Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
Azure
GitHub Repository: Azure/Azure-Sentinel-Notebooks
 Path: blob/master/tutorials-and-examples/feature-tutorials/data/ioc_df.csv
3255 views
,IoCType,Observable,SourceIndex
0,windows_path,C:\RECYCLER\xxppyy.exe,0
1,windows_path,.\ftp,0
2,windows_path,.\reg,1
3,windows_path,.\rundll32,3
4,windows_path,c:\users\MSTICAdmin\42424.exe,4
5,windows_path,.\rundll32,4
6,windows_path,.\rundll32,5
7,windows_path,.\rundll32,6
8,windows_path,c:\users\MSTICAdmin\1234.exe,6
9,windows_path,.\rundll32,7
10,windows_path,.\reg.exe  add \hkcu\software\microsoft\some\key\Run,8
11,dns,tsetup.1.exe,9
12,dns,tsetup.1.0.14.tmp,9
13,dns,tsetup.1.0.14.exe,9
14,windows_path,c:\Diagnostics\UserTmp\tsetup.1.exe,9
15,windows_path,C:\Users\MSTICAdmin\AppData\Local\Temp\2\is-01DD7.tmp\tsetup.1.0.14.tmp,9
16,windows_path,C:\Users\MSTICAdmin\Downloads\tsetup.1.0.14.exe,9
17,windows_path,.\rundll32.exe,10
18,windows_path,.\netsh.exe,11
19,windows_path,C:\inetpub\wwwroot,12
20,windows_path,.\cmd,12
21,windows_path,C:\inetpub\wwwroot,13
22,windows_path,.\cmd,13
23,windows_path,C:\inetpub\wwwroot,14
24,windows_path,.\cmd,14
25,windows_path,\\[REDACTED]\c$\users\[REDACTED]\Documents,15
26,windows_path,.\cmd,15
27,windows_path,C:\ProgramData,15
28,windows_path,c:\windows\system32\inetsrv\appcmd,16
29,windows_path,C:\inetpub\wwwroot,16
30,windows_path,.\cmd,16
31,windows_path,C:\inetpub\logs\logFiles\W3SVC1,17
32,windows_path,C:\inetpub\wwwroot,17
33,windows_path,.\cmd,17
34,windows_path,c:\Diagnostics\UserTmp\perfc.dat,18
35,windows_path,c:\Diagnostics\UserTmp\sdopfjiowtbkjfnbeioruj.exe,19
36,dns,doubleextension.pdf.exe,20
37,windows_path,c:\Diagnostics\UserTmp\doubleextension.pdf.exe,20
38,windows_path,\C:,22
39,windows_path,\Windows\system32\conhost.exe,22
40,windows_path,c:\testshare,26
41,windows_path,\\MSTICAlertsWin1\TestShare,27
42,url,http://server/file.sct,31
43,dns,server,31
44,windows_path,.\regsvr32,31
45,windows_path,.\suchost.exe,32
46,windows_path,.\evil.ps1;,35
47,windows_path,.\powershell.exe,35
48,windows_path,.\powershell,36
49,url,http://somedomain/best-kitten-names-1.jpg',37
50,dns,somedomain,37
51,windows_path,\AppData\Local\Temp\kittens1.jpg';,37
52,windows_path,C:\Users\$env:UserName,37
53,windows_path,.\pOWErS^H^ElL^.eX^e^,37
54,windows_path,.\n^e^t,38
55,windows_path,.\powershell,39
56,md5_hash, aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa ,40
57,md5_hash, aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa ,41
58,md5_hash, 81ed03caf6901e444c72ac67d192fb9c,44
59,url,"http://badguyserver/pwnme""",46
60,dns,badguyserver,46
61,url,"http://badguyserver/pwnme""",47
62,dns,badguyserver,47
63,windows_path,.\powershell,47
64,windows_path,.\powershell,48
65,windows_path,.\powershell,49
66,windows_path,.\powershell,50
67,windows_path,.\rUnDlL32,58
68,windows_path,.\reg  query add mscfile\\\\open,59
69,windows_path,.\reg,60
70,windows_path,.\dubrute.exe,61
71,windows_path,.\nlbrute.exe,62
72,windows_path,.\reg,63
73,windows_path,\system\CurrentControlSet\Control\Terminal,63
74,windows_path,.\reg,64
75,windows_path,\system\CurrentControlSet\Control\Terminal,64
76,windows_path,\\tsclient\c,65
77,windows_path,\Microsoft\Windows\CurrentVersion Certificate).Certificate);.\powershell,67
78,windows_path,.\powershell.exe,67
79,windows_path,C:\Windows\System32\mshta.exe,67
80,windows_path,c:\users\Bob\appdata\Roaming\RbtGskQ\RbtGskQ.exe,68
81,windows_path,.\netsh,68
82,windows_path,.\reg  add HKLM\KEY_LOCAL_MACHINE\...securityproviders\wdigest,69
83,windows_path,c:\Windows\System32\cmd.exe,70
84,windows_path,c:\Diagnostics\UserTmp\scrsave.scr,71
85,windows_path,c:\Diagnostics\UserTmp\svchost.exe,72
86,windows_path,c:\Diagnostics\UserTmp\smss.exe,73
87,windows_path,c:\Windows\System32\svchost.exe,74
88,dns,system.management.automation.amsiutils,77
89,dns,"system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue($null,$true)",77
90,url,"http://system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue($null,$true)",77
91,windows_path,.\powershell.exe,77
92,ipv4,1.2.3.4,78
93,windows_path,C:\\Users\\user\\AppData\\Local\\Temp\\bzzzzzz.txt,78
94,windows_path,.\wuauclt.exe,79
95,windows_path,c:\windows\softwaredistribution\cscript.exe,79
96,windows_path,c:\windows\softwaredistribution\cscript.exe,80
97,windows_path,.\lsass.exe,80
98,windows_path,c:\windows\system32\wscript.exe,82
99,windows_path,c:\windows\system32\inetsrv\appcmd,83
100,windows_path,C:\inetpub\wwwroot,83
101,windows_path,c:\Diagnostics\UserTmp\2840.exe,84
102,windows_path,c:\Diagnostics\UserTmp\a_keygen.exe,85
103,windows_path,c:\Diagnostics\UserTmp\bittorrent.exe,87
104,windows_path,c:\Diagnostics\UserTmp\netsh.exe,88
105,windows_path,c:\Diagnostics\UserTmp\ransomware.exe,90
106,windows_path,\\server\payload.dll,92
107,windows_path,C:\Users\Administrator\AppData\Roaming\{RANDOM}.txt,94
108,ipv4,127.0.0.1,102
109,url,http://127.0.0.1/,102
110,windows_path,.\reg,103
111,windows_path,\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\MyNastySvcHostConfig,103
112,windows_path,.\reg,104
113,windows_path,\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\MyNastySvcHostConfig,104
114,windows_path,C:\Users\MSTICA~1\AppData\Local\Temp\hd.exe,105
115,windows_path,\\.\pipe\blahtest,107
116,windows_path,.\reg.exe,108
117,windows_path,\console,108
118,windows_path,c:\windows\fonts\csrss.exe,109
119,windows_path,c:\windows\fonts\conhost.exe,110
120,windows_path,.\mimikatz.exe,111
121,windows_path,.\rundll32.exe,112
122,windows_path,c:\windows\fonts\conhost.exe,112
123,windows_path,c:\windows\fonts\csrss.exe,113
124,windows_path,.\regsvr32,113
125,windows_path,c:\Diagnostics\UserTmp,115
126,windows_path,c:\Diagnostics\WindowsSimulateDetections.bat,115
127,windows_path,C:\Windows\System32\win32calc.exe,116
128,windows_path,.\powershell,0
129,windows_path,.\powershell,0