{ "Event": { "analysis": "2", "date": "2016-01-07", "extends_uuid": "", "info": "OSINT - Clickjacking Campaign Plays on European Cookie Law", "publish_timestamp": "1452526919", "published": true, "threat_level_id": "3", "timestamp": "1452526911", "uuid": "568ee522-23ac-4002-b82d-4d1402de0b81", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#086200", "local": false, "name": "admiralty-scale:source-reliability=\"c\"", "relationship_type": "" }, { "colour": "#11d000", "local": false, "name": "admiralty-scale:information-credibility=\"3\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1452205465", "to_ids": false, "type": "link", "uuid": "568ee599-4fe8-4915-b7e1-4c8c02de0b81", "value": "https://blog.malwarebytes.org/fraud-scam/2016/01/clickjacking-campaign-plays-on-european-cookie-law/" }, { "category": "Network activity", "comment": "Ad network involved", "deleted": false, "disable_correlation": false, "timestamp": "1452526911", "to_ids": true, "type": "domain", "uuid": "568ee5bc-b68c-43b0-a2ed-4fcd02de0b81", "value": "popcash.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1452205526", "to_ids": false, "type": "domain", "uuid": "568ee5d6-f468-443e-b64c-82dc02de0b81", "value": "featurewebhosting.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1452205526", "to_ids": false, "type": "domain", "uuid": "568ee5d6-c378-4abb-a69a-82dc02de0b81", "value": "elitewebhostings.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1452205527", "to_ids": false, "type": "domain", "uuid": "568ee5d7-1504-484f-b835-82dc02de0b81", "value": "bestcartoday.info" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1452205527", "to_ids": false, "type": "domain", "uuid": "568ee5d7-110c-4c01-94a1-82dc02de0b81", "value": "hotcartop.online" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1452205527", "to_ids": false, "type": "domain", "uuid": "568ee5d7-dab8-4520-a373-82dc02de0b81", "value": "ivirtualcloudhost.com" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1452205637", "to_ids": false, "type": "comment", "uuid": "568ee645-a5f8-4e93-857d-4ea102de0b81", "value": "We\u00e2\u20ac\u2122ve spotted an advertising campaign that tricks users into clicking on what looks like a notification alert that actually hides a legitimate advert, therefore abusing both the advertiser and the ad network hosting the ad (Google Ads Services).\r\n\r\nThe rogue actors behind this fraudulent activity are cleverly leveraging a European law on the use of cookies to seemingly prompt visitors to answer a question." }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1452205705", "to_ids": false, "type": "comment", "uuid": "568ee689-2764-41cb-9a78-48d202de0b81", "value": "No IDS flags set as it seems to be only clickjacking fraud." } ] } }