Skip to content

Instantly share code, notes, and snippets.

@eliyastein

eliyastein/Yosec 2021 Stix.json

Last active August 13, 2021 15:19
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save eliyastein/abea41b0693083688342da447a321871 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save eliyastein/abea41b0693083688342da447a321871 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Yosec 2021 Stix.json
{
"type": "bundle",
"id": "bundle--176454e2-de2e-4087-89d4-6ad314dff549",
"objects": [
{
"type": "threat-actor",
"spec_version": "2.1",
"id": "threat-actor--fa7a1f2d-8f01-4c17-9203-f7dc7b004f1f",
"created": "2021-08-13T15:19:31.861468Z",
"modified": "2021-08-13T15:19:31.861468Z",
"name": "Yosec",
"threat_actor_types": [
"criminal"
],
"roles": [
"director"
],
"goals": [
"Malvertising attacks"
],
"sophistication": "innovator",
"resource_level": "organization",
"primary_motivation": "personal-gain"
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--b716f944-7089-51af-8bea-3cf2a7032dce",
"value": "vidobron.com"
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--31cdc37f-b6d0-59e9-82ff-ee19ef1238f5",
"value": "zolbermedia.com"
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--523aad04-beac-5968-81eb-b2642df1054d",
"value": "appzo-th.com"
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--f9cc79ec-c142-5d56-b99f-16d7f1ac054a",
"value": "cloudrtb.com"
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--b6baab29-562f-5ed4-bb3e-e7583d3742f6",
"value": "brownstmedia.com"
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--d009edfe-53bc-51a8-bceb-d32e203d6480",
"value": "dartonload.com"
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--093efd39-38ce-567e-8772-5fab399cfa0e",
"value": "realpasha.com"
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--a1cb1daa-eefc-5fa6-81e4-ba72581535bc",
"value": "kneetotow.com"
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5a78f966-f5fc-571a-bddf-f55004c0a7e7",
"value": "halperbul.com"
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--28fe91a9-2172-5064-b46f-a3a639965a54",
"value": "kirzageria.com"
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--83fecd3e-08a4-5fa2-94cf-e1a1f5235859",
"value": "trevorone.com"
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--39cf68db-f504-5e20-a63f-17dc6b44a51b",
"value": "roadtocrowd.com"
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--f78c7001-7933-5411-829f-4ef33a523a66",
"value": "roxxanalytics.com"
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--f859b10e-b1f5-5e69-ac58-f40164dfec3f",
"value": "ishlem.com"
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--9ec7d8f7-5b42-55c8-9a09-26213a0b27d0",
"value": "kirmarketianwasp.com"
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--31cb08fb-2395-5d2b-bc6b-db9a659170bb",
"value": "dreamybeard.com"
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--adcc08a9-1b03-58cb-a161-fcbd69c63267",
"value": "binsforall.com"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--10959c33-b0eb-4fc1-8781-d82d85194093",
"created": "2021-08-13T15:19:31.861748Z",
"modified": "2021-08-13T15:19:31.861748Z",
"name": "Forced Redirects CVE-2021\u20131765"
},
{
"type": "infrastructure",
"spec_version": "2.1",
"id": "infrastructure--ee01e7de-06cc-4f63-aabb-79c64976afb0",
"created": "2021-08-13T15:19:31.862136Z",
"modified": "2021-08-13T15:19:31.862136Z",
"name": "Yosec Infrastructure",
"infrastructure_types": [
"staging"
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--31cdc37f-b6d0-59e9-82ff-ee19ef1238f5",
"value": "zolbermedia.com"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--10959c33-b0eb-4fc1-8781-d82d85194093",
"created": "2021-08-13T15:19:31.861748Z",
"modified": "2021-08-13T15:19:31.861748Z",
"name": "Forced Redirects CVE-2021\u20131765"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--e4f5d5fd-8c05-4982-ab08-366a11803fc0",
"created": "2021-08-13T15:19:31.861827Z",
"modified": "2021-08-13T15:19:31.861827Z",
"name": "Forced Redirects CVE-2021\u201330533"
},
{
"type": "campaign",
"spec_version": "2.1",
"id": "campaign--5b77473c-f48b-4fd1-a57f-7d37acb1ff10",
"created": "2021-08-13T15:19:31.861896Z",
"modified": "2021-08-13T15:19:31.861896Z",
"name": "Yosec 2021",
"description": "Yosec malvertising activity 01/2021 - 08/2021",
"first_seen": "2021-01-01T00:00:01.001Z",
"objective": "Forced redirects to malware"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3cc90e74-3653-4db0-aaa6-57ecb95e468b",
"created": "2021-08-13T15:19:31.864825Z",
"modified": "2021-08-13T15:19:31.864825Z",
"relationship_type": "uses",
"source_ref": "campaign--5b77473c-f48b-4fd1-a57f-7d37acb1ff10",
"target_ref": "attack-pattern--10959c33-b0eb-4fc1-8781-d82d85194093"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4782e7b0-4c9a-4d59-9772-6cc18a272c40",
"created": "2021-08-13T15:19:31.864707Z",
"modified": "2021-08-13T15:19:31.864707Z",
"relationship_type": "attributed-to",
"source_ref": "campaign--5b77473c-f48b-4fd1-a57f-7d37acb1ff10",
"target_ref": "threat-actor--fa7a1f2d-8f01-4c17-9203-f7dc7b004f1f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6571e5ea-01e9-43fb-9858-839451657ed0",
"created": "2021-08-13T15:19:31.865107Z",
"modified": "2021-08-13T15:19:31.865107Z",
"relationship_type": "uses",
"source_ref": "intrusion-set--fa27df5a-4bc1-4773-afda-ff1d677353f2",
"target_ref": "infrastructure--ee01e7de-06cc-4f63-aabb-79c64976afb0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9b47a8b8-fd94-4d6b-92e3-0324d2be2d5f",
"created": "2021-08-13T15:19:31.865239Z",
"modified": "2021-08-13T15:19:31.865239Z",
"relationship_type": "uses",
"source_ref": "intrusion-set--fa27df5a-4bc1-4773-afda-ff1d677353f2",
"target_ref": "attack-pattern--10959c33-b0eb-4fc1-8781-d82d85194093"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b87a9429-ad23-4b81-90cc-086fa47777c9",
"created": "2021-08-13T15:19:31.865325Z",
"modified": "2021-08-13T15:19:31.865325Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--ee01e7de-06cc-4f63-aabb-79c64976afb0",
"target_ref": "domain-name--b716f944-7089-51af-8bea-3cf2a7032dce"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--902b7a28-ddc7-4cf6-abcf-94c31be125a2",
"created": "2021-08-13T15:19:31.865416Z",
"modified": "2021-08-13T15:19:31.865416Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--ee01e7de-06cc-4f63-aabb-79c64976afb0",
"target_ref": "domain-name--31cdc37f-b6d0-59e9-82ff-ee19ef1238f5"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--65582b6f-ba2b-4580-ba34-6652c945e4cc",
"created": "2021-08-13T15:19:31.8655Z",
"modified": "2021-08-13T15:19:31.8655Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--ee01e7de-06cc-4f63-aabb-79c64976afb0",
"target_ref": "domain-name--523aad04-beac-5968-81eb-b2642df1054d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--22650fc8-d459-40b5-a02a-2279e0afd910",
"created": "2021-08-13T15:19:31.865586Z",
"modified": "2021-08-13T15:19:31.865586Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--ee01e7de-06cc-4f63-aabb-79c64976afb0",
"target_ref": "domain-name--f9cc79ec-c142-5d56-b99f-16d7f1ac054a"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--62407a0c-8b48-45c4-ab1c-0e7c7cf81801",
"created": "2021-08-13T15:19:31.865669Z",
"modified": "2021-08-13T15:19:31.865669Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--ee01e7de-06cc-4f63-aabb-79c64976afb0",
"target_ref": "domain-name--b6baab29-562f-5ed4-bb3e-e7583d3742f6"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--cbb2f39d-49c0-4c92-86bc-263edf2ad9bb",
"created": "2021-08-13T15:19:31.865757Z",
"modified": "2021-08-13T15:19:31.865757Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--ee01e7de-06cc-4f63-aabb-79c64976afb0",
"target_ref": "domain-name--d009edfe-53bc-51a8-bceb-d32e203d6480"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--39d2d95c-3dd2-4070-bff6-fa7fa49279f8",
"created": "2021-08-13T15:19:31.865841Z",
"modified": "2021-08-13T15:19:31.865841Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--ee01e7de-06cc-4f63-aabb-79c64976afb0",
"target_ref": "domain-name--093efd39-38ce-567e-8772-5fab399cfa0e"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--65cf9b71-ef36-40f2-abda-23640d041819",
"created": "2021-08-13T15:19:31.865924Z",
"modified": "2021-08-13T15:19:31.865924Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--ee01e7de-06cc-4f63-aabb-79c64976afb0",
"target_ref": "domain-name--a1cb1daa-eefc-5fa6-81e4-ba72581535bc"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--198d8ca9-d071-44d8-9db7-04a6425146f6",
"created": "2021-08-13T15:19:31.866008Z",
"modified": "2021-08-13T15:19:31.866008Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--ee01e7de-06cc-4f63-aabb-79c64976afb0",
"target_ref": "domain-name--5a78f966-f5fc-571a-bddf-f55004c0a7e7"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0022134c-e05e-42f4-9c5b-bec4114b773d",
"created": "2021-08-13T15:19:31.866091Z",
"modified": "2021-08-13T15:19:31.866091Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--ee01e7de-06cc-4f63-aabb-79c64976afb0",
"target_ref": "domain-name--28fe91a9-2172-5064-b46f-a3a639965a54"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--851c9129-34b7-4a1f-8712-3f9e1dd67f7c",
"created": "2021-08-13T15:19:31.866174Z",
"modified": "2021-08-13T15:19:31.866174Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--ee01e7de-06cc-4f63-aabb-79c64976afb0",
"target_ref": "domain-name--83fecd3e-08a4-5fa2-94cf-e1a1f5235859"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--21f1f389-3962-4d85-a247-722c56cedef5",
"created": "2021-08-13T15:19:31.86626Z",
"modified": "2021-08-13T15:19:31.86626Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--ee01e7de-06cc-4f63-aabb-79c64976afb0",
"target_ref": "domain-name--39cf68db-f504-5e20-a63f-17dc6b44a51b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2d670871-e3fc-4311-9e1c-4aa465bd0133",
"created": "2021-08-13T15:19:31.866343Z",
"modified": "2021-08-13T15:19:31.866343Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--ee01e7de-06cc-4f63-aabb-79c64976afb0",
"target_ref": "domain-name--f78c7001-7933-5411-829f-4ef33a523a66"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--97c98371-7b25-47cf-9aa4-3acbdc355516",
"created": "2021-08-13T15:19:31.866425Z",
"modified": "2021-08-13T15:19:31.866425Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--ee01e7de-06cc-4f63-aabb-79c64976afb0",
"target_ref": "domain-name--f859b10e-b1f5-5e69-ac58-f40164dfec3f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c67fe66c-6cc7-44c5-8e7f-722c6b47b8b3",
"created": "2021-08-13T15:19:31.86651Z",
"modified": "2021-08-13T15:19:31.86651Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--ee01e7de-06cc-4f63-aabb-79c64976afb0",
"target_ref": "domain-name--9ec7d8f7-5b42-55c8-9a09-26213a0b27d0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e575e6b5-50b6-4cdd-bbb9-b3a97247aacf",
"created": "2021-08-13T15:19:31.866596Z",
"modified": "2021-08-13T15:19:31.866596Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--ee01e7de-06cc-4f63-aabb-79c64976afb0",
"target_ref": "domain-name--31cb08fb-2395-5d2b-bc6b-db9a659170bb"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5788b842-3415-4a98-9e33-555e5e4d7763",
"created": "2021-08-13T15:19:31.866683Z",
"modified": "2021-08-13T15:19:31.866683Z",
"relationship_type": "consists-of",
"source_ref": "infrastructure--ee01e7de-06cc-4f63-aabb-79c64976afb0",
"target_ref": "domain-name--adcc08a9-1b03-58cb-a161-fcbd69c63267"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c1beab48-055e-48b4-876f-836081e96e9c",
"created": "2021-08-13T15:19:31.865018Z",
"modified": "2021-08-13T15:19:31.865018Z",
"relationship_type": "uses",
"source_ref": "threat-actor--fa7a1f2d-8f01-4c17-9203-f7dc7b004f1f",
"target_ref": "infrastructure--ee01e7de-06cc-4f63-aabb-79c64976afb0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5da58523-c402-4ae0-beee-605c0062528c",
"created": "2021-08-13T15:19:31.864923Z",
"modified": "2021-08-13T15:19:31.864923Z",
"relationship_type": "uses",
"source_ref": "campaign--5b77473c-f48b-4fd1-a57f-7d37acb1ff10",
"target_ref": "attack-pattern--e4f5d5fd-8c05-4982-ab08-366a11803fc0"
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment