adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/59aeaab2-3ea4-4b1a-b521-460a950d210f.json

1075 lines
44 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--59aeaab2-3ea4-4b1a-b521-460a950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:10:57.000Z",
"modified": "2017-09-05T14:10:57.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59aeaab2-3ea4-4b1a-b521-460a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:10:57.000Z",
"modified": "2017-09-05T14:10:57.000Z",
"name": "OSINT - Threat actor goes on a Chrome extension hijacking spree",
"published": "2017-09-05T15:30:02Z",
"object_refs": [
"observed-data--59aeab28-2220-43d5-ad33-baa3950d210f",
"url--59aeab28-2220-43d5-ad33-baa3950d210f",
"x-misp-attribute--59aeab3b-be40-4728-b629-4827950d210f",
"indicator--59aeae20-ed9c-4ec5-ab26-451e950d210f",
"indicator--59aeae20-84a8-41e8-9d0e-4f24950d210f",
"indicator--59aeaff3-4cf4-4d90-8af5-4030950d210f",
"indicator--59aeaff3-4a5c-40f3-8f59-496b950d210f",
"indicator--59aeaff3-0f14-4aad-ac4b-47d3950d210f",
"indicator--59aeaff3-80c4-4e0a-9dc8-41bd950d210f",
"indicator--59aeaff3-b9cc-403c-8976-40b3950d210f",
"indicator--59aeaff3-c08c-45fb-92b0-4757950d210f",
"indicator--59aeaff3-e28c-4cbe-a25f-4d19950d210f",
"indicator--59aeaff3-4110-469a-8785-4156950d210f",
"indicator--59aeaff3-0c5c-4008-94cd-46ab950d210f",
"indicator--59aeaff3-02dc-4d5b-b310-4333950d210f",
"indicator--59aeaff3-26d0-4488-bf37-4616950d210f",
"indicator--59aeaff3-10f4-46ec-b864-4b4b950d210f",
"indicator--59aeaff3-6550-490c-928f-4209950d210f",
"indicator--59aeaff3-92a4-4752-9788-462a950d210f",
"indicator--59aeaff3-c4a8-4b2f-8814-4d87950d210f",
"indicator--59aeaff3-2654-4152-b056-40c0950d210f",
"indicator--59aeaff3-1208-495c-b833-4409950d210f",
"indicator--59aeaff3-1658-439a-8783-4cf9950d210f",
"indicator--59aeaff3-5860-4be5-b05f-48a9950d210f",
"indicator--59aeaff3-5f08-426e-8bc8-4880950d210f",
"indicator--59aeaff3-21b8-4116-a1ad-4e35950d210f",
"indicator--59aeaff3-e4a8-4538-86ce-4b1d950d210f",
"indicator--59aeaff3-b520-4843-999b-48b2950d210f",
"indicator--59aeaff3-a2c0-4f4c-8ce4-4268950d210f",
"indicator--59aeaff3-0574-4d0e-b731-400e950d210f",
"indicator--59aeaff3-ac44-4eec-891e-40aa950d210f",
"indicator--59aeaff3-8f3c-4510-b8df-4fca950d210f",
"indicator--59aeaff3-7ebc-476b-aff5-44c8950d210f",
"indicator--59aeaff3-7a98-4fc5-a6cc-4550950d210f",
"indicator--59aeaff3-abb0-4e01-89f2-45af950d210f",
"indicator--59aeaff3-c490-43f6-af66-4c3b950d210f",
"indicator--59aeaff3-1f74-4f5a-9d55-40f4950d210f",
"indicator--59aeaff3-0eec-4a7f-aabf-44ee950d210f",
"indicator--59aeaff3-d498-4a9b-9910-4efd950d210f",
"indicator--59aeaff3-7d5c-4e7e-81f6-447f950d210f",
"indicator--59aeaff3-1b94-4a69-b185-489b950d210f",
"indicator--59aeaff3-c510-432c-a185-4cd8950d210f",
"indicator--59aeaff3-01e0-493b-8529-4eb2950d210f",
"indicator--59aeaff3-e5e4-4e09-9a38-48ac950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59aeab28-2220-43d5-ad33-baa3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T13:48:58.000Z",
"modified": "2017-09-05T13:48:58.000Z",
"first_observed": "2017-09-05T13:48:58Z",
"last_observed": "2017-09-05T13:48:58Z",
"number_observed": 1,
"object_refs": [
"url--59aeab28-2220-43d5-ad33-baa3950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59aeab28-2220-43d5-ad33-baa3950d210f",
"value": "https://www.proofpoint.com/us/threat-insight/post/threat-actor-goes-chrome-extension-hijacking-spree"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59aeab3b-be40-4728-b629-4827950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T13:48:51.000Z",
"modified": "2017-09-05T13:48:51.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Chrome Extensions are a powerful means of adding functionality to the Chrome browser with features ranging from easier posting of content on social media to integrated developer tools. At the end of July and beginning of August, several Chrome Extensions were compromised after their author\u00e2\u20ac\u2122s Google Account credentials were stolen via a phishing scheme. This resulted in hijacking of traffic and exposing users to potentially malicious popups and credential theft."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeae20-ed9c-4ec5-ab26-451e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:01:04.000Z",
"modified": "2017-09-05T14:01:04.000Z",
"pattern": "[url:value = 'https://wd7bdb20e4d622f6569f3e8503138c859d.win/ga.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:01:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeae20-84a8-41e8-9d0e-4f24950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:01:04.000Z",
"modified": "2017-09-05T14:01:04.000Z",
"pattern": "[url:value = 'https://wd8a2b7d68f1c7c7f34381dc1a198465b4.win/ga.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:01:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-4cf4-4d90-8af5-4030950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'click.rdr11.top|31.186.103.146']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-4a5c-40f3-8f59-496b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'chromedevelopment.site|31.186.103.147']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-0f14-4aad-ac4b-47d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'login.chromeextensions.info|31.186.103.149']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-80c4-4e0a-9dc8-41bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'chromeextensions.info|31.186.103.149']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-b9cc-403c-8976-40b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'wd8a2b7d68f1c7c7f34381dc1a198465b4.win|104.131.30.88']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-c08c-45fb-92b0-4757950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'wd7bdb20e4d622f6569f3e8503138c859d.win|104.131.30.88']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-e28c-4cbe-a25f-4d19950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'loading.website|162.255.119.12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-4110-469a-8785-4156950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'searchtab.win|104.131.67.58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-0c5c-4008-94cd-46ab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'redirect2.top|104.131.67.58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-02dc-4d5b-b310-4333950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'browser-updates.info|198.54.117.212']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-26d0-4488-bf37-4616950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[url:value = 'browser-updates.info/firebase_subscribe.