{ "type": "Domain", "indicator": "analyticsbar.org", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/analyticsbar.org", "alexa": "http://www.alexa.com/siteinfo/analyticsbar.org", "indicator": "analyticsbar.org", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 12648224, "indicator": "analyticsbar.org", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "5a8c8b889e7d6c1288e3b570", "name": "A Slice of 2017 Sofacy Activity", "description": "Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a highly active and prolific APT. From their high volume 0day deployment to their innovative and broad malware set, Sofacy is one of the top groups that we monitor, report, and protect against. 2017 was not any different in this regard.", "modified": "2018-02-20T20:56:40.717000", "created": "2018-02-20T20:56:40.717000", "tags": [ "sofacy", "nato", "zebrocy", "central asia", "gamefish", "apt28", "xagent", "delphi", "ukraine", "coreshell", "western union", "asia", "fancy bear", "apt", "kaspersky" ], "references": [ "https://securelist.com/a-slice-of-2017-sofacy-activity/83930/" ], "public": 1, "adversary": "Sofacy", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "government", "military", "ngo", "energy", "engineering" ], "TLP": "white", "cloned_from": null, "export_count": 74, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 39, "FileHash-MD5": 55, "CVE": 2 }, "indicator_count": 96, "is_author": false, "is_subscribing": null, "subscriber_count": 376804, "modified_text": "2975 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "644b124399f55d7db8da4358", "name": "Nomadic Octopus group uses Paperbug attack for politically-motivated surveillance campaign", "description": "", "modified": "2023-04-28T00:24:35.992000", "created": "2023-04-28T00:24:35.992000", "tags": [], "references": [ "April 28th, 2023 - CryptoGen Cyber Threat Intelligence - Nomadic Octopus group uses Paperbug attack for politically-motivated surveillance campaign.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 17, "FileHash-MD5": 89, "FileHash-SHA1": 62, "FileHash-SHA256": 62, "URL": 6, "domain": 52 }, "indicator_count": 288, "is_author": false, "is_subscribing": null, "subscriber_count": 482, "modified_text": "1083 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://securelist.com/a-slice-of-2017-sofacy-activity/83930/", "April 28th, 2023 - CryptoGen Cyber Threat Intelligence - Nomadic Octopus group uses Paperbug attack for politically-motivated surveillance campaign.pdf" ], "related": { "alienvault": { "adversary": [ "Sofacy" ], "malware_families": [], "industries": [ "Energy", "Ngo", "Government", "Military", "Engineering" ] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "5a8c8b889e7d6c1288e3b570", "name": "A Slice of 2017 Sofacy Activity", "description": "Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a highly active and prolific APT. From their high volume 0day deployment to their innovative and broad malware set, Sofacy is one of the top groups that we monitor, report, and protect against. 2017 was not any different in this regard.", "modified": "2018-02-20T20:56:40.717000", "created": "2018-02-20T20:56:40.717000", "tags": [ "sofacy", "nato", "zebrocy", "central asia", "gamefish", "apt28", "xagent", "delphi", "ukraine", "coreshell", "western union", "asia", "fancy bear", "apt", "kaspersky" ], "references": [ "https://securelist.com/a-slice-of-2017-sofacy-activity/83930/" ], "public": 1, "adversary": "Sofacy", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "government", "military", "ngo", "energy", "engineering" ], "TLP": "white", "cloned_from": null, "export_count": 74, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 39, "FileHash-MD5": 55, "CVE": 2 }, "indicator_count": 96, "is_author": false, "is_subscribing": null, "subscriber_count": 376804, "modified_text": "2975 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "644b124399f55d7db8da4358", "name": "Nomadic Octopus group uses Paperbug attack for politically-motivated surveillance campaign", "description": "", "modified": "2023-04-28T00:24:35.992000", "created": "2023-04-28T00:24:35.992000", "tags": [], "references": [ "April 28th, 2023 - CryptoGen Cyber Threat Intelligence - Nomadic Octopus group uses Paperbug attack for politically-motivated surveillance campaign.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 17, "FileHash-MD5": 89, "FileHash-SHA1": 62, "FileHash-SHA256": 62, "URL": 6, "domain": 52 }, "indicator_count": 288, "is_author": false, "is_subscribing": null, "subscriber_count": 482, "modified_text": "1083 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "analyticsbar.org", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "analyticsbar.org", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776222845.9705665 }