{ "Event": { "analysis": "1", "date": "2019-05-26", "extends_uuid": "", "info": "SMTP attackers honeypot logs for 2019-05-26", "publish_timestamp": "1558854895", "published": true, "threat_level_id": "3", "timestamp": "1558854881", "uuid": "5cea377f-d36c-48cf-bd54-31ea950d210f", "Orgc": { "name": "MalwareMustDie", "uuid": "569e04b2-efd0-45bd-b83a-4f7b950d210f" }, "Tag": [ { "colour": "#00815a", "local": "0", "name": "honeypot-basic:data-capture=\"attacks\"", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#009e6f", "local": "0", "name": "honeypot-basic:containment=\"block\"", "relationship_type": "" }, { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-f300-4161-a740-972e950d210f", "value": "141.98.10.41" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-0ac4-4201-8fdd-972e950d210f", "value": "141.98.10.42" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-4740-4b1d-9827-972e950d210f", "value": "141.98.10.52" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-7ac0-4a2a-bbe7-972e950d210f", "value": "141.98.10.53" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-f170-4490-90cf-972e950d210f", "value": "141.98.80.48" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-e2ec-4c1f-b0ce-972e950d210f", "value": "142.93.201.146" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-900c-440f-a723-972e950d210f", "value": "185.137.111.14" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-80c0-4de0-9626-972e950d210f", "value": "185.137.111.145" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-bb48-4d4d-b8b9-972e950d210f", "value": "185.137.111.44" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-0ffc-438a-91c6-972e950d210f", "value": "185.137.111.77" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-5aec-4940-b523-972e950d210f", "value": "185.211.245.170" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-ba90-4e9d-bdb0-972e950d210f", "value": "185.211.245.198" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-02c4-40b9-855c-972e950d210f", "value": "185.222.209.97" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-7398-423d-8c84-972e950d210f", "value": "185.234.216.220" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-9ee4-4d37-9087-972e950d210f", "value": "185.234.218.129" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-9f38-4ced-9100-972e950d210f", "value": "185.234.219.60" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-bf94-48cf-a460-972e950d210f", "value": "185.36.81.145" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-4cac-45d6-a674-972e950d210f", "value": "185.36.81.164" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-f860-4f26-a3bf-972e950d210f", "value": "185.36.81.165" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-81b4-4de8-b44a-972e950d210f", "value": "185.36.81.166" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-12d8-498f-9acb-972e950d210f", "value": "185.36.81.168" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-bcfc-4971-b85b-972e950d210f", "value": "185.36.81.169" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-4bc8-4bca-986d-972e950d210f", "value": "185.36.81.173" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-b514-419a-bd79-972e950d210f", "value": "185.36.81.175" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-febc-479a-bbd2-972e950d210f", "value": "185.36.81.176" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-5480-49da-a5bd-972e950d210f", "value": "185.36.81.180" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-c0ec-4aaf-b66e-972e950d210f", "value": "185.36.81.182" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-ec80-49f9-9381-972e950d210f", "value": "185.36.81.40" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-17b0-4f9c-9baf-972e950d210f", "value": "185.36.81.55" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-5ab4-4375-a017-972e950d210f", "value": "185.36.81.58" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-a6b4-462b-8be3-972e950d210f", "value": "185.36.81.61" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-ed3c-41c7-8f4f-972e950d210f", "value": "185.36.81.64" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-1d1c-4fe6-9621-972e950d210f", "value": "192.99.175.117" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-484c-4c8f-b73f-972e950d210f", "value": "37.49.227.146" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-9064-45d1-b272-972e950d210f", "value": "45.125.65.77" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-d944-48ed-82f6-972e950d210f", "value": "45.125.65.84" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-2094-46dc-bcf6-972e950d210f", "value": "45.125.65.91" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-432c-430f-93fe-972e950d210f", "value": "45.125.65.96" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-811c-4fc5-8b39-972e950d210f", "value": "45.13.36.1" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-cac4-4a2b-bdb2-972e950d210f", "value": "45.13.36.22" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-dfb0-4b79-a3ca-972e950d210f", "value": "45.227.253.107" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-ec68-4670-8ba5-972e950d210f", "value": "61.173.148.170" }, { "category": "Network activity", "comment": "ESMTP SASL Authentication Brute force attacker IP address", "deleted": false, "disable_correlation": false, "timestamp": "1558853598", "to_ids": true, "type": "ip-src", "uuid": "5cea37de-2800-48c0-a45c-972e950d210f", "value": "94.177.227.97" } ] } }