359f9b8 status: experimental description: Detects traffic or activity related to http://s8.vizja.cc/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://s8.vizja.cc/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.r34fa352.duckdns.org/bins/m68k id: auto-220dbb046ee36ff0a11374f9872a03f0a685b2df51902e57a32b5d1151316f20 status: experimental description: Detects traffic or activity related to http://www.r34fa352.duckdns.org/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.r34fa352.duckdns.org/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://s8.vizja.cc/bins/spc id: auto-8454593899cebc1603b2f850993087e56eadf7c1d549e05eec5756eef0de361d status: experimental description: Detects traffic or activity related to http://s8.vizja.cc/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://s8.vizja.cc/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://coolcams.duckdns.org/bins/arm5 id: auto-c1e9df2b64b47678b658add0cb5902320a0cc3a4d1be3bd8108c9b963319eec3 status: experimental description: Detects traffic or activity related to http://coolcams.duckdns.org/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://coolcams.duckdns.org/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://s8.vizja.cc/bins/mipsel id: auto-881c32a2cab6e4392ce2a13aa751fc98a9fb572254a12571d4f8d70b757d87b1 status: experimental description: Detects traffic or activity related to http://s8.vizja.cc/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://s8.vizja.cc/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://s8.vizja.cc/bins/mips id: auto-362317db5a89452a9677d32d5d17445caa9cc70eec2e6fb0d9275c5a29ac7f54 status: experimental description: Detects traffic or activity related to http://s8.vizja.cc/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://s8.vizja.cc/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://coolcams.duckdns.org/bins/arm6 id: auto-0ae367b049b633d40be055d057690c2ea586dd76832306d21247b74b25e0d49a status: experimental description: Detects traffic or activity related to http://coolcams.duckdns.org/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://coolcams.duckdns.org/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.r34fa352.duckdns.org/bins/mipsel id: auto-0cd87e43ba1353ecaa10a1a35696abd3af6514b5dedf67ea81b7b227b8abb34d status: experimental description: Detects traffic or activity related to http://www.r34fa352.duckdns.org/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.r34fa352.duckdns.org/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://coolcams.duckdns.org/bins/ppc id: auto-59d593bde9d04739ddff3871ca0850994e66f7940173b6543e6d07cc0af82fb5 status: experimental description: Detects traffic or activity related to http://coolcams.duckdns.org/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://coolcams.duckdns.org/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r34fa352.duckdns.org/bins/x86_64 id: auto-ee37ef8e6e382849a84d2ec3897f2096ac19152bf89837bcd62a23d74e7fce73 status: experimental description: Detects traffic or activity related to http://r34fa352.duckdns.org/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r34fa352.duckdns.org/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://s8.vizja.cc/bins/arm6 id: auto-2d7263be820ed6b65fd7c1ae80a8cd97704b97d052d2c8b46c2ee10525526bfd status: experimental description: Detects traffic or activity related to http://s8.vizja.cc/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://s8.vizja.cc/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://coolcams.duckdns.org/bins/arm7 id: auto-17e39c53fff8b4734104e56ce3da4f37d8931efe336d177653be3cc3b2195158 status: experimental description: Detects traffic or activity related to http://coolcams.duckdns.org/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://coolcams.duckdns.org/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.coolcams.duckdns.org/bins/x86 id: auto-607298fca05df4bceb78feccb05320f38f9036c21ea839f18a8cee844489f9fe status: experimental description: Detects traffic or activity related to http://www.coolcams.duckdns.org/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.coolcams.duckdns.org/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://s8.vizja.cc/bins/m68k id: auto-89e4257361c8276e10ea019fc7b999dfd082861a4219d0e954468b016dfd55ca status: experimental description: Detects traffic or activity related to http://s8.vizja.cc/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://s8.vizja.cc/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.r34fa352.duckdns.org/bins/ppc id: auto-7742629983e43695b9210507e5ef675e3b637b8d36b12ef6a29019c9fade6062 status: experimental description: Detects traffic or activity related to http://www.r34fa352.duckdns.org/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.r34fa352.duckdns.org/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.r34fa352.duckdns.org/bins/sh4 id: auto-48af1c46730ef568459043c73ea010b6a29e8ddbcd435856b6b01e5e28e4f351 status: experimental description: Detects traffic or activity related to