Created
July 13, 2020 05:47
-
-
Save tahaconfiant/abb8fef11ea89c6a917e3c5553614bf0 to your computer and use it in GitHub Desktop.
magnitude_IOCs_stixv2.1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "type": "bundle", | |
| "id": "bundle--1085f2d7-28e4-42cd-a8f5-deb2f065902f", | |
| "objects": [ | |
| { | |
| "type": "domain-name", | |
| "id": "domain-name--b90b246a-0b50-5c64-80d1-0d118efd9ef6", | |
| "value": "pophot.website", | |
| "spec_version": "2.1" | |
| }, | |
| { | |
| "type": "domain-name", | |
| "id": "domain-name--5678faa3-1c98-5b4b-a6fd-56339c3d8b20", | |
| "value": "5en8d59s33y.bluegas.website", | |
| "spec_version": "2.1" | |
| }, | |
| { | |
| "type": "domain-name", | |
| "id": "domain-name--b4376f12-e00f-5f9a-8654-89bc631088df", | |
| "value": "b6883l0bak.pophot.website", | |
| "spec_version": "2.1" | |
| }, | |
| { | |
| "type": "domain-name", | |
| "id": "domain-name--6e705ec2-dbd0-5f05-a02c-d554bc006ebb", | |
| "value": "5896f2a6aa6207d153b5f4fb1fumcwoxpo.boyput.site", | |
| "spec_version": "2.1" | |
| }, | |
| { | |
| "type": "domain-name", | |
| "id": "domain-name--6c65f84c-f897-5b44-b540-de22af1c4076", | |
| "value": "36b2r105aw.girlbad.fun", | |
| "spec_version": "2.1" | |
| }, | |
| { | |
| "type": "domain-name", | |
| "id": "domain-name--1eaae251-c383-5351-99af-9d1cced3618b", | |
| "value": "9q68f8c3s6fb6f.dogkeys.space", | |
| "spec_version": "2.1" | |
| }, | |
| { | |
| "type": "domain-name", | |
| "id": "domain-name--55230f84-e955-5476-8c13-e3f9717cafa3", | |
| "value": "dogkeys.space", | |
| "spec_version": "2.1" | |
| }, | |
| { | |
| "type": "domain-name", | |
| "id": "domain-name--c200768a-5169-5ce7-93a9-537147b31dfa", | |
| "value": "5027bd97068e48b0d396ab866hctwcnutl.boyput.site", | |
| "spec_version": "2.1" | |
| }, | |
| { | |
| "type": "domain-name", | |
| "id": "domain-name--ade48c8c-f879-5f1c-9200-4b5b9311b11c", | |
| "value": "6bds1c6medn35567p.feedbe.xyz", | |
| "spec_version": "2.1" | |
| }, | |
| { | |
| "type": "domain-name", | |
| "id": "domain-name--9ec076cf-2bf9-5731-a94f-dd23c6d64f47", | |
| "value": "d76h1b2eaid3au.lack.fun", | |
| "spec_version": "2.1" | |
| }, | |
| { | |
| "type": "domain-name", | |
| "id": "domain-name--e4fe2f45-2f45-57a2-877a-618555048dae", | |
| "value": "lack.fun", | |
| "spec_version": "2.1" | |
| }, | |
| { | |
| "type": "domain-name", | |
| "id": "domain-name--4cb3c14c-b8a5-54ab-b2c7-38c3b4ee4917", | |
| "value": "c40ca26c9fd8ddf4eebc4466agakrbnyl.byteson.space", | |
| "spec_version": "2.1" | |
| }, | |
| { | |
| "type": "domain-name", | |
| "id": "domain-name--a8d86c92-d66c-5f20-95b5-344ddbfbc681", | |
| "value": "4cb377eds241icn.feelbad.space", | |
| "spec_version": "2.1" | |
| }, | |
| { | |
| "type": "domain-name", | |
| "id": "domain-name--57d86156-5d88-521e-b344-1b22c1534c6e", | |
| "value": "b4av0cz36zd8k48fi.bidsaid.xyz", | |
| "spec_version": "2.1" | |
| }, | |
| { | |
| "type": "domain-name", | |
| "id": "domain-name--a91635bf-2bbb-5665-ba85-b155d812f999", | |
| "value": "bidsaid.xyz", | |
| "spec_version": "2.1" | |
| }, | |
| { | |
| "type": "domain-name", | |
| "id": "domain-name--ad475870-23d1-54bd-8abd-41c7653ecb9d", | |
| "value": "30a09041e6b611277f81e39c8bbrazsvy.byteson.space", | |
| "spec_version": "2.1" | |
| }, | |
| { | |
| "type": "infrastructure", | |
| "id": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c", | |
| "created": "2020-07-13T05:44:03.350723Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.350723Z", | |
| "name": "Magnitude EK Infrastructure", | |
| "infrastructure_types": [ | |
| "staging" | |
| ] | |
| }, | |
| { | |
| "type": "indicator", | |
| "id": "indicator--e7ef4a83-3fe2-4693-a8b5-f7f3519e3b41", | |
| "created": "2020-07-13T05:44:03.336029Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.336029Z", | |
| "name": "File hash for CVE-2019\u20131367 malicious network traffic", | |
| "indicator_types": [ | |
| "malicious-activity" | |
| ], | |
| "pattern": "[file:hashes.'SHA-256' = '958a41dce464ca992e5baf1aa9527b4fdb15deed87f907db8d6bfa15930c6b52'] OR [file:hashes.'SHA-256' = 'd662a6823ac026d0194796999553579512ac36f3ad1181e5286fe58430775624'] OR [file:hashes.'SHA-256' = '7e25aed0161ad7b1012203642dc0ae49021198f79860cc7a6efab0315fccca15'] OR [file:hashes.'SHA-256' = 'bc4328f1f350fd6bb46ab6a163485d933746084c9f7c7636243ee66316b2dda8']", | |
| "pattern_type": "stix", | |
| "pattern_version": "2.1", | |
| "valid_from": "2020-07-13T09:00:00Z" | |
| }, | |
| { | |
| "type": "threat-actor", | |
| "id": "threat-actor--c1615a2a-28a5-4a19-9e68-0128a075e27f", | |
| "created": "2020-07-13T05:44:03.335278Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.335278Z", | |
| "name": "Magnitude EK", | |
| "description": "Magnitude EK is one of the longest-standing exploit kits. It was on offer in underground forums from 2013 and later became a private exploit kit. As well as a change of actors, the exploit kit has switched its focus to deliver ransomware to users from specific Asia Pacific (APAC) countries via malvertising.", | |
| "threat_actor_types": [ | |
| "criminal", | |
| "crime-syndicate" | |
| ], | |
| "sophistication": "['expert', 'advanced']" | |
| }, | |
| { | |
| "type": "malware", | |
| "id": "malware--5611a1e2-6e9f-4146-a3f7-83ebe24b4b3a", | |
| "created": "2020-07-13T05:44:03.335672Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.335672Z", | |
| "name": "CVE-2019\u20131367 exploit", | |
| "malware_types": [ | |
| "exploit-kit" | |
| ], | |
| "is_family": false, | |
| "kill_chain_phases": [ | |
| { | |
| "kill_chain_name": "confiant-attack-lifecycle-model", | |
| "phase_name": "initial-access" | |
| } | |
| ] | |
| }, | |
| { | |
| "type": "attack-pattern", | |
| "id": "attack-pattern--e80a0fa6-b613-422a-8233-c9609484a210", | |
| "created": "2020-07-13T05:44:03.335862Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.335862Z", | |
| "name": "CVE-2019\u20131367 in the wild exploitation", | |
| "description": "redirect attack delivering CVE-2019\u20131367 exploit", | |
| "kill_chain_phases": [ | |
| { | |
| "kill_chain_name": "confiant-attack-lifecycle-model", | |
| "phase_name": "initial-access" | |
| } | |
| ], | |
| "external_references": [ | |
| { | |
| "source_name": "confiant", | |
| "description": "Internet Explorer CVE-2019\u20131367 In the wild Exploitation", | |
| "url": "https://blog.confiant.com/internet-explorer-cve-2019-1367-in-the-wild-exploitation-prelude-ef546f19cd30" | |
| } | |
| ] | |
| }, | |
| { | |
| "type": "relationship", | |
| "id": "relationship--5e47ab35-856b-4551-9ed8-18862542a3c2", | |
| "created": "2020-07-13T05:44:03.353442Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.353442Z", | |
| "relationship_type": "consists-of", | |
| "source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c", | |
| "target_ref": "domain-name--1eaae251-c383-5351-99af-9d1cced3618b" | |
| }, | |
| { | |
| "type": "relationship", | |
| "id": "relationship--d6e6fdc2-d2fc-42e2-8dfb-f9fb55c9391f", | |
| "created": "2020-07-13T05:44:03.352413Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.352413Z", | |
| "relationship_type": "uses", | |
| "source_ref": "threat-actor--c1615a2a-28a5-4a19-9e68-0128a075e27f", | |
| "target_ref": "attack-pattern--e80a0fa6-b613-422a-8233-c9609484a210" | |
| }, | |
| { | |
| "type": "relationship", | |
| "id": "relationship--050c71c3-02d0-435e-8696-1fab267888f2", | |
| "created": "2020-07-13T05:44:03.352541Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.352541Z", | |
| "relationship_type": "delivers", | |
| "source_ref": "attack-pattern--e80a0fa6-b613-422a-8233-c9609484a210", | |
| "target_ref": "malware--5611a1e2-6e9f-4146-a3f7-83ebe24b4b3a" | |
| }, | |
| { | |
| "type": "relationship", | |
| "id": "relationship--9437a27a-c78f-4403-9857-cf575c7d8eb1", | |
| "created": "2020-07-13T05:44:03.352665Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.352665Z", | |
| "relationship_type": "exploits", | |
| "source_ref": "malware--5611a1e2-6e9f-4146-a3f7-83ebe24b4b3a", | |
| "target_ref": "vulnerability--21b8ff1a-51c8-49e3-a439-04e512168d1c" | |
| }, | |
| { | |
| "type": "relationship", | |
| "id": "relationship--f0d5b09b-1266-4609-a6a7-aa045a8de88f", | |
| "created": "2020-07-13T05:44:03.35278Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.35278Z", | |
| "relationship_type": "indicates", | |
| "source_ref": "indicator--e7ef4a83-3fe2-4693-a8b5-f7f3519e3b41", | |
| "target_ref": "malware--5611a1e2-6e9f-4146-a3f7-83ebe24b4b3a" | |
| }, | |
| { | |
| "type": "relationship", | |
| "id": "relationship--4da77b25-fd35-4042-95b7-02b90744bcd8", | |
| "created": "2020-07-13T05:44:03.352892Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.352892Z", | |
| "relationship_type": "consists-of", | |
| "source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c", | |
| "target_ref": "domain-name--b90b246a-0b50-5c64-80d1-0d118efd9ef6" | |
| }, | |
| { | |
| "type": "relationship", | |
| "id": "relationship--47ea99cb-3c2c-4fdf-be76-ce88f6f870c7", | |
| "created": "2020-07-13T05:44:03.353005Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.353005Z", | |
| "relationship_type": "consists-of", | |
| "source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c", | |
| "target_ref": "domain-name--5678faa3-1c98-5b4b-a6fd-56339c3d8b20" | |
| }, | |
| { | |
| "type": "relationship", | |
| "id": "relationship--c6adf517-7930-41ea-8ab9-bdb96234d3f3", | |
| "created": "2020-07-13T05:44:03.353114Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.353114Z", | |
| "relationship_type": "consists-of", | |
| "source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c", | |
| "target_ref": "domain-name--b4376f12-e00f-5f9a-8654-89bc631088df" | |
| }, | |
| { | |
| "type": "relationship", | |
| "id": "relationship--8c5d2ae4-3c6c-44d5-b27b-d4cc1ca13e53", | |
| "created": "2020-07-13T05:44:03.353225Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.353225Z", | |
| "relationship_type": "consists-of", | |
| "source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c", | |
| "target_ref": "domain-name--6e705ec2-dbd0-5f05-a02c-d554bc006ebb" | |
| }, | |
| { | |
| "type": "relationship", | |
| "id": "relationship--36a47ee8-2eed-482e-b366-bfaa9901a4a8", | |
| "created": "2020-07-13T05:44:03.353333Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.353333Z", | |
| "relationship_type": "consists-of", | |
| "source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c", | |
| "target_ref": "domain-name--6c65f84c-f897-5b44-b540-de22af1c4076" | |
| }, | |
| { | |
| "type": "relationship", | |
| "id": "relationship--5e47ab35-856b-4551-9ed8-18862542a3c2", | |
| "created": "2020-07-13T05:44:03.353442Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.353442Z", | |
| "relationship_type": "consists-of", | |
| "source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c", | |
| "target_ref": "domain-name--1eaae251-c383-5351-99af-9d1cced3618b" | |
| }, | |
| { | |
| "type": "relationship", | |
| "id": "relationship--f11a3261-1396-4436-b48b-48545d3f553b", | |
| "created": "2020-07-13T05:44:03.353549Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.353549Z", | |
| "relationship_type": "consists-of", | |
| "source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c", | |
| "target_ref": "domain-name--55230f84-e955-5476-8c13-e3f9717cafa3" | |
| }, | |
| { | |
| "type": "relationship", | |
| "id": "relationship--7798d2bb-3736-4f69-bccf-04ab66b7e573", | |
| "created": "2020-07-13T05:44:03.35366Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.35366Z", | |
| "relationship_type": "consists-of", | |
| "source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c", | |
| "target_ref": "domain-name--c200768a-5169-5ce7-93a9-537147b31dfa" | |
| }, | |
| { | |
| "type": "relationship", | |
| "id": "relationship--88ec47b6-e7b9-4ac6-acc3-1375de332e26", | |
| "created": "2020-07-13T05:44:03.353769Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.353769Z", | |
| "relationship_type": "consists-of", | |
| "source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c", | |
| "target_ref": "domain-name--ade48c8c-f879-5f1c-9200-4b5b9311b11c" | |
| }, | |
| { | |
| "type": "relationship", | |
| "id": "relationship--35d62739-7182-4e1c-b747-fce15ee2dc91", | |
| "created": "2020-07-13T05:44:03.353877Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.353877Z", | |
| "relationship_type": "consists-of", | |
| "source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c", | |
| "target_ref": "domain-name--9ec076cf-2bf9-5731-a94f-dd23c6d64f47" | |
| }, | |
| { | |
| "type": "relationship", | |
| "id": "relationship--004f1078-f2e0-4bfd-8f66-51fee47ddaf6", | |
| "created": "2020-07-13T05:44:03.353984Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.353984Z", | |
| "relationship_type": "consists-of", | |
| "source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c", | |
| "target_ref": "domain-name--e4fe2f45-2f45-57a2-877a-618555048dae" | |
| }, | |
| { | |
| "type": "relationship", | |
| "id": "relationship--710688bb-07b5-4332-bc5c-3929c0a41564", | |
| "created": "2020-07-13T05:44:03.354095Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.354095Z", | |
| "relationship_type": "consists-of", | |
| "source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c", | |
| "target_ref": "domain-name--4cb3c14c-b8a5-54ab-b2c7-38c3b4ee4917" | |
| }, | |
| { | |
| "type": "relationship", | |
| "id": "relationship--ff19a923-9618-43e1-935b-195999efdfd5", | |
| "created": "2020-07-13T05:44:03.354248Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.354248Z", | |
| "relationship_type": "consists-of", | |
| "source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c", | |
| "target_ref": "domain-name--a8d86c92-d66c-5f20-95b5-344ddbfbc681" | |
| }, | |
| { | |
| "type": "relationship", | |
| "id": "relationship--f24b692b-85af-437d-bd58-fbf914616918", | |
| "created": "2020-07-13T05:44:03.35436Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.35436Z", | |
| "relationship_type": "consists-of", | |
| "source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c", | |
| "target_ref": "domain-name--57d86156-5d88-521e-b344-1b22c1534c6e" | |
| }, | |
| { | |
| "type": "relationship", | |
| "id": "relationship--6c453731-11eb-445d-b4c5-5532d5014bf2", | |
| "created": "2020-07-13T05:44:03.354469Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.354469Z", | |
| "relationship_type": "consists-of", | |
| "source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c", | |
| "target_ref": "domain-name--a91635bf-2bbb-5665-ba85-b155d812f999" | |
| }, | |
| { | |
| "type": "relationship", | |
| "id": "relationship--e29d1699-63fa-44e6-abaf-d8d170faf949", | |
| "created": "2020-07-13T05:44:03.354577Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.354577Z", | |
| "relationship_type": "consists-of", | |
| "source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c", | |
| "target_ref": "domain-name--ad475870-23d1-54bd-8abd-41c7653ecb9d" | |
| }, | |
| { | |
| "type": "relationship", | |
| "id": "relationship--c5f294ec-535a-4279-bb3c-693c4b9d4785", | |
| "created": "2020-07-13T05:44:03.354686Z", | |
| "spec_version": "2.1", | |
| "modified": "2020-07-13T05:44:03.354686Z", | |
| "relationship_type": "uses", | |
| "source_ref": "threat-actor--c1615a2a-28a5-4a19-9e68-0128a075e27f", | |
| "target_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c" | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment