{ "type": "Domain", "indicator": "fkit-mil.dk", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/fkit-mil.dk", "alexa": "http://www.alexa.com/siteinfo/fkit-mil.dk", "indicator": "fkit-mil.dk", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2179450, "indicator": "fkit-mil.dk", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "58dcd5a3f784e907c20d1072", "name": "How Cyber Propaganda Influenced Politics in 2016", "description": "A collection of domains registered by Pawn Storm/Sofacy/APT28/Fancy Bear to target organisations", "modified": "2017-07-24T12:24:47.765000", "created": "2017-03-30T09:53:39.331000", "tags": [ "Russia" ], "references": [ "https://documents.trendmicro.com/assets/Appendix_how-cyber-propaganda-influenced-politics-in-2016.pdf", "http://blog.trendmicro.com/trendlabs-security-intelligence/cyber-propaganda-influenced-politics-2016/" ], "public": 1, "adversary": "Sofacy", "targeted_countries": [ "Armenia", "Chile", "Latvia", "Romania", "Denmark", "Portugal", "Greece", "Saudi Arabia", "United Arab Emirates", "Kuwait", "Bulgaria", "Hungary", "Albania", "Spain", "Afghanistan", "Saudi Arabia", "Poland", "Georgia", "United States", "Turkey", "Germany", "Montenegro", "Netherlands" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Government", "NGO", "Energy", "Sport", "Education", "Politics", "Media" ], "TLP": "white", "cloned_from": null, "export_count": 64, "upvotes_count": 3.0, "downvotes_count": 0.0, "votes_count": 3.0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 28, "hostname": 37, "YARA": 2 }, "indicator_count": 67, "is_author": false, "is_subscribing": null, "subscriber_count": 386581, "modified_text": "3232 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "58ff34a7afc8d833a08457e1", "name": "Two Years of Pawn Storm", "description": "By Feike Hacquebord at Trend Micro. Pawn Storm is an active cyber espionage actor group that has been very aggressive and ambitious in recent years. The group\u2019s activities show that foreign and domestic espionage and influence on geopolitics are the group\u2019s main motives, and not financial gain. Its main targets are armed forces, the defense industry, news media, politicians, and dissidents.\nWe can trace activities of Pawn Storm back to 20041 , and before our initial report in 20142\n there wasn\u2019t much published about this actor group. However, since then we have released more than a dozen detailed posts on Pawn Storm.\n This new report is an updated dissection of the group\u2019s attacks and\nmethodologies\u2014something to help organizations gain a more comprehensive and current view of these processes and what can be done to defend against them.", "modified": "2017-04-25T11:36:06.724000", "created": "2017-04-25T11:36:06.724000", "tags": [ "France", "Elections", "Russia", "APT28", "Fancy Bear", "Wikileaks" ], "references": [ "https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf" ], "public": 1, "adversary": "Sofacy", "targeted_countries": [ "Ukraine", "France", "United States", "Germany", "Poland", "Russian Federation" ], "malware_families": [], "attack_ids": [], "industries": [ "Government", "Defense", "Politics", "NGO" ], "TLP": "white", "cloned_from": null, "export_count": 66, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 11, "hostname": 44, "domain": 34, "IPv4": 6 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 386558, "modified_text": "3322 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "http://blog.trendmicro.com/trendlabs-security-intelligence/cyber-propaganda-influenced-politics-2016/", "https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf", "https://documents.trendmicro.com/assets/Appendix_how-cyber-propaganda-influenced-politics-in-2016.pdf" ], "related": { "alienvault": { "adversary": [ "Sofacy" ], "malware_families": [], "industries": [ "Defense", "Government", "Education", "Politics", "Sport", "Media", "Ngo", "Energy" ] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "58dcd5a3f784e907c20d1072", "name": "How Cyber Propaganda Influenced Politics in 2016", "description": "A collection of domains registered by Pawn Storm/Sofacy/APT28/Fancy Bear to target organisations", "modified": "2017-07-24T12:24:47.765000", "created": "2017-03-30T09:53:39.331000", "tags": [ "Russia" ], "references": [ "https://documents.trendmicro.com/assets/Appendix_how-cyber-propaganda-influenced-politics-in-2016.pdf", "http://blog.trendmicro.com/trendlabs-security-intelligence/cyber-propaganda-influenced-politics-2016/" ], "public": 1, "adversary": "Sofacy", "targeted_countries": [ "Armenia", "Chile", "Latvia", "Romania", "Denmark", "Portugal", "Greece", "Saudi Arabia", "United Arab Emirates", "Kuwait", "Bulgaria", "Hungary", "Albania", "Spain", "Afghanistan", "Saudi Arabia", "Poland", "Georgia", "United States", "Turkey", "Germany", "Montenegro", "Netherlands" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Government", "NGO", "Energy", "Sport", "Education", "Politics", "Media" ], "TLP": "white", "cloned_from": null, "export_count": 64, "upvotes_count": 3.0, "downvotes_count": 0.0, "votes_count": 3.0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 28, "hostname": 37, "YARA": 2 }, "indicator_count": 67, "is_author": false, "is_subscribing": null, "subscriber_count": 386581, "modified_text": "3232 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "58ff34a7afc8d833a08457e1", "name": "Two Years of Pawn Storm", "description": "By Feike Hacquebord at Trend Micro. Pawn Storm is an active cyber espionage actor group that has been very aggressive and ambitious in recent years. The group\u2019s activities show that foreign and domestic espionage and influence on geopolitics are the group\u2019s main motives, and not financial gain. Its main targets are armed forces, the defense industry, news media, politicians, and dissidents.\nWe can trace activities of Pawn Storm back to 20041 , and before our initial report in 20142\n there wasn\u2019t much published about this actor group. However, since then we have released more than a dozen detailed posts on Pawn Storm.\n This new report is an updated dissection of the group\u2019s attacks and\nmethodologies\u2014something to help organizations gain a more comprehensive and current view of these processes and what can be done to defend against them.", "modified": "2017-04-25T11:36:06.724000", "created": "2017-04-25T11:36:06.724000", "tags": [ "France", "Elections", "Russia", "APT28", "Fancy Bear", "Wikileaks" ], "references": [ "https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf" ], "public": 1, "adversary": "Sofacy", "targeted_countries": [ "Ukraine", "France", "United States", "Germany", "Poland", "Russian Federation" ], "malware_families": [], "attack_ids": [], "industries": [ "Government", "Defense", "Politics", "NGO" ], "TLP": "white", "cloned_from": null, "export_count": 66, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 11, "hostname": 44, "domain": 34, "IPv4": 6 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 386558, "modified_text": "3322 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "fkit-mil.dk", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "fkit-mil.dk", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780180407.3599062 }