misp-circl-feed/feeds/circl/stix-2.1/159de01c-e6db-46c9-98a2-5434584086d5.json

1811 lines
95 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--159de01c-e6db-46c9-98a2-5434584086d5",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:51:53.000Z",
"modified": "2021-09-17T13:51:53.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--159de01c-e6db-46c9-98a2-5434584086d5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:51:53.000Z",
"modified": "2021-09-17T13:51:53.000Z",
"name": "OSINT - M\u0113ris botnet",
"published": "2021-09-17T13:54:49Z",
"object_refs": [
"vulnerability--011de3df-a2c3-45eb-962c-c1b3b175d7ef",
"indicator--73c570b9-2d03-4ca9-a3cc-b96da56751f4",
"indicator--c7a3b859-87a5-485c-b7b0-aff69f0bc206",
"indicator--d199cfa2-b088-4b90-8cdb-b144f75848e5",
"indicator--cf93b08c-a939-4a6c-9b59-c0273d1bb08f",
"indicator--c04208cd-deef-4b3b-ab10-ad0b8c59df89",
"indicator--e7802262-7472-429c-949f-00e89eafbf45",
"indicator--94179cca-3b39-4162-84c2-8052a82480d9",
"indicator--b1641012-b3bf-4fef-b114-92aadfd04d6a",
"indicator--4f1b2dea-ffc1-4612-869a-829510d13822",
"indicator--fc34b64c-4a11-4883-85e9-0d7f2a9ed85c",
"indicator--2878a192-1455-46f0-a1bd-bf2c10ced867",
"indicator--90886d99-befd-494b-8ba1-f3c5b297feed",
"indicator--ca840caa-6de2-4618-8790-9e99ca2ccee1",
"indicator--2abd777a-3a71-40c1-a27c-5be603aba1f3",
"indicator--ab1b5211-53dc-403c-b0ed-a41eb382fd9c",
"indicator--7caac35d-5579-46bb-bb87-c111e3c8b258",
"indicator--672981d6-fc33-40c6-a3db-92fcd844fce7",
"indicator--2e167e49-8564-4128-9e32-f084e3d5a750",
"indicator--6f025b5b-2655-4368-b194-ae2c224ac0f5",
"indicator--bd673ac0-55e6-4edd-bfd1-171fbb0aa077",
"indicator--6e727c20-da03-4fb2-a357-a1223f4e9067",
"indicator--9a9b2967-a6d2-469e-b683-b8845e7d3df7",
"indicator--4d145ae3-5e53-4061-a68a-5210f510c7a2",
"indicator--a22eed53-1dab-4ef6-98e8-ac2ba047b43a",
"indicator--ca3dec5c-c406-49f1-85d0-66ec251cceb4",
"indicator--44052282-39f9-4825-a735-1f54f5913bdd",
"indicator--8e5cdede-1aa5-4927-b99c-19fd7d122092",
"indicator--0b2084e4-2a92-437a-a13f-35abd6bb9fc6",
"indicator--b9ddce0b-57f9-4c96-925f-5c4e3ce1b981",
"indicator--2b01fe88-a6fc-48bc-b248-9a3eaa7f93f9",
"indicator--d0ca604f-307a-4269-9f0c-09a52d880c32",
"indicator--ec304186-8965-4cf5-9d27-382096d582a5",
"indicator--cf03653c-f123-433b-8941-169aa0fec221",
"indicator--eb9ee3ea-db97-46ab-973e-8af9db353d6a",
"indicator--5cdf0ae4-c1dd-41f9-94f1-ca4138507613",
"indicator--7e5783ac-8508-445e-9ce6-c84b70556eeb",
"indicator--2159c1c8-1508-41ef-89c7-ac3e74306ad2",
"vulnerability--fbe50800-b395-4729-b61e-b130daf4cc3a",
"x-misp-object--67abd9da-57af-458b-b408-03c6d57f0fe8",
"attack-pattern--2c32d7a1-0ef5-4766-b99e-66bfc82a131e",
"attack-pattern--1513a3e0-aad0-4cbe-8921-31e4d2f13eec",
"attack-pattern--3bdfd1d2-3683-4632-90cf-e9680f17a475",
"attack-pattern--6a9c3d31-bacd-482e-bc23-84d66588dcf9",
"attack-pattern--5dce48e2-0166-4068-ab6c-b78bbcb6bfd7",
"relationship--a5a78771-a4a8-4d0a-90ed-3befdac44d28",
"relationship--15f2b820-1883-4b2c-abec-ed83973a1315",
"relationship--b449189f-730d-4b02-be82-8db515f83810",
"relationship--296b0ff4-02ba-4c27-bb10-6ac28fa7ebe6",
"relationship--0273e28a-1047-40d2-85de-1de6014d3e3e",
"relationship--29d81bd0-054f-4c00-ae46-1f46d4b56fa7",
"relationship--a4b0318c-1576-48d1-b42e-abc8bd87ff5c"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--011de3df-a2c3-45eb-962c-c1b3b175d7ef",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:31:34.000Z",
"modified": "2021-09-17T13:31:34.000Z",
"name": "CVE-2018-14847",
"labels": [
"misp:type=\"vulnerability\"",
"misp:category=\"Payload delivery\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2018-14847"
}
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--73c570b9-2d03-4ca9-a3cc-b96da56751f4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:31:44.000Z",
"modified": "2021-09-17T13:31:44.000Z",
"pattern": "[domain-name:value = '1abcnews.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:31:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c7a3b859-87a5-485c-b7b0-aff69f0bc206",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:32:37.000Z",
"modified": "2021-09-17T13:32:37.000Z",
"pattern": "[domain-name:value = '1awesome.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:32:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d199cfa2-b088-4b90-8cdb-b144f75848e5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:32:46.000Z",
"modified": "2021-09-17T13:32:46.000Z",
"pattern": "[domain-name:value = 'bestmade.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:32:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cf93b08c-a939-4a6c-9b59-c0273d1bb08f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:32:54.000Z",
"modified": "2021-09-17T13:32:54.000Z",
"pattern": "[domain-name:value = '7standby.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:32:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c04208cd-deef-4b3b-ab10-ad0b8c59df89",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:33:30.000Z",
"modified": "2021-09-17T13:33:30.000Z",
"pattern": "[domain-name:value = 'audiomain.website']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:33:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e7802262-7472-429c-949f-00e89eafbf45",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:33:35.000Z",
"modified": "2021-09-17T13:33:35.000Z",
"pattern": "[domain-name:value = 'bestony.club']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:33:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--94179cca-3b39-4162-84c2-8052a82480d9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:34:27.000Z",
"modified": "2021-09-17T13:34:27.000Z",
"pattern": "[domain-name:value = 'fanmusic.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:34:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b1641012-b3bf-4fef-b114-92aadfd04d6a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:34:32.000Z",
"modified": "2021-09-17T13:34:32.000Z",
"pattern": "[domain-name:value = 'dartspeak.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:34:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4f1b2dea-ffc1-4612-869a-829510d13822",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:34:38.000Z",
"modified": "2021-09-17T13:34:38.000Z",
"pattern": "[domain-name:value = 'cloudsond.me']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:34:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fc34b64c-4a11-4883-85e9-0d7f2a9ed85c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:34:42.000Z",
"modified": "2021-09-17T13:34:42.000Z",
"pattern": "[domain-name:value = 'ciskotik.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:34:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2878a192-1455-46f0-a1bd-bf2c10ced867",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:34:47.000Z",
"modified": "2021-09-17T13:34:47.000Z",
"pattern": "[domain-name:value = 'gamedate.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:34:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--90886d99-befd-494b-8ba1-f3c5b297feed",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:34:53.000Z",
"modified": "2021-09-17T13:34:53.000Z",
"pattern": "[domain-name:value = 'globalmoby.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:34:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ca840caa-6de2-4618-8790-9e99ca2ccee1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:35:10.000Z",
"modified": "2021-09-17T13:35:10.000Z",
"pattern": "[domain-name:value = 'hitsmoby.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:35:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2abd777a-3a71-40c1-a27c-5be603aba1f3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:35:18.000Z",
"modified": "2021-09-17T13:35:18.000Z",
"pattern": "[domain-name:value = 'massgames.space']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:35:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ab1b5211-53dc-403c-b0ed-a41eb382fd9c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:35:28.000Z",
"modified": "2021-09-17T13:35:28.000Z",
"pattern": "[domain-name:value = 'mobstore.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:35:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7caac35d-5579-46bb-bb87-c111e3c8b258",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:35:34.000Z",
"modified": "2021-09-17T13:35:34.000Z",
"pattern": "[domain-name:value = 'motinkon.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:35:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--672981d6-fc33-40c6-a3db-92fcd844fce7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:35:40.000Z",
"modified": "2021-09-17T13:35:40.000Z",
"pattern": "[domain-name:value = 'my1story.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:35:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2e167e49-8564-4128-9e32-f084e3d5a750",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:35:47.000Z",
"modified": "2021-09-17T13:35:47.000Z",
"pattern": "[domain-name:value = 'myfrance.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:35:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6f025b5b-2655-4368-b194-ae2c224ac0f5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:35:52.000Z",
"modified": "2021-09-17T13:35:52.000Z",
"pattern": "[domain-name:value = 'portgame.website']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:35:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bd673ac0-55e6-4edd-bfd1-171fbb0aa077",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:35:58.000Z",
"modified": "2021-09-17T13:35:58.000Z",
"pattern": "[domain-name:value = 'phonemus.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:35:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6e727c20-da03-4fb2-a357-a1223f4e9067",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:03.000Z",
"modified": "2021-09-17T13:36:03.000Z",
"pattern": "[domain-name:value = 'senourth.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9a9b2967-a6d2-469e-b683-b8845e7d3df7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:08.000Z",
"modified": "2021-09-17T13:36:08.000Z",
"pattern": "[domain-name:value = 'sitestory.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4d145ae3-5e53-4061-a68a-5210f510c7a2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:14.000Z",
"modified": "2021-09-17T13:36:14.000Z",
"pattern": "[domain-name:value = 'spacewb.tech']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a22eed53-1dab-4ef6-98e8-ac2ba047b43a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:17.000Z",
"modified": "2021-09-17T13:36:17.000Z",
"pattern": "[domain-name:value = 'specialword.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ca3dec5c-c406-49f1-85d0-66ec251cceb4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:21.000Z",
"modified": "2021-09-17T13:36:21.000Z",
"pattern": "[domain-name:value = 'spgames.site']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--44052282-39f9-4825-a735-1f54f5913bdd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:26.000Z",
"modified": "2021-09-17T13:36:26.000Z",
"pattern": "[domain-name:value = 'strtbiz.site']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8e5cdede-1aa5-4927-b99c-19fd7d122092",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:30.000Z",
"modified": "2021-09-17T13:36:30.000Z",
"pattern": "[domain-name:value = 'takebad1.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0b2084e4-2a92-437a-a13f-35abd6bb9fc6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:35.000Z",
"modified": "2021-09-17T13:36:35.000Z",
"pattern": "[domain-name:value = 'tryphptoday.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b9ddce0b-57f9-4c96-925f-5c4e3ce1b981",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:39.000Z",
"modified": "2021-09-17T13:36:39.000Z",
"pattern": "[domain-name:value = 'wchampmuse.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2b01fe88-a6fc-48bc-b248-9a3eaa7f93f9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:43.000Z",
"modified": "2021-09-17T13:36:43.000Z",
"pattern": "[domain-name:value = 'weirdgames.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d0ca604f-307a-4269-9f0c-09a52d880c32",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:47.000Z",
"modified": "2021-09-17T13:36:47.000Z",
"pattern": "[domain-name:value = 'widechanges.best']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ec304186-8965-4cf5-9d27-382096d582a5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:51.000Z",
"modified": "2021-09-17T13:36:51.000Z",
"pattern": "[domain-name:value = 'zancetom.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cf03653c-f123-433b-8941-169aa0fec221",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:58.000Z",
"modified": "2021-09-17T13:36:58.000Z",
"pattern": "[domain-name:value = 'gamesone.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--eb9ee3ea-db97-46ab-973e-8af9db353d6a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:37:02.000Z",
"modified": "2021-09-17T13:37:02.000Z",
"pattern": "[domain-name:value = 'mobigifs.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:37:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cdf0ae4-c1dd-41f9-94f1-ca4138507613",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:37:05.000Z",
"modified": "2021-09-17T13:37:05.000Z",
"pattern": "[domain-name:value = 'picsgifs.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:37:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7e5783ac-8508-445e-9ce6-c84b70556eeb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:37:10.000Z",
"modified": "2021-09-17T13:37:10.000Z",
"pattern": "[domain-name:value = 'onlinegt.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:37:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2159c1c8-1508-41ef-89c7-ac3e74306ad2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:37:13.000Z",
"modified": "2021-09-17T13:37:13.000Z",
"pattern": "[domain-name:value = 'myphotos.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:37:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--fbe50800-b395-4729-b61e-b130daf4cc3a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:39:43.000Z",
"modified": "2021-09-17T13:39:43.000Z",
"name": "CVE-2018-14847",
"description": "MikroTik\u00a0RouterOS\u00a0through\u00a06.42\u00a0allows\u00a0unauthenticated\u00a0remote\u00a0attackers\u00a0to\u00a0read\u00a0arbitrary\u00a0files\u00a0and\u00a0remote\u00a0authenticated\u00a0attackers\u00a0to\u00a0write\u00a0arbitrary\u00a0files\u00a0due\u00a0to\u00a0a\u00a0directory\u00a0traversal\u00a0vulnerability\u00a0in\u00a0the\u00a0WinBox\u00a0interface.",
"labels": [
"misp:name=\"vulnerability\"",
"misp:meta-category=\"vulnerability\"",
"misp:to_ids=\"False\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2018-14847"
},
{
"source_name": "url",
"url": "https://github.com/BasuCert/WinboxPoC"
},
{
"source_name": "url",
"url": "https://github.com/BigNerd95/WinboxExploit"
},
{
"source_name": "url",
"url": "https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf"
},
{
"source_name": "url",
"url": "https://github.com/tenable/routeros/tree/master/poc/bytheway"
},
{
"source_name": "url",
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847"
},
{
"source_name": "url",
"url": "https://n0p.me/winbox-bug-dissection/"
},
{
"source_name": "url",
"url": "https://www.exploit-db.com/exploits/45578/"
}
],
"x_misp_cvss_score": "6.4",
"x_misp_modified": "2019-03-07T14:12:00+00:00",
"x_misp_published": "2018-08-02T07:29:00+00:00",
"x_misp_state": "Published",
"x_misp_vulnerable_configuration": [
"cpe:2.3:o:mikrotik:routeros:-:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:3.30:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:3.30:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:4.10:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:4.10:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:4.17:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:4.17:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:4.17:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.0:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.0:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.7:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.7:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.7:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.8:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.8:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.8:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.9:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.9:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.9:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.11:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.11:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.11:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.12:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.12:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.12:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.13:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.13:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.13:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.14:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.14:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.14:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.15:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.15:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.16:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.16:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.16:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.17:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.17:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.17:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.18:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.18:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.18:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.19:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.19:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.19:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.20:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.20:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.20:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.21:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.21:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.21:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.22:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.22:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.22:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.23:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.23:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.23:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.24:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.24:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.24:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.25:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.25:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.25:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.26:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.26:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.0:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.0:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.3:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.3:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.3:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.4:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.4:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.4:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.5:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.5:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.5:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.6:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.6:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.6:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.7:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.7:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.7:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.9:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.9:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.9:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.10:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.10:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.10:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.11:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.11:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.11:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.12:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.12:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.12:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.13:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.13:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.13:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.14:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.14:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.14:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.15:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.15:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.15:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.16:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.16:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.16:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.17:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.17:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.17:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.18:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.18:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.18:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.19:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.19:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.19:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.20:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.20:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.20:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.21.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.21.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.21.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.22:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.22:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.22:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.23:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.23:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.23:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.24:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.24:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.24:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.25:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.25:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.25:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.26:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.26:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.26:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.27:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.27:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.27:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.28:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.28:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.28:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.29:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.29:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.29:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.29.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.29.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.29.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.30:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.30:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.30:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.30.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.30.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.30.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.30.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.30.4:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.30.4:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.32.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.32.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.32.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.32.2:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.32.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.32.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.32.3:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.32.3:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.32.4:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.32.4:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.2:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.3:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.3:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.3:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.5:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.5:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.5:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.6:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.6:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.6:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.2:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.3:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.3:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.3:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.4:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.4:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.4:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.5:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.5:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.6:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.6:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35:rc12:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35:rc19:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35:rc2:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35:rc3:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35.2:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35.4:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35.4:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35.4:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc10:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc11:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc12:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc13:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc16:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc19:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc20:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc3:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc4:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc6:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc8:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc9:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36.2:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36.3:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36.3:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36.3:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36.4:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36.4:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc10:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc11:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc12:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc13:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc15:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc16:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc19:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc24:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc26:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc27:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc30:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc36:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc38:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc4:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc40:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc5:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.2:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.3:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.3:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.3:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.4:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.4:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.5:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.5:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38:rc15:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38:rc19:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38:rc35:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38:rc37:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38:rc44:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38:rc45:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38:rc46:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38:rc9:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.2:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.3:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.3:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.3:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.4:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.4:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.4:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.5:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.5:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.5:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.7:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.7:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.39:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.39:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.39:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.39.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.39.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.39.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.39.2:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.39.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.39.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.39.3:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.39.3:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40:rc15:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40:rc20:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40:rc28:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40:rc32:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40:rc36:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40:rc38:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40:rc6:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.2:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.3:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.3:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.3:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.4:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.4:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.4:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.5:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.5:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.5:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.6:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.6:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.7:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.7:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.8:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.8:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.9:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.9:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc17:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc18:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc26:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc28:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc30:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc31:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc32:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc34:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc37:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc38:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc4:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc44:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc47:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc50:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc52:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc56:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc6:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc61:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc66:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc9:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.2:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.3:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.3:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.3:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.4:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.4:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.4:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc11:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc11:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc11:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc12:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc12:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc12:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc14:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc14:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc14:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc15:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc15:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc15:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc18:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc18:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc18:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc2:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc2:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc2:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc20:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc20:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc20:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc23:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc23:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc23:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc24:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc24:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc24:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc27:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc27:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc27:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc28:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc28:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc28:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc30:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc30:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc30:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc35:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc35:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc35:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc37:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc37:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc37:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc39:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc39:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc39:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc41:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc41:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc41:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc43:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc43:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc43:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc46:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc46:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc46:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc48:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc48:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc48:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc49:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc49:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc49:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc5:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc5:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc5:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc52:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc52:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc52:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc56:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc56:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc56:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc6:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc6:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc6:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc9:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc9:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc9:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc9_:*:*:testing:*:*:*"
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--67abd9da-57af-458b-b408-03c6d57f0fe8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:39:48.000Z",
"modified": "2021-09-17T13:39:48.000Z",
"labels": [
"misp:name=\"weakness\"",
"misp:meta-category=\"vulnerability\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": "Improper\u00a0Limitation\u00a0of\u00a0a\u00a0Pathname\u00a0to\u00a0a\u00a0Restricted\u00a0Directory\u00a0('Path\u00a0Traversal')",
"category": "Other",
"comment": "CVE-2018-14847: Enriched via the cve_advanced module",
"uuid": "98b79b3a-1c36-4f10-9cff-82ddac9f7763"
},
{
"type": "text",
"object_relation": "status",
"value": "Stable",
"category": "Other",
"comment": "CVE-2018-14847: Enriched via the cve_advanced module",
"uuid": "797d6b88-f1d3-4eb4-abaf-ff089b64e39d"
},
{
"type": "text",
"object_relation": "weakness-abs",
"value": "Base",
"category": "Other",
"comment": "CVE-2018-14847: Enriched via the cve_advanced module",
"uuid": "f95859a8-8782-49cc-926d-29bdfc342882"
}
],
"x_misp_comment": "CVE-2018-14847: Enriched via the cve_advanced module",
"x_misp_meta_category": "vulnerability",
"x_misp_name": "weakness"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2c32d7a1-0ef5-4766-b99e-66bfc82a131e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:39:48.000Z",
"modified": "2021-09-17T13:39:48.000Z",
"name": "Manipulating\u00a0Web\u00a0Input\u00a0to\u00a0File\u00a0System\u00a0Calls",
"description": "An\u00a0attacker\u00a0manipulates\u00a0inputs\u00a0to\u00a0the\u00a0target\u00a0software\u00a0which\u00a0the\u00a0target\u00a0software\u00a0passes\u00a0to\u00a0file\u00a0system\u00a0calls\u00a0in\u00a0the\u00a0OS.\u00a0The\u00a0goal\u00a0is\u00a0to\u00a0gain\u00a0access\u00a0to,\u00a0and\u00a0perhaps\u00a0modify,\u00a0areas\u00a0of\u00a0the\u00a0file\u00a0system\u00a0that\u00a0the\u00a0target\u00a0software\u00a0did\u00a0not\u00a0intend\u00a0to\u00a0be\u00a0accessible.",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "vulnerability"
}
],
"labels": [
"misp:name=\"attack-pattern\"",
"misp:meta-category=\"vulnerability\"",
"misp:to_ids=\"False\""
],
"external_references": [
{
"source_name": "capec",
"external_id": "CAPEC-76"
}
],
"x_misp_prerequisites": "Program\u00a0must\u00a0allow\u00a0for\u00a0user\u00a0controlled\u00a0variables\u00a0to\u00a0be\u00a0applied\u00a0directly\u00a0to\u00a0the\u00a0filesystem",
"x_misp_related_weakness": [
"CWE-15",
"CWE-22",
"CWE-23",
"CWE-264",
"CWE-272",
"CWE-285",
"CWE-346",
"CWE-348",
"CWE-59",
"CWE-715",
"CWE-73",
"CWE-74",
"CWE-77"
],
"x_misp_solutions": "Design: Enforce principle of least privilege. Design: Ensure all input is validated, and does not contain file system commands Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands. Design: For interactive user applications, consider if direct file system interface is necessary, instead consider having the application proxy communication. Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables."
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1513a3e0-aad0-4cbe-8921-31e4d2f13eec",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:39:48.000Z",
"modified": "2021-09-17T13:39:48.000Z",
"name": "Using\u00a0Slashes\u00a0and\u00a0URL\u00a0Encoding\u00a0Combined\u00a0to\u00a0Bypass\u00a0Validation\u00a0Logic",
"description": "This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple ways of encoding a URL and abuse the interpretation of the URL. A URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (\\\\%HEX-CODE). For instance US-ASCII space character would be represented with \\\\%20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "vulnerability"
}
],
"labels": [
"misp:name=\"attack-pattern\"",
"misp:meta-category=\"vulnerability\"",
"misp:to_ids=\"False\""
],
"external_references": [
{
"source_name": "capec",
"external_id": "CAPEC-64"
}
],
"x_misp_prerequisites": "The\u00a0application\u00a0accepts\u00a0and\u00a0decodes\u00a0URL\u00a0string\u00a0request.\u00a0The\u00a0application\u00a0performs\u00a0insufficient\u00a0filtering/canonicalization\u00a0on\u00a0the\u00a0URLs.",
"x_misp_related_weakness": [
"CWE-171",
"CWE-172",
"CWE-173",
"CWE-177",
"CWE-20",
"CWE-21",
"CWE-22",
"CWE-697",
"CWE-707",
"CWE-73",
"CWE-74"
],
"x_misp_solutions": "Assume all input is malicious. Create a white list that defines all valid input to the software system based on the requirements specifications. Input that does not match against the white list should not be permitted to enter into the system. Test your decoding process against malicious input. Be aware of the threat of alternative method of data encoding and obfuscation technique such as IP address encoding. When client input is required from web-based forms, avoid using the \\\\\"GET\\\\\" method to submit data, as the method causes the form data to be appended to the URL and is easily manipulated. Instead, use the \\\\\"POST method whenever possible. Any security checks should occur after the data has been decoded and validated as correct data format. Do not repeat decoding process, if bad character are left after decoding process, treat the data as suspicious, and fail the validation process. Refer to the RFCs to safely decode URL. Regular expression can be used to match safe URL patterns. However, that may discard valid URL requests if the regular expression is too restrictive. There are tools to scan HTTP requests to the server for valid URL such as URLScan from Microsoft (http://www.microsoft.com/technet/security/tools/urlscan.mspx)."
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3bdfd1d2-3683-4632-90cf-e9680f17a475",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:39:48.000Z",
"modified": "2021-09-17T13:39:48.000Z",
"name": "Using\u00a0Escaped\u00a0Slashes\u00a0in\u00a0Alternate\u00a0Encoding",
"description": "This\u00a0attack\u00a0targets\u00a0the\u00a0use\u00a0of\u00a0the\u00a0backslash\u00a0in\u00a0alternate\u00a0encoding.\u00a0An\u00a0attacker\u00a0can\u00a0provide\u00a0a\u00a0backslash\u00a0as\u00a0a\u00a0leading\u00a0character\u00a0and\u00a0causes\u00a0a\u00a0parser\u00a0to\u00a0believe\u00a0that\u00a0the\u00a0next\u00a0character\u00a0is\u00a0special.\u00a0This\u00a0is\u00a0called\u00a0an\u00a0escape.\u00a0By\u00a0using\u00a0that\u00a0trick,\u00a0the\u00a0attacker\u00a0tries\u00a0to\u00a0exploit\u00a0alternate\u00a0ways\u00a0to\u00a0encode\u00a0the\u00a0same\u00a0character\u00a0which\u00a0leads\u00a0to\u00a0filter\u00a0problems\u00a0and\u00a0opens\u00a0avenues\u00a0to\u00a0attack.",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "vulnerability"
}
],
"labels": [
"misp:name=\"attack-pattern\"",
"misp:meta-category=\"vulnerability\"",
"misp:to_ids=\"False\""
],
"external_references": [
{
"source_name": "capec",
"external_id": "CAPEC-78"
}
],
"x_misp_prerequisites": "The\u00a0application\u00a0accepts\u00a0the\u00a0backlash\u00a0character\u00a0as\u00a0escape\u00a0character.\u00a0The\u00a0application\u00a0server\u00a0does\u00a0incomplete\u00a0input\u00a0data\u00a0decoding,\u00a0filtering\u00a0and\u00a0validation.",
"x_misp_related_weakness": [
"CWE-171",
"CWE-172",
"CWE-173",
"CWE-180",
"CWE-181",
"CWE-20",
"CWE-21",
"CWE-22",
"CWE-697",
"CWE-707",
"CWE-73",
"CWE-74"
],
"x_misp_solutions": "Verify that the user-supplied data does not use backslash character to escape malicious characters. Assume all input is malicious. Create a white list that defines all valid input to the software system based on the requirements specifications. Input that does not match against the white list should not be permitted to enter into the system. Be aware of the threat of alternative method of data encoding. Regular expressions can be used to filter out backslash. Make sure you decode before filtering and validating the untrusted input data. In the case of path traversals, use the principle of least privilege when determining access rights to file systems. Do not allow users to access directories/files that they should not access. Any security checks should occur after the data has been decoded and validated as correct data format. Do not repeat decoding process, if bad character are left after decoding process, treat the data as suspicious, and fail the validation process. Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--6a9c3d31-bacd-482e-bc23-84d66588dcf9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:39:48.000Z",
"modified": "2021-09-17T13:39:48.000Z",
"name": "Path\u00a0Traversal",
"description": "An adversary uses path manipulation methods to exploit insufficient input validation of a target to obtain access to data that should be not be retrievable by ordinary well-formed requests. A typical variety of this attack involves specifying a path to a desired file together with dot-dot-slash characters, resulting in the file access API or function traversing out of the intended directory structure and into the root file system. By replacing or modifying the expected path information the access function or API retrieves the file desired by the attacker. These attacks either involve the attacker providing a complete path to a targeted file or using control characters (e.g. path separators (/ or \\\\) and/or dots (.)) to reach desired directories or files.",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "vulnerability"
}
],
"labels": [
"misp:name=\"attack-pattern\"",
"misp:meta-category=\"vulnerability\"",
"misp:to_ids=\"False\""
],
"external_references": [
{
"source_name": "capec",
"external_id": "CAPEC-126"
}
],
"x_misp_prerequisites": "The\u00a0attacker\u00a0must\u00a0be\u00a0able\u00a0to\u00a0control\u00a0the\u00a0path\u00a0that\u00a0is\u00a0requested\u00a0of\u00a0the\u00a0target.\u00a0The\u00a0target\u00a0must\u00a0fail\u00a0to\u00a0adequately\u00a0sanitize\u00a0incoming\u00a0paths",
"x_misp_related_weakness": "CWE-22",
"x_misp_solutions": "Design: Configure the access control correctly. Design: Enforce principle of least privilege. Design: Execute programs with constrained privileges, so parent process does not open up further vulnerabilities. Ensure that all directories, temporary directories and files, and memory are executing with limited privileges to protect against remote execution. Design: Input validation. Assume that user inputs are malicious. Utilize strict type, character, and encoding enforcement. Design: Proxy communication to host, so that communications are terminated at the proxy, sanitizing the requests before forwarding to server host. Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands. Implementation: Host integrity monitoring for critical files, directories, and processes. The goal of host integrity monitoring is to be aware when a security issue has occurred so that incident response and other forensic activities can begin. Implementation: Perform input validation for all remote content, including remote and user-generated content. Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables. Implementation: Use indirect references rather than actual file names. Implementation: Use possible permissions on file access when developing and deploying web applications. Implementation: Validate user input by only accepting known good. Ensure all content that is delivered to client is sanitized against an acceptable content specification -- whitelisting approach."
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5dce48e2-0166-4068-ab6c-b78bbcb6bfd7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:39:48.000Z",
"modified": "2021-09-17T13:39:48.000Z",
"name": "Using\u00a0Slashes\u00a0in\u00a0Alternate\u00a0Encoding",
"description": "This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "vulnerability"
}
],
"labels": [
"misp:name=\"attack-pattern\"",
"misp:meta-category=\"vulnerability\"",
"misp:to_ids=\"False\""
],
"external_references": [
{
"source_name": "capec",
"external_id": "CAPEC-79"
}
],
"x_misp_prerequisites": "The\u00a0application\u00a0server\u00a0accepts\u00a0paths\u00a0to\u00a0locate\u00a0resources.\u00a0The\u00a0application\u00a0server\u00a0does\u00a0insufficient\u00a0input\u00a0data\u00a0validation\u00a0on\u00a0the\u00a0resource\u00a0path\u00a0requested\u00a0by\u00a0the\u00a0user.\u00a0The\u00a0access\u00a0right\u00a0to\u00a0resources\u00a0are\u00a0not\u00a0set\u00a0properly.",
"x_misp_related_weakness": [
"CWE-171",
"CWE-173",
"CWE-180",
"CWE-181",
"CWE-185",
"CWE-20",
"CWE-200",
"CWE-21",
"CWE-22",
"CWE-697",
"CWE-707",
"CWE-73",
"CWE-74"
],
"x_misp_solutions": "Any security checks should occur after the data has been decoded and validated as correct data format. Do not repeat decoding process, if bad character are left after decoding process, treat the data as suspicious, and fail the validation process. Refer to the RFCs to safely decode URL. When client input is required from web-based forms, avoid using the \\\\\"GET\\\\\" method to submit data, as the method causes the form data to be appended to the URL and is easily manipulated. Instead, use the \\\\\"POST method whenever possible. There are tools to scan HTTP requests to the server for valid URL such as URLScan from Microsoft (http://www.microsoft.com/technet/security/tools/urlscan.mspx) Be aware of the threat of alternative method of data encoding and obfuscation technique such as IP address encoding. (See related guideline section) Test your path decoding process against malicious input. In the case of path traversals, use the principle of least privilege when determining access rights to file systems. Do not allow users to access directories/files that they should not access. Assume all input is malicious. Create a white list that defines all valid input to the application based on the requirements specifications. Input that does not match against the white list should not be permitted to enter into the system."
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a5a78771-a4a8-4d0a-90ed-3befdac44d28",
"created": "2021-09-17T13:39:49.000Z",
"modified": "2021-09-17T13:39:49.000Z",
"relationship_type": "related-to",
"source_ref": "vulnerability--fbe50800-b395-4729-b61e-b130daf4cc3a",
"target_ref": "vulnerability--011de3df-a2c3-45eb-962c-c1b3b175d7ef"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--15f2b820-1883-4b2c-abec-ed83973a1315",
"created": "2021-09-17T13:39:49.000Z",
"modified": "2021-09-17T13:39:49.000Z",
"relationship_type": "weakened-by",
"source_ref": "vulnerability--fbe50800-b395-4729-b61e-b130daf4cc3a",
"target_ref": "x-misp-object--67abd9da-57af-458b-b408-03c6d57f0fe8"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b449189f-730d-4b02-be82-8db515f83810",
"created": "2021-09-17T13:39:49.000Z",
"modified": "2021-09-17T13:39:49.000Z",
"relationship_type": "targeted-by",
"source_ref": "vulnerability--fbe50800-b395-4729-b61e-b130daf4cc3a",
"target_ref": "attack-pattern--2c32d7a1-0ef5-4766-b99e-66bfc82a131e"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--296b0ff4-02ba-4c27-bb10-6ac28fa7ebe6",
"created": "2021-09-17T13:39:49.000Z",
"modified": "2021-09-17T13:39:49.000Z",
"relationship_type": "targeted-by",
"source_ref": "vulnerability--fbe50800-b395-4729-b61e-b130daf4cc3a",
"target_ref": "attack-pattern--1513a3e0-aad0-4cbe-8921-31e4d2f13eec"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0273e28a-1047-40d2-85de-1de6014d3e3e",
"created": "2021-09-17T13:39:49.000Z",
"modified": "2021-09-17T13:39:49.000Z",
"relationship_type": "targeted-by",
"source_ref": "vulnerability--fbe50800-b395-4729-b61e-b130daf4cc3a",
"target_ref": "attack-pattern--3bdfd1d2-3683-4632-90cf-e9680f17a475"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--29d81bd0-054f-4c00-ae46-1f46d4b56fa7",
"created": "2021-09-17T13:39:49.000Z",
"modified": "2021-09-17T13:39:49.000Z",
"relationship_type": "targeted-by",
"source_ref": "vulnerability--fbe50800-b395-4729-b61e-b130daf4cc3a",
"target_ref": "attack-pattern--6a9c3d31-bacd-482e-bc23-84d66588dcf9"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a4b0318c-1576-48d1-b42e-abc8bd87ff5c",
"created": "2021-09-17T13:39:49.000Z",
"modified": "2021-09-17T13:39:49.000Z",
"relationship_type": "targeted-by",
"source_ref": "vulnerability--fbe50800-b395-4729-b61e-b130daf4cc3a",
"target_ref": "attack-pattern--5dce48e2-0166-4068-ab6c-b78bbcb6bfd7"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}