2023-06-14 17:31:25 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5af2be06-dc9c-4086-a6aa-45d9950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-11T08:07:17.000Z" ,
"modified" : "2018-05-11T08:07:17.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "grouping" ,
"spec_version" : "2.1" ,
"id" : "grouping--5af2be06-dc9c-4086-a6aa-45d9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-11T08:07:17.000Z" ,
"modified" : "2018-05-11T08:07:17.000Z" ,
"name" : "OSINT - Root cause analysis of the latest Internet Explorer zero day \u2013 CVE-2018-8174" ,
"context" : "suspicious-activity" ,
"object_refs" : [
"indicator--5af2c413-3c78-4a51-bf3b-44aa950d210f" ,
"observed-data--5af2c4e0-5330-4f2f-96b5-4a1d950d210f" ,
"url--5af2c4e0-5330-4f2f-96b5-4a1d950d210f" ,
"x-misp-attribute--5af2c538-7a08-411c-b594-4f6f950d210f" ,
"vulnerability--5af2be87-ea74-4ad8-8dcf-4569950d210f" ,
"indicator--5af2c3a4-d11c-404f-b948-4f1d950d210f" ,
"indicator--5af2c3cd-a0b0-4a81-9126-4e08950d210f" ,
"indicator--5af2c405-3558-40fd-be7f-4a4b950d210f" ,
"x-misp-object--d3d122df-767a-40f1-b5a0-f14837f259b7" ,
"x-misp-object--1e6f7e8d-db97-461c-bf7d-af5f6d7cb3f4" ,
"x-misp-object--2b8b2ad0-9787-465b-9927-3d3bd3ed33a1" ,
"relationship--081acb0b-808a-4154-88a2-6889717c1298" ,
"relationship--ae106e79-c92e-420d-ab38-538a62808a51"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"osint:source-type=\"blog-post\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af2c413-3c78-4a51-bf3b-44aa950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-09T09:49:07.000Z" ,
"modified" : "2018-05-09T09:49:07.000Z" ,
"pattern" : "[domain-name:value = 'autosoundcheckers.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-09T09:49:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5af2c4e0-5330-4f2f-96b5-4a1d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-09T09:52:43.000Z" ,
"modified" : "2018-05-09T09:52:43.000Z" ,
"first_observed" : "2018-05-09T09:52:43Z" ,
"last_observed" : "2018-05-09T09:52:43Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5af2c4e0-5330-4f2f-96b5-4a1d950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5af2c4e0-5330-4f2f-96b5-4a1d950d210f" ,
"value" : "https://securelist.com/root-cause-analysis-of-cve-2018-8174/85486/"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5af2c538-7a08-411c-b594-4f6f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-09T09:54:00.000Z" ,
"modified" : "2018-05-09T09:54:00.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "In late April 2018, a new zero-day vulnerability for Internet Explorer (IE) was found using our sandbox; more than two years since the last in the wild example (CVE-2016-0189). This particular vulnerability and subsequent exploit are interesting for many reasons. The following article will examine the core reasons behind the latest vulnerability, CVE-2018-8174."
} ,
{
"type" : "vulnerability" ,
"spec_version" : "2.1" ,
"id" : "vulnerability--5af2be87-ea74-4ad8-8dcf-4569950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-09T09:25:27.000Z" ,
"modified" : "2018-05-09T09:25:27.000Z" ,
"name" : "CVE-2018-8174" ,
"labels" : [
"misp:name=\"vulnerability\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"False\""
] ,
"external_references" : [
{
"source_name" : "cve" ,
"external_id" : "CVE-2018-8174"
}
] ,
"x_misp_state" : "Published"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af2c3a4-d11c-404f-b948-4f1d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-11T08:04:48.000Z" ,
"modified" : "2018-05-11T08:04:48.000Z" ,
"description" : " RTF document" ,
"pattern" : "[file:hashes.MD5 = 'b48ddad351dd16e4b24f3909c53c8901' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-11T08:04:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af2c3cd-a0b0-4a81-9126-4e08950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-09T09:47:57.000Z" ,
"modified" : "2018-05-09T09:47:57.000Z" ,
"description" : "Internet Explorer exploit (CVE-2018-8174)" ,
"pattern" : "[file:hashes.MD5 = '15eafc24416cbf4cfe323e9c271e71e7' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-09T09:47:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af2c405-3558-40fd-be7f-4a4b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-09T09:48:53.000Z" ,
"modified" : "2018-05-09T09:48:53.000Z" ,
"description" : "Payload" ,
"pattern" : "[file:hashes.MD5 = '1ce4a38b6ea440a6734f7c049f5c47e2' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-09T09:48:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d3d122df-767a-40f1-b5a0-f14837f259b7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-10T13:04:42.000Z" ,
"modified" : "2018-05-10T13:04:42.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--1e6f7e8d-db97-461c-bf7d-af5f6d7cb3f4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-10T13:04:40.000Z" ,
"modified" : "2018-05-10T13:04:40.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2b8b2ad0-9787-465b-9927-3d3bd3ed33a1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-11T08:04:45.000Z" ,
"modified" : "2018-05-11T08:04:45.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--081acb0b-808a-4154-88a2-6889717c1298" ,
"created" : "2018-05-11T08:04:46.000Z" ,
"modified" : "2018-05-11T08:04:46.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5af2c3a4-d11c-404f-b948-4f1d950d210f" ,
"target_ref" : "x-misp-object--2b8b2ad0-9787-465b-9927-3d3bd3ed33a1"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--ae106e79-c92e-420d-ab38-538a62808a51" ,
"created" : "2018-05-10T13:04:41.000Z" ,
"modified" : "2018-05-10T13:04:41.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "x-misp-object--d3d122df-767a-40f1-b5a0-f14837f259b7" ,
"target_ref" : "x-misp-object--1e6f7e8d-db97-461c-bf7d-af5f6d7cb3f4"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}