hssn
Initial commit for HF Space
124ea58
input_text,target_report
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""malware-c2.example.com""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""CVE-2023-1234""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""evil.example.com""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""phishing.site""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""evil.example.com""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""192.168.1.105""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""CVE-2023-1234""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""192.168.1.105""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""CVE-2023-1234""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""phishing.site""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""198.51.100.1""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""CVE-2023-1234""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""CVE-2023-1234""}","Malware infection with C2 callback. Isolate host, collect artifacts, and hunt for lateral movement."
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""203.0.113.22""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""192.168.1.105""}","Malware infection with C2 callback. Isolate host, collect artifacts, and hunt for lateral movement."
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""203.0.113.22""}","Malware infection with C2 callback. Isolate host, collect artifacts, and hunt for lateral movement."
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""evil.example.com""}","Malware infection with C2 callback. Isolate host, collect artifacts, and hunt for lateral movement."
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""evil.example.com""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""CVE-2024-5678""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""203.0.113.22""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""CVE-2023-1234""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""malware-c2.example.com""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""phishing.site""}","Malware infection with C2 callback. Isolate host, collect artifacts, and hunt for lateral movement."
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:47 UTC"", ""ioc"": ""CVE-2024-5678""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}",External brute force attack succeeded. Recommend blocking source IP and rotating credentials.
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}","Malware infection with C2 callback. Isolate host, collect artifacts, and hunt for lateral movement."
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}",External brute force attack succeeded. Recommend blocking source IP and rotating credentials.
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}","Malware infection with C2 callback. Isolate host, collect artifacts, and hunt for lateral movement."
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}","Phishing compromise. Reset user credentials, review mailbox rules, check for data exfiltration."
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS Phishing: Spearphishing Attachment - malicious attachment delivered via email SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}",External brute force attack succeeded. Recommend blocking source IP and rotating credentials.
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}","Phishing compromise. Reset user credentials, review mailbox rules, check for data exfiltration."
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}","Malware infection with C2 callback. Isolate host, collect artifacts, and hunt for lateral movement."
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}","Malware infection with C2 callback. Isolate host, collect artifacts, and hunt for lateral movement."
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}","Malware infection with C2 callback. Isolate host, collect artifacts, and hunt for lateral movement."
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}",External brute force attack succeeded. Recommend blocking source IP and rotating credentials.
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}","Phishing compromise. Reset user credentials, review mailbox rules, check for data exfiltration."
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}",External brute force attack succeeded. Recommend blocking source IP and rotating credentials.
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}","Phishing compromise. Reset user credentials, review mailbox rules, check for data exfiltration."
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}","Phishing compromise. Reset user credentials, review mailbox rules, check for data exfiltration."
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}","Phishing compromise. Reset user credentials, review mailbox rules, check for data exfiltration."
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}","Malware infection with C2 callback. Isolate host, collect artifacts, and hunt for lateral movement."
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}",Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1566.001""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}",Phishing: Spearphishing Attachment - malicious attachment delivered via email
"{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""5d41402abc4b2a76b9719d911017c592""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""203.0.113.22""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2024-5678""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""198.51.100.1""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""098f6bcd4621d373cade4e832627b4f6""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1071.001""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement Application Layer Protocol: Web Protocols - C2 traffic over HTTP/HTTPS
"{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""malware-c2.example.com""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""phishing_email"", ""severity"": ""high"", ""indicator"": ""suspicious_link"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""192.168.1.105""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement
"{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""evil.example.com""}
{""event_type"": ""lateral_movement"", ""severity"": ""critical"", ""technique"": ""T1021.002"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""10.0.0.42""}
{""event_type"": ""malware_detected"", ""severity"": ""high"", ""source_ip"": ""192.168.1.105"", ""dest_ip"": ""10.0.0.42"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""phishing.site""}
{""event_type"": ""c2_beacon"", ""severity"": ""critical"", ""domain"": ""malware-c2.example.com"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""T1021.002""}
{""event_type"": ""brute_force"", ""severity"": ""medium"", ""source_ip"": ""203.0.113.22"", ""target"": ""ssh"", ""timestamp"": ""2026-02-16 10:39:48 UTC"", ""ioc"": ""CVE-2023-1234""}",SMB/Windows Admin Shares - adversary used SMB to connect to remote shares for lateral movement