{ "type": "bundle", "id": "bundle--5cea377f-d36c-48cf-bd54-31ea950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T07:14:41.000Z", "modified": "2019-05-26T07:14:41.000Z", "name": "MalwareMustDie", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5cea377f-d36c-48cf-bd54-31ea950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T07:14:41.000Z", "modified": "2019-05-26T07:14:41.000Z", "name": "SMTP attackers honeypot logs for 2019-05-26", "published": "2019-05-26T07:14:55Z", "object_refs": [ "indicator--5cea37de-f300-4161-a740-972e950d210f", "indicator--5cea37de-0ac4-4201-8fdd-972e950d210f", "indicator--5cea37de-4740-4b1d-9827-972e950d210f", "indicator--5cea37de-7ac0-4a2a-bbe7-972e950d210f", "indicator--5cea37de-f170-4490-90cf-972e950d210f", "indicator--5cea37de-e2ec-4c1f-b0ce-972e950d210f", "indicator--5cea37de-900c-440f-a723-972e950d210f", "indicator--5cea37de-80c0-4de0-9626-972e950d210f", "indicator--5cea37de-bb48-4d4d-b8b9-972e950d210f", "indicator--5cea37de-0ffc-438a-91c6-972e950d210f", "indicator--5cea37de-5aec-4940-b523-972e950d210f", "indicator--5cea37de-ba90-4e9d-bdb0-972e950d210f", "indicator--5cea37de-02c4-40b9-855c-972e950d210f", "indicator--5cea37de-7398-423d-8c84-972e950d210f", "indicator--5cea37de-9ee4-4d37-9087-972e950d210f", "indicator--5cea37de-9f38-4ced-9100-972e950d210f", "indicator--5cea37de-bf94-48cf-a460-972e950d210f", "indicator--5cea37de-4cac-45d6-a674-972e950d210f", "indicator--5cea37de-f860-4f26-a3bf-972e950d210f", "indicator--5cea37de-81b4-4de8-b44a-972e950d210f", "indicator--5cea37de-12d8-498f-9acb-972e950d210f", "indicator--5cea37de-bcfc-4971-b85b-972e950d210f", "indicator--5cea37de-4bc8-4bca-986d-972e950d210f", "indicator--5cea37de-b514-419a-bd79-972e950d210f", "indicator--5cea37de-febc-479a-bbd2-972e950d210f", "indicator--5cea37de-5480-49da-a5bd-972e950d210f", "indicator--5cea37de-c0ec-4aaf-b66e-972e950d210f", "indicator--5cea37de-ec80-49f9-9381-972e950d210f", "indicator--5cea37de-17b0-4f9c-9baf-972e950d210f", "indicator--5cea37de-5ab4-4375-a017-972e950d210f", "indicator--5cea37de-a6b4-462b-8be3-972e950d210f", "indicator--5cea37de-ed3c-41c7-8f4f-972e950d210f", "indicator--5cea37de-1d1c-4fe6-9621-972e950d210f", "indicator--5cea37de-484c-4c8f-b73f-972e950d210f", "indicator--5cea37de-9064-45d1-b272-972e950d210f", "indicator--5cea37de-d944-48ed-82f6-972e950d210f", "indicator--5cea37de-2094-46dc-bcf6-972e950d210f", "indicator--5cea37de-432c-430f-93fe-972e950d210f", "indicator--5cea37de-811c-4fc5-8b39-972e950d210f", "indicator--5cea37de-cac4-4a2b-bdb2-972e950d210f", "indicator--5cea37de-dfb0-4b79-a3ca-972e950d210f", "indicator--5cea37de-ec68-4670-8ba5-972e950d210f", "indicator--5cea37de-2800-48c0-a45c-972e950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "honeypot-basic:data-capture=\"attacks\"", "honeypot-basic:containment=\"block\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-f300-4161-a740-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '141.98.10.41']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-0ac4-4201-8fdd-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '141.98.10.42']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-4740-4b1d-9827-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '141.98.10.52']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-7ac0-4a2a-bbe7-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '141.98.10.53']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-f170-4490-90cf-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '141.98.80.48']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-e2ec-4c1f-b0ce-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '142.93.201.146']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-900c-440f-a723-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.137.111.14']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-80c0-4de0-9626-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.137.111.145']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-bb48-4d4d-b8b9-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.137.111.44']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-0ffc-438a-91c6-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.137.111.77']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-5aec-4940-b523-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.211.245.170']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-ba90-4e9d-bdb0-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.211.245.198']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-02c4-40b9-855c-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.222.209.97']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-7398-423d-8c84-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.234.216.220']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-9ee4-4d37-9087-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.234.218.129']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-9f38-4ced-9100-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.234.219.60']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-bf94-48cf-a460-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.145']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-4cac-45d6-a674-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.164']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-f860-4f26-a3bf-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.165']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-81b4-4de8-b44a-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.166']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-12d8-498f-9acb-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.168']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-bcfc-4971-b85b-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.169']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-4bc8-4bca-986d-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.173']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-b514-419a-bd79-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.175']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-febc-479a-bbd2-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.176']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-5480-49da-a5bd-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.180']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-c0ec-4aaf-b66e-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.182']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-ec80-49f9-9381-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.40']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-17b0-4f9c-9baf-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.55']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-5ab4-4375-a017-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.58']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-a6b4-462b-8be3-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-ed3c-41c7-8f4f-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-1d1c-4fe6-9621-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '192.99.175.117']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-484c-4c8f-b73f-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '37.49.227.146']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-9064-45d1-b272-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.125.65.77']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-d944-48ed-82f6-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.125.65.84']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-2094-46dc-bcf6-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.125.65.91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-432c-430f-93fe-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.125.65.96']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-811c-4fc5-8b39-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.13.36.1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-cac4-4a2b-bdb2-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.13.36.22']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-dfb0-4b79-a3ca-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.227.253.107']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-ec68-4670-8ba5-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '61.173.148.170']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5cea37de-2800-48c0-a45c-972e950d210f", "created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f", "created": "2019-05-26T06:53:18.000Z", "modified": "2019-05-26T06:53:18.000Z", "description": "ESMTP SASL Authentication Brute force attacker IP address", "pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '94.177.227.97']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-05-26T06:53:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-src\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }