misp-circl-feed/feeds/circl/stix-2.1/59003edc-eee8-4a2e-90c0-4d2e950d210f.json

124 lines
6.4 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--59003edc-eee8-4a2e-90c0-4d2e950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-26T06:35:44.000Z",
"modified": "2017-04-26T06:35:44.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--59003edc-eee8-4a2e-90c0-4d2e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-26T06:35:44.000Z",
"modified": "2017-04-26T06:35:44.000Z",
"name": "OSINT - From Espionage to Cyber Propaganda: Pawn Storm's Activities over the Past Two Years",
"context": "suspicious-activity",
"object_refs": [
"x-misp-attribute--59003f1d-3750-4d9f-a840-4547950d210f",
"observed-data--59003f2c-2050-4d29-8362-448f950d210f",
"url--59003f2c-2050-4d29-8362-448f950d210f",
"observed-data--59003f3d-35b0-4876-90a9-42cc950d210f",
"url--59003f3d-35b0-4876-90a9-42cc950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:threat-actor=\"Sofacy\"",
"misp-galaxy:microsoft-activity-group=\"STRONTIUM\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59003f1d-3750-4d9f-a840-4547950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-26T06:35:05.000Z",
"modified": "2017-04-26T06:35:05.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\"",
"estimative-language:likelihood-probability=\"very-likely\"",
"admiralty-scale:source-reliability=\"b\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Pawn Storm\u2014also known as Sednit, Fancy Bear, APT28, Sofacy, and STRONTIUM\u2014is an active cyber espionage organization that has been very aggressive and ambitious in recent years. Pawn Storm\u2019s activities show that foreign and domestic espionage and influence on geopolitics are the group\u2019s main motives, with targets that include armed forces, the defense industry, news media, and politicians.\r\n\r\nThe group has been operating for years; in fact, Trend Micro first took note of their activities way back in 2004. But Pawn Storm has become increasingly relevant over the past two years, particularly because the group has been found to be doing more than espionage alone. In 2016, Pawn Storm attempted to influence public opinion, influence elections, and attempted to sway the mainstream media with stolen data. Earlier, Pawn Storm may seem to have limited their activities to political, military, and domestic espionage. Today the impact can be felt by various industries and enterprises operating throughout the world. Even the average citizen might be impacted as Pawn Storm tries to manipulate people\u2019s opinions about domestic and international affairs. The group's operations and methods might also serve as an example for other actors, who may copy tactics and repurpose them to fit their own objectives."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59003f2c-2050-4d29-8362-448f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-26T06:35:04.000Z",
"modified": "2017-04-26T06:35:04.000Z",
"first_observed": "2017-04-26T06:35:04Z",
"last_observed": "2017-04-26T06:35:04Z",
"number_observed": 1,
"object_refs": [
"url--59003f2c-2050-4d29-8362-448f950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\"",
"estimative-language:likelihood-probability=\"very-likely\"",
"admiralty-scale:source-reliability=\"b\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59003f2c-2050-4d29-8362-448f950d210f",
"value": "https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/espionage-cyber-propaganda-two-years-of-pawn-storm"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59003f3d-35b0-4876-90a9-42cc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-26T06:35:04.000Z",
"modified": "2017-04-26T06:35:04.000Z",
"first_observed": "2017-04-26T06:35:04Z",
"last_observed": "2017-04-26T06:35:04Z",
"number_observed": 1,
"object_refs": [
"url--59003f3d-35b0-4876-90a9-42cc950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\"",
"estimative-language:likelihood-probability=\"very-likely\"",
"admiralty-scale:source-reliability=\"b\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59003f3d-35b0-4876-90a9-42cc950d210f",
"value": "https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}