368 lines
No EOL
9.9 KiB
JSON
368 lines
No EOL
9.9 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "1",
|
|
"date": "2018-07-31",
|
|
"extends_uuid": "",
|
|
"info": "Massive Malvertising Campaign Discovered Attempting 40,000 Infections per Week",
|
|
"publish_timestamp": "1533055561",
|
|
"published": true,
|
|
"threat_level_id": "2",
|
|
"timestamp": "1533054591",
|
|
"uuid": "5b608c59-6328-49e7-af04-22de0acd0835",
|
|
"Orgc": {
|
|
"name": "Synovus Financial",
|
|
"uuid": "5a68c02d-959c-4c8a-a571-0dcac0a8060a"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
},
|
|
{
|
|
"colour": "#777174",
|
|
"name": "Malvertising"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "malvertising",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533054115",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5b608ca3-d648-4d02-b6a0-348b0acd0835",
|
|
"value": "exoclick.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#777174",
|
|
"name": "Malvertising"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "malvertising",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533054116",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5b608ca4-2634-4d52-9b44-348b0acd0835",
|
|
"value": "bestadbid.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#777174",
|
|
"name": "Malvertising"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "malvertising",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533054116",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5b608ca4-d300-4e8f-9abf-348b0acd0835",
|
|
"value": "junnify.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#777174",
|
|
"name": "Malvertising"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "malvertising",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533054116",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5b608ca4-4838-48a3-b48e-348b0acd0835",
|
|
"value": "bikinisgroup.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#777174",
|
|
"name": "Malvertising"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "malvertising",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533054116",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5b608ca4-bf88-4d3b-9cd9-348b0acd0835",
|
|
"value": "xml.pdn-1.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#777174",
|
|
"name": "Malvertising"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "malvertising",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533054116",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5b608ca4-2934-4dd9-be94-348b0acd0835",
|
|
"value": "xml.pdn-2.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#777174",
|
|
"name": "Malvertising"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "malvertising",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533054116",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5b608ca4-fa80-4dd0-bcec-348b0acd0835",
|
|
"value": "xml.pdn-3.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#777174",
|
|
"name": "Malvertising"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "malvertising",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533054116",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5b608ca4-fa00-4baf-89fa-348b0acd0835",
|
|
"value": "xml.pdn-4.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#777174",
|
|
"name": "Malvertising"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "malvertising",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533054116",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "5b608ca4-10d4-4b8c-8c4e-348b0acd0835",
|
|
"value": "xml.pdn-5.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#777174",
|
|
"name": "Malvertising"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533054238",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5b608d1e-38e0-4655-96d9-34a40acd0835",
|
|
"value": "https://research.checkpoint.com/malvertising-campaign-based-secrets-lies/"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533054238",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5b608d1e-b7b0-4de5-9b0b-34a40acd0835",
|
|
"value": "https://www.bleepingcomputer.com/news/security/massive-malvertising-campaign-discovered-attempting-40-000-infections-per-week/"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533054238",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5b608d1e-ddd4-4b0a-b607-34a40acd0835",
|
|
"value": "https://www.securityweek.com/advanced-malvertising-campaign-exploits-online-advertising-supply-chain"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Malvertising",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533054416",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5b608dd0-447c-4175-8f9f-50ad0acd0835",
|
|
"value": "onclkds.com/afu.php?zoneid=1157984",
|
|
"Tag": [
|
|
{
|
|
"colour": "#777174",
|
|
"name": "Malvertising"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Malvertising",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533054416",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5b608dd0-55fc-4a6c-bf3a-50ad0acd0835",
|
|
"value": "www.cpm10.com/watch?key=fe0a93971e993f059d7a78bf2fa5117a",
|
|
"Tag": [
|
|
{
|
|
"colour": "#777174",
|
|
"name": "Malvertising"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Malvertising",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533054416",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5b608dd0-d3f4-4dd6-9314-50ad0acd0835",
|
|
"value": "www.cpm20.com/watch?key=f9363dcc22f7f5fc89d5d6dcccb1e580",
|
|
"Tag": [
|
|
{
|
|
"colour": "#777174",
|
|
"name": "Malvertising"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Malvertising",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533054416",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5b608dd0-2918-47f8-ad95-50ad0acd0835",
|
|
"value": "www.hibids10.com/watch?key=789a4129e78c00008a47b36e23d65ea7",
|
|
"Tag": [
|
|
{
|
|
"colour": "#777174",
|
|
"name": "Malvertising"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Malvertising",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533054416",
|
|
"to_ids": true,
|
|
"type": "url",
|
|
"uuid": "5b608dd0-5f40-4ca5-8286-50ad0acd0835",
|
|
"value": "www.sloi1.com/3hfnn2cne?key=789a4129e78c00008a47b36e23d65ea7",
|
|
"Tag": [
|
|
{
|
|
"colour": "#777174",
|
|
"name": "Malvertising"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Malvertising",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533054482",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5b608e12-d330-49ca-b308-5a480acd0835",
|
|
"value": "onclkds.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#777174",
|
|
"name": "Malvertising"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Malvertising",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533054483",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5b608e13-4a8c-4cbd-adca-5a480acd0835",
|
|
"value": "cpm10.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#777174",
|
|
"name": "Malvertising"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Malvertising",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533054483",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5b608e13-3b98-4ac9-9911-5a480acd0835",
|
|
"value": "hibids10.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#777174",
|
|
"name": "Malvertising"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "Malvertising",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1533054483",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "5b608e13-9d58-4d0a-a092-5a480acd0835",
|
|
"value": "sloi1.com",
|
|
"Tag": [
|
|
{
|
|
"colour": "#777174",
|
|
"name": "Malvertising"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |