sid.txt

CobaltStrike login server   3016001
CobaltStrike download.windowsupdate.com C2 Profile  3016002
CobaltStrike HTTP beacon response   3016003
CobaltStrike ARP Scan module    3016004
Suspicious dns request  3011001
CobaltStrike C2 Server  3016012
Hacker backdoor or shell  Microsoft Corporation     3003001
Hacker backdoor or shell Microsoft Windows      3003002
***Windows Powershell Request UserAgent***      3013001
***Linux wget/curl download .sh script***    3013002
Suspicious netstat command traffic      3013003
http GET data       3013004
msfconsole powershell response  3016005
mysql general_log write file    3013005
Weevely PHP Backdoor Response   3016006
Powershell Empire HTTP Request  3016007
Powershell Empire HTTP Response 3016008
webshell_caidao_php     3016009
China hacker tools caidao response - column directory   3016010
CobatlStrikt team servers 200 OK Space 3016011
Cryptocurrency Miner Check By Submit	3013015
Pools Response Cryptocurrency Miner		3013016
Observed DNS Query to public CryptoMining pool Domain (pool.minergate.com)		3017000		
Observed DNS Query to public CryptoMining pool Domain (pool.minergate.com)		3017001		
Observed DNS Query to public CryptoMining pool Domain (pool.minexmr.com)		3017002		
Observed DNS Query to public CryptoMining pool Domain (pool.minexmr.com)		301703		
Observed DNS Query to public CryptoMining pool Domain (opmoner.com)		3017004		
Observed DNS Query to public CryptoMining pool Domain (opmoner.com)		3017005		
Observed DNS Query to public CryptoMining pool Domain (crypto-pool.fr)		3017006		
Observed DNS Query to public CryptoMining pool Domain (crypto-pool.fr)		3017007		
Observed DNS Query to public CryptoMining pool Domain (backup-pool.com)		3017008		
Observed DNS Query to public CryptoMining pool Domain (backup-pool.com)		3017009		
Observed DNS Query to public CryptoMining pool Domain (monerohash.com)		3017010		
Observed DNS Query to public CryptoMining pool Domain (monerohash.com)		3017011		
Observed DNS Query to public CryptoMining pool Domain (poolto.be)		3017012		
Observed DNS Query to public CryptoMining pool Domain (poolto.be)		3017013		
Observed DNS Query to public CryptoMining pool Domain (xminingpool.com)		3017014		
Observed DNS Query to public CryptoMining pool Domain (xminingpool.com)		3017015		
Observed DNS Query to public CryptoMining pool Domain (prohash.net)		3017016		
Observed DNS Query to public CryptoMining pool Domain (prohash.net)		3017017		
Observed DNS Query to public CryptoMining pool Domain (dwarfpool.com)		3017018		
Observed DNS Query to public CryptoMining pool Domain (dwarfpool.com)		3017019		
Observed DNS Query to public CryptoMining pool Domain (crypto-pools.org)		3017020		
Observed DNS Query to public CryptoMining pool Domain (crypto-pools.org)		3017021		
Observed DNS Query to public CryptoMining pool Domain (monero.net)		3017022		
Observed DNS Query to public CryptoMining pool Domain (monero.net)		3017023		
Observed DNS Query to public CryptoMining pool Domain (hashinvest.net)		3017024		
Observed DNS Query to public CryptoMining pool Domain (hashinvest.net)		3017025		
Observed DNS Query to public CryptoMining pool Domain (moneropool.com)		3017026		
Observed DNS Query to public CryptoMining pool Domain (moneropool.com)		3017027		
Observed DNS Query to public CryptoMining pool Domain (xmrpool.eu)		3017028		
Observed DNS Query to public CryptoMining pool Domain (xmrpool.eu)		3017029		
Observed DNS Query to public CryptoMining pool Domain (ppxxmr.com)		3017030		
Observed DNS Query to public CryptoMining pool Domain (ppxxmr.com)		3017031		
Observed DNS Query to public CryptoMining pool Domain (alimabi.cn)		3017032		
Observed DNS Query to public CryptoMining pool Domain (alimabi.cn)		3017033		
Observed DNS Query to public CryptoMining pool Domain (aeon-pool.com)		3017034		
Observed DNS Query to public CryptoMining pool Domain (aeon-pool.com)		3017035		
System Information Collection By Trojan    3017036
ICMP Tunnel Detection Of Type Eight        3017037
ICMP Tunnel Detection Of Type Zero         3017038