163 lines
4.4 KiB
JSON
163 lines
4.4 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2018-01-11",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT Duping Doping Domains - Possible Fancy Bear Domains Spoofing Anti-Doping and Olympic Organizations by ThreatConnect",
|
||
|
"publish_timestamp": "1516105396",
|
||
|
"published": true,
|
||
|
"threat_level_id": "1",
|
||
|
"timestamp": "1516105388",
|
||
|
"uuid": "5a5c7013-8bac-403e-859b-4101950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#f1ee1d",
|
||
|
"name": "Threat:Sofacy/APT28"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:mitre-intrusion-set=\"APT28\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#12e000",
|
||
|
"name": "misp-galaxy:threat-actor=\"Sofacy\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"name": "misp-galaxy:microsoft-activity-group=\"STRONTIUM\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0f4d00",
|
||
|
"name": "Threat Type:APT"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#f71212",
|
||
|
"name": "APT"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1516007516",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5a5c705c-ecdc-4e17-b6e3-4fba950d210f",
|
||
|
"value": "https://www.threatconnect.com/blog/duping-doping-domains/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1516008023",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a5c7257-d970-4cca-9168-acb1950d210f",
|
||
|
"value": "webmail-usada.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1516008024",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5a5c7258-0d30-4828-8d5d-acb1950d210f",
|
||
|
"value": "185.189.112.242"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1516008024",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a5c7258-c708-495b-8ec5-acb1950d210f",
|
||
|
"value": "usada.eu"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1516008024",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a5c7258-6c24-4d53-ba01-acb1950d210f",
|
||
|
"value": "wada-adams.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1516008025",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5a5c7259-7050-43c8-ab00-acb1950d210f",
|
||
|
"value": "ocaia.org"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1516008025",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5a5c7259-2678-4200-b833-acb1950d210f",
|
||
|
"value": "23.227.207.182"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1516008025",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5a5c7259-6ef4-40d6-bd61-acb1950d210f",
|
||
|
"value": "193.29.187.143"
|
||
|
},
|
||
|
{
|
||
|
"category": "Attribution",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1516008136",
|
||
|
"to_ids": true,
|
||
|
"type": "dns-soa-email",
|
||
|
"uuid": "5a5c72c8-3aa4-4789-894a-ae5c950d210f",
|
||
|
"value": "jeryfisk@tuta.io"
|
||
|
},
|
||
|
{
|
||
|
"category": "Attribution",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1516008136",
|
||
|
"to_ids": true,
|
||
|
"type": "dns-soa-email",
|
||
|
"uuid": "5a5c72c8-9c04-4c92-8b10-ae5c950d210f",
|
||
|
"value": "wadison@tuta.io"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|