2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5cea377f-d36c-48cf-bd54-31ea950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T07:14:41.000Z",
|
|
|
|
"modified": "2019-05-26T07:14:41.000Z",
|
|
|
|
"name": "MalwareMustDie",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5cea377f-d36c-48cf-bd54-31ea950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T07:14:41.000Z",
|
|
|
|
"modified": "2019-05-26T07:14:41.000Z",
|
|
|
|
"name": "SMTP attackers honeypot logs for 2019-05-26",
|
|
|
|
"published": "2019-05-26T07:14:55Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--5cea37de-f300-4161-a740-972e950d210f",
|
|
|
|
"indicator--5cea37de-0ac4-4201-8fdd-972e950d210f",
|
|
|
|
"indicator--5cea37de-4740-4b1d-9827-972e950d210f",
|
|
|
|
"indicator--5cea37de-7ac0-4a2a-bbe7-972e950d210f",
|
|
|
|
"indicator--5cea37de-f170-4490-90cf-972e950d210f",
|
|
|
|
"indicator--5cea37de-e2ec-4c1f-b0ce-972e950d210f",
|
|
|
|
"indicator--5cea37de-900c-440f-a723-972e950d210f",
|
|
|
|
"indicator--5cea37de-80c0-4de0-9626-972e950d210f",
|
|
|
|
"indicator--5cea37de-bb48-4d4d-b8b9-972e950d210f",
|
|
|
|
"indicator--5cea37de-0ffc-438a-91c6-972e950d210f",
|
|
|
|
"indicator--5cea37de-5aec-4940-b523-972e950d210f",
|
|
|
|
"indicator--5cea37de-ba90-4e9d-bdb0-972e950d210f",
|
|
|
|
"indicator--5cea37de-02c4-40b9-855c-972e950d210f",
|
|
|
|
"indicator--5cea37de-7398-423d-8c84-972e950d210f",
|
|
|
|
"indicator--5cea37de-9ee4-4d37-9087-972e950d210f",
|
|
|
|
"indicator--5cea37de-9f38-4ced-9100-972e950d210f",
|
|
|
|
"indicator--5cea37de-bf94-48cf-a460-972e950d210f",
|
|
|
|
"indicator--5cea37de-4cac-45d6-a674-972e950d210f",
|
|
|
|
"indicator--5cea37de-f860-4f26-a3bf-972e950d210f",
|
|
|
|
"indicator--5cea37de-81b4-4de8-b44a-972e950d210f",
|
|
|
|
"indicator--5cea37de-12d8-498f-9acb-972e950d210f",
|
|
|
|
"indicator--5cea37de-bcfc-4971-b85b-972e950d210f",
|
|
|
|
"indicator--5cea37de-4bc8-4bca-986d-972e950d210f",
|
|
|
|
"indicator--5cea37de-b514-419a-bd79-972e950d210f",
|
|
|
|
"indicator--5cea37de-febc-479a-bbd2-972e950d210f",
|
|
|
|
"indicator--5cea37de-5480-49da-a5bd-972e950d210f",
|
|
|
|
"indicator--5cea37de-c0ec-4aaf-b66e-972e950d210f",
|
|
|
|
"indicator--5cea37de-ec80-49f9-9381-972e950d210f",
|
|
|
|
"indicator--5cea37de-17b0-4f9c-9baf-972e950d210f",
|
|
|
|
"indicator--5cea37de-5ab4-4375-a017-972e950d210f",
|
|
|
|
"indicator--5cea37de-a6b4-462b-8be3-972e950d210f",
|
|
|
|
"indicator--5cea37de-ed3c-41c7-8f4f-972e950d210f",
|
|
|
|
"indicator--5cea37de-1d1c-4fe6-9621-972e950d210f",
|
|
|
|
"indicator--5cea37de-484c-4c8f-b73f-972e950d210f",
|
|
|
|
"indicator--5cea37de-9064-45d1-b272-972e950d210f",
|
|
|
|
"indicator--5cea37de-d944-48ed-82f6-972e950d210f",
|
|
|
|
"indicator--5cea37de-2094-46dc-bcf6-972e950d210f",
|
|
|
|
"indicator--5cea37de-432c-430f-93fe-972e950d210f",
|
|
|
|
"indicator--5cea37de-811c-4fc5-8b39-972e950d210f",
|
|
|
|
"indicator--5cea37de-cac4-4a2b-bdb2-972e950d210f",
|
|
|
|
"indicator--5cea37de-dfb0-4b79-a3ca-972e950d210f",
|
|
|
|
"indicator--5cea37de-ec68-4670-8ba5-972e950d210f",
|
|
|
|
"indicator--5cea37de-2800-48c0-a45c-972e950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"honeypot-basic:data-capture=\"attacks\"",
|
|
|
|
"honeypot-basic:containment=\"block\"",
|
|
|
|
"type:OSINT"
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-f300-4161-a740-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '141.98.10.41']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-0ac4-4201-8fdd-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '141.98.10.42']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-4740-4b1d-9827-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '141.98.10.52']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-7ac0-4a2a-bbe7-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '141.98.10.53']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-f170-4490-90cf-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '141.98.80.48']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-e2ec-4c1f-b0ce-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '142.93.201.146']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-900c-440f-a723-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.137.111.14']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-80c0-4de0-9626-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.137.111.145']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-bb48-4d4d-b8b9-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.137.111.44']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-0ffc-438a-91c6-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.137.111.77']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-5aec-4940-b523-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.211.245.170']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-ba90-4e9d-bdb0-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.211.245.198']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-02c4-40b9-855c-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.222.209.97']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-7398-423d-8c84-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.234.216.220']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-9ee4-4d37-9087-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.234.218.129']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-9f38-4ced-9100-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.234.219.60']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-bf94-48cf-a460-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.145']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-4cac-45d6-a674-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.164']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-f860-4f26-a3bf-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.165']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-81b4-4de8-b44a-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.166']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-12d8-498f-9acb-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.168']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-bcfc-4971-b85b-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.169']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-4bc8-4bca-986d-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.173']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-b514-419a-bd79-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.175']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-febc-479a-bbd2-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.176']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-5480-49da-a5bd-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.180']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-c0ec-4aaf-b66e-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.182']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-ec80-49f9-9381-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.40']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-17b0-4f9c-9baf-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.55']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-5ab4-4375-a017-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.58']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-a6b4-462b-8be3-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.61']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-ed3c-41c7-8f4f-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.64']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-1d1c-4fe6-9621-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '192.99.175.117']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-484c-4c8f-b73f-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '37.49.227.146']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-9064-45d1-b272-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.125.65.77']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-d944-48ed-82f6-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.125.65.84']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-2094-46dc-bcf6-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.125.65.91']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-432c-430f-93fe-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.125.65.96']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-811c-4fc5-8b39-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.13.36.1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-cac4-4a2b-bdb2-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.13.36.22']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-dfb0-4b79-a3ca-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.227.253.107']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-ec68-4670-8ba5-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '61.173.148.170']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5cea37de-2800-48c0-a45c-972e950d210f",
|
|
|
|
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
|
|
|
|
"created": "2019-05-26T06:53:18.000Z",
|
|
|
|
"modified": "2019-05-26T06:53:18.000Z",
|
|
|
|
"description": "ESMTP SASL Authentication Brute force attacker IP address",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '94.177.227.97']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-05-26T06:53:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|