{ "type": "bundle", "id": "bundle--5566bfdf-e550-4b40-8178-4b27950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:24:48.000Z", "modified": "2015-05-28T07:24:48.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5566bfdf-e550-4b40-8178-4b27950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:24:48.000Z", "modified": "2015-05-28T07:24:48.000Z", "name": "OSINT The Teenage Mutant Malvertiser Network by FireEye", "published": "2015-05-28T09:06:01Z", "object_refs": [ "observed-data--5566c04d-3124-4d4b-819f-4a45950d210b", "url--5566c04d-3124-4d4b-819f-4a45950d210b", "indicator--5566c0a7-dd74-4597-b7be-419f950d210b", "indicator--5566c0a8-e8d8-4860-b57f-4b9d950d210b", "indicator--5566c0b9-a64c-4104-9847-4b7a950d210b", "indicator--5566c0b9-734c-4fec-a46f-4ce5950d210b", "indicator--5566c0b9-4554-41f6-9770-4207950d210b", "indicator--5566c0b9-f258-4884-bd55-4e09950d210b", "indicator--5566c0b9-1ee0-49c1-9979-4aa6950d210b", "indicator--5566c166-bde4-4238-b7b1-4260950d210b", "indicator--5566c166-ab60-4619-ad6f-4401950d210b", "indicator--5566c166-f4e8-41f4-aa9a-438a950d210b", "indicator--5566c174-1430-4be3-add2-4591950d210b", "indicator--5566c174-65a8-4bfc-ac4d-4333950d210b", "indicator--5566c174-2a2c-4478-8be5-4641950d210b", "indicator--5566c174-f9ac-4f97-933e-4ff2950d210b", "indicator--5566c175-d0d8-49af-95ed-4ec2950d210b", "indicator--5566c175-0530-4f35-a56e-44dc950d210b", "indicator--5566c175-5548-4fa2-b93f-4ced950d210b", "indicator--5566c175-2298-4b74-a69c-4e6f950d210b", "indicator--5566c175-2a30-4dc3-99e7-464a950d210b", "indicator--5566c175-3cfc-417d-ab4d-40c5950d210b", "indicator--5566c175-0ce4-421c-9038-4248950d210b", "indicator--5566c175-8a3c-4c1c-baf3-4dcc950d210b", "indicator--5566c1f0-6ef0-4379-9e71-4568950d210b", "indicator--5566c21a-702c-4c8e-aea1-4cfd950d210b", "indicator--5566c21a-b228-4219-ab71-45f5950d210b", "indicator--5566c21a-09dc-4bd5-83fc-46bf950d210b", "indicator--5566c21a-ee84-4d24-ac54-4074950d210b", "indicator--5566c21a-a46c-455c-a2d9-4f3e950d210b", "indicator--5566c21a-fc54-4265-bb4f-4ceb950d210b", "indicator--5566c21b-8820-4bac-8255-461e950d210b", "indicator--5566c26e-6070-44c9-b4b5-4ed0950d210b", "indicator--5566c26e-794c-4071-bae1-4e1b950d210b", "indicator--5566c26e-8904-48e6-a191-441a950d210b", "indicator--5566c26e-33c0-4e20-984c-489e950d210b", "indicator--5566c2aa-82ac-465c-99f3-4512950d210b", "observed-data--5566c2c0-fb04-4d80-9f0a-4aec950d210b", "url--5566c2c0-fb04-4d80-9f0a-4aec950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5566c04d-3124-4d4b-819f-4a45950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:14:21.000Z", "modified": "2015-05-28T07:14:21.000Z", "first_observed": "2015-05-28T07:14:21Z", "last_observed": "2015-05-28T07:14:21Z", "number_observed": 1, "object_refs": [ "url--5566c04d-3124-4d4b-819f-4a45950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5566c04d-3124-4d4b-819f-4a45950d210b", "value": "https://www.fireeye.com/blog/threat-research/2015/05/the_teenage_mutantm.html" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c0a7-dd74-4597-b7be-419f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:21:44.000Z", "modified": "2015-05-28T07:21:44.000Z", "description": "Magnitude EK", "pattern": "[domain-name:value = 'click2.systemaffiliate.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:21:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c0a8-e8d8-4860-b57f-4b9d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:21:44.000Z", "modified": "2015-05-28T07:21:44.000Z", "description": "Magnitude EK", "pattern": "[domain-name:value = 'click2.danarimedia.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:21:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c0b9-a64c-4104-9847-4b7a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:16:09.000Z", "modified": "2015-05-28T07:16:09.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.212.255.136']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:16:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c0b9-734c-4fec-a46f-4ce5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:16:09.000Z", "modified": "2015-05-28T07:16:09.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.212.255.137']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:16:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c0b9-4554-41f6-9770-4207950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:16:09.000Z", "modified": "2015-05-28T07:16:09.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.212.255.138']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:16:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c0b9-f258-4884-bd55-4e09950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:16:09.000Z", "modified": "2015-05-28T07:16:09.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.212.255.139']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:16:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c0b9-1ee0-49c1-9979-4aa6950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:16:09.000Z", "modified": "2015-05-28T07:16:09.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.212.255.140']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:16:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c166-bde4-4238-b7b1-4260950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:19:02.000Z", "modified": "2015-05-28T07:19:02.000Z", "description": "Angler EK", "pattern": "[domain-name:value = 'ads.fsrinc.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:19:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c166-ab60-4619-ad6f-4401950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:19:02.000Z", "modified": "2015-05-28T07:19:02.000Z", "description": "Angler EK", "pattern": "[domain-name:value = 'hit.buy-targeted-traffic.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:19:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c166-f4e8-41f4-aa9a-438a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:19:02.000Z", "modified": "2015-05-28T07:19:02.000Z", "description": "Angler EK", "pattern": "[domain-name:value = 'bbwlesbians.xblog.in']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:19:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c174-1430-4be3-add2-4591950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:19:16.000Z", "modified": "2015-05-28T07:19:16.000Z", "description": "Angler EK", "pattern": "[domain-name:value = 'find-everything.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:19:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c174-65a8-4bfc-ac4d-4333950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:19:16.000Z", "modified": "2015-05-28T07:19:16.000Z", "description": "Angler EK", "pattern": "[domain-name:value = 'litle-finder.me']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:19:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c174-2a2c-4478-8be5-4641950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:19:16.000Z", "modified": "2015-05-28T07:19:16.000Z", "description": "Angler EK", "pattern": "[domain-name:value = 'megafinder24.info']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:19:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c174-f9ac-4f97-933e-4ff2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:19:16.000Z", "modified": "2015-05-28T07:19:16.000Z", "description": "Angler EK", "pattern": "[domain-name:value = 'searchl.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:19:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c175-d0d8-49af-95ed-4ec2950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:19:17.000Z", "modified": "2015-05-28T07:19:17.000Z", "description": "Angler EK", "pattern": "[domain-name:value = 'searchwebfind.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:19:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c175-0530-4f35-a56e-44dc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:19:17.000Z", "modified": "2015-05-28T07:19:17.000Z", "description": "Angler EK", "pattern": "[domain-name:value = 'truesearchresults.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:19:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c175-5548-4fa2-b93f-4ced950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:19:17.000Z", "modified": "2015-05-28T07:19:17.000Z", "description": "Angler EK", "pattern": "[domain-name:value = 'webwebfind.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:19:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c175-2298-4b74-a69c-4e6f950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:19:17.000Z", "modified": "2015-05-28T07:19:17.000Z", "description": "Angler EK", "pattern": "[domain-name:value = 'news4news015.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:19:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c175-2a30-4dc3-99e7-464a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:19:17.000Z", "modified": "2015-05-28T07:19:17.000Z", "description": "Angler EK", "pattern": "[domain-name:value = 'news4news14.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:19:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c175-3cfc-417d-ab4d-40c5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:19:17.000Z", "modified": "2015-05-28T07:19:17.000Z", "description": "Angler EK", "pattern": "[domain-name:value = 'news4news15.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:19:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c175-0ce4-421c-9038-4248950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:19:17.000Z", "modified": "2015-05-28T07:19:17.000Z", "description": "Angler EK", "pattern": "[domain-name:value = 'news4news2014.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:19:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c175-8a3c-4c1c-baf3-4dcc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:19:17.000Z", "modified": "2015-05-28T07:19:17.000Z", "description": "Angler EK", "pattern": "[domain-name:value = 'news4news2015.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:19:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c1f0-6ef0-4379-9e71-4568950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:21:44.000Z", "modified": "2015-05-28T07:21:44.000Z", "description": "Magnitude EK", "pattern": "[domain-name:value = 'click.upperseeker.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:21:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c21a-702c-4c8e-aea1-4cfd950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:22:02.000Z", "modified": "2015-05-28T07:22:02.000Z", "description": "Magnitude EK", "pattern": "[domain-name:value = 'death-tostock.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:22:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c21a-b228-4219-ab71-45f5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:22:02.000Z", "modified": "2015-05-28T07:22:02.000Z", "description": "Magnitude EK", "pattern": "[domain-name:value = 'ado-global.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:22:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c21a-09dc-4bd5-83fc-46bf950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:22:02.000Z", "modified": "2015-05-28T07:22:02.000Z", "description": "Magnitude EK", "pattern": "[domain-name:value = 'find-all.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:22:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c21a-ee84-4d24-ac54-4074950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:22:02.000Z", "modified": "2015-05-28T07:22:02.000Z", "description": "Magnitude EK", "pattern": "[domain-name:value = 'global-search24.biz']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:22:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c21a-a46c-455c-a2d9-4f3e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:22:02.000Z", "modified": "2015-05-28T07:22:02.000Z", "description": "Magnitude EK", "pattern": "[domain-name:value = 'integrosearch.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:22:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c21a-fc54-4265-bb4f-4ceb950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:22:02.000Z", "modified": "2015-05-28T07:22:02.000Z", "description": "Magnitude EK", "pattern": "[domain-name:value = 'millsearch.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:22:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c21b-8820-4bac-8255-461e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:22:03.000Z", "modified": "2015-05-28T07:22:03.000Z", "description": "Magnitude EK", "pattern": "[domain-name:value = 'superior-movies.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:22:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c26e-6070-44c9-b4b5-4ed0950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:23:26.000Z", "modified": "2015-05-28T07:23:26.000Z", "description": "Rig & other EK", "pattern": "[domain-name:value = 'buyadvertsort.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:23:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c26e-794c-4071-bae1-4e1b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:23:26.000Z", "modified": "2015-05-28T07:23:26.000Z", "description": "Rig & other EK", "pattern": "[domain-name:value = 'buyadvertview.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:23:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c26e-8904-48e6-a191-441a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:23:26.000Z", "modified": "2015-05-28T07:23:26.000Z", "description": "Rig & other EK", "pattern": "[domain-name:value = 'buyadvlist.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:23:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c26e-33c0-4e20-984c-489e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:23:26.000Z", "modified": "2015-05-28T07:23:26.000Z", "description": "Rig & other EK", "pattern": "[domain-name:value = 'dealsadvdeals.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:23:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5566c2aa-82ac-465c-99f3-4512950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:24:26.000Z", "modified": "2015-05-28T07:24:26.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.212.255.0/24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-05-28T07:24:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5566c2c0-fb04-4d80-9f0a-4aec950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-05-28T07:24:48.000Z", "modified": "2015-05-28T07:24:48.000Z", "first_observed": "2015-05-28T07:24:48Z", "last_observed": "2015-05-28T07:24:48Z", "number_observed": 1, "object_refs": [ "url--5566c2c0-fb04-4d80-9f0a-4aec950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5566c2c0-fb04-4d80-9f0a-4aec950d210b", "value": "http://research.zscaler.com/2015/05/magnitude-exploit-kit-leading-to.html" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }