{ "Event": { "analysis": "2", "date": "2015-05-26", "extends_uuid": "", "info": "OSINT The Teenage Mutant Malvertiser Network by FireEye", "publish_timestamp": "1432803961", "published": true, "threat_level_id": "3", "timestamp": "1432797888", "uuid": "5566bfdf-e550-4b40-8178-4b27950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#004646", "name": "type:OSINT" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432797261", "to_ids": false, "type": "link", "uuid": "5566c04d-3124-4d4b-819f-4a45950d210b", "value": "https://www.fireeye.com/blog/threat-research/2015/05/the_teenage_mutantm.html" }, { "category": "Network activity", "comment": "Magnitude EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797704", "to_ids": true, "type": "hostname", "uuid": "5566c0a7-dd74-4597-b7be-419f950d210b", "value": "click2.systemaffiliate.com" }, { "category": "Network activity", "comment": "Magnitude EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797704", "to_ids": true, "type": "hostname", "uuid": "5566c0a8-e8d8-4860-b57f-4b9d950d210b", "value": "click2.danarimedia.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432797369", "to_ids": true, "type": "ip-dst", "uuid": "5566c0b9-a64c-4104-9847-4b7a950d210b", "value": "199.212.255.136" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432797369", "to_ids": true, "type": "ip-dst", "uuid": "5566c0b9-734c-4fec-a46f-4ce5950d210b", "value": "199.212.255.137" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432797369", "to_ids": true, "type": "ip-dst", "uuid": "5566c0b9-4554-41f6-9770-4207950d210b", "value": "199.212.255.138" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432797369", "to_ids": true, "type": "ip-dst", "uuid": "5566c0b9-f258-4884-bd55-4e09950d210b", "value": "199.212.255.139" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432797369", "to_ids": true, "type": "ip-dst", "uuid": "5566c0b9-1ee0-49c1-9979-4aa6950d210b", "value": "199.212.255.140" }, { "category": "Network activity", "comment": "Angler EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797542", "to_ids": true, "type": "hostname", "uuid": "5566c166-bde4-4238-b7b1-4260950d210b", "value": "ads.fsrinc.biz" }, { "category": "Network activity", "comment": "Angler EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797542", "to_ids": true, "type": "hostname", "uuid": "5566c166-ab60-4619-ad6f-4401950d210b", "value": "hit.buy-targeted-traffic.com" }, { "category": "Network activity", "comment": "Angler EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797542", "to_ids": true, "type": "hostname", "uuid": "5566c166-f4e8-41f4-aa9a-438a950d210b", "value": "bbwlesbians.xblog.in" }, { "category": "Network activity", "comment": "Angler EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797556", "to_ids": true, "type": "domain", "uuid": "5566c174-1430-4be3-add2-4591950d210b", "value": "find-everything.info" }, { "category": "Network activity", "comment": "Angler EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797556", "to_ids": true, "type": "domain", "uuid": "5566c174-65a8-4bfc-ac4d-4333950d210b", "value": "litle-finder.me" }, { "category": "Network activity", "comment": "Angler EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797556", "to_ids": true, "type": "domain", "uuid": "5566c174-2a2c-4478-8be5-4641950d210b", "value": "megafinder24.info" }, { "category": "Network activity", "comment": "Angler EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797556", "to_ids": true, "type": "domain", "uuid": "5566c174-f9ac-4f97-933e-4ff2950d210b", "value": "searchl.org" }, { "category": "Network activity", "comment": "Angler EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797557", "to_ids": true, "type": "domain", "uuid": "5566c175-d0d8-49af-95ed-4ec2950d210b", "value": "searchwebfind.org" }, { "category": "Network activity", "comment": "Angler EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797557", "to_ids": true, "type": "domain", "uuid": "5566c175-0530-4f35-a56e-44dc950d210b", "value": "truesearchresults.com" }, { "category": "Network activity", "comment": "Angler EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797557", "to_ids": true, "type": "domain", "uuid": "5566c175-5548-4fa2-b93f-4ced950d210b", "value": "webwebfind.com" }, { "category": "Network activity", "comment": "Angler EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797557", "to_ids": true, "type": "domain", "uuid": "5566c175-2298-4b74-a69c-4e6f950d210b", "value": "news4news015.com" }, { "category": "Network activity", "comment": "Angler EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797557", "to_ids": true, "type": "domain", "uuid": "5566c175-2a30-4dc3-99e7-464a950d210b", "value": "news4news14.com" }, { "category": "Network activity", "comment": "Angler EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797557", "to_ids": true, "type": "domain", "uuid": "5566c175-3cfc-417d-ab4d-40c5950d210b", "value": "news4news15.com" }, { "category": "Network activity", "comment": "Angler EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797557", "to_ids": true, "type": "domain", "uuid": "5566c175-0ce4-421c-9038-4248950d210b", "value": "news4news2014.com" }, { "category": "Network activity", "comment": "Angler EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797557", "to_ids": true, "type": "domain", "uuid": "5566c175-8a3c-4c1c-baf3-4dcc950d210b", "value": "news4news2015.com" }, { "category": "Network activity", "comment": "Magnitude EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797704", "to_ids": true, "type": "hostname", "uuid": "5566c1f0-6ef0-4379-9e71-4568950d210b", "value": "click.upperseeker.com" }, { "category": "Network activity", "comment": "Magnitude EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797722", "to_ids": true, "type": "domain", "uuid": "5566c21a-702c-4c8e-aea1-4cfd950d210b", "value": "death-tostock.com" }, { "category": "Network activity", "comment": "Magnitude EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797722", "to_ids": true, "type": "domain", "uuid": "5566c21a-b228-4219-ab71-45f5950d210b", "value": "ado-global.com" }, { "category": "Network activity", "comment": "Magnitude EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797722", "to_ids": true, "type": "domain", "uuid": "5566c21a-09dc-4bd5-83fc-46bf950d210b", "value": "find-all.biz" }, { "category": "Network activity", "comment": "Magnitude EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797722", "to_ids": true, "type": "domain", "uuid": "5566c21a-ee84-4d24-ac54-4074950d210b", "value": "global-search24.biz" }, { "category": "Network activity", "comment": "Magnitude EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797722", "to_ids": true, "type": "domain", "uuid": "5566c21a-a46c-455c-a2d9-4f3e950d210b", "value": "integrosearch.com" }, { "category": "Network activity", "comment": "Magnitude EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797722", "to_ids": true, "type": "domain", "uuid": "5566c21a-fc54-4265-bb4f-4ceb950d210b", "value": "millsearch.net" }, { "category": "Network activity", "comment": "Magnitude EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797723", "to_ids": true, "type": "domain", "uuid": "5566c21b-8820-4bac-8255-461e950d210b", "value": "superior-movies.com" }, { "category": "Network activity", "comment": "Rig & other EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797806", "to_ids": true, "type": "domain", "uuid": "5566c26e-6070-44c9-b4b5-4ed0950d210b", "value": "buyadvertsort.com" }, { "category": "Network activity", "comment": "Rig & other EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797806", "to_ids": true, "type": "domain", "uuid": "5566c26e-794c-4071-bae1-4e1b950d210b", "value": "buyadvertview.com" }, { "category": "Network activity", "comment": "Rig & other EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797806", "to_ids": true, "type": "domain", "uuid": "5566c26e-8904-48e6-a191-441a950d210b", "value": "buyadvlist.com" }, { "category": "Network activity", "comment": "Rig & other EK", "deleted": false, "disable_correlation": false, "timestamp": "1432797806", "to_ids": true, "type": "domain", "uuid": "5566c26e-33c0-4e20-984c-489e950d210b", "value": "dealsadvdeals.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432797866", "to_ids": true, "type": "ip-dst", "uuid": "5566c2aa-82ac-465c-99f3-4512950d210b", "value": "199.212.255.0/24" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1432797888", "to_ids": false, "type": "link", "uuid": "5566c2c0-fb04-4d80-9f0a-4aec950d210b", "value": "http://research.zscaler.com/2015/05/magnitude-exploit-kit-leading-to.html" } ] } }