Skip to content

Instantly share code, notes, and snippets.

@tahaconfiant
Created July 13, 2020 05:47
Show Gist options
  • Save tahaconfiant/abb8fef11ea89c6a917e3c5553614bf0 to your computer and use it in GitHub Desktop.
Save tahaconfiant/abb8fef11ea89c6a917e3c5553614bf0 to your computer and use it in GitHub Desktop.
magnitude_IOCs_stixv2.1
{
"type": "bundle",
"id": "bundle--1085f2d7-28e4-42cd-a8f5-deb2f065902f",
"objects": [
{
"type": "domain-name",
"id": "domain-name--b90b246a-0b50-5c64-80d1-0d118efd9ef6",
"value": "pophot.website",
"spec_version": "2.1"
},
{
"type": "domain-name",
"id": "domain-name--5678faa3-1c98-5b4b-a6fd-56339c3d8b20",
"value": "5en8d59s33y.bluegas.website",
"spec_version": "2.1"
},
{
"type": "domain-name",
"id": "domain-name--b4376f12-e00f-5f9a-8654-89bc631088df",
"value": "b6883l0bak.pophot.website",
"spec_version": "2.1"
},
{
"type": "domain-name",
"id": "domain-name--6e705ec2-dbd0-5f05-a02c-d554bc006ebb",
"value": "5896f2a6aa6207d153b5f4fb1fumcwoxpo.boyput.site",
"spec_version": "2.1"
},
{
"type": "domain-name",
"id": "domain-name--6c65f84c-f897-5b44-b540-de22af1c4076",
"value": "36b2r105aw.girlbad.fun",
"spec_version": "2.1"
},
{
"type": "domain-name",
"id": "domain-name--1eaae251-c383-5351-99af-9d1cced3618b",
"value": "9q68f8c3s6fb6f.dogkeys.space",
"spec_version": "2.1"
},
{
"type": "domain-name",
"id": "domain-name--55230f84-e955-5476-8c13-e3f9717cafa3",
"value": "dogkeys.space",
"spec_version": "2.1"
},
{
"type": "domain-name",
"id": "domain-name--c200768a-5169-5ce7-93a9-537147b31dfa",
"value": "5027bd97068e48b0d396ab866hctwcnutl.boyput.site",
"spec_version": "2.1"
},
{
"type": "domain-name",
"id": "domain-name--ade48c8c-f879-5f1c-9200-4b5b9311b11c",
"value": "6bds1c6medn35567p.feedbe.xyz",
"spec_version": "2.1"
},
{
"type": "domain-name",
"id": "domain-name--9ec076cf-2bf9-5731-a94f-dd23c6d64f47",
"value": "d76h1b2eaid3au.lack.fun",
"spec_version": "2.1"
},
{
"type": "domain-name",
"id": "domain-name--e4fe2f45-2f45-57a2-877a-618555048dae",
"value": "lack.fun",
"spec_version": "2.1"
},
{
"type": "domain-name",
"id": "domain-name--4cb3c14c-b8a5-54ab-b2c7-38c3b4ee4917",
"value": "c40ca26c9fd8ddf4eebc4466agakrbnyl.byteson.space",
"spec_version": "2.1"
},
{
"type": "domain-name",
"id": "domain-name--a8d86c92-d66c-5f20-95b5-344ddbfbc681",
"value": "4cb377eds241icn.feelbad.space",
"spec_version": "2.1"
},
{
"type": "domain-name",
"id": "domain-name--57d86156-5d88-521e-b344-1b22c1534c6e",
"value": "b4av0cz36zd8k48fi.bidsaid.xyz",
"spec_version": "2.1"
},
{
"type": "domain-name",
"id": "domain-name--a91635bf-2bbb-5665-ba85-b155d812f999",
"value": "bidsaid.xyz",
"spec_version": "2.1"
},
{
"type": "domain-name",
"id": "domain-name--ad475870-23d1-54bd-8abd-41c7653ecb9d",
"value": "30a09041e6b611277f81e39c8bbrazsvy.byteson.space",
"spec_version": "2.1"
},
{
"type": "infrastructure",
"id": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c",
"created": "2020-07-13T05:44:03.350723Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.350723Z",
"name": "Magnitude EK Infrastructure",
"infrastructure_types": [
"staging"
]
},
{
"type": "indicator",
"id": "indicator--e7ef4a83-3fe2-4693-a8b5-f7f3519e3b41",
"created": "2020-07-13T05:44:03.336029Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.336029Z",
"name": "File hash for CVE-2019\u20131367 malicious network traffic",
"indicator_types": [
"malicious-activity"
],
"pattern": "[file:hashes.'SHA-256' = '958a41dce464ca992e5baf1aa9527b4fdb15deed87f907db8d6bfa15930c6b52'] OR [file:hashes.'SHA-256' = 'd662a6823ac026d0194796999553579512ac36f3ad1181e5286fe58430775624'] OR [file:hashes.'SHA-256' = '7e25aed0161ad7b1012203642dc0ae49021198f79860cc7a6efab0315fccca15'] OR [file:hashes.'SHA-256' = 'bc4328f1f350fd6bb46ab6a163485d933746084c9f7c7636243ee66316b2dda8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-07-13T09:00:00Z"
},
{
"type": "threat-actor",
"id": "threat-actor--c1615a2a-28a5-4a19-9e68-0128a075e27f",
"created": "2020-07-13T05:44:03.335278Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.335278Z",
"name": "Magnitude EK",
"description": "Magnitude EK is one of the longest-standing exploit kits. It was on offer in underground forums from 2013 and later became a private exploit kit. As well as a change of actors, the exploit kit has switched its focus to deliver ransomware to users from specific Asia Pacific (APAC) countries via malvertising.",
"threat_actor_types": [
"criminal",
"crime-syndicate"
],
"sophistication": "['expert', 'advanced']"
},
{
"type": "malware",
"id": "malware--5611a1e2-6e9f-4146-a3f7-83ebe24b4b3a",
"created": "2020-07-13T05:44:03.335672Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.335672Z",
"name": "CVE-2019\u20131367 exploit",
"malware_types": [
"exploit-kit"
],
"is_family": false,
"kill_chain_phases": [
{
"kill_chain_name": "confiant-attack-lifecycle-model",
"phase_name": "initial-access"
}
]
},
{
"type": "attack-pattern",
"id": "attack-pattern--e80a0fa6-b613-422a-8233-c9609484a210",
"created": "2020-07-13T05:44:03.335862Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.335862Z",
"name": "CVE-2019\u20131367 in the wild exploitation",
"description": "redirect attack delivering CVE-2019\u20131367 exploit",
"kill_chain_phases": [
{
"kill_chain_name": "confiant-attack-lifecycle-model",
"phase_name": "initial-access"
}
],
"external_references": [
{
"source_name": "confiant",
"description": "Internet Explorer CVE-2019\u20131367 In the wild Exploitation",
"url": "https://blog.confiant.com/internet-explorer-cve-2019-1367-in-the-wild-exploitation-prelude-ef546f19cd30"
}
]
},
{
"type": "relationship",
"id": "relationship--5e47ab35-856b-4551-9ed8-18862542a3c2",
"created": "2020-07-13T05:44:03.353442Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.353442Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c",
"target_ref": "domain-name--1eaae251-c383-5351-99af-9d1cced3618b"
},
{
"type": "relationship",
"id": "relationship--d6e6fdc2-d2fc-42e2-8dfb-f9fb55c9391f",
"created": "2020-07-13T05:44:03.352413Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.352413Z",
"relationship_type": "uses",
"source_ref": "threat-actor--c1615a2a-28a5-4a19-9e68-0128a075e27f",
"target_ref": "attack-pattern--e80a0fa6-b613-422a-8233-c9609484a210"
},
{
"type": "relationship",
"id": "relationship--050c71c3-02d0-435e-8696-1fab267888f2",
"created": "2020-07-13T05:44:03.352541Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.352541Z",
"relationship_type": "delivers",
"source_ref": "attack-pattern--e80a0fa6-b613-422a-8233-c9609484a210",
"target_ref": "malware--5611a1e2-6e9f-4146-a3f7-83ebe24b4b3a"
},
{
"type": "relationship",
"id": "relationship--9437a27a-c78f-4403-9857-cf575c7d8eb1",
"created": "2020-07-13T05:44:03.352665Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.352665Z",
"relationship_type": "exploits",
"source_ref": "malware--5611a1e2-6e9f-4146-a3f7-83ebe24b4b3a",
"target_ref": "vulnerability--21b8ff1a-51c8-49e3-a439-04e512168d1c"
},
{
"type": "relationship",
"id": "relationship--f0d5b09b-1266-4609-a6a7-aa045a8de88f",
"created": "2020-07-13T05:44:03.35278Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.35278Z",
"relationship_type": "indicates",
"source_ref": "indicator--e7ef4a83-3fe2-4693-a8b5-f7f3519e3b41",
"target_ref": "malware--5611a1e2-6e9f-4146-a3f7-83ebe24b4b3a"
},
{
"type": "relationship",
"id": "relationship--4da77b25-fd35-4042-95b7-02b90744bcd8",
"created": "2020-07-13T05:44:03.352892Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.352892Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c",
"target_ref": "domain-name--b90b246a-0b50-5c64-80d1-0d118efd9ef6"
},
{
"type": "relationship",
"id": "relationship--47ea99cb-3c2c-4fdf-be76-ce88f6f870c7",
"created": "2020-07-13T05:44:03.353005Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.353005Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c",
"target_ref": "domain-name--5678faa3-1c98-5b4b-a6fd-56339c3d8b20"
},
{
"type": "relationship",
"id": "relationship--c6adf517-7930-41ea-8ab9-bdb96234d3f3",
"created": "2020-07-13T05:44:03.353114Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.353114Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c",
"target_ref": "domain-name--b4376f12-e00f-5f9a-8654-89bc631088df"
},
{
"type": "relationship",
"id": "relationship--8c5d2ae4-3c6c-44d5-b27b-d4cc1ca13e53",
"created": "2020-07-13T05:44:03.353225Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.353225Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c",
"target_ref": "domain-name--6e705ec2-dbd0-5f05-a02c-d554bc006ebb"
},
{
"type": "relationship",
"id": "relationship--36a47ee8-2eed-482e-b366-bfaa9901a4a8",
"created": "2020-07-13T05:44:03.353333Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.353333Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c",
"target_ref": "domain-name--6c65f84c-f897-5b44-b540-de22af1c4076"
},
{
"type": "relationship",
"id": "relationship--5e47ab35-856b-4551-9ed8-18862542a3c2",
"created": "2020-07-13T05:44:03.353442Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.353442Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c",
"target_ref": "domain-name--1eaae251-c383-5351-99af-9d1cced3618b"
},
{
"type": "relationship",
"id": "relationship--f11a3261-1396-4436-b48b-48545d3f553b",
"created": "2020-07-13T05:44:03.353549Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.353549Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c",
"target_ref": "domain-name--55230f84-e955-5476-8c13-e3f9717cafa3"
},
{
"type": "relationship",
"id": "relationship--7798d2bb-3736-4f69-bccf-04ab66b7e573",
"created": "2020-07-13T05:44:03.35366Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.35366Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c",
"target_ref": "domain-name--c200768a-5169-5ce7-93a9-537147b31dfa"
},
{
"type": "relationship",
"id": "relationship--88ec47b6-e7b9-4ac6-acc3-1375de332e26",
"created": "2020-07-13T05:44:03.353769Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.353769Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c",
"target_ref": "domain-name--ade48c8c-f879-5f1c-9200-4b5b9311b11c"
},
{
"type": "relationship",
"id": "relationship--35d62739-7182-4e1c-b747-fce15ee2dc91",
"created": "2020-07-13T05:44:03.353877Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.353877Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c",
"target_ref": "domain-name--9ec076cf-2bf9-5731-a94f-dd23c6d64f47"
},
{
"type": "relationship",
"id": "relationship--004f1078-f2e0-4bfd-8f66-51fee47ddaf6",
"created": "2020-07-13T05:44:03.353984Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.353984Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c",
"target_ref": "domain-name--e4fe2f45-2f45-57a2-877a-618555048dae"
},
{
"type": "relationship",
"id": "relationship--710688bb-07b5-4332-bc5c-3929c0a41564",
"created": "2020-07-13T05:44:03.354095Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.354095Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c",
"target_ref": "domain-name--4cb3c14c-b8a5-54ab-b2c7-38c3b4ee4917"
},
{
"type": "relationship",
"id": "relationship--ff19a923-9618-43e1-935b-195999efdfd5",
"created": "2020-07-13T05:44:03.354248Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.354248Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c",
"target_ref": "domain-name--a8d86c92-d66c-5f20-95b5-344ddbfbc681"
},
{
"type": "relationship",
"id": "relationship--f24b692b-85af-437d-bd58-fbf914616918",
"created": "2020-07-13T05:44:03.35436Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.35436Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c",
"target_ref": "domain-name--57d86156-5d88-521e-b344-1b22c1534c6e"
},
{
"type": "relationship",
"id": "relationship--6c453731-11eb-445d-b4c5-5532d5014bf2",
"created": "2020-07-13T05:44:03.354469Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.354469Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c",
"target_ref": "domain-name--a91635bf-2bbb-5665-ba85-b155d812f999"
},
{
"type": "relationship",
"id": "relationship--e29d1699-63fa-44e6-abaf-d8d170faf949",
"created": "2020-07-13T05:44:03.354577Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.354577Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c",
"target_ref": "domain-name--ad475870-23d1-54bd-8abd-41c7653ecb9d"
},
{
"type": "relationship",
"id": "relationship--c5f294ec-535a-4279-bb3c-693c4b9d4785",
"created": "2020-07-13T05:44:03.354686Z",
"spec_version": "2.1",
"modified": "2020-07-13T05:44:03.354686Z",
"relationship_type": "uses",
"source_ref": "threat-actor--c1615a2a-28a5-4a19-9e68-0128a075e27f",
"target_ref": "infrastructure--cbe8ac04-e097-4a11-b828-6d4091a6f10c"
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment