349 lines
618 KiB
JSON
349 lines
618 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5ac8cee2-2a78-4237-88a0-d0b802de0b81",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-04-17T05:16:30.000Z",
|
||
|
"modified": "2018-04-17T05:16:30.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--5ac8cee2-2a78-4237-88a0-d0b802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-04-17T05:16:30.000Z",
|
||
|
"modified": "2018-04-17T05:16:30.000Z",
|
||
|
"name": "OSINT - Cisco IOS CVE-2018-0171 attack",
|
||
|
"published": "2018-04-17T05:16:38Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--5ac8cfbb-3bec-48aa-9dcb-f0ae02de0b81",
|
||
|
"url--5ac8cfbb-3bec-48aa-9dcb-f0ae02de0b81",
|
||
|
"x-misp-attribute--5ac8d04e-0e90-4d58-8c6a-f0ad02de0b81",
|
||
|
"observed-data--5ac8d0e1-d524-4f68-9262-f0c502de0b81",
|
||
|
"email-message--5ac8d0e1-d524-4f68-9262-f0c502de0b81",
|
||
|
"email-addr--5ac8d0e1-d524-4f68-9262-f0c502de0b81",
|
||
|
"observed-data--5ac8d58c-8938-4a6a-a5f8-f0ae02de0b81",
|
||
|
"url--5ac8d58c-8938-4a6a-a5f8-f0ae02de0b81",
|
||
|
"x-misp-attribute--5ac8d5ba-1d84-4fa5-8484-439002de0b81",
|
||
|
"vulnerability--5ac8d65c-9ff0-40e6-b644-f0c502de0b81",
|
||
|
"observed-data--5aca2f46-37b4-44b5-b112-623402de0b81",
|
||
|
"file--5aca2f46-37b4-44b5-b112-623402de0b81",
|
||
|
"artifact--5aca2f46-37b4-44b5-b112-623402de0b81",
|
||
|
"x-misp-attribute--5aca2f5e-7d9c-407b-94d2-4a5502de0b81",
|
||
|
"observed-data--5aca2fb1-7e5c-4dda-a3cb-446602de0b81",
|
||
|
"url--5aca2fb1-7e5c-4dda-a3cb-446602de0b81",
|
||
|
"x-misp-attribute--5acb213f-301c-49d6-a1e3-5233950d210f",
|
||
|
"observed-data--5acdb395-d4d4-46fa-bd99-495902de0b81",
|
||
|
"file--5acdb395-d4d4-46fa-bd99-495902de0b81",
|
||
|
"artifact--5acdb395-d4d4-46fa-bd99-495902de0b81",
|
||
|
"vulnerability--5ad58237-d42c-405c-9d1e-41a3950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"estimative-language:likelihood-probability=\"roughly-even-chance\"",
|
||
|
"estimative-language:confidence-in-analytic-judgment=\"moderate\"",
|
||
|
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Network Service Scanning\"",
|
||
|
"cyber-threat-framework:Effect/Consequence=\"destroy-hardware-software-or-data\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5ac8cfbb-3bec-48aa-9dcb-f0ae02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-04-08T15:00:47.000Z",
|
||
|
"modified": "2018-04-08T15:00:47.000Z",
|
||
|
"first_observed": "2018-04-08T15:00:47Z",
|
||
|
"last_observed": "2018-04-08T15:00:47Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5ac8cfbb-3bec-48aa-9dcb-f0ae02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"OSINT",
|
||
|
"osint:source-type=\"technical-report\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5ac8cfbb-3bec-48aa-9dcb-f0ae02de0b81",
|
||
|
"value": "https://otx.alienvault.com/pulse/5ac8c6bca1061f185097cdc6"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5ac8d04e-0e90-4d58-8c6a-f0ad02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-04-09T08:19:38.000Z",
|
||
|
"modified": "2018-04-09T08:19:38.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"other\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"cyber-threat-framework:Effect/Consequence=\"destroy-hardware-software-or-data\""
|
||
|
],
|
||
|
"x_misp_category": "Artifacts dropped",
|
||
|
"x_misp_type": "other",
|
||
|
"x_misp_value": "cisco IOS config change"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5ac8d0e1-d524-4f68-9262-f0c502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-04-08T15:04:58.000Z",
|
||
|
"modified": "2018-04-08T15:04:58.000Z",
|
||
|
"first_observed": "2018-04-08T15:04:58Z",
|
||
|
"last_observed": "2018-04-08T15:04:58Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"email-message--5ac8d0e1-d524-4f68-9262-f0c502de0b81",
|
||
|
"email-addr--5ac8d0e1-d524-4f68-9262-f0c502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"email-src\"",
|
||
|
"misp:category=\"Payload delivery\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "email-message",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "email-message--5ac8d0e1-d524-4f68-9262-f0c502de0b81",
|
||
|
"is_multipart": false,
|
||
|
"from_ref": "email-addr--5ac8d0e1-d524-4f68-9262-f0c502de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "email-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "email-addr--5ac8d0e1-d524-4f68-9262-f0c502de0b81",
|
||
|
"value": "usafreedom_jht@tutanota.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5ac8d58c-8938-4a6a-a5f8-f0ae02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-04-08T15:02:32.000Z",
|
||
|
"modified": "2018-04-08T15:02:32.000Z",
|
||
|
"first_observed": "2018-04-08T15:02:32Z",
|
||
|
"last_observed": "2018-04-08T15:02:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5ac8d58c-8938-4a6a-a5f8-f0ae02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"OSINT",
|
||
|
"osint:source-type=\"technical-report\"",
|
||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5ac8d58c-8938-4a6a-a5f8-f0ae02de0b81",
|
||
|
"value": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5ac8d5ba-1d84-4fa5-8484-439002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-04-07T14:29:14.000Z",
|
||
|
"modified": "2018-04-07T14:29:14.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "cisco-sa-20180328-smi2"
|
||
|
},
|
||
|
{
|
||
|
"type": "vulnerability",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "vulnerability--5ac8d65c-9ff0-40e6-b644-f0c502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-04-09T08:17:57.000Z",
|
||
|
"modified": "2018-04-09T08:17:57.000Z",
|
||
|
"name": "CVE-2018-0171",
|
||
|
"labels": [
|
||
|
"misp:type=\"vulnerability\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"cyber-threat-framework:Engagement=\"exploit-vulnerabilities\""
|
||
|
],
|
||
|
"external_references": [
|
||
|
{
|
||
|
"source_name": "cve",
|
||
|
"external_id": "CVE-2018-0171"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5aca2f46-37b4-44b5-b112-623402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-04-08T15:03:34.000Z",
|
||
|
"modified": "2018-04-08T15:03:34.000Z",
|
||
|
"first_observed": "2018-04-08T15:03:34Z",
|
||
|
"last_observed": "2018-04-08T15:03:34Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--5aca2f46-37b4-44b5-b112-623402de0b81",
|
||
|
"artifact--5aca2f46-37b4-44b5-b112-623402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"attachment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--5aca2f46-37b4-44b5-b112-623402de0b81",
|
||
|
"name": "startup-config.jpg",
|
||
|
"content_ref": "artifact--5aca2f46-37b4-44b5-b112-623402de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "artifact",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "artifact--5aca2f46-37b4-44b5-b112-623402de0b81",
|
||
|
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh7/wgARCAIPA0kDASIAAhEBAxEB/8QAHAABAAIDAQEBAAAAAAAAAAAAAAQFAgYHAwgB/8QAGgEBAQEBAQEBAAAAAAAAAAAAAAMEAQIGBf/aAAwDAQACEAMQAAABk3Oftryxlfj3tkku+YySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIySIz39+dgpziCnRjyThBThBPzxX9YvFcmOPfPhxH6E4r7l2Studd7yB4em7461Ua18NsIlVsfg7S3ft6GFJtkb15rq25efVbldO8jyZD15jpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAjpAiSvLPnT8/J+/SHKi+/Mzx9PPz2PN8s+equJMqsX6vpsGve0qxfeFJnp2PifcuG/qfLds0beOAL745cn76i5cOouXDqLlw6i5cOouXDqLlw6i5cOouXDqLlw6i5cOouXDqLlw6i5cOouXDqLlw6i5cOouXDqLlw6i5cOouXDqLlw6i5cOouXDqLlw6i5cOouXDqLlw6i5cOouXDqLlw6i5cOouXDqLlw6i5cOouXDqLlw6i5cOouXDqLlw6i5cOouXDqLlw6f481HSnNR0r05iOlOajpTmo6dD58d6DvfA+7c7tXt72PVB87/RPzLpyfR3AO/wDC4315Kixqe/6RyYQ3r5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADu/CO7nRc/wBFB8zfTPzNryfR3Gez/P0bWjVUq7Pnqo2GXqY2HChAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADu/CO7nSQUPzL9NfMurJ9IcT7fwmVvCJ++0q+cnx8TGwg+h5nkWsbyxPCHY1wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7vwju50kFH8x/T3zDpyfS3Au/wDD5X1mLtSdNc/b/M1WZayzU7GyvDQJm3Uxry6gkORtPgaq2iWaZ72dgaqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB3fhHdzpIKj5e+pPlvTk+m/nL6K4XLRqa+iT91i2klAsbA173mXZqLY/Ao0zzI6/FAtvQpVhMKNc+ZVLPErlsKldRiubDEKleVB5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAd34R3c6SCt+WPqX5a0Zvo/h3ceFeKQvaDDlW58YfgWfpUCzstatzOKjkmL6wy1xrBbe1XHJcupF561kY9/P0yPXPDA9Xn+GftE9y31NMIYD38AAAtqkALOIRwAAAD3PBI9CGAAAAnQQAkfh4AAAAAAAAAAAAAAd34R3c6SCg+Zvpn5m1ZPo7ivavn+VraNriVdnsdHGw+Vd+EW0qxt9ZRi+rIg2eZpg2OqgiXeawNs1MLCx14bDO1AX+WvC+stPDZdaGz+NRkX0vSht9NUgDZJGpjcayhEjYtVHrea8N48tMG9VmsC2iwxvFZrQ2P01gX1CGz460NzpKcN10obHjrw26PrI2rw1wXnvrg3b00US8I4sfyvFhXgAAAAAAAAA7vwju50kFB8zfTPzNqyfR3z/9AfP8rVPr5JVsZdHcntIqMyw1yzrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB3fhHdzpIKD5m+mfmbVk+jvn/wCgPn+Vqk9ZV8m5+5orZRV12xTTUG6+BqMy+9DUWz7Gc1euRmsro1H2vIhDrNuqylkbXGNVbRYGjto/Cgj7ViauvMSlbN+msOg6qVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHd+Ed3OkgoPmb6Z+ZtWT6O+f/oD5/lapEqgAAAAAWP5XibCB7+A9fIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHd+Ed3OkgoPmb6Z+ZtWT6O+f/oD5/lapEqkqWVT1yPBZ1gWteeT3mFYWpVPXI8FnWBa155PeYVhalU9cjwWdYE7zIqVkQ04QUoRUzIgp3mRUrIhpwgpQipmRBTvMipWRDThBShFTMiCneZFAAAAAAAAAAAAAAAAAAA7vwju50kFB8zfTPzNqyfR3z/9AfP8rVIlWzRI49fIWFeFnWB6y68LOsD18hYV4WdYHrLrws6wPXyFhXheSdaGy464Nh8qMbK1obHjrwvJOtDZcdcGw+VGNla0Njx14XknWhsuOuDYfKjGytaGx468Lz31yQRwAAAAAAAAAAAAAAAAAAO78I7udJBQfM30z8zasn0d8/8A0B8/ytUiVbOssa4uY9cG0auFzTCxrg2jVwuY9cG0auFzTCxrg2jVwuY9cAJgIcyHMAEOZDJgAIcyHMAEOZDJgAIcyHMAEOZDJgHv4epXAAAAAAAAAAAAAAAAAAAd34R3c6SCg+Zvpn5m1ZPo75/+gPn+VqkSrKl4iDl4epOrLCvLWvnVh7zIMsr7WqsyDl4epOrLCvLWvnVh7zIMsr7WqsyDl4epOrLCvJ3nZSSkyucSqWfkVq7FNla4lZ52UkpMrnEqln5FauxTZWuJWedlJKTK5xKpZ+RWrsU2VriVnnZe5rgAAAAAAAAAAAAAAAAAAHd+Ed3OkgoPmb6Z+ZtWT6O+f/oD5/lapEqyI9nWBcxyuNoNXLkpljXBtGrhcxyuNoNXLkpljXBtGrhcxyuATBDJhDTBDTIYTBDTBDJhDTBDTIYTBDTBDJhDTBDTIYTBDkenuVgAAAAAAAAAAAAAAAAAAHd+Ed3OkgoPmb6Z+ZtWT6O+f/oD5/lapEq2NdKllU9cjwWdYFrXnk95hWFqVT1yPBZ1gWteeT3mFYWpVPXI8FnWExl5kWZjkGQxhyhkZGLLzIszHIMhjDlDIyMWXmRZmOQZDGHKGRkY+uHmRQAAAAAAAAAAAAAAAAAAO78I7udJBQfM30z8zasn0d8//QHz/K1SJVs0SOPXyFhXhZ1gesuvCzrA9fIWFeFnWB6y68LOsD18hYV4XknWhsuOuDYfKjGytaGx468LyTrQ2XHXBsPlRjZWtDY8deF5J1obLjrg2HyoxsrWhseOvC899ckEcAAAAAAAAAAAAAAAAAADu/CO7nSQUHzN9M/M2rJ9HfP/ANAfP8rVIlWzrLGuLmPXBtGrhc0wsa4No1cLmPXBtGrhc0wsa4No1cLmPXACYCHMhzABDmQyYACHMhzABDmQyYACHMhzAep5Q5kMmAe/h6lcAAAAAAAAAAAAAAAAAAB3fhHdzpIKD5m+mfmbVk+jvn/6A+f5WqRKsqXiIOXh6k6ssK8ta+dWHvMgyyvtaqzIOXh6k6ssK8ta+dWHvMgyyvtaqzIOXh6k6ssK8nedlJKTK5xKpZ+RWrsU2VriVnnZSSkyucSqWfkVq7FNla4lZ52UkpMrnEqln5FauxTZWuJWedl7muAAAAAAAAAAAAAAAAAAAd34R3c6SCg+Zvpn5m1ZPo75/wDoD5/lapEqyI9n4ENMhhMENMEMmENMENMhhMENMEMmENMENMhhMENMEMmENMENMhhMENMEMmENMENMhhMENMEMmENMENMhhMEOR6e5WAAAAAAAAAAAAAAAAAAAd34R3c6SCg+Zvpn5m1ZPo75/+gPn+VqkSrY+WPoYw5QyMjFl5kWZjkGQxhyhkZGLLzIszHIMhjDlDIyMWXmRZmOQZDGHKGRkYsvMizMcgyGMOUMjIxZeZFmY5BkMYcoZGRj64eZFAAA
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5aca2f5e-7d9c-407b-94d2-4a5502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-04-09T08:15:37.000Z",
|
||
|
"modified": "2018-04-09T08:15:37.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"target-location\"",
|
||
|
"misp:category=\"Targeting data\"",
|
||
|
"estimative-language:likelihood-probability=\"roughly-even-chance\""
|
||
|
],
|
||
|
"x_misp_category": "Targeting data",
|
||
|
"x_misp_type": "target-location",
|
||
|
"x_misp_value": "IR"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5aca2fb1-7e5c-4dda-a3cb-446602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-04-08T15:05:21.000Z",
|
||
|
"modified": "2018-04-08T15:05:21.000Z",
|
||
|
"first_observed": "2018-04-08T15:05:21Z",
|
||
|
"last_observed": "2018-04-08T15:05:21Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5aca2fb1-7e5c-4dda-a3cb-446602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5aca2fb1-7e5c-4dda-a3cb-446602de0b81",
|
||
|
"value": "https://www.bleepingcomputer.com/news/security/iranian-and-russian-networks-attacked-using-ciscos-cve-2018-0171-vulnerability/"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5acb213f-301c-49d6-a1e3-5233950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-04-09T08:16:11.000Z",
|
||
|
"modified": "2018-04-09T08:16:11.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"target-location\"",
|
||
|
"misp:category=\"Targeting data\"",
|
||
|
"estimative-language:likelihood-probability=\"roughly-even-chance\""
|
||
|
],
|
||
|
"x_misp_category": "Targeting data",
|
||
|
"x_misp_type": "target-location",
|
||
|
"x_misp_value": "RU"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5acdb395-d4d4-46fa-bd99-495902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-04-11T07:06:07.000Z",
|
||
|
"modified": "2018-04-11T07:06:07.000Z",
|
||
|
"first_observed": "2018-04-11T07:06:07Z",
|
||
|
"last_observed": "2018-04-11T07:06:07Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--5acdb395-d4d4-46fa-bd99-495902de0b81",
|
||
|
"artifact--5acdb395-d4d4-46fa-bd99-495902de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"attachment\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"osint:source-type=\"technical-report\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--5acdb395-d4d4-46fa-bd99-495902de0b81",
|
||
|
"name": "CITAR-Flash-2018-010-CISCO-Switches v1.0.pdf",
|
||
|
"content_ref": "artifact--5acdb395-d4d4-46fa-bd99-495902de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "artifact",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "artifact--5acdb395-d4d4-46fa-bd99-495902de0b81",
|
||
|
"payload_bin": "JVBERi0xLjUNCiW1tbW1DQoxIDAgb2JqDQo8PC9UeXBlL0NhdGFsb2cvUGFnZXMgMiAwIFIvTGFuZyhlbi1VUykgL1N0cnVjdFRyZWVSb290IDI5IDAgUi9NYXJrSW5mbzw8L01hcmtlZCB0cnVlPj4+Pg0KZW5kb2JqDQoyIDAgb2JqDQo8PC9UeXBlL1BhZ2VzL0NvdW50IDEvS2lkc1sgMyAwIFJdID4+DQplbmRvYmoNCjMgMCBvYmoNCjw8L1R5cGUvUGFnZS9QYXJlbnQgMiAwIFIvUmVzb3VyY2VzPDwvRm9udDw8L0YxIDUgMCBSL0YyIDkgMCBSL0YzIDExIDAgUi9GNCAxMyAwIFIvRjUgMTggMCBSL0Y2IDIwIDAgUj4+L0V4dEdTdGF0ZTw8L0dTNyA3IDAgUi9HUzggOCAwIFI+Pi9YT2JqZWN0PDwvSW1hZ2UyNyAyNyAwIFI+Pi9Qcm9jU2V0Wy9QREYvVGV4dC9JbWFnZUIvSW1hZ2VDL0ltYWdlSV0gPj4vQW5ub3RzWyAyNSAwIFIgMjYgMCBSXSAvTWVkaWFCb3hbIDAgMCA1OTUuMzIgODQxLjkyXSAvQ29udGVudHMgNCAwIFIvR3JvdXA8PC9UeXBlL0dyb3VwL1MvVHJhbnNwYXJlbmN5L0NTL0RldmljZVJHQj4+L1RhYnMvUy9TdHJ1Y3RQYXJlbnRzIDA+Pg0KZW5kb2JqDQo0IDAgb2JqDQo8PC9GaWx0ZXIvRmxhdGVEZWNvZGUvTGVuZ3RoIDg4Njg+Pg0Kc3RyZWFtDQp4nMU9a3PbOJLfU5X/wNovJ23FNPEiiVQqdR7HmfXtzGQ29szWVuY+MLLs6EaxPJI82fz7QzcepESAZCTQu1WbsUgQ3WgA/UJ34/RsvV3cVrNt8urV6dl2W80+zW+SD6fXq4f/Pb3++jA//bm6W9xX28Xq/vTq8eMWHv1tXt3M169fJ9+9OU/+eP4sSzP4X1kWJMkSIUXKaFJykkqarOfPn/3zr8n982ffXT9/dvqWJISnGU+ub58/g9ZZQhKay5SSpCiLlCbXn1Wz76+K5G6jek6yNJfqH0Z4sr7DN2X7zfvvnz/7MLn+YcomP7+cisn30xM2eX9x8dP0f5Pr/3n+7EKB/sfzZxFQZYylWdFAtYWhB7FkF43k4sfzJDn9GUj+4/nlmyQ7/aG6v0sm8/uT77+bHkZX6kFWsDJlScHUC4ssIjgIKRIBKR8FiWqq0CnUm6KF1NkWZm6rprCa/b6Bv5Mpn6ym5eQ+Ob9U03t1/i6ZFpPNl4VqoxrTiVqw6s9NMqsep/lkMx9hyjOcci/CySgrjMgAuBsY9mb9+KBogKNfrNSg70fAQuZhLBb3ABpm5qay01Als/lUTu7VDz6ZK/TWMHub6IjxkqZ5aPn0rWkaZU3LVOa7S7pgqUxy9RnNWzi9B+rM4Z/buaJJrv++BzLNgETHLVjWxoaSPM1ECJ2Xah9dq+k5ex8dLudpGYR7Eh9c0QHu7bLaqKX5KTrUvEwL9nSDLEgHOJqR6Uk5KaNDlTTNyNMNUn1AgoPMYoNjWZaSwg8uOYHOZaHE5ezDhMSHTbKUBhftcWzcC46m4um2JCOiA9yxQsoDTnGA4Lp5A1uj2kZnr4wVaR6AisuHSoar52X86eTh6Rx95QoaHPaHyWl8cHnKQ5tU7V+Cw8x4dLh5nuYBuGqYNJueyAmJDrUUaTFoYsvjFhX3wJZo0fhH/CpjBX8de7SySGVQX4rOJrji9zQ4pb+CUkazyWahFOkVKGT3sWeXMxqk8MgcgytmpYytwNiVIRYdIJdpwQfObUs/ZxH0c69cIigoiiJVNvm3IsXHMRqKLC2polSuPmjhdKVM3V9+BENB/SMmZ8rUQjviX7E3B1HGAqcBLPooI8aZLksZrlhxew29uweKJMqSohN6JDv0AJdlKngQ+I8VzMJ69km7JhCHjJRqel5okxienC/Ub7A+Zit4wCcPYOw9wj8fleW1XGympbJM0E5WJjT8oT+s4D8CP4U3s0eAsl5sv+oRRzdltJbvH2ml8ComfyqmqNAtgDOqcX/VuEbX/0u05PyIzFb3YDXPwMuzxrlfxFfpWFrIEAJoqt/B1BA7Qx/dhN5O9f9hvtbwkmlSAeHw2a3ayUv1iLDJl6mdaHiLny/Vi0xDwNa4vLD3xXKhvoSpz81H4HVh8anPS54Gx95aylefwTcHInOy1bS4xDmBNtsKh7SMjqJlCIwDr2rhuFQ4LmB5IB23L/QiZZrguM8Ws0/qgZq+JU6FwDeAcnRUiVKTWQjT6h72FKJWoZ9MU2z2u9JBYuOhdKyShBCJP2wp0U/hB7dduSlZP8JquXe/9VLSK367RnJYLqPezlY32mNmfq+c6wx/bj/ptyTXv+ttda89azs7ajnHCacEZx5WwGILjJxoAPAwjc5Z1AdCPtk0gGYtgrN+hsxmNlutb5CN3uNWUJyN8eYU7ex5IifXsOOX+B6eGkHXID8HXy8h9TTpSXU/P6MLH+SHaYabYCQeQWH/tRYgYmq334ksJyQvXyho8ENoETx38m4GNp5eEpr5qva3dgy4vnAJWsFNFFGbCxOaX6GCgE+xWRO0QWZbt0YeVf05ZYZmdSuUvQbGNwqN+GtZkJSRAIXjL2XB0dfhhXamaYR61XrlSH3rqGd+Opo3lYgH3PIgvUhG6okF6S1lY1G3yO5jKnti2k3mBn7k0AbZi0IEPryfjrjyieqnLcGbuicMYl/5jC0IFBYiiEwKNM2zydXifhbdMUdYCTZnAHR8kcdpSkLQgLaaCy6/Rges9HYSJHH8ceZ5eJxnD9pEWb6AmS2osV0MJ633yjK6zUCzNA+iFd9EoUqiihC4XWVuMx3DRhIFhEgEENA8R80Ad3SH+RDSMSBu+E/0sxSCRzdPNA0sU7ZKEQK3QgJ8tIpKrZhYmjiJrQhjrSn8YZm+lhfwBNVDlLPL6DySSYq+7acimsxRboc51b8fQB9crhY6pMDpheo/xeT88gpOUiDuQi2lsqE8q98QfmGlotWWgHxXSLrPjguitFX282XswUGISxZk+vd2LWzRAK/Gs00F2FttlXuQ8qBs15PyyFAJH+OmRSqDmMWXEyzrAPcb7jFhWVPBGypz/WwNf6LGolWy7fzG7FL10u1Y9fe+H049cn646EfwSqNhT0ZGWrAOcOe/qiFeRIdZypQVIZgjnPfTILjd0y6c0xHOxPOnGyyciYfA7Q42I0X8g0Um4OQjMNjoe4VBwKF4sr3CVMswOGvVRTdMGRw/B4BWs5mG61wsDCVpwZyLxTG/hv9Ee47XWoxGP5LjgGkA4dpSqSW51ppG8Y9C+F6ZB6ln3SSWRMsbhxM8FTtSI7oqIcAF/lR7BTQXUj7ZXhGqZRickivKTIguWITIU/lkrNaqYhBM0SdW8ujnhkr7Kf3ARxiq5CnJQtByVgrYR79N43t3ipSVAbDRHY6ESFg9XmDx1VdKcX94oV1jKGmtqiozE22b5RxcxeBCrGZb54Zcj3OypFZYRgIIfrFHkLUjvgIB1Dj42Dq1Or7OyllKQzOFQg3wWy+0FYbYITY1Sc8XG0AXTxn55PLdVYKWKB423s0TE5dz0v5w80UfHc0+OR8+Ur9yx0zRzXeuGLcIrZT4ApNnKDC90LTI1lLzrp7lmjyzlTuugFW6uHtEUa8dVgvtFE9uF0tz9JCiST+ajaxMG+5x5m9x61Sz352sH2cDEQL+4QAW0T2UhDDwhAfA4UqFKdnGZ2Qc7XA/3BH4ZpGSELQqmebIKZ1/aGN2dHQ0iq7J1f6qTzqMRgJa0ZlzmfIgGX6BxKVkSjKc8WWlDIJy58hQ6vPW9dy4LZ3fCrFd1pv4DntpuN8+2Q6Q1F+cMo+tjfnxcqqb/EWh8WaFzOK/YOVBIlU9OcIBdNQiBf6uzz3X8BOao0iZbRf1IODjv0RnfhJzxQJkTYGMe6I5tgJLtLniRwBXdB1IoKlcW3X3o0RLWWaaE0jQ2kfpoyXFbPV5bgNzAK363Lo+J6gWywpWSK0lpCMcH2VoffrRdbNnj8M
|
||
|
},
|
||
|
{
|
||
|
"type": "vulnerability",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "vulnerability--5ad58237-d42c-405c-9d1e-41a3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-04-17T05:12:23.000Z",
|
||
|
"modified": "2018-04-17T05:12:23.000Z",
|
||
|
"name": "CVE-2018-0171",
|
||
|
"description": "A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186.",
|
||
|
"labels": [
|
||
|
"misp:name=\"vulnerability\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
],
|
||
|
"external_references": [
|
||
|
{
|
||
|
"source_name": "cve",
|
||
|
"external_id": "CVE-2018-0171"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_state": "Published"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|