title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/Leetootoo/random.exe id: auto-36a020a2e840c3fdf42e969fd06a07dd3128eac83ba3db61ca34c815f1f15e50 status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/Leetootoo/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/Leetootoo/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/8405865752/bThXxmv.exe id: auto-66be472b36f70e982d26430d0f578d4f0dae934c59172507943630e32828af7c status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/8405865752/bThXxmv.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/8405865752/bThXxmv.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/8514679081/S5M3ryz.exe id: auto-0d84df4d723b4a907c95c8de29eca9bf9ea270ae7cbc46c214271513de4ecd57 status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/8514679081/S5M3ryz.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/8514679081/S5M3ryz.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://securrty.cfd/files/EventVPcard_PU1KQZvw_installer.msi id: auto-491e22c380f941e3e6d28e7ac2960bf870208dd72b850b444121ab7f2b04e81b status: experimental description: Detects traffic or activity related to https://securrty.cfd/files/EventVPcard_PU1KQZvw_installer.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://securrty.cfd/files/EventVPcard_PU1KQZvw_installer.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/unique5/random.exe id: auto-9087ff20a556958c231e45653b52b46e79c7df1383cb4227de019b5648679319 status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/unique5/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/unique5/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/77546367/5akgVVn.exe id: auto-69db92ee0095c52654d2425fa78a3b38cdb7fa24547d5726b317f54a3be4e11d status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/77546367/5akgVVn.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/77546367/5akgVVn.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/8536096438/X9OhMaZ.exe id: auto-46b8d3fad7478612584763b0230762e32a27a30287a77bbb775458485cee173c status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/8536096438/X9OhMaZ.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/8536096438/X9OhMaZ.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/6728144278/5nhlM0r.exe id: auto-d14a3706eacb8a899304e1f1e3e88861a52c475462265a19b096cc353d20a3dd status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/6728144278/5nhlM0r.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/6728144278/5nhlM0r.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/7709864361/n1XRh0P.exe id: auto-3b0e29793b4286ffa7bd89c9b75797f89477d72c74513450b92bc23f593c038a status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/7709864361/n1XRh0P.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/7709864361/n1XRh0P.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/8042875554/jv3aQju.exe id: auto-6098b3660f4a588aea3a4648ac6a0c17686ba028f0b0ee7ce1d2bbea4ff1a459 status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/8042875554/jv3aQju.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/8042875554/jv3aQju.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/7942715918/md78wA4.exe id: auto-4a8080602bbdd8d1c78adf5b3bd74c5902e72e7ff1479bebef89c871b00e1052 status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/7942715918/md78wA4.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/7942715918/md78wA4.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/1781548144/td5Qn5I.exe id: auto-a58fbf597b21fdeccd1e3847d8299beb7b7ab37dd088db024374c7025e2ff696 status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/1781548144/td5Qn5I.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/1781548144/td5Qn5I.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/1333144962/IxvWeHF.exe id: auto-5005960754fcfcdee23cdafff3312e77413cad765d7bec2ddc257e5b9f63a513 status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/1333144962/IxvWeHF.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/1333144962/IxvWeHF.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/mr/random.exe id: auto-abf86a5a1c1f35d0da16ea4735c22af70f3acd89e45583e392a6f7d738352ae6 status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/mr/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/mr/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/8301037712/kjhNIxP.bat id: auto-6a2d0ccf3f79cf813faa9cca1a10d5aa05b28feacdcfba1696352b9461598805 status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/8301037712/kjhNIxP.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/8301037712/kjhNIxP.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/ashduasdoasdoasd/localhostc2/raw/refs/heads/main/realc2/hi-malwareresearcher/RuntimeBroker.exe id: auto-86ebf299bfa7380e64e905a8e8b1a27c4953da3e7a662932022cad895cf62831 status: experimental description: Detects traffic or activity related to https://github.com/ashduasdoasdoasd/localhostc2/raw/refs/heads/main/realc2/hi-malwareresearcher/RuntimeBroker.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/ashduasdoasdoasd/localhostc2/raw/refs/heads/main/realc2/hi-malwareresearcher/RuntimeBroker.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/ashduasdoasdoasd/localhostc2/refs/heads/main/realc2/hi-malwareresearcher/RuntimeBroker.exe id: auto-8804862e07ae4d085de1b743e9cb86823e29e5ceee6c0eaef038146d96fd3be2 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/ashduasdoasdoasd/localhostc2/refs/heads/main/realc2/hi-malwareresearcher/RuntimeBroker.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/ashduasdoasdoasd/localhostc2/refs/heads/main/realc2/hi-malwareresearcher/RuntimeBroker.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/8317177049/xG9J7pF.exe id: auto-dc031f760d563385375d428c73cf3129eea8c0b2a56530b6ddecba8c82829612 status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/8317177049/xG9J7pF.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/8317177049/xG9J7pF.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/6560547276/Yzztzly.exe id: auto-81c3c216a55c2ced0ee0b737f97e9bc3796189abdce828077ae659299a9b6970 status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/6560547276/Yzztzly.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/6560547276/Yzztzly.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/1781548144/ebJvLxF.exe id: auto-3255253aace3b4529586090a21f40ad5f5c91d6711a6723a7db05e8ac92ff080 status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/1781548144/ebJvLxF.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/1781548144/ebJvLxF.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/6849343518/kYApj4E.exe id: auto-13407b4adecaed28730e91f484c07f49cfa8ab5ddb99dda12e1f4facebefca87 status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/6849343518/kYApj4E.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/6849343518/kYApj4E.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/1781548144/3UFJ4Lc.exe id: auto-74a5fd291b6058a79534e3d3e7bfe7f37df66b1d23a899a20f0e1baa6e518233 status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/1781548144/3UFJ4Lc.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/1781548144/3UFJ4Lc.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/7359455182/GqzS5NO.exe id: auto-b4a479f9b64355cc3857713e420c45e56adbd2700fef2d8bd44fbf8a523c800a status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/7359455182/GqzS5NO.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/7359455182/GqzS5NO.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/7048186296/a8cOT32.exe id: auto-191bd1406f40cbd7a03a0dc9fac90e8e6bace24bab69440eca31f83550e089f9 status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/7048186296/a8cOT32.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/7048186296/a8cOT32.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/7359455182/S5AKPxu.exe id: auto-39b3cee32a55ace7be74cb8466025d73ea243f0ec69fb337a3f4adf19b059753 status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/7359455182/S5AKPxu.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/7359455182/S5AKPxu.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/8316621590/q4bDNVB.exe id: auto-9ad4978467a748cb71c025005e2ac7e5e38d877ea14d5e44a529e9c0c43f4318 status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/8316621590/q4bDNVB.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/8316621590/q4bDNVB.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/8434554557/X8cqVrA.exe id: auto-76973c31f7d79f380f14c9b36baa0c349d0b311528e8c590f5177a8c90de3be5 status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/8434554557/X8cqVrA.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/8434554557/X8cqVrA.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/test/random.exe id: auto-93242c4c67dca562f76fc35bebdca7eea4c3c0189c1b7961744953bd4a92eb59 status: experimental description: Detects traffic or activity related to http://85.239.147.6/test/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/test/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/8317177049/7tdJ9Hz.exe id: auto-6a31e4449f997a2ded4550ac9f9c6ed930030ff47f6f2beb766ddc68f5bc9039 status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/8317177049/7tdJ9Hz.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/8317177049/7tdJ9Hz.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/rdx/random.exe id: auto-c31974ba450d105783aac3f473d90766c406ba461bd260c346d6da89f88d474e status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/rdx/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/rdx/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.239.147.6/files/7281753217/qrTFBw7.exe id: auto-29a176d7511bbb4abf044a4609e2b977e92dbf27ad4a1ccfcd56b4f034341283 status: experimental description: Detects traffic or activity related to http://85.239.147.6/files/7281753217/qrTFBw7.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.239.147.6/files/7281753217/qrTFBw7.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://166.1.89.46/files/7782139129/S6xWuZ1.exe id: auto-255a7c4158da614b1aa8fbdb1338b0cd4c31d8be3647d792b2f08dbfe6b88de3 status: experimental description: Detects traffic or activity related to http://166.1.89.46/files/7782139129/S6xWuZ1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://166.1.89.46/files/7782139129/S6xWuZ1.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://166.1.89.46/files/gop/random.exe id: auto-3b5f67c53ceb10668d35e7ab730b9a6a896a87e666d0fc8578e8642218fc3a44 status: experimental description: Detects traffic or activity related to http://166.1.89.46/files/gop/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://166.1.89.46/files/gop/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://166.1.89.46/files/8317177049/7tdJ9Hz.exe id: auto-c9928ec32323c6020e102242abbd8e37c1848242da1a38621ffeeff6dd51ca34 status: experimental description: Detects traffic or activity related to http://166.1.89.46/files/8317177049/7tdJ9Hz.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://166.1.89.46/files/8317177049/7tdJ9Hz.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://166.1.89.46/files/7281753217/qrTFBw7.exe id: auto-04055bc01f4168d4b8e9f0b4a1d49f5ae6a36a754416bd85fdc9f47bbdfa6c81 status: experimental description: Detects traffic or activity related to http://166.1.89.46/files/7281753217/qrTFBw7.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://166.1.89.46/files/7281753217/qrTFBw7.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.251.145.178/files/8525074840/mdOjagm.msi id: auto-b7a895f9bf318c138250581309cc0abb95689995bfaa77eaf4df4135461ff011 status: experimental description: Detects traffic or activity related to http://150.251.145.178/files/8525074840/mdOjagm.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.251.145.178/files/8525074840/mdOjagm.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.251.145.201/files/final/random.exe id: auto-d84d50a569646c226081f5a2073aabd12383743f6befeba932706d02dcd9cbbf status: experimental description: Detects traffic or activity related to http://150.251.145.201/files/final/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.251.145.201/files/final/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.251.145.178/files/185.224.215.205/1.exe id: auto-c69df980d49871b0e41e0748364daf676fd4a49deb2b1230d953ec9e97e0fa99 status: experimental description: Detects traffic or activity related to http://150.251.145.178/files/185.224.215.205/1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.251.145.178/files/185.224.215.205/1.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.251.145.178/files/gop/random.exe id: auto-f4d5a6164cf851d6000fec24686bb664bef85e6f458887ff2782ce2a1886e1e9 status: experimental description: Detects traffic or activity related to http://150.251.145.178/files/gop/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.251.145.178/files/gop/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.251.145.178/files/8317177049/7tdJ9Hz.exe id: auto-bc0515e31ac539e3a46794357d4f2388da8e9d2950f699708c1eaf211c28d1e9 status: experimental description: Detects traffic or activity related to http://150.251.145.178/files/8317177049/7tdJ9Hz.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.251.145.178/files/8317177049/7tdJ9Hz.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.251.145.178/files/8525074840/yxPIfd2.msi id: auto-f03186c167ff869c7521cd6c5057a2e3d1578ddc0463aff4df18633cdc19c901 status: experimental description: Detects traffic or activity related to http://150.251.145.178/files/8525074840/yxPIfd2.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.251.145.178/files/8525074840/yxPIfd2.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.251.145.178/files/7782139129/S6xWuZ1.exe id: auto-06aa4a43dad22e3835b6fe33276dd8bf0b388078baba8f5b4bc3af4df3efd339 status: experimental description: Detects traffic or activity related to http://150.251.145.178/files/7782139129/S6xWuZ1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.251.145.178/files/7782139129/S6xWuZ1.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.251.145.178/files/7281753217/qrTFBw7.exe id: auto-11dbdb8c78c9af98f1313186fa7545deaad17a9590c8948d0a0d72e1903a60ca status: experimental description: Detects traffic or activity related to http://150.251.145.178/files/7281753217/qrTFBw7.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.251.145.178/files/7281753217/qrTFBw7.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.251.145.178/files/6334661508/lzyfkOs.exe id: auto-7278446152308f8d64ade22d70a6241e046d072d43b118aa164dd3b906acf176 status: experimental description: Detects traffic or activity related to http://150.251.145.178/files/6334661508/lzyfkOs.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.251.145.178/files/6334661508/lzyfkOs.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.251.145.178/files/8434554557/X8cqVrA.exe id: auto-32a3577a80d3b3d4b700bfe1ccefd18317364f8d45f29081be29268c08621f55 status: experimental description: Detects traffic or activity related to http://150.251.145.178/files/8434554557/X8cqVrA.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.251.145.178/files/8434554557/X8cqVrA.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.251.145.178/final/random.exe id: auto-c8423c895a00f2b12aa5b522088b87994e8e0fc884cb1e9fda8d72a377e06c13 status: experimental description: Detects traffic or activity related to http://150.251.145.178/final/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.251.145.178/final/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.251.145.201/test/random.exe id: auto-21f5d84ea8bf813412a751b354bcd47b54c40cd4ce6d5a43b79a33226587ff20 status: experimental description: Detects traffic or activity related to http://150.251.145.201/test/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.251.145.201/test/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/185.224.215.205/1.exe id: auto-2715010ec238d3ea1e78acec01e8cd0bb8440704bb4c864e651d20367a9c9a37 status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/185.224.215.205/1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/185.224.215.205/1.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/fnnetcdn.b-cdn.net/kurulum.exe id: auto-bca6df465eaae7b3b18e53d7d2ce77e92bf2de63ec52d818038a42cfc1f1a222 status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/fnnetcdn.b-cdn.net/kurulum.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/fnnetcdn.b-cdn.net/kurulum.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/8525074840/96CqMfy.bat id: auto-181807781213fd7f3fefe0a4e8bd69848ba533993112667566be48e2decd35ac status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/8525074840/96CqMfy.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/8525074840/96CqMfy.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/7281753217/2zVJACJ.exe id: auto-6293749011ce7382510eb93752f2f31c7096fcc0e9a52c9bb477e3ca163d927f status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/7281753217/2zVJACJ.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/7281753217/2zVJACJ.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/8316621590/krjF0CY.msi id: auto-49f1f99cde8c15a880388dc86919d5bf1808dfffee0d296314407b6af69d0da3 status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/8316621590/krjF0CY.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/8316621590/krjF0CY.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/8316621590/eeNfuRg.bat id: auto-af45c49da202b29afa753778bfd749f3edc3994903a13cb7f8d9195fdb731c8a status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/8316621590/eeNfuRg.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/8316621590/eeNfuRg.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/test/random.exe id: auto-69abf21c14c5daa25b72a69f28e330d3cf47b2274b4994e957e9d6f3bcdae462 status: experimental description: Detects traffic or activity related to http://192.177.26.196/test/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/test/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/8525074840/96CqMfy.bat id: auto-04cfb57f9f4a33c1483ec02b34f85d9812363a25ae3283e847f4fc83f39b5461 status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/8525074840/96CqMfy.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/8525074840/96CqMfy.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/files/8316621590/60TJImw.exe id: auto-8ca6aaf5ce7d6aa47aa3b6e8d4942e9bd9e367548ee90445790378e1ff2ee00e status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/files/8316621590/60TJImw.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/files/8316621590/60TJImw.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/files/8316621590/flSJ7Eq.exe id: auto-f17ef00a69aa63789a4167da01fac79e5ae0463a45e6db90a8701e04e2861fa3 status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/files/8316621590/flSJ7Eq.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/files/8316621590/flSJ7Eq.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/8525074840/mdOjagm.msi id: auto-1c30871e76cb86351fa9e6f2b812a835332c96269f60ce2637144a03cea3765c status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/8525074840/mdOjagm.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/8525074840/mdOjagm.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.41.113.246/files/8316621590/RIlX3pR.bat id: auto-94958dd6e4b7a0dc18b422793f9672d3c9a5d41582d547720a4f77c607490624 status: experimental description: Detects traffic or activity related to http://194.41.113.246/files/8316621590/RIlX3pR.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.41.113.246/files/8316621590/RIlX3pR.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/files/8316621590/qxeIBGu.exe id: auto-47a24b0d5203a955eba54b04da60c9f23c247e5d8e517ecab8e11fafbc24c292 status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/files/8316621590/qxeIBGu.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/files/8316621590/qxeIBGu.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/files/8316621590/mjN2ASs.bat id: auto-49215bc6f3724d041b01e501952e4db1fbc74a4dbfcc61590e038793c0cba261 status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/files/8316621590/mjN2ASs.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/files/8316621590/mjN2ASs.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/8316621590/Vxx2ROp.exe id: auto-19fdf3093a5607cbbad4b1fae9461987248f738cf58fbc95cb7937662eb8e99f status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/8316621590/Vxx2ROp.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/8316621590/Vxx2ROp.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/8316621590/FIFbyh6.msi id: auto-d8ba94a9f5290a53cb91bb7b4e7a1b29b2a517ebf6e4435d806f94332689ca23 status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/8316621590/FIFbyh6.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/8316621590/FIFbyh6.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/8316621590/BMpl5b7.bat id: auto-11bbb14a8928f1b0a1d5d50ba5e5823ae9b7b697fe095c35cebfaa95400e41f5 status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/8316621590/BMpl5b7.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/8316621590/BMpl5b7.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/8316621590/krjF0CY.bat id: auto-550089ad8f930b1f21a63eb7a2cc7215f1f40ac25079353e6b13bbc6c4ab6d13 status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/8316621590/krjF0CY.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/8316621590/krjF0CY.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/8316621590/eeNfuRg.msi id: auto-66398a67573d29d0c3f907442e5176695b494d3db393f363da1d3d2ff028500f status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/8316621590/eeNfuRg.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/8316621590/eeNfuRg.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/test/random.exe id: auto-785bf109f8dc7a92518ad200a064c037d9097ca9508c63479bc9efb32659ebef status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/test/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/test/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/final/random.exe id: auto-e635d993d164c007c3ddc6d6f780168d69150738da892302a1dd550afacf60cf status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/final/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/final/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/vid/random.exe id: auto-76cd29fbc1d32767c8370818d546bd22f686594ea58244873aa8290531c0aa62 status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/vid/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/vid/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/7281753217/qrTFBw7.exe id: auto-345ca24db1568f494f617f2fda87339e339c974fef28bd5feb54d81639fbb7ab status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/7281753217/qrTFBw7.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/7281753217/qrTFBw7.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/8525074840/mdOjagm.bat id: auto-ac92f57a4859e2e6145efa5432f984775df03931cdc9356be12a3b6ac0624b88 status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/8525074840/mdOjagm.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/8525074840/mdOjagm.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/8316621590/sQhzWPZ.exe id: auto-1a0121d681cb7ef8772528ab10965237a1536c26dc7f61701bb876889520bab6 status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/8316621590/sQhzWPZ.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/8316621590/sQhzWPZ.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/7341834371/BgAtGH0.exe id: auto-89ed9ca86baa404442c7c7ac14a53ddcd0f9426d321ba0154e74aa4873e46edf status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/7341834371/BgAtGH0.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/7341834371/BgAtGH0.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/gop/random.exe id: auto-cb21f321e1cc5876bbea1787b686f8541507b4d13c1956954ce719d3996e8b30 status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/gop/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/gop/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/6334661508/lzyfkOs.exe id: auto-82bb59c7f9892521f78cf61cc415ed9b945e968b4ae8a1e1ff302178facdd0aa status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/6334661508/lzyfkOs.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/6334661508/lzyfkOs.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/7281753217/2zVJACJ.exe id: auto-a9fd5ff65b8a6d7023961bf966464a29ac7b1139ce745142b3eece580484671a status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/7281753217/2zVJACJ.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/7281753217/2zVJACJ.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/5900855435/eNLe4nm.exe id: auto-5aadef0d4d71df62a9ab21a35ca117230ab940c31fe8aada30c99a24ed289ef0 status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/5900855435/eNLe4nm.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/5900855435/eNLe4nm.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/6608710704/ltjL6cP.exe id: auto-9fb828449a4108331bbbd0d6dddbd3f3ccb54efcd7eb870cbf1906eec3419f30 status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/6608710704/ltjL6cP.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/6608710704/ltjL6cP.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.196/files/5848981546/hRw1yLa.exe id: auto-ff07133d04fe6443a9eaf7cd9e46b733079f8d3c930bfd5ca5d472765ef52ff2 status: experimental description: Detects traffic or activity related to http://192.177.26.196/files/5848981546/hRw1yLa.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.196/files/5848981546/hRw1yLa.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.209.95/ycl id: auto-9d51dc50f57fce8b8b602f05c39175d733dc4ea3c3f621c4eb3b04dce9456939 status: experimental description: Detects traffic or activity related to http://158.94.209.95/ycl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.209.95/ycl*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ads-storage.biz/update id: auto-d5a6a48ac509783064afbb3d367ca79a97194470a14a0f498f26e430d665bdd3 status: experimental description: Detects traffic or activity related to http://ads-storage.biz/update which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ads-storage.biz/update*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.209.95/update id: auto-6e879e8b7dd547c1d1a892c51801de3c540ec1fe7874439afdf62aa00ce4f1f1 status: experimental description: Detects traffic or activity related to http://158.94.209.95/update which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.209.95/update*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.209.95/service id: auto-de004f593d1e31f19bce95ff6f50a499661f303dd7cb1a984ad84eb341714f15 status: experimental description: Detects traffic or activity related to http://158.94.209.95/service which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.209.95/service*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/1900003348/J3sfClg.msi id: auto-b60b9627912b1155ea7377ff1ebc431231564f2090a2f949d0390896dde0e7bc status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/1900003348/J3sfClg.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/1900003348/J3sfClg.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://80.89.224.210/1.exe id: auto-dd5cb59b786eec357ee3b76ca8bf823446f4882c507452431a54c791952c92c5 status: experimental description: Detects traffic or activity related to http://80.89.224.210/1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://80.89.224.210/1.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/7281753217/0WzaxgO.exe id: auto-46475d7757e8f4a0512d675e109d5e02a5423d6bfaad4e5609c1c81229817405 status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/7281753217/0WzaxgO.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/7281753217/0WzaxgO.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/5876083921/nP8xgws.exe id: auto-59c9b0e4b2afaf64b956b636bd2257dac54bbc37b49e758cfb7a321c8c11117c status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/5876083921/nP8xgws.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/5876083921/nP8xgws.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/8042875554/QxknRPs.exe id: auto-7670d29599746b21b21dc6cd12dc6f8a6f2517cfc6965348e12bbd27e5cd4164 status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/8042875554/QxknRPs.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/8042875554/QxknRPs.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/7180287117/Gb7grdV.exe id: auto-50628d8c0ba514a23be6dace107d8a4ce64e2278dcb17386b0d731a462b221a4 status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/7180287117/Gb7grdV.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/7180287117/Gb7grdV.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/6099399783/FyZhvph.exe id: auto-86ac75c5ad8b534663eafe00d3189515e8fbb7a12d0fd9f7a73fb7be01033968 status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/6099399783/FyZhvph.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/6099399783/FyZhvph.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/2038862353/UbL56O6.exe id: auto-7c14f00678cf4afb1eb530a5a40ede1342f391f88d2bdd182d227b8a7cfeed1b status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/2038862353/UbL56O6.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/2038862353/UbL56O6.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://d8.tfdl.net/public/2026-03-25/4c08a097-0c18-4ced-a7cb-ae468f709454/Release.exe id: auto-f3b4bf1b578e6a6fbcb90847885f937c44376113e17492ef9d374438169727bc status: experimental description: Detects traffic or activity related to https://d8.tfdl.net/public/2026-03-25/4c08a097-0c18-4ced-a7cb-ae468f709454/Release.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://d8.tfdl.net/public/2026-03-25/4c08a097-0c18-4ced-a7cb-ae468f709454/Release.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/8316621590/VHFgfjr.bat id: auto-c8deb3853488ea8d1c63abcf040eabd4b7636db07f4470040abce8d5a88ab029 status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/8316621590/VHFgfjr.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/8316621590/VHFgfjr.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/8316621590/PKhCkYB.bat id: auto-7a9c7005838f6738a154c9239df37261a9c5fa6f267002cc185a932d34014feb status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/8316621590/PKhCkYB.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/8316621590/PKhCkYB.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/8316621590/8m5apzl.bat id: auto-91213c0be12b13c8394f523bb27bd1a98c76f9ca2b8bd411209bc873bea2f0a5 status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/8316621590/8m5apzl.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/8316621590/8m5apzl.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/8316621590/9zrv74X.bat id: auto-1c7040e86a7f7992624353a0410a8769636b41ce377bd022b78ec53cd54ff1bb status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/8316621590/9zrv74X.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/8316621590/9zrv74X.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/8316621590/jbkTj1S.bat id: auto-b23e77181d967beea0167ef30c6d66b8f7f79959b006598f0b7698f1d156e145 status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/8316621590/jbkTj1S.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/8316621590/jbkTj1S.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/8316621590/dRf4qKq.bat id: auto-a7b469827b9ee0cf13372a2a27878299ecd0b03300a070811a476b04e8a55067 status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/8316621590/dRf4qKq.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/8316621590/dRf4qKq.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/8316621590/Cvrbg1F.bat id: auto-7740b41a3050f1264bfdc522d04de1e4cb1a50f0771d6a0dd5d9fa5b3fe9fb9c status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/8316621590/Cvrbg1F.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/8316621590/Cvrbg1F.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/8316621590/qp9GNBx.exe id: auto-591f4c69321600c81dccb0199f6947e4cb3fc63181a159eae8c02a9560d5cdc0 status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/8316621590/qp9GNBx.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/8316621590/qp9GNBx.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/7782139129/ADgr3iT.exe id: auto-994f8442c9bd268770d51ea537e4ddcde5deb41823fd34392795aafc500f79fa status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/7782139129/ADgr3iT.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/7782139129/ADgr3iT.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/1781548144/QlQgCVH.exe id: auto-8521558a3bac25b7a4274a9e97a6d7f69c1e8383fa9afc4fd676306d1982ce0f status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/1781548144/QlQgCVH.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/1781548144/QlQgCVH.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/8468794285/ZuVvCYO.exe id: auto-c357be5fce33adbbb214daa4822c60b8702ba37aaa0abf9c4636843d83aefc5c status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/8468794285/ZuVvCYO.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/8468794285/ZuVvCYO.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/1032264266/l8iybfv.exe id: auto-08c789478b9b140539f922282587a38cbbee5f8e77c695d5f17ad7ef978957b0 status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/1032264266/l8iybfv.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/1032264266/l8iybfv.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/1103068177/8WTjrO1.exe id: auto-25745e1df600d08bc0d19457cd5d345bf8489696cbf877bf3f1dc89a05929f36 status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/1103068177/8WTjrO1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/1103068177/8WTjrO1.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.222.160.157/files/7268244560/lJWEIBb.exe id: auto-b2a5bebcf673b8da63a3c17ee684cdc6d5b5239fa95eb2d993941ca5e95c260a status: experimental description: Detects traffic or activity related to http://185.222.160.157/files/7268244560/lJWEIBb.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.222.160.157/files/7268244560/lJWEIBb.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.252.21.239/files/7268244560/lJWEIBb.exe id: auto-950fc99b786843ea5619910689750244b4797a043c70acd87cabb01e5025a715 status: experimental description: Detects traffic or activity related to http://5.252.21.239/files/7268244560/lJWEIBb.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.252.21.239/files/7268244560/lJWEIBb.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.252.21.239/files/8468794285/gMZcvzp.exe id: auto-a179383e1bbd8eb41ea0cd8cf2f3ede8634014f85f941c8f258cc4f692332f21 status: experimental description: Detects traffic or activity related to http://5.252.21.239/files/8468794285/gMZcvzp.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.252.21.239/files/8468794285/gMZcvzp.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.252.21.239/files/7535437325/hGTWd27.bat id: auto-1013cf9e57a2a2c348d67f7259e34a46b81cc81d80f4f9c3f647a120c9a8abd9 status: experimental description: Detects traffic or activity related to http://5.252.21.239/files/7535437325/hGTWd27.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.252.21.239/files/7535437325/hGTWd27.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.222.160.157/files/8520831842/ItFz5ZS.exe id: auto-e0768cab90ba49c8801bf6597240e2a1f2bab28ed7b5e1970ff4b547093bcb8f status: experimental description: Detects traffic or activity related to http://185.222.160.157/files/8520831842/ItFz5ZS.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.222.160.157/files/8520831842/ItFz5ZS.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.252.21.239/files/8520831842/ItFz5ZS.exe id: auto-1e20d830dd4633aade4b190912ea98e2ba9e6481c639daeb45d3841b7578bf2c status: experimental description: Detects traffic or activity related to http://5.252.21.239/files/8520831842/ItFz5ZS.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.252.21.239/files/8520831842/ItFz5ZS.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/7268244560/PHl2Bgd.exe id: auto-40dbb86639d8cfea3cc0cedc5bdb54be1217c85a97a40a464995a0bbdc301dcd status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/7268244560/PHl2Bgd.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/7268244560/PHl2Bgd.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/1323113534/JMn7hFc.msi id: auto-6506aa4002bdb9da7286d6c2532af1067fa9670aa88ae27999dfb8ad195f7e61 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/1323113534/JMn7hFc.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/1323113534/JMn7hFc.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://kinetiqa.space/l/1mnIJ3BH.exe id: auto-c91b7c1bc411e2ae2d22c1e64b9062391e148a3497c3ed8808142d497e861cbf status: experimental description: Detects traffic or activity related to https://kinetiqa.space/l/1mnIJ3BH.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://kinetiqa.space/l/1mnIJ3BH.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/7341834371/BgAtGH0.exe id: auto-fbd651187621a801d6cc2c7c1f07a0c3f1b13cdd61de4c2a890f31242ecdc1bd status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/7341834371/BgAtGH0.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/7341834371/BgAtGH0.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/7850695435/gpaMBVQ.msi id: auto-205683727d518a42b24c8197bd848c5e036bccef0f31e4ec8c4d4529dc702d2a status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/7850695435/gpaMBVQ.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/7850695435/gpaMBVQ.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/7453936223/KAQ8PQ5.exe id: auto-08d167e00af328dbb8648ba444fb66e051d2ff8f5bb3cedb17066ca17a6887ed status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/7453936223/KAQ8PQ5.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/7453936223/KAQ8PQ5.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/7782139129/1fz7hzL.bat id: auto-f2f891ce56701c8f924fd405cb7ceb7f8630575ba2a473ee11d1575068e08135 status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/7782139129/1fz7hzL.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/7782139129/1fz7hzL.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/8036065901/ggGms6j.exe id: auto-17ab7de404838c37bde50c2775f5eba4addf94fe124c5593cd08017b9b62ddaa status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/8036065901/ggGms6j.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/8036065901/ggGms6j.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/7535437325/hyYzXsC.bat id: auto-4c214c918f4673b6893803ce12b4f5515a84057208838b840e6059cfd6bfd77e status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/7535437325/hyYzXsC.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/7535437325/hyYzXsC.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/8531638373/QWFfVk7.exe id: auto-cb7879c0efcac0802edcfc4c9cdee523afc055de56222aba1f73b477263bf44d status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/8531638373/QWFfVk7.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/8531638373/QWFfVk7.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/7782139129/S6xWuZ1.exe id: auto-b9599217c082c28f2fe9d556beb17bfa04e1738648d77c46596408c5d2baf623 status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/7782139129/S6xWuZ1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/7782139129/S6xWuZ1.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/7782139129/ZSZfFtn.exe id: auto-bfa937523f15655a8b64de1d8b136e75909e164f09fa15c71b13c10e07bb2fd0 status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/7782139129/ZSZfFtn.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/7782139129/ZSZfFtn.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/8434554557/X8cqVrA.exe id: auto-fec63a3213a9fa51cf1b55a396baaffa54033e9d6d07610347c39a4b757e0072 status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/8434554557/X8cqVrA.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/8434554557/X8cqVrA.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/5848981546/hRw1yLa.exe id: auto-8498bc54a2f513f23332d30eb6df8c89ddec3dc093e58b4f49b3f6d7da19ba17 status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/5848981546/hRw1yLa.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/5848981546/hRw1yLa.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/neo/random.exe id: auto-af77770369377e773c14c7da89ad419e4437d0f4244a041aa1e66de8a58a2561 status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/neo/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/neo/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/test/random.exe id: auto-2330dcfc944da0262b06b28da691c297990a54979749a4508fe654c722eafce0 status: experimental description: Detects traffic or activity related to http://158.94.208.168/test/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/test/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/final/random.exe id: auto-792c044cbdf8a0e26e55218d17b82b0cdde574347ebb18d04e71766133af76e8 status: experimental description: Detects traffic or activity related to http://158.94.208.168/final/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/final/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/files/gop/random.exe id: auto-8e7977d64e6f8e858c3168d28b89442963c4ff8ab70439ec8895c063efa09600 status: experimental description: Detects traffic or activity related to http://158.94.208.168/files/gop/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/files/gop/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.168/vidar/random.exe id: auto-3019cef3b195a790713cb18b9102e6c081e26b99e7c565efc2ef80dbb8ffb772 status: experimental description: Detects traffic or activity related to http://158.94.208.168/vidar/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.168/vidar/random.exe*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.222.160.157/files/5848981546/l119oBn.exe id: auto-47580123621779c17c81875e8248a50f4accf5073105ad548192bf8659d318a3 status: experimental description: Detects traffic or activity related to http://185.222.160.157/files/5848981546/l119oBn.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.222.160.157/files/5848981546/l119oBn.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.222.160.157/files/7535437325/hyYzXsC.bat id: auto-c06aefa846240be91f89b4c8817e078d1b00ba1928afa3c0b2923782715994e7 status: experimental description: Detects traffic or activity related to http://185.222.160.157/files/7535437325/hyYzXsC.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.222.160.157/files/7535437325/hyYzXsC.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.222.160.157/files/8434554557/X8cqVrA.exe id: auto-c7521805c3502fa5eca66f61c8df7a60053f51acc17c0c8a4090b608da8ee197 status: experimental description: Detects traffic or activity related to http://185.222.160.157/files/8434554557/X8cqVrA.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.222.160.157/files/8434554557/X8cqVrA.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.222.160.157/files/8036065901/ggGms6j.exe id: auto-992cc0cace99ab27d237b00d70f92852cd2ea8d1d93af98fbc8589e1ef19854d status: experimental description: Detects traffic or activity related to http://185.222.160.157/files/8036065901/ggGms6j.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.222.160.157/files/8036065901/ggGms6j.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.222.160.157/files/7453936223/KAQ8PQ5.exe id: auto-281c8710a765edbea05e0ec61aa832d115036e30194d3b87d1c28c417b96777c status: experimental description: Detects traffic or activity related to http://185.222.160.157/files/7453936223/KAQ8PQ5.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.222.160.157/files/7453936223/KAQ8PQ5.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.222.160.157/files/5900855435/eNLe4nm.exe id: auto-e959082c52d039bd8530213a0d91de635608337b21a872b96ecc591e2031abdd status: experimental description: Detects traffic or activity related to http://185.222.160.157/files/5900855435/eNLe4nm.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.222.160.157/files/5900855435/eNLe4nm.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.222.160.157/files/7782139129/S6xWuZ1.exe id: auto-a790f70eb8659f642f855b0d27d3384d55ce92303d1d41c32c9b9b350a4c9c4e status: experimental description: Detects traffic or activity related to http://185.222.160.157/files/7782139129/S6xWuZ1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.222.160.157/files/7782139129/S6xWuZ1.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.222.160.157/files/7782139129/ZSZfFtn.exe id: auto-4e12a98179293770d06061aa9b3a8e1b77c4f6f85814df29b9de6de8c6d41495 status: experimental description: Detects traffic or activity related to http://185.222.160.157/files/7782139129/ZSZfFtn.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.222.160.157/files/7782139129/ZSZfFtn.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.222.160.157/files/8574065846/HPlEReH.exe id: auto-38b081500a0f7c76293c7f7a3d71c1209fc7ab24d5440fc4cafae0138d9c4c23 status: experimental description: Detects traffic or activity related to http://185.222.160.157/files/8574065846/HPlEReH.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.222.160.157/files/8574065846/HPlEReH.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.222.160.157/files/7341834371/BgAtGH0.exe id: auto-a0d698d822b6cbd01259c56e75985c258db06dd52a5f437123b960a9b6ea6b3f status: experimental description: Detects traffic or activity related to http://185.222.160.157/files/7341834371/BgAtGH0.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.222.160.157/files/7341834371/BgAtGH0.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.222.160.157/files/7850695435/gpaMBVQ.msi id: auto-2c68c3fa9c00f838443ed3759c70abafd3d3b7822d856df88fe5705dcbea348b status: experimental description: Detects traffic or activity related to http://185.222.160.157/files/7850695435/gpaMBVQ.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.222.160.157/files/7850695435/gpaMBVQ.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.222.160.157/files/8531638373/QWFfVk7.exe id: auto-9088ac10d10eabf766e1a268abc0fbabbc84beb50e7f462de8a5214a93ef7b16 status: experimental description: Detects traffic or activity related to http://185.222.160.157/files/8531638373/QWFfVk7.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.222.160.157/files/8531638373/QWFfVk7.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.222.160.157/files/8717422379/VMa1dJb.exe id: auto-2db766b31b79a149ab7b3dbebeaf66640e76fff0750175e5c03fa62e50bcd8b3 status: experimental description: Detects traffic or activity related to http://185.222.160.157/files/8717422379/VMa1dJb.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.222.160.157/files/8717422379/VMa1dJb.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.222.160.157/files/7782139129/1fz7hzL.bat id: auto-181005c010fa80bc8233f5bcbb90db18ddb9ddc44a43292df3ff407a3ec5f9c3 status: experimental description: Detects traffic or activity related to http://185.222.160.157/files/7782139129/1fz7hzL.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.222.160.157/files/7782139129/1fz7hzL.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.222.160.157/files/unique5/random.exe id: auto-d979586c8b68232a4e37cc4996e1df1220e061ede7c08f22e7867058b9454051 status: experimental description: Detects traffic or activity related to http://185.222.160.157/files/unique5/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.222.160.157/files/unique5/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.222.160.157/final/random.exe id: auto-bab987e2673f61daee6daf64143c43031044cb9d32f716d73b908d7e0821c291 status: experimental description: Detects traffic or activity related to http://185.222.160.157/final/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.222.160.157/final/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.222.160.157/files/rdx/random.exe id: auto-f8e7c903c29ecb46072b7ce1c23c1881eafc4f0e6396d8323478c33c9d2012b2 status: experimental description: Detects traffic or activity related to http://185.222.160.157/files/rdx/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.222.160.157/files/rdx/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.222.160.157/files/gop/random.exe id: auto-ef2d8813dce961aecb7b5c7afa4d6dc32ca0c3dde69c59d0d539aaee1b2a1e00 status: experimental description: Detects traffic or activity related to http://185.222.160.157/files/gop/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.222.160.157/files/gop/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.222.160.157/vidar/random.exe id: auto-90289cbe48b6178d2f9980833f36be81499109e3d1243222372f5ff488d0f055 status: experimental description: Detects traffic or activity related to http://185.222.160.157/vidar/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.222.160.157/vidar/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.252.21.239/files/7268244560/aXV4mjN.exe id: auto-b11a30b32f12d11c017ef3dbaae727a51794b46524cb25b1d94bd6a1a3f58fc0 status: experimental description: Detects traffic or activity related to http://5.252.21.239/files/7268244560/aXV4mjN.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.252.21.239/files/7268244560/aXV4mjN.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.252.21.239/vidar/random.exe id: auto-388092379569dcf96b23afd21bf15873ac54b046f1b70dda97fa243f5b3eeae5 status: experimental description: Detects traffic or activity related to http://5.252.21.239/vidar/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.252.21.239/vidar/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.252.21.239/files/7776573655/KSsORhg.exe id: auto-db7a41f83aa7ee6d978434d88fbb94aa089f6458b812069fa5038b8ab76c2787 status: experimental description: Detects traffic or activity related to http://5.252.21.239/files/7776573655/KSsORhg.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.252.21.239/files/7776573655/KSsORhg.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.252.21.239/files/7453936223/KAQ8PQ5.exe id: auto-77b053b31f928fc0f6bb1d0dfa4bab91d8b7b456554f1c1dc97f858e42616023 status: experimental description: Detects traffic or activity related to http://5.252.21.239/files/7453936223/KAQ8PQ5.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.252.21.239/files/7453936223/KAQ8PQ5.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.252.21.239/files/7115306239/4VbzEBd.exe id: auto-220f8b35514924e0644df91d246c7a8b4c99a69d5b3bfae9e5d83884a28878a5 status: experimental description: Detects traffic or activity related to http://5.252.21.239/files/7115306239/4VbzEBd.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.252.21.239/files/7115306239/4VbzEBd.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.252.21.239/files/7782139129/1fz7hzL.bat id: auto-91072532c1d1bb9fa78e0b798c8453a9b2eabea6d801de7b0e3f7104a25ddc0b status: experimental description: Detects traffic or activity related to http://5.252.21.239/files/7782139129/1fz7hzL.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.252.21.239/files/7782139129/1fz7hzL.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.252.21.239/files/8531638373/QWFfVk7.exe id: auto-bb4efc1428d95714f59247ac05c0f8961bd82292a3ed4538759ede7a8852594c status: experimental description: Detects traffic or activity related to http://5.252.21.239/files/8531638373/QWFfVk7.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.252.21.239/files/8531638373/QWFfVk7.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.252.21.239/files/7341834371/BgAtGH0.exe id: auto-93e060adb7a14e32ff9ef9370358a9b9d47a89595bb50d5d81aaf3456fb07169 status: experimental description: Detects traffic or activity related to http://5.252.21.239/files/7341834371/BgAtGH0.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.252.21.239/files/7341834371/BgAtGH0.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.252.21.239/files/8434554557/X8cqVrA.exe id: auto-43c3824229eccb3545bcdfcb3f6e4df77d4179143e6c4018285bbecdaeeb62e5 status: experimental description: Detects traffic or activity related to http://5.252.21.239/files/8434554557/X8cqVrA.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.252.21.239/files/8434554557/X8cqVrA.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.252.21.239/files/7850695435/gpaMBVQ.msi id: auto-fa8a109197a2d11c21b5b98b62937e50ee8c395b1023662b2b55332567386af2 status: experimental description: Detects traffic or activity related to http://5.252.21.239/files/7850695435/gpaMBVQ.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.252.21.239/files/7850695435/gpaMBVQ.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.252.21.239/files/8574065846/HPlEReH.exe id: auto-2ee9f9044ba81af745ccba30751d32f66fe23f29dc42d4eaaf7cfda4055e94fd status: experimental description: Detects traffic or activity related to http://5.252.21.239/files/8574065846/HPlEReH.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.252.21.239/files/8574065846/HPlEReH.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.252.21.239/files/8036065901/ggGms6j.exe id: auto-3b71c02049a1410abfceca0cec57d8e5577cb724f5a21364f1c97abe85abeff9 status: experimental description: Detects traffic or activity related to http://5.252.21.239/files/8036065901/ggGms6j.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.252.21.239/files/8036065901/ggGms6j.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.252.21.239/files/unique5/random.exe id: auto-ac9038181df481b0642ce683f708ef0c9b0379169eabac77a7c3822a4869a6b1 status: experimental description: Detects traffic or activity related to http://5.252.21.239/files/unique5/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.252.21.239/files/unique5/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.252.21.239/test/random.exe id: auto-e0857d7749b9029b7213030113c5fb1f20ac9a5a516b6f8eeaa660ad45f42739 status: experimental description: Detects traffic or activity related to http://5.252.21.239/test/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.252.21.239/test/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.252.21.239/files/neo/random.exe id: auto-c7be75435841a57d2c8a3407a0ce8f9b4e507d6f5fa92ae3f8d7681bb4aad3b9 status: experimental description: Detects traffic or activity related to http://5.252.21.239/files/neo/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.252.21.239/files/neo/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/7115306239/Qub5kf3.exe id: auto-3039fefb4948a62cbf34c9d2605039249bb88f1c2d901bda083d3ef5a6da35e4 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/7115306239/Qub5kf3.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/7115306239/Qub5kf3.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/neo/random.exe id: auto-c76ec2d4c6536157c13423b490bb1fe1b2fe00f6b6998ecb98b557361e2f2448 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/neo/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/neo/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://horbusten.com/2jYoFsuhVe.exe id: auto-1a58d85430e130240e1b39939f4f28d301fa10ab41c6c5e14bd72fb640e6a0fc status: experimental description: Detects traffic or activity related to https://horbusten.com/2jYoFsuhVe.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://horbusten.com/2jYoFsuhVe.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/8520831842/YKvV4YH.exe id: auto-9e3bd10e457902ca79e6f8b412ccb20715807262b5818bbbfe0e5d06e68798a5 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/8520831842/YKvV4YH.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/8520831842/YKvV4YH.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/7556497175/vDnC6Bk.ps1 id: auto-8f93105f2b031a5e087ffc33f0c87bb945174850209b8c691f70ab0cb86009b3 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/7556497175/vDnC6Bk.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/7556497175/vDnC6Bk.ps1*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/8717422379/VMa1dJb.exe id: auto-f0a360a076f2b173f3fa59be75e14259d9645a6e99b91d494460d451cb4586e9 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/8717422379/VMa1dJb.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/8717422379/VMa1dJb.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/7776573655/uVFeyUy.exe id: auto-5a85048ac4439f6ce62ecb3557cb7c74fd8eb9db1869804991ff75baaf5a581a status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/7776573655/uVFeyUy.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/7776573655/uVFeyUy.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/7850695435/gpaMBVQ.msi id: auto-4fb3823a872c59103e7f878d3d75c9be129b93b512f1779d624080ebb60f28a5 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/7850695435/gpaMBVQ.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/7850695435/gpaMBVQ.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/8705834433/8njNDcy.exe id: auto-b4a394276ca7fc00f58278753f7b26845e12a1919fdf1b188976e510a675e35d status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/8705834433/8njNDcy.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/8705834433/8njNDcy.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.137.232.95/1.exe id: auto-65a9b5b1cf2a241bbcc1dcf83ee0c938de33347965a6d604b7c794b789623c77 status: experimental description: Detects traffic or activity related to http://188.137.232.95/1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.137.232.95/1.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/5657278942/wTC5hgy.msi id: auto-e0fb2b7bd4dc5ae9e294043472df4242c68c4cef9fb2a20aa68f747f6c84e6f1 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/5657278942/wTC5hgy.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/5657278942/wTC5hgy.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/7845402472/eL1aVtT.exe id: auto-ed3cd7a3f0345d30a8d1ef72d41b87c3b515f0f02e5b18ad717837da42216de1 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/7845402472/eL1aVtT.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/7845402472/eL1aVtT.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.137.230.88/1.exe id: auto-bde1adb496a4fc038ac40aa176cba088c095dda40419fb3caccc7b510de8163b status: experimental description: Detects traffic or activity related to http://188.137.230.88/1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.137.230.88/1.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/8574065846/HPlEReH.exe id: auto-3697c79bca20e93fdddb276b0d08cffa427cc065325738432d3ca4e4f932a0c1 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/8574065846/HPlEReH.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/8574065846/HPlEReH.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://nelark.icu/xftaswx/res/get-command.php id: auto-ab6f865a3b0e7e6cc07ce1a99b0eab277089d8309df688c8a90dbb32d7216c7a status: experimental description: Detects traffic or activity related to https://nelark.icu/xftaswx/res/get-command.php which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://nelark.icu/xftaswx/res/get-command.php*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/7782139129/VGAGvKd.msi id: auto-16fdfe6e63c516e99b5308f7dd02a5850da63e532f3d3f72e6004798914e755f status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/7782139129/VGAGvKd.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/7782139129/VGAGvKd.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/8283992944/RriJPMz.exe id: auto-db9d954f6ea5ddc7aafcea74c30f403d7144a413aad5b0ad9ea6da0b14be7e00 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/8283992944/RriJPMz.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/8283992944/RriJPMz.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/7782139129/S6xWuZ1.exe id: auto-8f81ebd598eb6d88ce2bf3dc66b2e14d6d9d2bd02d22c3cdfcb11fccdcd942b4 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/7782139129/S6xWuZ1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/7782139129/S6xWuZ1.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/7782139129/Y9lcbSi.exe id: auto-af4c775e25192d54a6e5620db5ccd196fc2460a9218701f538f80f27a6c61a95 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/7782139129/Y9lcbSi.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/7782139129/Y9lcbSi.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/7460962853/qZGuNez.exe id: auto-46ae73c201661e1602c6b6cbb612be9d1ea045574e5df13298d3b77e4fc3281f status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/7460962853/qZGuNez.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/7460962853/qZGuNez.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://api.wewpwsw.su/gate.exe id: auto-8f599d53285aaf378c8a556a0c2d161080efe81674a55bc082a3a3add25adb3d status: experimental description: Detects traffic or activity related to https://api.wewpwsw.su/gate.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://api.wewpwsw.su/gate.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/7782139129/7GKCAjW.exe id: auto-cd41323f12a308189fde6aa8ad374f6dda86183c6c2c7d395e09bd032c32c5d4 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/7782139129/7GKCAjW.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/7782139129/7GKCAjW.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/8530419136/wt3Pima.exe id: auto-f92ca20a0872fd5172b3c522b443c67ca6bb0bb6b27a8a903ba60b021760c254 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/8530419136/wt3Pima.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/8530419136/wt3Pima.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/8520831842/DEpKvYR.exe id: auto-c3a52153cae2dde9e0eb6d38719fb4003c1879b1e6ab006e41955f62fb0f2181 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/8520831842/DEpKvYR.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/8520831842/DEpKvYR.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/8167064937/Ypu2UPL.exe id: auto-a3830aea68f8af4f733e1ff902d7029207355b23e690713fa6dea2421b19dd31 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/8167064937/Ypu2UPL.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/8167064937/Ypu2UPL.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/8012574236/4aMmUA4.exe id: auto-c160bdd4e351cf1b30dfe9bff0c902d7aa3131d9dafeea029423b40c3bc75fd3 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/8012574236/4aMmUA4.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/8012574236/4aMmUA4.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/7769977063/H7DC3me.bat id: auto-c8d43775ba05951792e375d1b4ca741abdfb2c7269d443ab6e225c98c0564995 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/7769977063/H7DC3me.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/7769977063/H7DC3me.bat*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://s3.g.s4.mega.io/aileqac3yep7oqdhygjpberqqnk2zrnhck2lx/busket/2/03x12x26/01/OHKSFJCE.exe id: auto-1d2ec9f3c195fdf12e4cec50837cc297e5a0588594a596f5576999f2ee9cb920 status: experimental description: Detects traffic or activity related to https://s3.g.s4.mega.io/aileqac3yep7oqdhygjpberqqnk2zrnhck2lx/busket/2/03x12x26/01/OHKSFJCE.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://s3.g.s4.mega.io/aileqac3yep7oqdhygjpberqqnk2zrnhck2lx/busket/2/03x12x26/01/OHKSFJCE.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/6902778688/AcjqUEy.exe id: auto-02dd11d19ffbfcbc0381e6427ae7aa8211c06e64ac4047a0da2e6b9a2d53c72d status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/6902778688/AcjqUEy.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/6902778688/AcjqUEy.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/8441193572/Na8U4Fe.exe id: auto-3028d8e9ed1afcb8473cb14edf25556b268d6032bdadc62123fb7e72fdfe2e83 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/8441193572/Na8U4Fe.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/8441193572/Na8U4Fe.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/8425384370/mnVpX0P.exe id: auto-c775f7a2a6e634ded7a75d8554e9b3fd0fdf35dc2a8b29182e6f30a222e5cfb8 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/8425384370/mnVpX0P.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/8425384370/mnVpX0P.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/7903503838/hsy2OKS.exe id: auto-abcf0485baa6cec89a30af2109758ce02a3e7a65fdc2839a1b588457d7659e36 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/7903503838/hsy2OKS.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/7903503838/hsy2OKS.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/8425384370/cpX8aAx.exe id: auto-17d65a2e62488a6d506fd89a11ca743f6c6e493a94fd9c2804e125f88f6af92f status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/8425384370/cpX8aAx.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/8425384370/cpX8aAx.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/gop/random.exe id: auto-6ffebb9d9c89227241ba23fe2d5fdd1d03a8f518d9ca889c6bf215b4292ee971 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/gop/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/gop/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/oblivora/random.exe id: auto-5f892b0d9ee643820d4f42b1f37207861019fcc8369e5e1dc045c9fca9298e65 status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/oblivora/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/oblivora/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/7903503838/hsy2OKS.exe id: auto-b7065607586312babd5e97e22a341e01f041b1178e6e4858be28b470b08691d3 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/7903503838/hsy2OKS.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/7903503838/hsy2OKS.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.7/files/rdx/random.exe id: auto-38dd814f22937c8b809a26411cf780dac0f0d4fe5c2da77a8cb5b0c8d0c991ca status: experimental description: Detects traffic or activity related to http://158.94.208.7/files/rdx/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.7/files/rdx/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/8167064937/TOFxZfq.exe id: auto-10da4aed2937eed07fd0340211dc041ef9eb0b4c5108027a44e75542f884df87 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/8167064937/TOFxZfq.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/8167064937/TOFxZfq.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://baritonclick.online/uploads/sharp.exe id: auto-6e8bf0b142e595f6b77521d45cfc124137e4d83d4e321272afb60202c7a47d04 status: experimental description: Detects traffic or activity related to https://baritonclick.online/uploads/sharp.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://baritonclick.online/uploads/sharp.exe*' condition: selection level: high tags: - attack.t1059.003 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/8548282130/K6IpIvm.exe id: auto-71019a79f7441db9373a8477d512c60982a9cf4af8877e42e354d53dd9de4fdd status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/8548282130/K6IpIvm.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/8548282130/K6IpIvm.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/8635093259/Fh1zHU4.exe id: auto-7357f79d67be9fe9343dbd2874bc156a38d06175a79ca951381464429d958c32 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/8635093259/Fh1zHU4.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/8635093259/Fh1zHU4.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/8425384370/xo3ti4X.exe id: auto-538f70222b870e03d6ff2894d517b4fc82ed0b18c9987f900fa5877d20877d63 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/8425384370/xo3ti4X.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/8425384370/xo3ti4X.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/7903503838/PGy75Fu.exe id: auto-76f629493b6be71d52eb190d4f1d9872cac6ccd2814ef02687c139eb1ab7044c status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/7903503838/PGy75Fu.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/7903503838/PGy75Fu.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/8317147124/Ugy77D4.exe id: auto-7afbed6a4b752340bed45ea726436089e5a24c1bcf4773e3ecf0ff03180d1a39 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/8317147124/Ugy77D4.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/8317147124/Ugy77D4.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/8317147124/Kr7cPTQ.exe id: auto-91b83a81d65180deabffcee7b88f7770ae64544ed4ca8c9cf6f19c6619c9d278 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/8317147124/Kr7cPTQ.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/8317147124/Kr7cPTQ.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/7782139129/4Qrxrgo.exe id: auto-f6a702a1937051a5f44d3692d8fd54559b8a97e64cc54b84513ea2bd2dd6c442 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/7782139129/4Qrxrgo.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/7782139129/4Qrxrgo.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/oblivora/random.exe id: auto-14b5c5595342e6e1761f116300cd4962892f80632c40eca7738614969794fdaf status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/oblivora/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/oblivora/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/8538310255/Ouxs217.exe id: auto-fda3b868502eb561e93553574feefc760221a189e579e1bfa935603307c40f31 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/8538310255/Ouxs217.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/8538310255/Ouxs217.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/8290342669/SBD1ils.bat id: auto-717a15a898c72816e9655d31609e7c252649de4d6483530cc65dd7560679881c status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/8290342669/SBD1ils.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/8290342669/SBD1ils.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/7903503838/kUpExhy.exe id: auto-917b30d4f5ba65f940f19309a6ced89637dec7bcf56a730556f0f543449adb83 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/7903503838/kUpExhy.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/7903503838/kUpExhy.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/7824924311/u0J9Mv7.msi id: auto-d1fdc30f3b183ec6e5c7d7ee04a3702fcefd0f35dc4cf1efab64d4d2e26e6547 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/7824924311/u0J9Mv7.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/7824924311/u0J9Mv7.msi*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/7903503838/isxodFn.exe id: auto-ca8afb4dc61b91075a8c9563bce1c8779e1dce1f826c69be934e2f44a59712f7 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/7903503838/isxodFn.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/7903503838/isxodFn.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/heine/random.exe id: auto-ff46b9c853e464296693731d7b72e040807940d270da3eda06208966e08f4773 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/heine/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/heine/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/8468794285/iBC1OE9.exe id: auto-ab0fb5819d42888f87093f857d2b21b6bff776a2402a4862821d6fecf04e3f81 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/8468794285/iBC1OE9.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/8468794285/iBC1OE9.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/unique2/random.exe id: auto-42709c4c60fa1a4c8b18ace656de7edf17e9586e08ed8e623f1803823e7df62a status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/unique2/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/unique2/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/8548282130/trP9KGI.bat id: auto-574d14838d5042c293d47d6bd8b7a2ad1ce6de5d7a3e8d8a82b2c0618548ef21 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/8548282130/trP9KGI.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/8548282130/trP9KGI.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/8468794285/5vroDFE.exe id: auto-4c6a91e76faff00c2385fb24160a597332067782eaa9f2b84d3cdfc10ecac92d status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/8468794285/5vroDFE.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/8468794285/5vroDFE.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/8733674968/jLZuxmu.exe id: auto-b0943f6a46866313645deb463c202bef8f3b6fa4c62a5160d76f72460c693909 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/8733674968/jLZuxmu.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/8733674968/jLZuxmu.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.0.32.141:3001/gate.exe id: auto-1baf76cd651369e014f0e911a7a3b9353623879be767b58215619d577d7db720 status: experimental description: Detects traffic or activity related to http://74.0.32.141:3001/gate.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.0.32.141:3001/gate.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/1225117411/Blr3MBe.msi id: auto-8f14831d0a074eebfb3169c5619cf133cb2f23c977b740dd495fe0335be83e9e status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/1225117411/Blr3MBe.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/1225117411/Blr3MBe.msi*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/7309295924/SpdWqa6.exe id: auto-22e04711d73d592bd495c1e121423efe70343b81e6395bef9dc62c7c43def2d4 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/7309295924/SpdWqa6.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/7309295924/SpdWqa6.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/6961337700/4p8oGAO.exe id: auto-735283927c7a6e7e834cff31f993d945c2fe3a213c779acff0dc83f7172e6a60 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/6961337700/4p8oGAO.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/6961337700/4p8oGAO.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/gop/random.exe id: auto-37c89808ebde46d8d2e0aa558a87cd55e56b780f2dc395afd5c0040b3f0efecf status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/gop/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/gop/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/6608710704/1r6sQRc.exe id: auto-46ca0dea5205b5de97307b82f4ded40417fea538d0472e407896bc30fe4669e8 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/6608710704/1r6sQRc.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/6608710704/1r6sQRc.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/7725193537/jdVAN80.exe id: auto-9b6edff647b1e6740c9fc86c2733db0b12033fbd0f5213baced0d4b8e12851a0 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/7725193537/jdVAN80.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/7725193537/jdVAN80.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/5908119101/gkmdY2O.exe id: auto-8a76cb085319cf1e1ef582aace66d7a435ecd5de19c53b6ad4e650b326e9116a status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/5908119101/gkmdY2O.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/5908119101/gkmdY2O.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/7260582679/YOaxz85.exe id: auto-2448d46002877539d0b6b9e1acbce0df701b29808844be1ad013951846f47bdd status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/7260582679/YOaxz85.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/7260582679/YOaxz85.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/8243287745/p9ulf8e.msi id: auto-d38bc83f154c540a5aa273034160d2712a6922f3ab3c6130e3ba885f59c2afe9 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/8243287745/p9ulf8e.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/8243287745/p9ulf8e.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/7782139129/PKenO2z.exe id: auto-5d07047c3857a1acf75592a0563a1e80c6cf0945764f157381bdb6f4a43c4c78 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/7782139129/PKenO2z.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/7782139129/PKenO2z.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/5900855435/eNLe4nm.exe id: auto-ce5909e09990805e8091989de60dc1656fcb1b74f4f26aae75422b7e4fff03f8 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/5900855435/eNLe4nm.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/5900855435/eNLe4nm.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/8499672124/b1JNsvy.exe id: auto-febf42cb186834e7c74e6ba094c4edce944a1c2a5cf076ff93c53dab5edf0423 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/8499672124/b1JNsvy.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/8499672124/b1JNsvy.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/7453936223/5GFpJxh.exe id: auto-732bb8db85e96040ca511769f024c98578ec11f5ca663f39adc1d0518146c357 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/7453936223/5GFpJxh.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/7453936223/5GFpJxh.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/7290860719/OTcX1Qs.exe id: auto-17d620f2523cee2e50153630e23778128075d9ea371ae48ad06d732fd5a47201 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/7290860719/OTcX1Qs.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/7290860719/OTcX1Qs.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/7411337060/ZCGm9Ky.exe id: auto-aa933d3f60d9d5f92f89ba02c6e23b7c5fd31943f7f12b477054420dc69e5142 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/7411337060/ZCGm9Ky.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/7411337060/ZCGm9Ky.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/files/6149304756/9MVYpgf.exe id: auto-5749f052da59d78ebcd415088cb364c64fed72f5d8f55512f7d188297fee8c25 status: experimental description: Detects traffic or activity related to http://158.94.211.222/files/6149304756/9MVYpgf.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/files/6149304756/9MVYpgf.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.211.222/vidar/random.exe id: auto-57d34a3646faa4df3e14ceade75452da121e1ddd1b5364ec9a199fb06c07e2b7 status: experimental description: Detects traffic or activity related to http://158.94.211.222/vidar/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.211.222/vidar/random.exe*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7362035837/FTWxQSW.exe id: auto-4434cddfd2e164bd68cf6259c8350b7850dba0743e6422678078dbfb281bf443 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7362035837/FTWxQSW.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7362035837/FTWxQSW.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.137.245.221/1.exe id: auto-928e0ec263fc4051a57b7b1eebe10268cd972ae7578db4c5588fbded076fb142 status: experimental description: Detects traffic or activity related to http://188.137.245.221/1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.137.245.221/1.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6608710704/1r6sQRc.exe id: auto-1cb8a2ec1ae057f91e17a5469395ffb1ff9d99e92859365cfe6e613ee4d7f1f4 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6608710704/1r6sQRc.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6608710704/1r6sQRc.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.155.69.85/1.exe id: auto-4709837a178e09fd4e4725ca315c7208b37fa5ce5ddc935ecf11131ec89933b3 status: experimental description: Detects traffic or activity related to http://45.155.69.85/1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.155.69.85/1.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6608710704/LNY9PLO.exe id: auto-510fcfc7edd98a1dc46ff9f49ba790fcd200592e5c6126ac467d56cf09b1d4d4 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6608710704/LNY9PLO.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6608710704/LNY9PLO.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8733674968/kKH6773.exe id: auto-b8b3c61e5e14cb648b2c429af8152683a81ad844a4e9fe2cf9fc452537e103ab status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8733674968/kKH6773.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8733674968/kKH6773.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8566018414/TN7p2PQ.ps1 id: auto-6811036564c44e608183a608eaa952a8e6a0fa4a87d789f24043d47eec3edd20 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8566018414/TN7p2PQ.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8566018414/TN7p2PQ.ps1*' condition: selection level: high tags: - attack.T1071 - source.URLhaus