{ "type": "Domain", "indicator": "pressservices.net", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/pressservices.net", "alexa": "http://www.alexa.com/siteinfo/pressservices.net", "indicator": "pressservices.net", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 1345899, "indicator": "pressservices.net", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "582358604dc3d27967784e20", "name": "Pawn Storm Ramps Up Spear-phishing Before Zero-Days Get Patched", "description": "The effectiveness of a zero-day quickly deteriorates as an attack tool after it gets discovered and patched by the affected software vendors. Within the time between the discovery of the vulnerability and the release of the fix, a bad actor might try to get the most out of his previously valuable attack assets. This is exactly what we saw in late October and early November 2016, when the espionage group Pawn Storm (also known as Fancy Bear, APT28, Sofacy, and STRONTIUM) ramped up its spear-phishing campaigns against various governments and embassies around the world. In these campaigns, Pawn Storm used a previously unknown zero-day in Adobe\u2019s Flash (CVE-2016-7855, fixed on October 26, 2016 with an emergency update) in combination with a privilege escalation in Microsoft\u2019s Windows Operating System (CVE-2016-7255) that was fixed on November 8, 2016.", "modified": "2016-11-09T21:51:12.960000", "created": "2016-11-09T17:09:52.265000", "tags": [ "pawn storm", "flash", "sofacy", "fancy bear", "apt28", "trendmicro" ], "references": [ "http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-ramps-up-spear-phishing-before-zero-days-get-patched/" ], "public": 1, "adversary": "Sofacy", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "government", "military" ], "TLP": "green", "cloned_from": null, "export_count": 63, "upvotes_count": 1.0, "downvotes_count": 0.0, "votes_count": 1.0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 15, "FileHash-SHA1": 3, "CVE": 2 }, "indicator_count": 20, "is_author": false, "is_subscribing": null, "subscriber_count": 376763, "modified_text": "3443 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-ramps-up-spear-phishing-before-zero-days-get-patched/" ], "related": { "alienvault": { "adversary": [ "Sofacy" ], "malware_families": [], "industries": [ "Government", "Military" ] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "582358604dc3d27967784e20", "name": "Pawn Storm Ramps Up Spear-phishing Before Zero-Days Get Patched", "description": "The effectiveness of a zero-day quickly deteriorates as an attack tool after it gets discovered and patched by the affected software vendors. Within the time between the discovery of the vulnerability and the release of the fix, a bad actor might try to get the most out of his previously valuable attack assets. This is exactly what we saw in late October and early November 2016, when the espionage group Pawn Storm (also known as Fancy Bear, APT28, Sofacy, and STRONTIUM) ramped up its spear-phishing campaigns against various governments and embassies around the world. In these campaigns, Pawn Storm used a previously unknown zero-day in Adobe\u2019s Flash (CVE-2016-7855, fixed on October 26, 2016 with an emergency update) in combination with a privilege escalation in Microsoft\u2019s Windows Operating System (CVE-2016-7255) that was fixed on November 8, 2016.", "modified": "2016-11-09T21:51:12.960000", "created": "2016-11-09T17:09:52.265000", "tags": [ "pawn storm", "flash", "sofacy", "fancy bear", "apt28", "trendmicro" ], "references": [ "http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-ramps-up-spear-phishing-before-zero-days-get-patched/" ], "public": 1, "adversary": "Sofacy", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "government", "military" ], "TLP": "green", "cloned_from": null, "export_count": 63, "upvotes_count": 1.0, "downvotes_count": 0.0, "votes_count": 1.0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 15, "FileHash-SHA1": 3, "CVE": 2 }, "indicator_count": 20, "is_author": false, "is_subscribing": null, "subscriber_count": 376763, "modified_text": "3443 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "pressservices.net", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "pressservices.net", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776223253.5476422 }