2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5b608c59-6328-49e7-af04-22de0acd0835",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:29:51.000Z",
|
|
|
|
"modified": "2018-07-31T16:29:51.000Z",
|
|
|
|
"name": "Synovus Financial",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5b608c59-6328-49e7-af04-22de0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:29:51.000Z",
|
|
|
|
"modified": "2018-07-31T16:29:51.000Z",
|
|
|
|
"name": "Massive Malvertising Campaign Discovered Attempting 40,000 Infections per Week",
|
|
|
|
"published": "2018-07-31T16:46:01Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--5b608ca3-d648-4d02-b6a0-348b0acd0835",
|
|
|
|
"indicator--5b608ca4-2634-4d52-9b44-348b0acd0835",
|
|
|
|
"indicator--5b608ca4-d300-4e8f-9abf-348b0acd0835",
|
|
|
|
"indicator--5b608ca4-4838-48a3-b48e-348b0acd0835",
|
|
|
|
"indicator--5b608ca4-bf88-4d3b-9cd9-348b0acd0835",
|
|
|
|
"indicator--5b608ca4-2934-4dd9-be94-348b0acd0835",
|
|
|
|
"indicator--5b608ca4-fa80-4dd0-bcec-348b0acd0835",
|
|
|
|
"indicator--5b608ca4-fa00-4baf-89fa-348b0acd0835",
|
|
|
|
"indicator--5b608ca4-10d4-4b8c-8c4e-348b0acd0835",
|
|
|
|
"observed-data--5b608d1e-38e0-4655-96d9-34a40acd0835",
|
|
|
|
"url--5b608d1e-38e0-4655-96d9-34a40acd0835",
|
|
|
|
"observed-data--5b608d1e-b7b0-4de5-9b0b-34a40acd0835",
|
|
|
|
"url--5b608d1e-b7b0-4de5-9b0b-34a40acd0835",
|
|
|
|
"observed-data--5b608d1e-ddd4-4b0a-b607-34a40acd0835",
|
|
|
|
"url--5b608d1e-ddd4-4b0a-b607-34a40acd0835",
|
|
|
|
"indicator--5b608dd0-447c-4175-8f9f-50ad0acd0835",
|
|
|
|
"indicator--5b608dd0-55fc-4a6c-bf3a-50ad0acd0835",
|
|
|
|
"indicator--5b608dd0-d3f4-4dd6-9314-50ad0acd0835",
|
|
|
|
"indicator--5b608dd0-2918-47f8-ad95-50ad0acd0835",
|
|
|
|
"indicator--5b608dd0-5f40-4ca5-8286-50ad0acd0835",
|
|
|
|
"indicator--5b608e12-d330-49ca-b308-5a480acd0835",
|
|
|
|
"indicator--5b608e13-4a8c-4cbd-adca-5a480acd0835",
|
|
|
|
"indicator--5b608e13-3b98-4ac9-9911-5a480acd0835",
|
|
|
|
"indicator--5b608e13-9d58-4d0a-a092-5a480acd0835"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"Malvertising"
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b608ca3-d648-4d02-b6a0-348b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:21:55.000Z",
|
|
|
|
"modified": "2018-07-31T16:21:55.000Z",
|
|
|
|
"description": "malvertising",
|
|
|
|
"pattern": "[domain-name:value = 'exoclick.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-07-31T16:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"Malvertising"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b608ca4-2634-4d52-9b44-348b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:21:56.000Z",
|
|
|
|
"modified": "2018-07-31T16:21:56.000Z",
|
|
|
|
"description": "malvertising",
|
|
|
|
"pattern": "[domain-name:value = 'bestadbid.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-07-31T16:21:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"Malvertising"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b608ca4-d300-4e8f-9abf-348b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:21:56.000Z",
|
|
|
|
"modified": "2018-07-31T16:21:56.000Z",
|
|
|
|
"description": "malvertising",
|
|
|
|
"pattern": "[domain-name:value = 'junnify.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-07-31T16:21:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"Malvertising"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b608ca4-4838-48a3-b48e-348b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:21:56.000Z",
|
|
|
|
"modified": "2018-07-31T16:21:56.000Z",
|
|
|
|
"description": "malvertising",
|
|
|
|
"pattern": "[domain-name:value = 'bikinisgroup.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-07-31T16:21:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"Malvertising"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b608ca4-bf88-4d3b-9cd9-348b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:21:56.000Z",
|
|
|
|
"modified": "2018-07-31T16:21:56.000Z",
|
|
|
|
"description": "malvertising",
|
|
|
|
"pattern": "[domain-name:value = 'xml.pdn-1.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-07-31T16:21:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"Malvertising"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b608ca4-2934-4dd9-be94-348b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:21:56.000Z",
|
|
|
|
"modified": "2018-07-31T16:21:56.000Z",
|
|
|
|
"description": "malvertising",
|
|
|
|
"pattern": "[domain-name:value = 'xml.pdn-2.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-07-31T16:21:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"Malvertising"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b608ca4-fa80-4dd0-bcec-348b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:21:56.000Z",
|
|
|
|
"modified": "2018-07-31T16:21:56.000Z",
|
|
|
|
"description": "malvertising",
|
|
|
|
"pattern": "[domain-name:value = 'xml.pdn-3.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-07-31T16:21:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"Malvertising"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b608ca4-fa00-4baf-89fa-348b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:21:56.000Z",
|
|
|
|
"modified": "2018-07-31T16:21:56.000Z",
|
|
|
|
"description": "malvertising",
|
|
|
|
"pattern": "[domain-name:value = 'xml.pdn-4.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-07-31T16:21:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"Malvertising"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b608ca4-10d4-4b8c-8c4e-348b0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:21:56.000Z",
|
|
|
|
"modified": "2018-07-31T16:21:56.000Z",
|
|
|
|
"description": "malvertising",
|
|
|
|
"pattern": "[domain-name:value = 'xml.pdn-5.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-07-31T16:21:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"Malvertising"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5b608d1e-38e0-4655-96d9-34a40acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:23:58.000Z",
|
|
|
|
"modified": "2018-07-31T16:23:58.000Z",
|
|
|
|
"first_observed": "2018-07-31T16:23:58Z",
|
|
|
|
"last_observed": "2018-07-31T16:23:58Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5b608d1e-38e0-4655-96d9-34a40acd0835"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5b608d1e-38e0-4655-96d9-34a40acd0835",
|
|
|
|
"value": "https://research.checkpoint.com/malvertising-campaign-based-secrets-lies/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5b608d1e-b7b0-4de5-9b0b-34a40acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:23:58.000Z",
|
|
|
|
"modified": "2018-07-31T16:23:58.000Z",
|
|
|
|
"first_observed": "2018-07-31T16:23:58Z",
|
|
|
|
"last_observed": "2018-07-31T16:23:58Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5b608d1e-b7b0-4de5-9b0b-34a40acd0835"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5b608d1e-b7b0-4de5-9b0b-34a40acd0835",
|
|
|
|
"value": "https://www.bleepingcomputer.com/news/security/massive-malvertising-campaign-discovered-attempting-40-000-infections-per-week/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5b608d1e-ddd4-4b0a-b607-34a40acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:23:58.000Z",
|
|
|
|
"modified": "2018-07-31T16:23:58.000Z",
|
|
|
|
"first_observed": "2018-07-31T16:23:58Z",
|
|
|
|
"last_observed": "2018-07-31T16:23:58Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5b608d1e-ddd4-4b0a-b607-34a40acd0835"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5b608d1e-ddd4-4b0a-b607-34a40acd0835",
|
|
|
|
"value": "https://www.securityweek.com/advanced-malvertising-campaign-exploits-online-advertising-supply-chain"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b608dd0-447c-4175-8f9f-50ad0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:26:56.000Z",
|
|
|
|
"modified": "2018-07-31T16:26:56.000Z",
|
|
|
|
"description": "Malvertising",
|
|
|
|
"pattern": "[url:value = 'onclkds.com/afu.php?zoneid=1157984']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-07-31T16:26:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"Malvertising"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b608dd0-55fc-4a6c-bf3a-50ad0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:26:56.000Z",
|
|
|
|
"modified": "2018-07-31T16:26:56.000Z",
|
|
|
|
"description": "Malvertising",
|
|
|
|
"pattern": "[url:value = 'www.cpm10.com/watch?key=fe0a93971e993f059d7a78bf2fa5117a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-07-31T16:26:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"Malvertising"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b608dd0-d3f4-4dd6-9314-50ad0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:26:56.000Z",
|
|
|
|
"modified": "2018-07-31T16:26:56.000Z",
|
|
|
|
"description": "Malvertising",
|
|
|
|
"pattern": "[url:value = 'www.cpm20.com/watch?key=f9363dcc22f7f5fc89d5d6dcccb1e580']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-07-31T16:26:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"Malvertising"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b608dd0-2918-47f8-ad95-50ad0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:26:56.000Z",
|
|
|
|
"modified": "2018-07-31T16:26:56.000Z",
|
|
|
|
"description": "Malvertising",
|
|
|
|
"pattern": "[url:value = 'www.hibids10.com/watch?key=789a4129e78c00008a47b36e23d65ea7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-07-31T16:26:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"Malvertising"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b608dd0-5f40-4ca5-8286-50ad0acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:26:56.000Z",
|
|
|
|
"modified": "2018-07-31T16:26:56.000Z",
|
|
|
|
"description": "Malvertising",
|
|
|
|
"pattern": "[url:value = 'www.sloi1.com/3hfnn2cne?key=789a4129e78c00008a47b36e23d65ea7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-07-31T16:26:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"Malvertising"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b608e12-d330-49ca-b308-5a480acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:28:02.000Z",
|
|
|
|
"modified": "2018-07-31T16:28:02.000Z",
|
|
|
|
"description": "Malvertising",
|
|
|
|
"pattern": "[domain-name:value = 'onclkds.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-07-31T16:28:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"Malvertising"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b608e13-4a8c-4cbd-adca-5a480acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:28:03.000Z",
|
|
|
|
"modified": "2018-07-31T16:28:03.000Z",
|
|
|
|
"description": "Malvertising",
|
|
|
|
"pattern": "[domain-name:value = 'cpm10.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-07-31T16:28:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"Malvertising"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b608e13-3b98-4ac9-9911-5a480acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:28:03.000Z",
|
|
|
|
"modified": "2018-07-31T16:28:03.000Z",
|
|
|
|
"description": "Malvertising",
|
|
|
|
"pattern": "[domain-name:value = 'hibids10.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-07-31T16:28:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"Malvertising"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5b608e13-9d58-4d0a-a092-5a480acd0835",
|
|
|
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
|
|
|
"created": "2018-07-31T16:28:03.000Z",
|
|
|
|
"modified": "2018-07-31T16:28:03.000Z",
|
|
|
|
"description": "Malvertising",
|
|
|
|
"pattern": "[domain-name:value = 'sloi1.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-07-31T16:28:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\"",
|
|
|
|
"Malvertising"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|