http://www.r34fa352.duckdns.org/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.r34fa352.duckdns.org/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.r34fa352.duckdns.org/bins/spc id: auto-8429b6509d7e6e703b491fb6e2566886611698efe4f5df0d9cf0a7deeb8fe498 status: experimental description: Detects traffic or activity related to http://www.r34fa352.duckdns.org/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.r34fa352.duckdns.org/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://s8.vizja.cc/bins/x86 id: auto-72499b0dc902b07fb09a3c48365c37ad0abde2e99e75646d45da13bdab76b643 status: experimental description: Detects traffic or activity related to http://s8.vizja.cc/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://s8.vizja.cc/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.coolcams.duckdns.org/bins/spc id: auto-134a1fabdf3940b10a4bc1fbe34ce6c43051aa78f034f1ee2bb2b5f3de6205d6 status: experimental description: Detects traffic or activity related to http://www.coolcams.duckdns.org/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.coolcams.duckdns.org/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.coolcams.duckdns.org/bins/arm5 id: auto-aceeae2c484147822a9ba6cf474457b0f49a5af0706bd12c3a35956d499f7262 status: experimental description: Detects traffic or activity related to http://www.coolcams.duckdns.org/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.coolcams.duckdns.org/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.r34fa352.duckdns.org/bins/arm6 id: auto-73113baf3ecb52555d3241cdb10c2dfd3cccd7b494e5c81dfe7964af1a2b5a42 status: experimental description: Detects traffic or activity related to http://www.r34fa352.duckdns.org/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.r34fa352.duckdns.org/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.coolcams.duckdns.org/bins/mips id: auto-7957c4b2ddbcc6643343961fd9747c69336f850f221306bca5ab7c90534dcedc status: experimental description: Detects traffic or activity related to http://www.coolcams.duckdns.org/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.coolcams.duckdns.org/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.r34fa352.duckdns.org/bins/x86 id: auto-ffc70311a5e42c75293ea0a8bdb4e2761ddb236c1f4c6b0c0feced47eb7dd0a4 status: experimental description: Detects traffic or activity related to http://www.r34fa352.duckdns.org/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.r34fa352.duckdns.org/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://s8.vizja.cc/bins/arm7 id: auto-e6bbc3641407aaafbba04598219928564fc050eb4e09dece0e30f2c87e4d4719 status: experimental description: Detects traffic or activity related to http://s8.vizja.cc/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://s8.vizja.cc/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.coolcams.duckdns.org/bins/m68k id: auto-d10a2520457f783ce5dbda160f6ae8eae62b19095bf9d51c7438d0ad4e3447a0 status: experimental description: Detects traffic or activity related to http://www.coolcams.duckdns.org/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.coolcams.duckdns.org/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.coolcams.duckdns.org/bins/x86_64 id: auto-6e8491b65f5e6e75c9da6f92e938be8b71f9c9311be0d8fdeb56aec5be38f5ae status: experimental description: Detects traffic or activity related to http://www.coolcams.duckdns.org/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.coolcams.duckdns.org/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.coolcams.duckdns.org/bins/arm id: auto-d8221f11194923a1cb8acb966a829571f80a92747406eddb53d39bdf4d05897f status: experimental description: Detects traffic or activity related to http://www.coolcams.duckdns.org/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.coolcams.duckdns.org/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.r34fa352.duckdns.org/bins/x86_64 id: auto-765e2fe266e37cc6ca99755b53ce4e60499169935297006eeea7ca98ec06b610 status: experimental description: Detects traffic or activity related to http://www.r34fa352.duckdns.org/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.r34fa352.duckdns.org/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.r34fa352.duckdns.org/bins/arm id: auto-a6f6903b72f762314f3c6b7496ce7bd046da9a2f7faf3fe30c96b469290afa32 status: experimental description: Detects traffic or activity related to http://www.r34fa352.duckdns.org/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.r34fa352.duckdns.org/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://coolcams.duckdns.org/bins/x86 id: auto-9c53cbc92f608172cfa0123b9191546e3d595da4af34c502b333a6eefd1325e4 status: experimental description: Detects traffic or activity related to http://coolcams.duckdns.org/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://coolcams.duckdns.org/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.r34fa352.duckdns.org/bins/arm7 id: auto-adfd8c765645667b34f501c2e93dcce500ca553d04f9613b69c3116bc83a34b5 status: experimental description: Detects traffic or activity related to