446 lines
No EOL
12 KiB
JSON
446 lines
No EOL
12 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2015-04-20",
|
|
"extends_uuid": "",
|
|
"info": "OSINT The Sofacy plot thickens by PwC",
|
|
"publish_timestamp": "1498163174",
|
|
"published": true,
|
|
"threat_level_id": "2",
|
|
"timestamp": "1498163079",
|
|
"uuid": "55355951-0354-4d8a-8148-1bf9950d210b",
|
|
"Orgc": {
|
|
"name": "CthulhuSPRL.be",
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#004646",
|
|
"local": false,
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": false,
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#12e000",
|
|
"local": false,
|
|
"name": "misp-galaxy:threat-actor=\"Sofacy\"",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559658",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5535596a-ad38-49dd-8ee3-470a950d210b",
|
|
"value": "http://pwc.blogs.com/cyber_security_updates/2015/04/the-sofacy-plot-thickens.html"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559658",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5535596a-b970-4b6d-906a-429f950d210b",
|
|
"value": "http://pwc.blogs.com/files/cto-tib-20150420-01a.pdf"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559674",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5535597a-8fc8-4e9f-a990-95bb950d210b",
|
|
"value": "Sofacy"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559674",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5535597a-0d70-4c4f-b300-95bb950d210b",
|
|
"value": "APT28"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559674",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5535597a-3fe0-4cb3-94ba-95bb950d210b",
|
|
"value": "Sednit"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559725",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559ad-b664-40c6-b5b2-411e950d210b",
|
|
"value": "defencereview.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559725",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559ad-e74c-4b25-8f15-47fd950d210b",
|
|
"value": "brnlv-gv.eu"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559725",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559ad-39e8-4ff5-a962-4915950d210b",
|
|
"value": "militaryobserver.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559725",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559ad-0f44-4d29-8730-4ba3950d210b",
|
|
"value": "netassistcache.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559725",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559ad-6b58-4add-9404-45ae950d210b",
|
|
"value": "asus-service.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559725",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559ad-3250-41cf-9e91-41e3950d210b",
|
|
"value": "aolnets.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559725",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559ad-5a30-420f-8ab2-4690950d210b",
|
|
"value": "natopress.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559726",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559ae-a054-4826-a9a5-4c2d950d210b",
|
|
"value": "natopress.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559726",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559ae-e928-4930-9a31-41aa950d210b",
|
|
"value": "defencereview.eu"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559726",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559ae-2e84-461e-811e-4ac5950d210b",
|
|
"value": "intelsupport.net"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559726",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559ae-1340-46c7-9f90-4f53950d210b",
|
|
"value": "globalnewsweekly.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559726",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559ae-2198-405e-949f-43e9950d210b",
|
|
"value": "osce-oscc.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559726",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559ae-120c-46a9-bca1-42e3950d210b",
|
|
"value": "enisa-europa.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559726",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559ae-dd68-462e-b9f6-4e8f950d210b",
|
|
"value": "enisa-europa.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559726",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559ae-e834-4ab1-ae31-4102950d210b",
|
|
"value": "techcruncln.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559726",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559ae-dfa0-4d16-85fa-4aea950d210b",
|
|
"value": "nato-hq.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559727",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559af-29e8-4256-a07d-4444950d210b",
|
|
"value": "iacr-tcc.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559727",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559af-c1b8-4589-ad23-41e4950d210b",
|
|
"value": "nato-int.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559727",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559af-0178-466c-b7d6-4bda950d210b",
|
|
"value": "nato-info.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559727",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559af-c894-4e3d-a609-4db6950d210b",
|
|
"value": "bmlv-gv.eu"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559727",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559af-d82c-4b09-9db4-450d950d210b",
|
|
"value": "foreignreview.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559727",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559af-a39c-4c80-b33c-4d12950d210b",
|
|
"value": "mediarea.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559727",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559af-943c-47fa-ab66-4e90950d210b",
|
|
"value": "osce-military.org"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559727",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559af-6a60-495f-a53a-4555950d210b",
|
|
"value": "europeanda.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559727",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559af-2c68-45e3-8103-4173950d210b",
|
|
"value": "softupdates.info"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559728",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559b0-af44-4289-b549-4427950d210b",
|
|
"value": "settings-yahoo.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559728",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559b0-7c90-4822-a2e3-46cb950d210b",
|
|
"value": "settings-live.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559728",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559b0-8848-41b2-aab1-4f82950d210b",
|
|
"value": "delivery-yahoo.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559728",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559b0-bdcc-4295-a93c-427b950d210b",
|
|
"value": "privacy-yahoo.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559728",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559b0-fd58-4754-b02a-46d3950d210b",
|
|
"value": "privacy-live.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559728",
|
|
"to_ids": true,
|
|
"type": "domain",
|
|
"uuid": "553559b0-fbc0-4d32-ab05-4617950d210b",
|
|
"value": "westinqhousenuclear.com"
|
|
},
|
|
{
|
|
"category": "Network activity",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1429559760",
|
|
"to_ids": true,
|
|
"type": "hostname",
|
|
"uuid": "553559b0-e838-4a20-be30-4bf3950d210b",
|
|
"value": "webmail.westinqhousenuclear.com"
|
|
}
|
|
]
|
|
}
|
|
} |