misp-circl-feed/feeds/circl/stix-2.1/5825c994-18b0-4900-a73d-4558950d210f.json

223 lines
908 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5825c994-18b0-4900-a73d-4558950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-02T08:12:26.000Z",
"modified": "2017-01-02T08:12:26.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5825c994-18b0-4900-a73d-4558950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-02T08:12:26.000Z",
"modified": "2017-01-02T08:12:26.000Z",
"name": "OSINT - BlackNurse Denial of Service Attack",
"published": "2017-01-11T20:17:22Z",
"object_refs": [
"observed-data--5825ca2c-85d0-4193-8f68-4311950d210f",
"url--5825ca2c-85d0-4193-8f68-4311950d210f",
"observed-data--5825ca60-9220-4be6-9181-42fd950d210f",
"url--5825ca60-9220-4be6-9181-42fd950d210f",
"indicator--5825ca78-5058-4247-b218-4139950d210f",
"indicator--5825ca87-c1b4-4257-842a-4133950d210f",
"observed-data--586a0b44-3b80-433c-9069-3b4ebce2ab96",
"file--586a0b44-3b80-433c-9069-3b4ebce2ab96",
"artifact--586a0b44-3b80-433c-9069-3b4ebce2ab96",
"x-misp-attribute--582af62b-a4a4-46b6-bee0-441b950d210f",
"observed-data--586a0b6a-224c-45d7-a53f-4060bce2ab96",
"url--586a0b6a-224c-45d7-a53f-4060bce2ab96"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"ecsirt:availability=\"ddos\"",
"europol-incident:availability=\"dos-ddos\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5825ca2c-85d0-4193-8f68-4311950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-11-11T13:39:56.000Z",
"modified": "2016-11-11T13:39:56.000Z",
"first_observed": "2016-11-11T13:39:56Z",
"last_observed": "2016-11-11T13:39:56Z",
"number_observed": 1,
"object_refs": [
"url--5825ca2c-85d0-4193-8f68-4311950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5825ca2c-85d0-4193-8f68-4311950d210f",
"value": "http://www.netresec.com/?page=Blog&month=2016-11&post=BlackNurse-Denial-of-Service-Attack"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5825ca60-9220-4be6-9181-42fd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-11-11T13:40:48.000Z",
"modified": "2016-11-11T13:40:48.000Z",
"first_observed": "2016-11-11T13:40:48Z",
"last_observed": "2016-11-11T13:40:48Z",
"number_observed": 1,
"object_refs": [
"url--5825ca60-9220-4be6-9181-42fd950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5825ca60-9220-4be6-9181-42fd950d210f",
"value": "http://soc.tdc.dk/blacknurse/blacknurse.pdf"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5825ca78-5058-4247-b218-4139950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-11-11T13:41:12.000Z",
"modified": "2016-11-11T13:41:12.000Z",
"pattern": "[alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:\"TDC-SOC - Possible BlackNurse attack from external source \"; itype:3; icode:3; detection_filter:track by_dst, count 250, seconds 1; reference:url, soc.tdc.dk/blacknurse/blacknurse.pdf; metadata:TDC-SOC-CERT,18032016; priority:3; sid:88000012; rev:1;)]",
"pattern_type": "snort",
"valid_from": "2016-11-11T13:41:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5825ca87-c1b4-4257-842a-4133950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-11-11T13:41:27.000Z",
"modified": "2016-11-11T13:41:27.000Z",
"pattern": "[alert icmp $HOME_NET any -> $EXTERNAL_NET any (msg:\"TDC-SOC - Possible BlackNurse attack from internal source\"; itype:3; icode:3; detection_filter:track by_dst, count 250, seconds 1; reference:url, soc.tdc.dk/blacknurse/blacknurse.pdf; metadata:TDC-SOC-CERT,18032016; priority:3; sid:88000013; rev:1;)]",
"pattern_type": "snort",
"valid_from": "2016-11-11T13:41:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--586a0b44-3b80-433c-9069-3b4ebce2ab96",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-02T08:11:48.000Z",
"modified": "2017-01-02T08:11:48.000Z",
"first_observed": "2017-01-02T08:11:48Z",
"last_observed": "2017-01-02T08:11:48Z",
"number_observed": 1,
"object_refs": [
"file--586a0b44-3b80-433c-9069-3b4ebce2ab96",
"artifact--586a0b44-3b80-433c-9069-3b4ebce2ab96"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--586a0b44-3b80-433c-9069-3b4ebce2ab96",
"name": "Blacknurse_v.1.7.pdf",
"content_ref": "artifact--586a0b44-3b80-433c-9069-3b4ebce2ab96"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--586a0b44-3b80-433c-9069-3b4ebce2ab96",
"payload_bin": "JVBERi0xLjUNCiW1tbW1DQoxIDAgb2JqDQo8PC9UeXBlL0NhdGFsb2cvUGFnZXMgMiAwIFIvTGFuZyhkYS1ESykgL1N0cnVjdFRyZWVSb290IDYwIDAgUi9NYXJrSW5mbzw8L01hcmtlZCB0cnVlPj4vTWV0YWRhdGEgMzgzIDAgUi9WaWV3ZXJQcmVmZXJlbmNlcyAzODQgMCBSPj4NCmVuZG9iag0KMiAwIG9iag0KPDwvVHlwZS9QYWdlcy9Db3VudCA2L0tpZHNbIDMgMCBSIDI3IDAgUiAzNiAwIFIgMzkgMCBSIDQyIDAgUiA0NSAwIFJdID4+DQplbmRvYmoNCjMgMCBvYmoNCjw8L1R5cGUvUGFnZS9QYXJlbnQgMiAwIFIvUmVzb3VyY2VzPDwvRm9udDw8L0YxIDUgMCBSL0YyIDkgMCBSL0YzIDExIDAgUi9GNCAxMyAwIFIvRjUgMTUgMCBSL0Y2IDIxIDAgUj4+L0V4dEdTdGF0ZTw8L0dTNyA3IDAgUi9HUzggOCAwIFI+Pi9YT2JqZWN0PDwvSW1hZ2UyNiAyNiAwIFI+Pi9Qcm9jU2V0Wy9QREYvVGV4dC9JbWFnZUIvSW1hZ2VDL0ltYWdlSV0gPj4vQW5ub3RzWyAyMCAwIFJdIC9NZWRpYUJveFsgMCAwIDU5NS41IDg0Mi4yNV0gL0NvbnRlbnRzIDQgMCBSL0dyb3VwPDwvVHlwZS9Hcm91cC9TL1RyYW5zcGFyZW5jeS9DUy9EZXZpY2VSR0I+Pi9UYWJzL1MvU3RydWN0UGFyZW50cyAwPj4NCmVuZG9iag0KNCAwIG9iag0KPDwvRmlsdGVyL0ZsYXRlRGVjb2RlL0xlbmd0aCAzNDQ1Pj4NCnN0cmVhbQ0KeJy9XEtz3DYSvqtK/4FHMlVD4U3Q5UpVZDte5+m1tZuDKwdJlmSvLY1jT7KVf77H7W6AMxyCIDgzGOtADQkS/aHRb4A8++7z6v3t5fWqePz47LvV6vL63c3b4s3Z+XK1Wt7/fnbx96ebs5eXd+8fLlfvlw9nr/+8WuGl75fL1c3nb78tzp8+Kf44PWE1wz9rG1WwQre61oVVoha6+HxzevLbN8XD6cn5xenJ2fe84ByvX9yennC4mRW80LKt20Lz2hYX93DT89dNcfcFui3u6Mz6s+enJ2/Kovq9uPjh9OQZdPfP05O51He4NQUUDgwb7j3Cg4EVz35+UhRnL3EWfn7y4mnBzn66fLgrypuHxfPzKh+fmamtLRrV1KZJ4Q9A8eOCYk3N5c6gxOGgRCFMLZptVAakkcktVDVrmShYLTgepYGe7kYvv4oiXwPjVvCmEArEqXEcgH8twLM9eP1xSj+0NZ1GwlGblkAsNA6saYG5hW5qCyeI34319psN9ckbQ6qqo1pYbupGFCA5shDATDHou/+U3kzDDHpxyQCqUtRJRQvomzVqR3gW6CYfaJjONqleY8Ctx6BlLdcIlJJ100Tmc/rOcELbjoIbln9OSpD/ArRjSGFL/dmGQ3PIOhbJQhpnLfsq31Fva+WmlyOjODKqWIBwg0JdXL8pBeMpm8SzgeKCgW0fxfSmNCkcIh8OxetWxoBEpOhs7cjP4YweQHe6hsHqZtokdKbIiztgEDIiQ1wOVSXx8JSyNJZ3w5yhLBvuepIdeyfxqo2P+NfrKpioRFdx9KJRNbMzh7AzPcGheSAatq2FKBrDaiV2999676HbUEpbVSsbg3JRLTgv38FRlzdJXCYjLgF2HmxZBNd5JcuPgKotL+l4XTXlh1+qhZDlnwT2c8VN+aXiTXmTQt1kRC0hzLBRbiYZaHNCATk3Mgblu2qhytWqUn0GpuC1+8IbUQGpbd3urQKCHckUdB5NmZrvHlkLfiRYypDJ1wyUYndU4rjMUmBC5vEKadpagyiohqafW43WByLhcZMvZAx6shsHWxVtPcwIpEMN1n5kiv9NRuSmWkgFRmQhWrQiqnxfgVFZPoSuYH8ckMrIJooj7jiFUpBfe4pCMxSMOANVJK9K9hLF7W+O4OYBiw6hBCyKEaqzEmpqHR1Sk5OSEbWNjmlWUEgPrFWPYT8UFdKhCwqT7V5uXTu3oMFy+w4B5kDGO0AWsHUHngdbd6BZ4PEOEs3dAByPqckZoAG+aLvvP9o+NEjGOE4kDJJOGKR4N0mDZGytusIJicNTNDqXlRTlCuxRUy6j5mcPqhbYN0Y0aXgcraThMdOGJ95L0vAEkG1MQfciQjYnoBE1N3vRcOYmxfsDibQgVscmAuaMNUcnoiBOGSECAT/oxvKvCnIU57Hv6coVnhhw3/kwSGYxmj7uQCVnmD0kiYQRXpNDvySXWCMdksciJcyxr+OkCijCZoEiwXhvaYhr+XzX/RqtzY47zJ4rmfSFrn3CF8Y66Hyha5/whVEEHqHjlHNWYkh9vNH3PN449HES2Nl5CdFQyhix3m3CzU32lPR0YGON7gv4k2phIaHv3B2F3Ju4+7ay7sd1JWXfIaai8v1Qck7wQpRJ10j0/PxP8ld2NdjOp2mOC2cgRjiBcrrCLXmgYpOEJwpfHfX1SDnJkNyomj975ctBgpU/4eElVVkeFZVosJYAV36utC7P0RQ/qwQvXyXshBS5BiGZIrM1dxCDWex4QNSVBSDI/wnuy9zcVwJt3bBAHPA6xVCVDRdYXYwcxnH9VkF+/A88vABcyuF8lgKns4FrAdwW02b6SGnyCRwngQsgLFIQQjd9gMxjpLA7F0L3vDeEZpwL31eLxtVfl9VCl/dJSG02SFKiDg8Q4UKU0ooCGM4SYBTLBga8djvGnzoFIZt5l8pg8ru7lKh8xhlri2MQfiGnQRLyF9kRH8BfYSTQld8SKLNZYolrdPuok8pmdBVjrggbF94Z0bfay86OxEBKzJCbXgCkWvC+PWKJ+FJ1xpjT4iG6aQ0MQMOuUYdFCxEvF+seRj2x6pnTGfSjY11T7sV7WyslFoIbYSG4AacHwY1JBjfKZkImGaVB48iSwtnm5Q8YtE2AdWgyZjSu+8STMdc+kYzFOuiSMdc+kYzFOsBmO4HQszLefzdEYja19HjdG0G03QOMtg/TOghYjVznOWpC73RsQ9q8rpKJnaDlz57FuMCMza2jUN6Gqdx2OldgdGsh0l1If/mu4qJ8t6ILBa5TvkQv4TpZ+kooPbr8GM389hwHB3el5Mg4RjYB7EBJj1DSYpTSYyYb9W3uYWkIBMam57BhjVJqxymRILhJpunMT7kx5MMDyiRTD7cVSI2TIVck3KGMMAfRaK7i9jAk2R5uvOPZNZPraQxhMcMR7CKH0Kq8/nT5sEEcW2Oe1Vk6R+6zEK/Tjk365XzPO0w6VqtKlp/w16MzsCqixKMs/wvHZutYU8R5W5HFcaVi2i4CdmhV05NLZ3Lg6l2loB8t6cdHuntZGVZeIZ1LNFXuIt3zBYOF95VkdDedOQyrjyhun1LzHlvu3omLYTDHZ5i0DV/XPNckcUagRm95uGnXLhuME+Ku3bVPuPZYB51rd+0Trj3WQefa4+0uSor23w3RTYTzzWrMt8dv8BDjNwy8uwSNt3pW1VbHFvvndZW0IUwC8p4E/QaibTqr+qHiNm7V9yVtLU7IkPCnboEHCWM4sWXZXfb4NjsWLjVl9NtoYA4ZV26f69XfKQXX+03KiFJzBbJqQ96k7LqnN6dKrc2kOUr0lDbqQ+hUSqRF7ycFplnPK8l7laQ/0eKSeadWV3Z25vW1uzq+FDcLpxkrC/CWSlwDnOMh2oE8kWAFVHI2c9Bpxuj0WJ+doqJM6SsMzb0OExAi4fgVE4n8YzMGtwx/hbEZW48MLTsd/4S0LdjdtFUZDwC4wFAjHgC49okAINZBFwC49okAIIrAIfTsiefmEzc4ChM3DP03U7it0tt3y2mJL2Jvm+lV10RXKf8tIUNiWyHgiwq86MNfFWeYS3Msxa63Ukz4zz1hcCZqLkZgJF2WI+jne5qFdtplTfeU1osAO63QOY49oJ2hw9/klIqq9StllCZQC6UEdCCX9jDpt+aAjfktEP8A7KTj2pczEtIEPsaZg4Y
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--582af62b-a4a4-46b6-bee0-441b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-11-15T11:48:59.000Z",
"modified": "2016-11-15T11:48:59.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "\u00e2\u20ac\u0153We recommend that you grant permission for the ICMP unreachable message type (type 3). Denying ICMP unreachable messages disables ICMP Path MTU discovery, which can halt IPSec and PPTP traffic. See RFC 1195 and RFC 1435 for details about Path MTU Discovery.\u00e2\u20ac\u009d"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--586a0b6a-224c-45d7-a53f-4060bce2ab96",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-02T08:12:26.000Z",
"modified": "2017-01-02T08:12:26.000Z",
"first_observed": "2017-01-02T08:12:26Z",
"last_observed": "2017-01-02T08:12:26Z",
"number_observed": 1,
"object_refs": [
"url--586a0b6a-224c-45d7-a53f-4060bce2ab96"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--586a0b6a-224c-45d7-a53f-4060bce2ab96",
"value": "http://www.blacknurse.dk/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}