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-10f4-46ec-b864-4b4b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'imagetwist.info|174.138.62.139']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-6550-490c-928f-4209950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[url:value = 'http://searchtab.win/ga.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-92a4-4752-9788-462a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[url:value = 'http://redirect2.top/ga.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-c4a8-4b2f-8814-4d87950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[url:value = 'http://partner-net.men/code/pid/linkcheck.js?rev=133']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-2654-4152-b056-40c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[url:value = 'https://f.partnerwork.men/code/code/index_4.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-1208-495c-b833-4409950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[url:value = 'https://f.partnerwork.men/code/code/mss_3.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-1658-439a-8783-4cf9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[url:value = 'https://y.partnerwork.men/code/code/index_3.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-5860-4be5-b05f-48a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[url:value = 'http://partner-net.men/code/pid/973820_BNX.js?rev=133']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-5f08-426e-8bc8-4880950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[url:value = 'http://partner-net.men/code/?pid=973820&r=']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-21b8-4116-a1ad-4e35950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'login.chromedevelopment.site|31.186.103.147']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-e4a8-4538-86ce-4b1d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'y.partnerwork.men|185.147.15.35']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-b520-4843-999b-48b2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'f.partnerwork.men|185.147.15.37']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-a2c0-4f4c-8ce4-4268950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'partner-net.men|95.211.68.187']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-0574-4d0e-b731-400e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'partner-net.men|95.211.68.186']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-ac44-4eec-891e-40aa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'b.partner-net.men|']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-8f3c-4510-b8df-4fca950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[url:value = 'http://land.pckeeper.software/land/7.13.222/index.php?affid=mzb_251.563088.1501708560.18.mzb&utm_source=prfl&utm_medium=cps&utm_campaign=pck_prfl_cps_ww_713&utm_term=&utm_content=&userDefiner=mzb_2424&trt=33_1641011700&tid_ext=1451151054']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-7ebc-476b-aff5-44c8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[url:value = 'http://land.pckeeper.software/land/7.13.222/index.php?affid=mzb_281.2294418.1495859377.18.mzb&utm_source=maxb&utm_medium=cps&utm_campaign=pck_maxb_cps_eu2_713&utm_term=&utm_content=&userDefiner=mzb_2424&trt=33_1638077&tid_ext=pck_maxb_cps_us_eu2_sale']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-7a98-4fc5-a6cc-4550950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[url:value = 'http://wlp.cleanmypc.online/mxbt1/?x-context=496906380&utm_source=mxapcfx5&utm_campaign=mxapcfx5&pxl=MXA2240_MXA2193_RUNT&utm_pubid=56754&x-at=XXXXX&override=1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-abb0-4e01-89f2-45af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'cookie-policy.org|45.55.128.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-c490-43f6-af66-4c3b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'cdn2.info|45.55.128.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-1f74-4f5a-9d55-40f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'cdn8.info|45.55.128.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-0eec-4a7f-aabf-44ee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'cdn.cookiescript.info|52.222.226.223']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-d498-4a9b-9910-4efd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'cdn.front.to|162.243.105.107']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-7d5c-4e7e-81f6-447f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'ganalytics.win|104.131.30.88']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-1b94-4a69-b185-489b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[domain-name:value = '92fffe0ba52da491a2b7576627f3693a.pro']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-c510-432c-a185-4cd8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[domain-name:value = '7ce508e6099e31f68c2fd50c362f087d.pro']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-01e0-493b-8529-4eb2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'partner-print.men|185.147.15.39']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeaff3-e5e4-4e09-9a38-48ac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T14:08:51.000Z",
"modified": "2017-09-05T14:08:51.000Z",
"pattern": "[file:name = 'extstat.com|185.147.15.39']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T14:08:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink