misp-circl-feed/feeds/circl/misp/5cea377f-d36c-48cf-bd54-31ea950d210f.json

518 lines
17 KiB
JSON
Raw Permalink Normal View History

2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "1",
"date": "2019-05-26",
"extends_uuid": "",
"info": "SMTP attackers honeypot logs for 2019-05-26",
"publish_timestamp": "1558854895",
"published": true,
"threat_level_id": "3",
"timestamp": "1558854881",
"uuid": "5cea377f-d36c-48cf-bd54-31ea950d210f",
"Orgc": {
"name": "MalwareMustDie",
"uuid": "569e04b2-efd0-45bd-b83a-4f7b950d210f"
},
"Tag": [
{
"colour": "#00815a",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "honeypot-basic:data-capture=\"attacks\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#009e6f",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "honeypot-basic:containment=\"block\"",
"relationship_type": ""
},
{
"colour": "#004646",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "type:OSINT",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-f300-4161-a740-972e950d210f",
"value": "141.98.10.41"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-0ac4-4201-8fdd-972e950d210f",
"value": "141.98.10.42"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-4740-4b1d-9827-972e950d210f",
"value": "141.98.10.52"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-7ac0-4a2a-bbe7-972e950d210f",
"value": "141.98.10.53"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-f170-4490-90cf-972e950d210f",
"value": "141.98.80.48"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-e2ec-4c1f-b0ce-972e950d210f",
"value": "142.93.201.146"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-900c-440f-a723-972e950d210f",
"value": "185.137.111.14"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-80c0-4de0-9626-972e950d210f",
"value": "185.137.111.145"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-bb48-4d4d-b8b9-972e950d210f",
"value": "185.137.111.44"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-0ffc-438a-91c6-972e950d210f",
"value": "185.137.111.77"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-5aec-4940-b523-972e950d210f",
"value": "185.211.245.170"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-ba90-4e9d-bdb0-972e950d210f",
"value": "185.211.245.198"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-02c4-40b9-855c-972e950d210f",
"value": "185.222.209.97"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-7398-423d-8c84-972e950d210f",
"value": "185.234.216.220"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-9ee4-4d37-9087-972e950d210f",
"value": "185.234.218.129"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-9f38-4ced-9100-972e950d210f",
"value": "185.234.219.60"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-bf94-48cf-a460-972e950d210f",
"value": "185.36.81.145"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-4cac-45d6-a674-972e950d210f",
"value": "185.36.81.164"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-f860-4f26-a3bf-972e950d210f",
"value": "185.36.81.165"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-81b4-4de8-b44a-972e950d210f",
"value": "185.36.81.166"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-12d8-498f-9acb-972e950d210f",
"value": "185.36.81.168"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-bcfc-4971-b85b-972e950d210f",
"value": "185.36.81.169"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-4bc8-4bca-986d-972e950d210f",
"value": "185.36.81.173"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-b514-419a-bd79-972e950d210f",
"value": "185.36.81.175"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-febc-479a-bbd2-972e950d210f",
"value": "185.36.81.176"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-5480-49da-a5bd-972e950d210f",
"value": "185.36.81.180"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-c0ec-4aaf-b66e-972e950d210f",
"value": "185.36.81.182"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-ec80-49f9-9381-972e950d210f",
"value": "185.36.81.40"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-17b0-4f9c-9baf-972e950d210f",
"value": "185.36.81.55"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-5ab4-4375-a017-972e950d210f",
"value": "185.36.81.58"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-a6b4-462b-8be3-972e950d210f",
"value": "185.36.81.61"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-ed3c-41c7-8f4f-972e950d210f",
"value": "185.36.81.64"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-1d1c-4fe6-9621-972e950d210f",
"value": "192.99.175.117"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-484c-4c8f-b73f-972e950d210f",
"value": "37.49.227.146"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-9064-45d1-b272-972e950d210f",
"value": "45.125.65.77"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-d944-48ed-82f6-972e950d210f",
"value": "45.125.65.84"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-2094-46dc-bcf6-972e950d210f",
"value": "45.125.65.91"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-432c-430f-93fe-972e950d210f",
"value": "45.125.65.96"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-811c-4fc5-8b39-972e950d210f",
"value": "45.13.36.1"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-cac4-4a2b-bdb2-972e950d210f",
"value": "45.13.36.22"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-dfb0-4b79-a3ca-972e950d210f",
"value": "45.227.253.107"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-ec68-4670-8ba5-972e950d210f",
"value": "61.173.148.170"
},
{
"category": "Network activity",
"comment": "ESMTP SASL Authentication Brute force attacker IP address",
"deleted": false,
"disable_correlation": false,
"timestamp": "1558853598",
"to_ids": true,
"type": "ip-src",
"uuid": "5cea37de-2800-48c0-a45c-972e950d210f",
"value": "94.177.227.97"
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}