{ "Event": { "analysis": "2", "date": "2018-01-11", "extends_uuid": "", "info": "OSINT Duping Doping Domains - Possible Fancy Bear Domains Spoofing Anti-Doping and Olympic Organizations by ThreatConnect", "publish_timestamp": "1516105396", "published": true, "threat_level_id": "1", "timestamp": "1516105388", "uuid": "5a5c7013-8bac-403e-859b-4101950d210f", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#f1ee1d", "local": "0", "name": "Threat:Sofacy/APT28", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:mitre-intrusion-set=\"APT28\"", "relationship_type": "" }, { "colour": "#12e000", "local": "0", "name": "misp-galaxy:threat-actor=\"Sofacy\"", "relationship_type": "" }, { "colour": "#0088cc", "local": "0", "name": "misp-galaxy:microsoft-activity-group=\"STRONTIUM\"", "relationship_type": "" }, { "colour": "#0f4d00", "local": "0", "name": "Threat Type:APT", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" }, { "colour": "#f71212", "local": "0", "name": "APT", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516007516", "to_ids": false, "type": "link", "uuid": "5a5c705c-ecdc-4e17-b6e3-4fba950d210f", "value": "https://www.threatconnect.com/blog/duping-doping-domains/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516008023", "to_ids": true, "type": "domain", "uuid": "5a5c7257-d970-4cca-9168-acb1950d210f", "value": "webmail-usada.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516008024", "to_ids": true, "type": "ip-dst", "uuid": "5a5c7258-0d30-4828-8d5d-acb1950d210f", "value": "185.189.112.242" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516008024", "to_ids": true, "type": "domain", "uuid": "5a5c7258-c708-495b-8ec5-acb1950d210f", "value": "usada.eu" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516008024", "to_ids": true, "type": "domain", "uuid": "5a5c7258-6c24-4d53-ba01-acb1950d210f", "value": "wada-adams.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516008025", "to_ids": true, "type": "domain", "uuid": "5a5c7259-7050-43c8-ab00-acb1950d210f", "value": "ocaia.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516008025", "to_ids": true, "type": "ip-dst", "uuid": "5a5c7259-2678-4200-b833-acb1950d210f", "value": "23.227.207.182" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516008025", "to_ids": true, "type": "ip-dst", "uuid": "5a5c7259-6ef4-40d6-bd61-acb1950d210f", "value": "193.29.187.143" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516008136", "to_ids": true, "type": "dns-soa-email", "uuid": "5a5c72c8-3aa4-4789-894a-ae5c950d210f", "value": "jeryfisk@tuta.io" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1516008136", "to_ids": true, "type": "dns-soa-email", "uuid": "5a5c72c8-9c04-4c92-8b10-ae5c950d210f", "value": "wadison@tuta.io" } ] } }