967 lines
38 KiB
JSON
967 lines
38 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5566bfdf-e550-4b40-8178-4b27950d210b",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:24:48.000Z",
|
||
|
"modified": "2015-05-28T07:24:48.000Z",
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--5566bfdf-e550-4b40-8178-4b27950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:24:48.000Z",
|
||
|
"modified": "2015-05-28T07:24:48.000Z",
|
||
|
"name": "OSINT The Teenage Mutant Malvertiser Network by FireEye",
|
||
|
"published": "2015-05-28T09:06:01Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--5566c04d-3124-4d4b-819f-4a45950d210b",
|
||
|
"url--5566c04d-3124-4d4b-819f-4a45950d210b",
|
||
|
"indicator--5566c0a7-dd74-4597-b7be-419f950d210b",
|
||
|
"indicator--5566c0a8-e8d8-4860-b57f-4b9d950d210b",
|
||
|
"indicator--5566c0b9-a64c-4104-9847-4b7a950d210b",
|
||
|
"indicator--5566c0b9-734c-4fec-a46f-4ce5950d210b",
|
||
|
"indicator--5566c0b9-4554-41f6-9770-4207950d210b",
|
||
|
"indicator--5566c0b9-f258-4884-bd55-4e09950d210b",
|
||
|
"indicator--5566c0b9-1ee0-49c1-9979-4aa6950d210b",
|
||
|
"indicator--5566c166-bde4-4238-b7b1-4260950d210b",
|
||
|
"indicator--5566c166-ab60-4619-ad6f-4401950d210b",
|
||
|
"indicator--5566c166-f4e8-41f4-aa9a-438a950d210b",
|
||
|
"indicator--5566c174-1430-4be3-add2-4591950d210b",
|
||
|
"indicator--5566c174-65a8-4bfc-ac4d-4333950d210b",
|
||
|
"indicator--5566c174-2a2c-4478-8be5-4641950d210b",
|
||
|
"indicator--5566c174-f9ac-4f97-933e-4ff2950d210b",
|
||
|
"indicator--5566c175-d0d8-49af-95ed-4ec2950d210b",
|
||
|
"indicator--5566c175-0530-4f35-a56e-44dc950d210b",
|
||
|
"indicator--5566c175-5548-4fa2-b93f-4ced950d210b",
|
||
|
"indicator--5566c175-2298-4b74-a69c-4e6f950d210b",
|
||
|
"indicator--5566c175-2a30-4dc3-99e7-464a950d210b",
|
||
|
"indicator--5566c175-3cfc-417d-ab4d-40c5950d210b",
|
||
|
"indicator--5566c175-0ce4-421c-9038-4248950d210b",
|
||
|
"indicator--5566c175-8a3c-4c1c-baf3-4dcc950d210b",
|
||
|
"indicator--5566c1f0-6ef0-4379-9e71-4568950d210b",
|
||
|
"indicator--5566c21a-702c-4c8e-aea1-4cfd950d210b",
|
||
|
"indicator--5566c21a-b228-4219-ab71-45f5950d210b",
|
||
|
"indicator--5566c21a-09dc-4bd5-83fc-46bf950d210b",
|
||
|
"indicator--5566c21a-ee84-4d24-ac54-4074950d210b",
|
||
|
"indicator--5566c21a-a46c-455c-a2d9-4f3e950d210b",
|
||
|
"indicator--5566c21a-fc54-4265-bb4f-4ceb950d210b",
|
||
|
"indicator--5566c21b-8820-4bac-8255-461e950d210b",
|
||
|
"indicator--5566c26e-6070-44c9-b4b5-4ed0950d210b",
|
||
|
"indicator--5566c26e-794c-4071-bae1-4e1b950d210b",
|
||
|
"indicator--5566c26e-8904-48e6-a191-441a950d210b",
|
||
|
"indicator--5566c26e-33c0-4e20-984c-489e950d210b",
|
||
|
"indicator--5566c2aa-82ac-465c-99f3-4512950d210b",
|
||
|
"observed-data--5566c2c0-fb04-4d80-9f0a-4aec950d210b",
|
||
|
"url--5566c2c0-fb04-4d80-9f0a-4aec950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5566c04d-3124-4d4b-819f-4a45950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:14:21.000Z",
|
||
|
"modified": "2015-05-28T07:14:21.000Z",
|
||
|
"first_observed": "2015-05-28T07:14:21Z",
|
||
|
"last_observed": "2015-05-28T07:14:21Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5566c04d-3124-4d4b-819f-4a45950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5566c04d-3124-4d4b-819f-4a45950d210b",
|
||
|
"value": "https://www.fireeye.com/blog/threat-research/2015/05/the_teenage_mutantm.html"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c0a7-dd74-4597-b7be-419f950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:21:44.000Z",
|
||
|
"modified": "2015-05-28T07:21:44.000Z",
|
||
|
"description": "Magnitude EK",
|
||
|
"pattern": "[domain-name:value = 'click2.systemaffiliate.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:21:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c0a8-e8d8-4860-b57f-4b9d950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:21:44.000Z",
|
||
|
"modified": "2015-05-28T07:21:44.000Z",
|
||
|
"description": "Magnitude EK",
|
||
|
"pattern": "[domain-name:value = 'click2.danarimedia.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:21:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c0b9-a64c-4104-9847-4b7a950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:16:09.000Z",
|
||
|
"modified": "2015-05-28T07:16:09.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.212.255.136']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:16:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c0b9-734c-4fec-a46f-4ce5950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:16:09.000Z",
|
||
|
"modified": "2015-05-28T07:16:09.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.212.255.137']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:16:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c0b9-4554-41f6-9770-4207950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:16:09.000Z",
|
||
|
"modified": "2015-05-28T07:16:09.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.212.255.138']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:16:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c0b9-f258-4884-bd55-4e09950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:16:09.000Z",
|
||
|
"modified": "2015-05-28T07:16:09.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.212.255.139']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:16:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c0b9-1ee0-49c1-9979-4aa6950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:16:09.000Z",
|
||
|
"modified": "2015-05-28T07:16:09.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.212.255.140']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:16:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c166-bde4-4238-b7b1-4260950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:19:02.000Z",
|
||
|
"modified": "2015-05-28T07:19:02.000Z",
|
||
|
"description": "Angler EK",
|
||
|
"pattern": "[domain-name:value = 'ads.fsrinc.biz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:19:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c166-ab60-4619-ad6f-4401950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:19:02.000Z",
|
||
|
"modified": "2015-05-28T07:19:02.000Z",
|
||
|
"description": "Angler EK",
|
||
|
"pattern": "[domain-name:value = 'hit.buy-targeted-traffic.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:19:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c166-f4e8-41f4-aa9a-438a950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:19:02.000Z",
|
||
|
"modified": "2015-05-28T07:19:02.000Z",
|
||
|
"description": "Angler EK",
|
||
|
"pattern": "[domain-name:value = 'bbwlesbians.xblog.in']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:19:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c174-1430-4be3-add2-4591950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:19:16.000Z",
|
||
|
"modified": "2015-05-28T07:19:16.000Z",
|
||
|
"description": "Angler EK",
|
||
|
"pattern": "[domain-name:value = 'find-everything.info']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c174-65a8-4bfc-ac4d-4333950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:19:16.000Z",
|
||
|
"modified": "2015-05-28T07:19:16.000Z",
|
||
|
"description": "Angler EK",
|
||
|
"pattern": "[domain-name:value = 'litle-finder.me']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c174-2a2c-4478-8be5-4641950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:19:16.000Z",
|
||
|
"modified": "2015-05-28T07:19:16.000Z",
|
||
|
"description": "Angler EK",
|
||
|
"pattern": "[domain-name:value = 'megafinder24.info']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c174-f9ac-4f97-933e-4ff2950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:19:16.000Z",
|
||
|
"modified": "2015-05-28T07:19:16.000Z",
|
||
|
"description": "Angler EK",
|
||
|
"pattern": "[domain-name:value = 'searchl.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c175-d0d8-49af-95ed-4ec2950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:19:17.000Z",
|
||
|
"modified": "2015-05-28T07:19:17.000Z",
|
||
|
"description": "Angler EK",
|
||
|
"pattern": "[domain-name:value = 'searchwebfind.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:19:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c175-0530-4f35-a56e-44dc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:19:17.000Z",
|
||
|
"modified": "2015-05-28T07:19:17.000Z",
|
||
|
"description": "Angler EK",
|
||
|
"pattern": "[domain-name:value = 'truesearchresults.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:19:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c175-5548-4fa2-b93f-4ced950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:19:17.000Z",
|
||
|
"modified": "2015-05-28T07:19:17.000Z",
|
||
|
"description": "Angler EK",
|
||
|
"pattern": "[domain-name:value = 'webwebfind.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:19:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c175-2298-4b74-a69c-4e6f950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:19:17.000Z",
|
||
|
"modified": "2015-05-28T07:19:17.000Z",
|
||
|
"description": "Angler EK",
|
||
|
"pattern": "[domain-name:value = 'news4news015.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:19:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c175-2a30-4dc3-99e7-464a950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:19:17.000Z",
|
||
|
"modified": "2015-05-28T07:19:17.000Z",
|
||
|
"description": "Angler EK",
|
||
|
"pattern": "[domain-name:value = 'news4news14.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:19:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c175-3cfc-417d-ab4d-40c5950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:19:17.000Z",
|
||
|
"modified": "2015-05-28T07:19:17.000Z",
|
||
|
"description": "Angler EK",
|
||
|
"pattern": "[domain-name:value = 'news4news15.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:19:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c175-0ce4-421c-9038-4248950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:19:17.000Z",
|
||
|
"modified": "2015-05-28T07:19:17.000Z",
|
||
|
"description": "Angler EK",
|
||
|
"pattern": "[domain-name:value = 'news4news2014.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:19:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c175-8a3c-4c1c-baf3-4dcc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:19:17.000Z",
|
||
|
"modified": "2015-05-28T07:19:17.000Z",
|
||
|
"description": "Angler EK",
|
||
|
"pattern": "[domain-name:value = 'news4news2015.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:19:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c1f0-6ef0-4379-9e71-4568950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:21:44.000Z",
|
||
|
"modified": "2015-05-28T07:21:44.000Z",
|
||
|
"description": "Magnitude EK",
|
||
|
"pattern": "[domain-name:value = 'click.upperseeker.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:21:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c21a-702c-4c8e-aea1-4cfd950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:22:02.000Z",
|
||
|
"modified": "2015-05-28T07:22:02.000Z",
|
||
|
"description": "Magnitude EK",
|
||
|
"pattern": "[domain-name:value = 'death-tostock.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:22:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c21a-b228-4219-ab71-45f5950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:22:02.000Z",
|
||
|
"modified": "2015-05-28T07:22:02.000Z",
|
||
|
"description": "Magnitude EK",
|
||
|
"pattern": "[domain-name:value = 'ado-global.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:22:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c21a-09dc-4bd5-83fc-46bf950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:22:02.000Z",
|
||
|
"modified": "2015-05-28T07:22:02.000Z",
|
||
|
"description": "Magnitude EK",
|
||
|
"pattern": "[domain-name:value = 'find-all.biz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:22:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c21a-ee84-4d24-ac54-4074950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:22:02.000Z",
|
||
|
"modified": "2015-05-28T07:22:02.000Z",
|
||
|
"description": "Magnitude EK",
|
||
|
"pattern": "[domain-name:value = 'global-search24.biz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:22:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c21a-a46c-455c-a2d9-4f3e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:22:02.000Z",
|
||
|
"modified": "2015-05-28T07:22:02.000Z",
|
||
|
"description": "Magnitude EK",
|
||
|
"pattern": "[domain-name:value = 'integrosearch.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:22:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c21a-fc54-4265-bb4f-4ceb950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:22:02.000Z",
|
||
|
"modified": "2015-05-28T07:22:02.000Z",
|
||
|
"description": "Magnitude EK",
|
||
|
"pattern": "[domain-name:value = 'millsearch.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:22:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c21b-8820-4bac-8255-461e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:22:03.000Z",
|
||
|
"modified": "2015-05-28T07:22:03.000Z",
|
||
|
"description": "Magnitude EK",
|
||
|
"pattern": "[domain-name:value = 'superior-movies.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:22:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c26e-6070-44c9-b4b5-4ed0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:23:26.000Z",
|
||
|
"modified": "2015-05-28T07:23:26.000Z",
|
||
|
"description": "Rig & other EK",
|
||
|
"pattern": "[domain-name:value = 'buyadvertsort.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:23:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c26e-794c-4071-bae1-4e1b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:23:26.000Z",
|
||
|
"modified": "2015-05-28T07:23:26.000Z",
|
||
|
"description": "Rig & other EK",
|
||
|
"pattern": "[domain-name:value = 'buyadvertview.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:23:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c26e-8904-48e6-a191-441a950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:23:26.000Z",
|
||
|
"modified": "2015-05-28T07:23:26.000Z",
|
||
|
"description": "Rig & other EK",
|
||
|
"pattern": "[domain-name:value = 'buyadvlist.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:23:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c26e-33c0-4e20-984c-489e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:23:26.000Z",
|
||
|
"modified": "2015-05-28T07:23:26.000Z",
|
||
|
"description": "Rig & other EK",
|
||
|
"pattern": "[domain-name:value = 'dealsadvdeals.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:23:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5566c2aa-82ac-465c-99f3-4512950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:24:26.000Z",
|
||
|
"modified": "2015-05-28T07:24:26.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.212.255.0/24']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-05-28T07:24:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5566c2c0-fb04-4d80-9f0a-4aec950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-05-28T07:24:48.000Z",
|
||
|
"modified": "2015-05-28T07:24:48.000Z",
|
||
|
"first_observed": "2015-05-28T07:24:48Z",
|
||
|
"last_observed": "2015-05-28T07:24:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5566c2c0-fb04-4d80-9f0a-4aec950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5566c2c0-fb04-4d80-9f0a-4aec950d210b",
|
||
|
"value": "http://research.zscaler.com/2015/05/magnitude-exploit-kit-leading-to.html"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|