misp-circl-feed/feeds/circl/misp/5a5c7013-8bac-403e-859b-4101950d210f.json

179 lines
4.8 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2018-01-11",
"extends_uuid": "",
"info": "OSINT Duping Doping Domains - Possible Fancy Bear Domains Spoofing Anti-Doping and Olympic Organizations by ThreatConnect",
"publish_timestamp": "1516105396",
"published": true,
"threat_level_id": "1",
"timestamp": "1516105388",
"uuid": "5a5c7013-8bac-403e-859b-4101950d210f",
"Orgc": {
"name": "CthulhuSPRL.be",
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
},
"Tag": [
{
"colour": "#f1ee1d",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "Threat:Sofacy/APT28",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:mitre-intrusion-set=\"APT28\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#12e000",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:threat-actor=\"Sofacy\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:microsoft-activity-group=\"STRONTIUM\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0f4d00",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "Threat Type:APT",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#ffffff",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "tlp:white",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#00223b",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#f71212",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "APT",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516007516",
"to_ids": false,
"type": "link",
"uuid": "5a5c705c-ecdc-4e17-b6e3-4fba950d210f",
"value": "https://www.threatconnect.com/blog/duping-doping-domains/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516008023",
"to_ids": true,
"type": "domain",
"uuid": "5a5c7257-d970-4cca-9168-acb1950d210f",
"value": "webmail-usada.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516008024",
"to_ids": true,
"type": "ip-dst",
"uuid": "5a5c7258-0d30-4828-8d5d-acb1950d210f",
"value": "185.189.112.242"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516008024",
"to_ids": true,
"type": "domain",
"uuid": "5a5c7258-c708-495b-8ec5-acb1950d210f",
"value": "usada.eu"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516008024",
"to_ids": true,
"type": "domain",
"uuid": "5a5c7258-6c24-4d53-ba01-acb1950d210f",
"value": "wada-adams.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516008025",
"to_ids": true,
"type": "domain",
"uuid": "5a5c7259-7050-43c8-ab00-acb1950d210f",
"value": "ocaia.org"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516008025",
"to_ids": true,
"type": "ip-dst",
"uuid": "5a5c7259-2678-4200-b833-acb1950d210f",
"value": "23.227.207.182"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516008025",
"to_ids": true,
"type": "ip-dst",
"uuid": "5a5c7259-6ef4-40d6-bd61-acb1950d210f",
"value": "193.29.187.143"
},
{
"category": "Attribution",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516008136",
"to_ids": true,
"type": "dns-soa-email",
"uuid": "5a5c72c8-3aa4-4789-894a-ae5c950d210f",
"value": "jeryfisk@tuta.io"
},
{
"category": "Attribution",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1516008136",
"to_ids": true,
"type": "dns-soa-email",
"uuid": "5a5c72c8-9c04-4c92-8b10-ae5c950d210f",
"value": "wadison@tuta.io"
}
]
}
}