misp-circl-feed/feeds/circl/misp/159de01c-e6db-46c9-98a2-5434584086d5.json

1862 lines
No EOL
104 KiB
JSON

{
"type": "bundle",
"id": "bundle--159de01c-e6db-46c9-98a2-5434584086d5",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:51:53.000Z",
"modified": "2021-09-17T13:51:53.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--159de01c-e6db-46c9-98a2-5434584086d5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:51:53.000Z",
"modified": "2021-09-17T13:51:53.000Z",
"name": "OSINT - M\u0113ris botnet",
"published": "2021-09-17T13:54:49Z",
"object_refs": [
"vulnerability--011de3df-a2c3-45eb-962c-c1b3b175d7ef",
"indicator--73c570b9-2d03-4ca9-a3cc-b96da56751f4",
"indicator--c7a3b859-87a5-485c-b7b0-aff69f0bc206",
"indicator--d199cfa2-b088-4b90-8cdb-b144f75848e5",
"indicator--cf93b08c-a939-4a6c-9b59-c0273d1bb08f",
"indicator--c04208cd-deef-4b3b-ab10-ad0b8c59df89",
"indicator--e7802262-7472-429c-949f-00e89eafbf45",
"indicator--94179cca-3b39-4162-84c2-8052a82480d9",
"indicator--b1641012-b3bf-4fef-b114-92aadfd04d6a",
"indicator--4f1b2dea-ffc1-4612-869a-829510d13822",
"indicator--fc34b64c-4a11-4883-85e9-0d7f2a9ed85c",
"indicator--2878a192-1455-46f0-a1bd-bf2c10ced867",
"indicator--90886d99-befd-494b-8ba1-f3c5b297feed",
"indicator--ca840caa-6de2-4618-8790-9e99ca2ccee1",
"indicator--2abd777a-3a71-40c1-a27c-5be603aba1f3",
"indicator--ab1b5211-53dc-403c-b0ed-a41eb382fd9c",
"indicator--7caac35d-5579-46bb-bb87-c111e3c8b258",
"indicator--672981d6-fc33-40c6-a3db-92fcd844fce7",
"indicator--2e167e49-8564-4128-9e32-f084e3d5a750",
"indicator--6f025b5b-2655-4368-b194-ae2c224ac0f5",
"indicator--bd673ac0-55e6-4edd-bfd1-171fbb0aa077",
"indicator--6e727c20-da03-4fb2-a357-a1223f4e9067",
"indicator--9a9b2967-a6d2-469e-b683-b8845e7d3df7",
"indicator--4d145ae3-5e53-4061-a68a-5210f510c7a2",
"indicator--a22eed53-1dab-4ef6-98e8-ac2ba047b43a",
"indicator--ca3dec5c-c406-49f1-85d0-66ec251cceb4",
"indicator--44052282-39f9-4825-a735-1f54f5913bdd",
"indicator--8e5cdede-1aa5-4927-b99c-19fd7d122092",
"indicator--0b2084e4-2a92-437a-a13f-35abd6bb9fc6",
"indicator--b9ddce0b-57f9-4c96-925f-5c4e3ce1b981",
"indicator--2b01fe88-a6fc-48bc-b248-9a3eaa7f93f9",
"indicator--d0ca604f-307a-4269-9f0c-09a52d880c32",
"indicator--ec304186-8965-4cf5-9d27-382096d582a5",
"indicator--cf03653c-f123-433b-8941-169aa0fec221",
"indicator--eb9ee3ea-db97-46ab-973e-8af9db353d6a",
"indicator--5cdf0ae4-c1dd-41f9-94f1-ca4138507613",
"indicator--7e5783ac-8508-445e-9ce6-c84b70556eeb",
"indicator--2159c1c8-1508-41ef-89c7-ac3e74306ad2",
"vulnerability--fbe50800-b395-4729-b61e-b130daf4cc3a",
"x-misp-object--67abd9da-57af-458b-b408-03c6d57f0fe8",
"attack-pattern--2c32d7a1-0ef5-4766-b99e-66bfc82a131e",
"attack-pattern--1513a3e0-aad0-4cbe-8921-31e4d2f13eec",
"attack-pattern--3bdfd1d2-3683-4632-90cf-e9680f17a475",
"attack-pattern--6a9c3d31-bacd-482e-bc23-84d66588dcf9",
"attack-pattern--5dce48e2-0166-4068-ab6c-b78bbcb6bfd7",
"note--7c631993-debc-47d3-a1a5-066d6ede545e",
"relationship--92cead3e-2a72-48e4-8da3-b3c9f6d45104",
"relationship--16279775-25cb-40a3-bca1-147aa0d13bdb",
"relationship--fe28e93e-e9f8-4f70-a97d-bb389b6294ad",
"relationship--051022a1-e040-4530-aa98-d99d968a49b7",
"relationship--fbd6b109-b266-4d5c-a94e-7de7d474555f",
"relationship--48dae0bb-d2e9-41ae-acce-16448d3643f8",
"relationship--31749436-344f-4e16-bf3e-463b3ecdf6e7"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--011de3df-a2c3-45eb-962c-c1b3b175d7ef",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:31:34.000Z",
"modified": "2021-09-17T13:31:34.000Z",
"name": "CVE-2018-14847",
"labels": [
"misp:type=\"vulnerability\"",
"misp:category=\"Payload delivery\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2018-14847"
}
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--73c570b9-2d03-4ca9-a3cc-b96da56751f4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:31:44.000Z",
"modified": "2021-09-17T13:31:44.000Z",
"pattern": "[domain-name:value = '1abcnews.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:31:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c7a3b859-87a5-485c-b7b0-aff69f0bc206",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:32:37.000Z",
"modified": "2021-09-17T13:32:37.000Z",
"pattern": "[domain-name:value = '1awesome.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:32:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d199cfa2-b088-4b90-8cdb-b144f75848e5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:32:46.000Z",
"modified": "2021-09-17T13:32:46.000Z",
"pattern": "[domain-name:value = 'bestmade.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:32:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cf93b08c-a939-4a6c-9b59-c0273d1bb08f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:32:54.000Z",
"modified": "2021-09-17T13:32:54.000Z",
"pattern": "[domain-name:value = '7standby.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:32:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c04208cd-deef-4b3b-ab10-ad0b8c59df89",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:33:30.000Z",
"modified": "2021-09-17T13:33:30.000Z",
"pattern": "[domain-name:value = 'audiomain.website']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:33:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e7802262-7472-429c-949f-00e89eafbf45",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:33:35.000Z",
"modified": "2021-09-17T13:33:35.000Z",
"pattern": "[domain-name:value = 'bestony.club']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:33:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--94179cca-3b39-4162-84c2-8052a82480d9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:34:27.000Z",
"modified": "2021-09-17T13:34:27.000Z",
"pattern": "[domain-name:value = 'fanmusic.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:34:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b1641012-b3bf-4fef-b114-92aadfd04d6a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:34:32.000Z",
"modified": "2021-09-17T13:34:32.000Z",
"pattern": "[domain-name:value = 'dartspeak.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:34:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4f1b2dea-ffc1-4612-869a-829510d13822",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:34:38.000Z",
"modified": "2021-09-17T13:34:38.000Z",
"pattern": "[domain-name:value = 'cloudsond.me']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:34:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fc34b64c-4a11-4883-85e9-0d7f2a9ed85c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:34:42.000Z",
"modified": "2021-09-17T13:34:42.000Z",
"pattern": "[domain-name:value = 'ciskotik.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:34:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2878a192-1455-46f0-a1bd-bf2c10ced867",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:34:47.000Z",
"modified": "2021-09-17T13:34:47.000Z",
"pattern": "[domain-name:value = 'gamedate.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:34:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--90886d99-befd-494b-8ba1-f3c5b297feed",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:34:53.000Z",
"modified": "2021-09-17T13:34:53.000Z",
"pattern": "[domain-name:value = 'globalmoby.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:34:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ca840caa-6de2-4618-8790-9e99ca2ccee1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:35:10.000Z",
"modified": "2021-09-17T13:35:10.000Z",
"pattern": "[domain-name:value = 'hitsmoby.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:35:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2abd777a-3a71-40c1-a27c-5be603aba1f3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:35:18.000Z",
"modified": "2021-09-17T13:35:18.000Z",
"pattern": "[domain-name:value = 'massgames.space']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:35:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ab1b5211-53dc-403c-b0ed-a41eb382fd9c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:35:28.000Z",
"modified": "2021-09-17T13:35:28.000Z",
"pattern": "[domain-name:value = 'mobstore.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:35:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7caac35d-5579-46bb-bb87-c111e3c8b258",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:35:34.000Z",
"modified": "2021-09-17T13:35:34.000Z",
"pattern": "[domain-name:value = 'motinkon.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:35:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--672981d6-fc33-40c6-a3db-92fcd844fce7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:35:40.000Z",
"modified": "2021-09-17T13:35:40.000Z",
"pattern": "[domain-name:value = 'my1story.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:35:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2e167e49-8564-4128-9e32-f084e3d5a750",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:35:47.000Z",
"modified": "2021-09-17T13:35:47.000Z",
"pattern": "[domain-name:value = 'myfrance.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:35:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6f025b5b-2655-4368-b194-ae2c224ac0f5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:35:52.000Z",
"modified": "2021-09-17T13:35:52.000Z",
"pattern": "[domain-name:value = 'portgame.website']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:35:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bd673ac0-55e6-4edd-bfd1-171fbb0aa077",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:35:58.000Z",
"modified": "2021-09-17T13:35:58.000Z",
"pattern": "[domain-name:value = 'phonemus.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:35:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6e727c20-da03-4fb2-a357-a1223f4e9067",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:03.000Z",
"modified": "2021-09-17T13:36:03.000Z",
"pattern": "[domain-name:value = 'senourth.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9a9b2967-a6d2-469e-b683-b8845e7d3df7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:08.000Z",
"modified": "2021-09-17T13:36:08.000Z",
"pattern": "[domain-name:value = 'sitestory.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4d145ae3-5e53-4061-a68a-5210f510c7a2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:14.000Z",
"modified": "2021-09-17T13:36:14.000Z",
"pattern": "[domain-name:value = 'spacewb.tech']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a22eed53-1dab-4ef6-98e8-ac2ba047b43a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:17.000Z",
"modified": "2021-09-17T13:36:17.000Z",
"pattern": "[domain-name:value = 'specialword.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ca3dec5c-c406-49f1-85d0-66ec251cceb4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:21.000Z",
"modified": "2021-09-17T13:36:21.000Z",
"pattern": "[domain-name:value = 'spgames.site']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--44052282-39f9-4825-a735-1f54f5913bdd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:26.000Z",
"modified": "2021-09-17T13:36:26.000Z",
"pattern": "[domain-name:value = 'strtbiz.site']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8e5cdede-1aa5-4927-b99c-19fd7d122092",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:30.000Z",
"modified": "2021-09-17T13:36:30.000Z",
"pattern": "[domain-name:value = 'takebad1.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0b2084e4-2a92-437a-a13f-35abd6bb9fc6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:35.000Z",
"modified": "2021-09-17T13:36:35.000Z",
"pattern": "[domain-name:value = 'tryphptoday.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b9ddce0b-57f9-4c96-925f-5c4e3ce1b981",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:39.000Z",
"modified": "2021-09-17T13:36:39.000Z",
"pattern": "[domain-name:value = 'wchampmuse.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2b01fe88-a6fc-48bc-b248-9a3eaa7f93f9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:43.000Z",
"modified": "2021-09-17T13:36:43.000Z",
"pattern": "[domain-name:value = 'weirdgames.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d0ca604f-307a-4269-9f0c-09a52d880c32",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:47.000Z",
"modified": "2021-09-17T13:36:47.000Z",
"pattern": "[domain-name:value = 'widechanges.best']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ec304186-8965-4cf5-9d27-382096d582a5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:51.000Z",
"modified": "2021-09-17T13:36:51.000Z",
"pattern": "[domain-name:value = 'zancetom.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cf03653c-f123-433b-8941-169aa0fec221",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:36:58.000Z",
"modified": "2021-09-17T13:36:58.000Z",
"pattern": "[domain-name:value = 'gamesone.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:36:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--eb9ee3ea-db97-46ab-973e-8af9db353d6a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:37:02.000Z",
"modified": "2021-09-17T13:37:02.000Z",
"pattern": "[domain-name:value = 'mobigifs.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:37:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cdf0ae4-c1dd-41f9-94f1-ca4138507613",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:37:05.000Z",
"modified": "2021-09-17T13:37:05.000Z",
"pattern": "[domain-name:value = 'picsgifs.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:37:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7e5783ac-8508-445e-9ce6-c84b70556eeb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:37:10.000Z",
"modified": "2021-09-17T13:37:10.000Z",
"pattern": "[domain-name:value = 'onlinegt.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:37:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2159c1c8-1508-41ef-89c7-ac3e74306ad2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:37:13.000Z",
"modified": "2021-09-17T13:37:13.000Z",
"pattern": "[domain-name:value = 'myphotos.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2021-09-17T13:37:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--fbe50800-b395-4729-b61e-b130daf4cc3a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:39:43.000Z",
"modified": "2021-09-17T13:39:43.000Z",
"name": "CVE-2018-14847",
"description": "MikroTik\u00a0RouterOS\u00a0through\u00a06.42\u00a0allows\u00a0unauthenticated\u00a0remote\u00a0attackers\u00a0to\u00a0read\u00a0arbitrary\u00a0files\u00a0and\u00a0remote\u00a0authenticated\u00a0attackers\u00a0to\u00a0write\u00a0arbitrary\u00a0files\u00a0due\u00a0to\u00a0a\u00a0directory\u00a0traversal\u00a0vulnerability\u00a0in\u00a0the\u00a0WinBox\u00a0interface.",
"labels": [
"misp:name=\"vulnerability\"",
"misp:meta-category=\"vulnerability\"",
"misp:to_ids=\"False\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2018-14847"
},
{
"source_name": "url",
"url": "https://github.com/BasuCert/WinboxPoC"
},
{
"source_name": "url",
"url": "https://github.com/BigNerd95/WinboxExploit"
},
{
"source_name": "url",
"url": "https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf"
},
{
"source_name": "url",
"url": "https://github.com/tenable/routeros/tree/master/poc/bytheway"
},
{
"source_name": "url",
"url": "https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847"
},
{
"source_name": "url",
"url": "https://n0p.me/winbox-bug-dissection/"
},
{
"source_name": "url",
"url": "https://www.exploit-db.com/exploits/45578/"
}
],
"x_misp_cvss_score": "6.4",
"x_misp_modified": "2019-03-07T14:12:00+00:00",
"x_misp_published": "2018-08-02T07:29:00+00:00",
"x_misp_state": "Published",
"x_misp_vulnerable_configuration": [
"cpe:2.3:o:mikrotik:routeros:-:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:3.30:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:3.30:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:4.10:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:4.10:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:4.17:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:4.17:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:4.17:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.0:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.0:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.7:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.7:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.7:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.8:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.8:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.8:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.9:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.9:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.9:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.11:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.11:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.11:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.12:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.12:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.12:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.13:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.13:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.13:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.14:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.14:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.14:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.15:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.15:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.16:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.16:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.16:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.17:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.17:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.17:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.18:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.18:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.18:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.19:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.19:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.19:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.20:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.20:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.20:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.21:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.21:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.21:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.22:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.22:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.22:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.23:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.23:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.23:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.24:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.24:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.24:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.25:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.25:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.25:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.26:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:5.26:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.0:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.0:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.2:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.3:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.3:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.3:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.4:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.4:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.4:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.5:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.5:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.5:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.6:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.6:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.6:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.7:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.7:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.7:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.9:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.9:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.9:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.10:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.10:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.10:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.11:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.11:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.11:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.12:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.12:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.12:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.13:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.13:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.13:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.14:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.14:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.14:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.15:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.15:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.15:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.16:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.16:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.16:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.17:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.17:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.17:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.18:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.18:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.18:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.19:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.19:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.19:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.20:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.20:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.20:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.21.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.21.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.21.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.22:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.22:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.22:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.23:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.23:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.23:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.24:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.24:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.24:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.25:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.25:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.25:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.26:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.26:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.26:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.27:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.27:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.27:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.28:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.28:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.28:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.29:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.29:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.29:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.29.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.29.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.29.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.30:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.30:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.30:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.30.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.30.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.30.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.30.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.30.4:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.30.4:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.32.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.32.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.32.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.32.2:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.32.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.32.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.32.3:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.32.3:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.32.4:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.32.4:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.2:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.3:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.3:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.3:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.5:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.5:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.5:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.6:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.6:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.33.6:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.2:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.3:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.3:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.3:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.4:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.4:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.4:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.5:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.5:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.6:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.34.6:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35:rc12:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35:rc19:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35:rc2:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35:rc3:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35.2:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35.4:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35.4:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.35.4:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc10:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc11:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc12:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc13:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc16:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc19:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc20:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc3:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc4:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc6:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc8:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36:rc9:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36.2:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36.3:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36.3:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36.3:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36.4:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.36.4:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc10:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc11:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc12:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc13:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc15:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc16:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc19:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc24:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc26:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc27:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc30:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc36:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc38:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc4:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc40:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37:rc5:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.2:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.3:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.3:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.3:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.4:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.4:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.5:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.37.5:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38:rc15:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38:rc19:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38:rc35:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38:rc37:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38:rc44:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38:rc45:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38:rc46:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38:rc9:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.2:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.3:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.3:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.3:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.4:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.4:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.4:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.5:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.5:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.5:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.7:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.38.7:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.39:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.39:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.39:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.39.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.39.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.39.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.39.2:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.39.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.39.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.39.3:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.39.3:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40:rc15:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40:rc20:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40:rc28:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40:rc32:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40:rc36:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40:rc38:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40:rc6:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.2:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.3:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.3:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.3:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.4:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.4:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.4:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.5:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.5:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.5:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.6:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.6:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.7:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.7:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.8:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.8:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.9:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.40.9:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc17:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc18:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc26:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc28:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc30:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc31:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc32:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc34:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc37:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc38:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc4:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc44:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc47:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc50:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc52:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc56:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc6:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc61:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc66:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41:rc9:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.1:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.1:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.1:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.2:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.2:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.2:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.3:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.3:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.3:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.4:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.4:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.41.4:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:*:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:*:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:*:*:*:ltr:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc11:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc11:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc11:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc12:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc12:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc12:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc14:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc14:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc14:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc15:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc15:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc15:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc18:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc18:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc18:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc2:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc2:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc2:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc20:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc20:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc20:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc23:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc23:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc23:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc24:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc24:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc24:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc27:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc27:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc27:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc28:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc28:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc28:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc30:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc30:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc30:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc35:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc35:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc35:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc37:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc37:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc37:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc39:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc39:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc39:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc41:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc41:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc41:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc43:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc43:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc43:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc46:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc46:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc46:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc48:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc48:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc48:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc49:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc49:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc49:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc5:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc5:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc5:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc52:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc52:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc52:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc56:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc56:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc56:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc6:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc6:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc6:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc9:*:*:*:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc9:*:*:-:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc9:*:*:testing:*:*:*",
"cpe:2.3:o:mikrotik:routeros:6.42:rc9_:*:*:testing:*:*:*"
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--67abd9da-57af-458b-b408-03c6d57f0fe8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:39:48.000Z",
"modified": "2021-09-17T13:39:48.000Z",
"labels": [
"misp:name=\"weakness\"",
"misp:meta-category=\"vulnerability\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": "Improper\u00a0Limitation\u00a0of\u00a0a\u00a0Pathname\u00a0to\u00a0a\u00a0Restricted\u00a0Directory\u00a0('Path\u00a0Traversal')",
"category": "Other",
"comment": "CVE-2018-14847: Enriched via the cve_advanced module",
"uuid": "98b79b3a-1c36-4f10-9cff-82ddac9f7763"
},
{
"type": "text",
"object_relation": "status",
"value": "Stable",
"category": "Other",
"comment": "CVE-2018-14847: Enriched via the cve_advanced module",
"uuid": "797d6b88-f1d3-4eb4-abaf-ff089b64e39d"
},
{
"type": "text",
"object_relation": "weakness-abs",
"value": "Base",
"category": "Other",
"comment": "CVE-2018-14847: Enriched via the cve_advanced module",
"uuid": "f95859a8-8782-49cc-926d-29bdfc342882"
}
],
"x_misp_comment": "CVE-2018-14847: Enriched via the cve_advanced module",
"x_misp_meta_category": "vulnerability",
"x_misp_name": "weakness"
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2c32d7a1-0ef5-4766-b99e-66bfc82a131e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:39:48.000Z",
"modified": "2021-09-17T13:39:48.000Z",
"name": "Manipulating\u00a0Web\u00a0Input\u00a0to\u00a0File\u00a0System\u00a0Calls",
"description": "An\u00a0attacker\u00a0manipulates\u00a0inputs\u00a0to\u00a0the\u00a0target\u00a0software\u00a0which\u00a0the\u00a0target\u00a0software\u00a0passes\u00a0to\u00a0file\u00a0system\u00a0calls\u00a0in\u00a0the\u00a0OS.\u00a0The\u00a0goal\u00a0is\u00a0to\u00a0gain\u00a0access\u00a0to,\u00a0and\u00a0perhaps\u00a0modify,\u00a0areas\u00a0of\u00a0the\u00a0file\u00a0system\u00a0that\u00a0the\u00a0target\u00a0software\u00a0did\u00a0not\u00a0intend\u00a0to\u00a0be\u00a0accessible.",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "vulnerability"
}
],
"labels": [
"misp:name=\"attack-pattern\"",
"misp:meta-category=\"vulnerability\"",
"misp:to_ids=\"False\""
],
"external_references": [
{
"source_name": "capec",
"external_id": "CAPEC-76"
}
],
"x_misp_prerequisites": "Program\u00a0must\u00a0allow\u00a0for\u00a0user\u00a0controlled\u00a0variables\u00a0to\u00a0be\u00a0applied\u00a0directly\u00a0to\u00a0the\u00a0filesystem",
"x_misp_related_weakness": [
"CWE-15",
"CWE-22",
"CWE-23",
"CWE-264",
"CWE-272",
"CWE-285",
"CWE-346",
"CWE-348",
"CWE-59",
"CWE-715",
"CWE-73",
"CWE-74",
"CWE-77"
],
"x_misp_solutions": "Design: Enforce principle of least privilege. Design: Ensure all input is validated, and does not contain file system commands Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands. Design: For interactive user applications, consider if direct file system interface is necessary, instead consider having the application proxy communication. Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables."
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1513a3e0-aad0-4cbe-8921-31e4d2f13eec",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:39:48.000Z",
"modified": "2021-09-17T13:39:48.000Z",
"name": "Using\u00a0Slashes\u00a0and\u00a0URL\u00a0Encoding\u00a0Combined\u00a0to\u00a0Bypass\u00a0Validation\u00a0Logic",
"description": "This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple ways of encoding a URL and abuse the interpretation of the URL. A URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (\\\\%HEX-CODE). For instance US-ASCII space character would be represented with \\\\%20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "vulnerability"
}
],
"labels": [
"misp:name=\"attack-pattern\"",
"misp:meta-category=\"vulnerability\"",
"misp:to_ids=\"False\""
],
"external_references": [
{
"source_name": "capec",
"external_id": "CAPEC-64"
}
],
"x_misp_prerequisites": "The\u00a0application\u00a0accepts\u00a0and\u00a0decodes\u00a0URL\u00a0string\u00a0request.\u00a0The\u00a0application\u00a0performs\u00a0insufficient\u00a0filtering/canonicalization\u00a0on\u00a0the\u00a0URLs.",
"x_misp_related_weakness": [
"CWE-171",
"CWE-172",
"CWE-173",
"CWE-177",
"CWE-20",
"CWE-21",
"CWE-22",
"CWE-697",
"CWE-707",
"CWE-73",
"CWE-74"
],
"x_misp_solutions": "Assume all input is malicious. Create a white list that defines all valid input to the software system based on the requirements specifications. Input that does not match against the white list should not be permitted to enter into the system. Test your decoding process against malicious input. Be aware of the threat of alternative method of data encoding and obfuscation technique such as IP address encoding. When client input is required from web-based forms, avoid using the \\\\\"GET\\\\\" method to submit data, as the method causes the form data to be appended to the URL and is easily manipulated. Instead, use the \\\\\"POST method whenever possible. Any security checks should occur after the data has been decoded and validated as correct data format. Do not repeat decoding process, if bad character are left after decoding process, treat the data as suspicious, and fail the validation process. Refer to the RFCs to safely decode URL. Regular expression can be used to match safe URL patterns. However, that may discard valid URL requests if the regular expression is too restrictive. There are tools to scan HTTP requests to the server for valid URL such as URLScan from Microsoft (http://www.microsoft.com/technet/security/tools/urlscan.mspx)."
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3bdfd1d2-3683-4632-90cf-e9680f17a475",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:39:48.000Z",
"modified": "2021-09-17T13:39:48.000Z",
"name": "Using\u00a0Escaped\u00a0Slashes\u00a0in\u00a0Alternate\u00a0Encoding",
"description": "This\u00a0attack\u00a0targets\u00a0the\u00a0use\u00a0of\u00a0the\u00a0backslash\u00a0in\u00a0alternate\u00a0encoding.\u00a0An\u00a0attacker\u00a0can\u00a0provide\u00a0a\u00a0backslash\u00a0as\u00a0a\u00a0leading\u00a0character\u00a0and\u00a0causes\u00a0a\u00a0parser\u00a0to\u00a0believe\u00a0that\u00a0the\u00a0next\u00a0character\u00a0is\u00a0special.\u00a0This\u00a0is\u00a0called\u00a0an\u00a0escape.\u00a0By\u00a0using\u00a0that\u00a0trick,\u00a0the\u00a0attacker\u00a0tries\u00a0to\u00a0exploit\u00a0alternate\u00a0ways\u00a0to\u00a0encode\u00a0the\u00a0same\u00a0character\u00a0which\u00a0leads\u00a0to\u00a0filter\u00a0problems\u00a0and\u00a0opens\u00a0avenues\u00a0to\u00a0attack.",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "vulnerability"
}
],
"labels": [
"misp:name=\"attack-pattern\"",
"misp:meta-category=\"vulnerability\"",
"misp:to_ids=\"False\""
],
"external_references": [
{
"source_name": "capec",
"external_id": "CAPEC-78"
}
],
"x_misp_prerequisites": "The\u00a0application\u00a0accepts\u00a0the\u00a0backlash\u00a0character\u00a0as\u00a0escape\u00a0character.\u00a0The\u00a0application\u00a0server\u00a0does\u00a0incomplete\u00a0input\u00a0data\u00a0decoding,\u00a0filtering\u00a0and\u00a0validation.",
"x_misp_related_weakness": [
"CWE-171",
"CWE-172",
"CWE-173",
"CWE-180",
"CWE-181",
"CWE-20",
"CWE-21",
"CWE-22",
"CWE-697",
"CWE-707",
"CWE-73",
"CWE-74"
],
"x_misp_solutions": "Verify that the user-supplied data does not use backslash character to escape malicious characters. Assume all input is malicious. Create a white list that defines all valid input to the software system based on the requirements specifications. Input that does not match against the white list should not be permitted to enter into the system. Be aware of the threat of alternative method of data encoding. Regular expressions can be used to filter out backslash. Make sure you decode before filtering and validating the untrusted input data. In the case of path traversals, use the principle of least privilege when determining access rights to file systems. Do not allow users to access directories/files that they should not access. Any security checks should occur after the data has been decoded and validated as correct data format. Do not repeat decoding process, if bad character are left after decoding process, treat the data as suspicious, and fail the validation process. Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--6a9c3d31-bacd-482e-bc23-84d66588dcf9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:39:48.000Z",
"modified": "2021-09-17T13:39:48.000Z",
"name": "Path\u00a0Traversal",
"description": "An adversary uses path manipulation methods to exploit insufficient input validation of a target to obtain access to data that should be not be retrievable by ordinary well-formed requests. A typical variety of this attack involves specifying a path to a desired file together with dot-dot-slash characters, resulting in the file access API or function traversing out of the intended directory structure and into the root file system. By replacing or modifying the expected path information the access function or API retrieves the file desired by the attacker. These attacks either involve the attacker providing a complete path to a targeted file or using control characters (e.g. path separators (/ or \\\\) and/or dots (.)) to reach desired directories or files.",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "vulnerability"
}
],
"labels": [
"misp:name=\"attack-pattern\"",
"misp:meta-category=\"vulnerability\"",
"misp:to_ids=\"False\""
],
"external_references": [
{
"source_name": "capec",
"external_id": "CAPEC-126"
}
],
"x_misp_prerequisites": "The\u00a0attacker\u00a0must\u00a0be\u00a0able\u00a0to\u00a0control\u00a0the\u00a0path\u00a0that\u00a0is\u00a0requested\u00a0of\u00a0the\u00a0target.\u00a0The\u00a0target\u00a0must\u00a0fail\u00a0to\u00a0adequately\u00a0sanitize\u00a0incoming\u00a0paths",
"x_misp_related_weakness": "CWE-22",
"x_misp_solutions": "Design: Configure the access control correctly. Design: Enforce principle of least privilege. Design: Execute programs with constrained privileges, so parent process does not open up further vulnerabilities. Ensure that all directories, temporary directories and files, and memory are executing with limited privileges to protect against remote execution. Design: Input validation. Assume that user inputs are malicious. Utilize strict type, character, and encoding enforcement. Design: Proxy communication to host, so that communications are terminated at the proxy, sanitizing the requests before forwarding to server host. Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands. Implementation: Host integrity monitoring for critical files, directories, and processes. The goal of host integrity monitoring is to be aware when a security issue has occurred so that incident response and other forensic activities can begin. Implementation: Perform input validation for all remote content, including remote and user-generated content. Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables. Implementation: Use indirect references rather than actual file names. Implementation: Use possible permissions on file access when developing and deploying web applications. Implementation: Validate user input by only accepting known good. Ensure all content that is delivered to client is sanitized against an acceptable content specification -- whitelisting approach."
},
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5dce48e2-0166-4068-ab6c-b78bbcb6bfd7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:39:48.000Z",
"modified": "2021-09-17T13:39:48.000Z",
"name": "Using\u00a0Slashes\u00a0in\u00a0Alternate\u00a0Encoding",
"description": "This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "vulnerability"
}
],
"labels": [
"misp:name=\"attack-pattern\"",
"misp:meta-category=\"vulnerability\"",
"misp:to_ids=\"False\""
],
"external_references": [
{
"source_name": "capec",
"external_id": "CAPEC-79"
}
],
"x_misp_prerequisites": "The\u00a0application\u00a0server\u00a0accepts\u00a0paths\u00a0to\u00a0locate\u00a0resources.\u00a0The\u00a0application\u00a0server\u00a0does\u00a0insufficient\u00a0input\u00a0data\u00a0validation\u00a0on\u00a0the\u00a0resource\u00a0path\u00a0requested\u00a0by\u00a0the\u00a0user.\u00a0The\u00a0access\u00a0right\u00a0to\u00a0resources\u00a0are\u00a0not\u00a0set\u00a0properly.",
"x_misp_related_weakness": [
"CWE-171",
"CWE-173",
"CWE-180",
"CWE-181",
"CWE-185",
"CWE-20",
"CWE-200",
"CWE-21",
"CWE-22",
"CWE-697",
"CWE-707",
"CWE-73",
"CWE-74"
],
"x_misp_solutions": "Any security checks should occur after the data has been decoded and validated as correct data format. Do not repeat decoding process, if bad character are left after decoding process, treat the data as suspicious, and fail the validation process. Refer to the RFCs to safely decode URL. When client input is required from web-based forms, avoid using the \\\\\"GET\\\\\" method to submit data, as the method causes the form data to be appended to the URL and is easily manipulated. Instead, use the \\\\\"POST method whenever possible. There are tools to scan HTTP requests to the server for valid URL such as URLScan from Microsoft (http://www.microsoft.com/technet/security/tools/urlscan.mspx) Be aware of the threat of alternative method of data encoding and obfuscation technique such as IP address encoding. (See related guideline section) Test your path decoding process against malicious input. In the case of path traversals, use the principle of least privilege when determining access rights to file systems. Do not allow users to access directories/files that they should not access. Assume all input is malicious. Create a white list that defines all valid input to the application based on the requirements specifications. Input that does not match against the white list should not be permitted to enter into the system."
},
{
"type": "note",
"spec_version": "2.1",
"id": "note--7c631993-debc-47d3-a1a5-066d6ede545e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2021-09-17T13:37:43.000Z",
"modified": "2021-09-17T13:37:43.000Z",
"abstract": "Report from - https://blog.mikrotik.com/security/meris-botnet.html (1631882676)",
"content": "# M\u0113ris @[tag](botnet)\r\n\r\n 15th Sep, 2021 | Security In early September 2021 QRATOR labs published an article about a new wave of DDoS attacks, which are originating from a @[tag](botnet) involving MikroTik devices. \r\n\r\n As far as we have seen, these attacks use the same routers that were compromised in 2018, when MikroTik RouterOS had a vulnerability, that was quickly patched. \r\n\r\n There is no new vulnerability in RouterOS and there is no malware hiding inside the RouterOS filesystem even on the affected devices. The attacker is reconfiguring RouterOS devices for remote access, using commands and features of RouterOS itself. \r\n\r\n Unfortunately, closing the old vulnerability does not immediately protect these routers. If somebody got your password in 2018, just an upgrade will not help. You must also change password, re-check your firewall if it does not allow remote access to unknown parties, and look for scripts that you did not create. \r\n\r\n We have tried to reach all users of RouterOS about this, but many of them have never been in contact with MikroTik and are not actively monitoring their devices. We are working on other solutions too.\r\n\r\n There are no new vulnerabilities in these devices. RouterOS has been recently independently audited by several third parties.\r\n\r\n Best course of action: \r\n\r\n \r\n * Keep your MikroTik device up to date with regular upgrades.\r\n * Do not open access to your device from the internet side to everyone, if you need remote access, only open a secure VPN service, like IPsec.\r\n * Use a strong password and even if you do, change it now!\r\n * Don't assume your local network can be trusted. @[tag](Malware) can attempt to connect to your router if you have a weak password or no password.\r\n * Inspect your RouterOS configuration for unknown settings (see below).\r\n \r\n In collaboration with independent security researchers, we have found that there exists malware that attempts to reconfigure your MikroTik device from a Windows computer inside your network. This is why it's important to set a better password now (to avoid passwordless login or a dictionary attack by this malware) and to keep your MikroTik router upgraded (since this malware also attempts to @[tag](exploit) the mentioned @[attribute](011de3df-a2c3-45eb-962c-c1b3b175d7ef) vulnerabiliity which has long been fixed). \r\n\r\n Configuration to look out for and remove: \r\n\r\n \r\n * System -> Scheduler rules that execute a Fetch script. Remove these. \r\n * IP -> Socks proxy. If you don't use this feature or don't know what it does, it must be disabled. \r\n * L2TP client named \"lvpn\" or any L2TP client that you don't recognize. \r\n * Input firewall rule that allows access for port 5678. \r\n \r\n You can also work with your ISPs to **block** the following addresses, which these malicious scripts are connecting to:\r\n\r\n Block these tunnel endpoint domains:\r\n\r\n \r\n- `*.eeongous.com` \r\n- `*.leappoach.info` \r\n- `*.mythtime.xyz`\r\n \r\n Block these script download domains:\r\n\r\n \r\n * @[attribute](73c570b9-2d03-4ca9-a3cc-b96da56751f4) \r\n @[attribute](c7a3b859-87a5-485c-b7b0-aff69f0bc206) \r\n @[attribute](cf93b08c-a939-4a6c-9b59-c0273d1bb08f) \r\n @[attribute](c04208cd-deef-4b3b-ab10-ad0b8c59df89) \r\n @[attribute](e7802262-7472-429c-949f-00e89eafbf45) \r\n @[attribute](fc34b64c-4a11-4883-85e9-0d7f2a9ed85c) \r\n @[attribute](4f1b2dea-ffc1-4612-869a-829510d13822) \r\n @[attribute](b1641012-b3bf-4fef-b114-92aadfd04d6a) \r\n @[attribute](94179cca-3b39-4162-84c2-8052a82480d9) \r\n @[attribute](2878a192-1455-46f0-a1bd-bf2c10ced867) \r\n @[attribute](90886d99-befd-494b-8ba1-f3c5b297feed) \r\n @[attribute](ca840caa-6de2-4618-8790-9e99ca2ccee1) \r\n @[attribute](2abd777a-3a71-40c1-a27c-5be603aba1f3) \r\n @[attribute](ab1b5211-53dc-403c-b0ed-a41eb382fd9c) \r\n @[attribute](7caac35d-5579-46bb-bb87-c111e3c8b258) \r\n @[attribute](672981d6-fc33-40c6-a3db-92fcd844fce7) \r\n @[attribute](2e167e49-8564-4128-9e32-f084e3d5a750) \r\n @[attribute](bd673ac0-55e6-4edd-bfd1-171fbb0aa077) \r\n @[attribute](6f025b5b-2655-4368-b194-ae2c224ac0f5) \r\n @[attribute](6e727c20-da03-4fb2-a357-a1223f4e9067) \r\n @[attribute](9a9b2967-a6d2-469e-b683-b8845e7d3df7) \r\n @[attribute](4d145ae3-5e53-4061-a68a-5210f510c7a2) \r\n @[attribute](a22eed53-1dab-4ef6-98e8-ac2ba047b43a) \r\n @[attribute](ca3dec5c-c406-49f1-85d0-66ec251cceb4) \r\n @[attribute](44052282-39f9-4825-a735-1f54f5913bdd) \r\n @[attribute](8e5cdede-1aa5-4927-b99c-19fd7d122092) \r\n @[attribute](0b2084e4-2a92-437a-a13f-35abd6bb9fc6) \r\n @[attribute](b9ddce0b-57f9-4c96-925f-5c4e3ce1b981) \r\n @[attribute](2b01fe88-a6fc-48bc-b248-9a3eaa7f93f9) \r\n @[attribute](d0ca604f-307a-4269-9f0c-09a52d880c32) \r\n @[attribute](ec304186-8965-4cf5-9d27-382096d582a5)\r\n \r\n As reported by others on the internet, these domains are also used by the @[tag](botnet):\r\n\r\n \r\n * @[attribute](d199cfa2-b088-4b90-8cdb-b144f75848e5) \r\n @[attribute](cf03653c-f123-433b-8941-169aa0fec221) \r\n @[attribute](eb9ee3ea-db97-46ab-973e-8af9db353d6a) \r\n @[attribute](2159c1c8-1508-41ef-89c7-ac3e74306ad2) \r\n @[attribute](7e5783ac-8508-445e-9ce6-c84b70556eeb) \r\n @[attribute](5cdf0ae4-c1dd-41f9-94f1-ca4138507613)",
"object_refs": [
"indicator--90886d99-befd-494b-8ba1-f3c5b297feed",
"indicator--c04208cd-deef-4b3b-ab10-ad0b8c59df89",
"indicator--2878a192-1455-46f0-a1bd-bf2c10ced867",
"indicator--4d145ae3-5e53-4061-a68a-5210f510c7a2",
"indicator--9a9b2967-a6d2-469e-b683-b8845e7d3df7",
"indicator--c7a3b859-87a5-485c-b7b0-aff69f0bc206",
"indicator--7e5783ac-8508-445e-9ce6-c84b70556eeb",
"indicator--b1641012-b3bf-4fef-b114-92aadfd04d6a",
"indicator--6e727c20-da03-4fb2-a357-a1223f4e9067",
"indicator--cf93b08c-a939-4a6c-9b59-c0273d1bb08f",
"indicator--2b01fe88-a6fc-48bc-b248-9a3eaa7f93f9",
"indicator--7caac35d-5579-46bb-bb87-c111e3c8b258",
"indicator--d0ca604f-307a-4269-9f0c-09a52d880c32",
"indicator--e7802262-7472-429c-949f-00e89eafbf45",
"indicator--eb9ee3ea-db97-46ab-973e-8af9db353d6a",
"indicator--2159c1c8-1508-41ef-89c7-ac3e74306ad2",
"indicator--0b2084e4-2a92-437a-a13f-35abd6bb9fc6",
"indicator--44052282-39f9-4825-a735-1f54f5913bdd",
"indicator--2e167e49-8564-4128-9e32-f084e3d5a750",
"indicator--d199cfa2-b088-4b90-8cdb-b144f75848e5",
"indicator--fc34b64c-4a11-4883-85e9-0d7f2a9ed85c",
"indicator--5cdf0ae4-c1dd-41f9-94f1-ca4138507613",
"indicator--cf03653c-f123-433b-8941-169aa0fec221",
"indicator--ab1b5211-53dc-403c-b0ed-a41eb382fd9c",
"indicator--a22eed53-1dab-4ef6-98e8-ac2ba047b43a",
"indicator--bd673ac0-55e6-4edd-bfd1-171fbb0aa077",
"indicator--b9ddce0b-57f9-4c96-925f-5c4e3ce1b981",
"indicator--4f1b2dea-ffc1-4612-869a-829510d13822",
"indicator--94179cca-3b39-4162-84c2-8052a82480d9",
"indicator--ec304186-8965-4cf5-9d27-382096d582a5",
"indicator--2abd777a-3a71-40c1-a27c-5be603aba1f3",
"indicator--6f025b5b-2655-4368-b194-ae2c224ac0f5",
"indicator--8e5cdede-1aa5-4927-b99c-19fd7d122092",
"indicator--ca3dec5c-c406-49f1-85d0-66ec251cceb4",
"indicator--73c570b9-2d03-4ca9-a3cc-b96da56751f4",
"indicator--672981d6-fc33-40c6-a3db-92fcd844fce7",
"indicator--ca840caa-6de2-4618-8790-9e99ca2ccee1",
"vulnerability--011de3df-a2c3-45eb-962c-c1b3b175d7ef"
]
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--92cead3e-2a72-48e4-8da3-b3c9f6d45104",
"created": "2021-09-17T13:39:49.000Z",
"modified": "2021-09-17T13:39:49.000Z",
"relationship_type": "related-to",
"source_ref": "vulnerability--fbe50800-b395-4729-b61e-b130daf4cc3a",
"target_ref": "vulnerability--011de3df-a2c3-45eb-962c-c1b3b175d7ef"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--16279775-25cb-40a3-bca1-147aa0d13bdb",
"created": "2021-09-17T13:39:49.000Z",
"modified": "2021-09-17T13:39:49.000Z",
"relationship_type": "weakened-by",
"source_ref": "vulnerability--fbe50800-b395-4729-b61e-b130daf4cc3a",
"target_ref": "x-misp-object--67abd9da-57af-458b-b408-03c6d57f0fe8"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fe28e93e-e9f8-4f70-a97d-bb389b6294ad",
"created": "2021-09-17T13:39:49.000Z",
"modified": "2021-09-17T13:39:49.000Z",
"relationship_type": "targeted-by",
"source_ref": "vulnerability--fbe50800-b395-4729-b61e-b130daf4cc3a",
"target_ref": "attack-pattern--2c32d7a1-0ef5-4766-b99e-66bfc82a131e"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--051022a1-e040-4530-aa98-d99d968a49b7",
"created": "2021-09-17T13:39:49.000Z",
"modified": "2021-09-17T13:39:49.000Z",
"relationship_type": "targeted-by",
"source_ref": "vulnerability--fbe50800-b395-4729-b61e-b130daf4cc3a",
"target_ref": "attack-pattern--1513a3e0-aad0-4cbe-8921-31e4d2f13eec"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fbd6b109-b266-4d5c-a94e-7de7d474555f",
"created": "2021-09-17T13:39:49.000Z",
"modified": "2021-09-17T13:39:49.000Z",
"relationship_type": "targeted-by",
"source_ref": "vulnerability--fbe50800-b395-4729-b61e-b130daf4cc3a",
"target_ref": "attack-pattern--3bdfd1d2-3683-4632-90cf-e9680f17a475"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--48dae0bb-d2e9-41ae-acce-16448d3643f8",
"created": "2021-09-17T13:39:49.000Z",
"modified": "2021-09-17T13:39:49.000Z",
"relationship_type": "targeted-by",
"source_ref": "vulnerability--fbe50800-b395-4729-b61e-b130daf4cc3a",
"target_ref": "attack-pattern--6a9c3d31-bacd-482e-bc23-84d66588dcf9"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--31749436-344f-4e16-bf3e-463b3ecdf6e7",
"created": "2021-09-17T13:39:49.000Z",
"modified": "2021-09-17T13:39:49.000Z",
"relationship_type": "targeted-by",
"source_ref": "vulnerability--fbe50800-b395-4729-b61e-b130daf4cc3a",
"target_ref": "attack-pattern--5dce48e2-0166-4068-ab6c-b78bbcb6bfd7"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}