http://www.r34fa352.duckdns.org/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.r34fa352.duckdns.org/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.coolcams.duckdns.org/bins/arm6 id: auto-39899bfa8c0bb062dc34db2c236e57c6f5e81b007cfe5ea6e8994e2106a59520 status: experimental description: Detects traffic or activity related to http://www.coolcams.duckdns.org/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.coolcams.duckdns.org/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://coolcams.duckdns.org/bins/spc id: auto-8fd78010530fb012e8d7d60f91f03b5e4306951ee13354fc59a823479ff4de02 status: experimental description: Detects traffic or activity related to http://coolcams.duckdns.org/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://coolcams.duckdns.org/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://s8.vizja.cc/bins/ppc id: auto-18b36b91cdc9645de402c902e797a67537b8969a9333b3aa9cc6a66028831066 status: experimental description: Detects traffic or activity related to http://s8.vizja.cc/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://s8.vizja.cc/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r34fa352.duckdns.org/bins/ppc id: auto-bfaf083ba060c1ed1a6eb23425be99d02c25068baf278c80831208c05e6eb416 status: experimental description: Detects traffic or activity related to http://r34fa352.duckdns.org/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r34fa352.duckdns.org/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://coolcams.duckdns.org/bins/sh4 id: auto-f9aa04c8c456766f03e0a6aedbddb61da31e2d49fd5ea38db834deb28c2d95ae status: experimental description: Detects traffic or activity related to http://coolcams.duckdns.org/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://coolcams.duckdns.org/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://neronpidaras.it.com/main_mips id: auto-054bbf88037e06fd1e31a782fc7a954d71fdea31189dbcaabfbfb964bc89d080 status: experimental description: Detects traffic or activity related to http://neronpidaras.it.com/main_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://neronpidaras.it.com/main_mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.neronpidaras.it.com/main_mips id: auto-ac4b656d382548a23cf1b771421239327dd300f8b29d400630796616626cb08f status: experimental description: Detects traffic or activity related to http://www.neronpidaras.it.com/main_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.neronpidaras.it.com/main_mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.neronpidaras.it.com/main_arm id: auto-f112ea3055dfaf91e2231a26694c4748a7e07f5eb8fd4d04852c194659547e52 status: experimental description: Detects traffic or activity related to http://www.neronpidaras.it.com/main_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.neronpidaras.it.com/main_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.neronpidaras.it.com/main_arm5 id: auto-26efd3a6dac819f84d478f98193657e158337476195a6eabf9ba5beac25e005a status: experimental description: Detects traffic or activity related to http://www.neronpidaras.it.com/main_arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.neronpidaras.it.com/main_arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://neronpidaras.it.com/main_m68k id: auto-63f2fd81281ffa9043436a075bd795c1c8ca8a2984cb450b2e82f8fe793f6f35 status: experimental description: Detects traffic or activity related to http://neronpidaras.it.com/main_m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://neronpidaras.it.com/main_m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.neronpidaras.it.com/main_m68k id: auto-10aab9fec8a53f3b103eb69f548e5fcbc375190eb7cf9cf42028f1738506a51e status: experimental description: Detects traffic or activity related to http://www.neronpidaras.it.com/main_m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.neronpidaras.it.com/main_m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://neronpidaras.it.com/bins.sh id: auto-576ac5f6b137856e861c4b0bdadabaec651aa1f4008321403e247283c3f83a8c status: experimental description: Detects traffic or activity related to http://neronpidaras.it.com/bins.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://neronpidaras.it.com/bins.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.neronpidaras.it.com/bins.sh id: auto-f4675451fe276dc349351a23e6e09b6c7688538e6d958c61ce7020cdd4f75c0a status: experimental description: Detects traffic or activity related to http://www.neronpidaras.it.com/bins.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.neronpidaras.it.com/bins.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://neronpidaras.it.com/main_arm id: auto-81c5f3af635a410d88e929368d695d4e2e8761ecbf07927732994ab298149c8c status: experimental description: Detects traffic or activity related to http://neronpidaras.it.com/main_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://neronpidaras.it.com/main_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.neronpidaras.it.com/main_mpsl id: auto-01474d3a0a980bff41e5c68f2f70b543557c53291a6a8f06163312708ab849ee status: experimental description: Detects traffic or activity related to http://www.neronpidaras.it.com/main_mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.neronpidaras.it.com/main_mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://neronpidaras.it.com/main_x86_64 id: auto-8649b0e86cbc56e1ca257b4b38c984a9a42eaecab6ad264f5964a3d05fe20d15 status: experimental description: Detects traffic or activity related to http://neronpidaras.it.com/main_x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://neronpidaras.it.com/main_x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://neronpidaras.it.com/main_arm6 id: auto-88c5ef6ce968fd91f1c69283e247914f773530fb6dbe93c0ec0079b947d2eeca status: experimental description: Detects traffic or activity related to http://neronpidaras.it.com/main_arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://neronpidaras.it.com/main_arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.neronpidaras.it.com/main_x86_64 id: auto-ed1c31c99704d285b292a3ec12628d13d708ba8bb0af7cd0fcfc8a7148d711f2 status: experimental description: Detects traffic or activity related to http://www.neronpidaras.it.com/main_x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.neronpidaras.it.com/main_x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://neronpidaras.it.com/main_sh4 id: auto-c8151a28873dd33f0034a147a7359cbbd4ad734f01fbfd1154c1d78992405d7c status: experimental description: Detects traffic or activity related to http://neronpidaras.it.com/main_sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://neronpidaras.it.com/main_sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.neronpidaras.it.com/main_arm6 id: auto-87ad7be4a88eedb6f7da88196e3ff1600a3d7e2a32031c3a210fbfdf1074b08b status: experimental description: Detects traffic or activity related to http://www.neronpidaras.it.com/main_arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.neronpidaras.it.com/main_arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://neronpidaras.it.com/main_x86 id: auto-3ee039da4198e9c36a9e97d339781d86f6b3bfcbf2d3d754e062ee4f8d524f0c status: experimental description: Detects traffic or activity related to http://neronpidaras.it.com/main_x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://neronpidaras.it.com/main_x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.neronpidaras.it.com/main_ppc id: auto-bca7cc943f158e3566d8d83fadd8b619b274e29cb65965c9e593080808b7f86f status: experimental description: Detects traffic or activity related to http://www.neronpidaras.it.com/main_ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.neronpidaras.it.com/main_ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://neronpidaras.it.com/main_mpsl id: auto-3dda303a27d3c57758228b7080fabaad45defd6d3f20065c1a5c4c8fd9b26132 status: experimental description: Detects traffic or activity related to http://neronpidaras.it.com/main_mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://neronpidaras.it.com/main_mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.neronpidaras.it.com/main_x86 id: auto-af8d942923ca3321e2688f8a5a2da5e5f33b16d25a5d34ab6fee331fef7b4bb9 status: experimental description: Detects traffic or activity related to http://www.neronpidaras.it.com/main_x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.neronpidaras.it.com/main_x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.neronpidaras.it.com/main_arm7 id: auto-7146d8ebe2b1455541ba73df30055f46b1c0f0f0e39828197df46e1f7051960e status: experimental description: Detects traffic or activity related to http://www.neronpidaras.it.com/main_arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.neronpidaras.it.com/main_arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.neronpidaras.it.com/main_sh4 id: auto-a36866bd320f9b38d4e788d703ebffcbcab2409790c6df50ec1fbe82e8e0ed00 status: experimental description: Detects traffic or activity related to http://www.neronpidaras.it.com/main_sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.neronpidaras.it.com/main_sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://neronpidaras.it.com/main_ppc id: auto-8cdd48dbc44b89145aa7e52405c92c47c0e38736fcd3fd6e1a434ec188f5c3c4 status: experimental description: Detects traffic or activity related to http://neronpidaras.it.com/main_ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://neronpidaras.it.com/main_ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://neronpidaras.it.com/main_arm7 id: auto-3169ec02139f5de37ae338215280e9efee3db3397161c394187d70d32dd457b1 status: experimental description: Detects traffic or activity related to http://neronpidaras.it.com/main_arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://neronpidaras.it.com/main_arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://neronpidaras.it.com/main_arm5 id: auto-7e94bbc4a68abe87ba78f0cb4e5e2be33e7a3a072bfa805928d8f1fc25f790b9 status: experimental description: Detects traffic or activity related to http://neronpidaras.it.com/main_arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://neronpidaras.it.com/main_arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus