misp-circl-feed/feeds/circl/misp/5cea377f-d36c-48cf-bd54-31ea950d210f.json

1123 lines
No EOL
48 KiB
JSON

{
"type": "bundle",
"id": "bundle--5cea377f-d36c-48cf-bd54-31ea950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T07:14:41.000Z",
"modified": "2019-05-26T07:14:41.000Z",
"name": "MalwareMustDie",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5cea377f-d36c-48cf-bd54-31ea950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T07:14:41.000Z",
"modified": "2019-05-26T07:14:41.000Z",
"name": "SMTP attackers honeypot logs for 2019-05-26",
"published": "2019-05-26T07:14:55Z",
"object_refs": [
"indicator--5cea37de-f300-4161-a740-972e950d210f",
"indicator--5cea37de-0ac4-4201-8fdd-972e950d210f",
"indicator--5cea37de-4740-4b1d-9827-972e950d210f",
"indicator--5cea37de-7ac0-4a2a-bbe7-972e950d210f",
"indicator--5cea37de-f170-4490-90cf-972e950d210f",
"indicator--5cea37de-e2ec-4c1f-b0ce-972e950d210f",
"indicator--5cea37de-900c-440f-a723-972e950d210f",
"indicator--5cea37de-80c0-4de0-9626-972e950d210f",
"indicator--5cea37de-bb48-4d4d-b8b9-972e950d210f",
"indicator--5cea37de-0ffc-438a-91c6-972e950d210f",
"indicator--5cea37de-5aec-4940-b523-972e950d210f",
"indicator--5cea37de-ba90-4e9d-bdb0-972e950d210f",
"indicator--5cea37de-02c4-40b9-855c-972e950d210f",
"indicator--5cea37de-7398-423d-8c84-972e950d210f",
"indicator--5cea37de-9ee4-4d37-9087-972e950d210f",
"indicator--5cea37de-9f38-4ced-9100-972e950d210f",
"indicator--5cea37de-bf94-48cf-a460-972e950d210f",
"indicator--5cea37de-4cac-45d6-a674-972e950d210f",
"indicator--5cea37de-f860-4f26-a3bf-972e950d210f",
"indicator--5cea37de-81b4-4de8-b44a-972e950d210f",
"indicator--5cea37de-12d8-498f-9acb-972e950d210f",
"indicator--5cea37de-bcfc-4971-b85b-972e950d210f",
"indicator--5cea37de-4bc8-4bca-986d-972e950d210f",
"indicator--5cea37de-b514-419a-bd79-972e950d210f",
"indicator--5cea37de-febc-479a-bbd2-972e950d210f",
"indicator--5cea37de-5480-49da-a5bd-972e950d210f",
"indicator--5cea37de-c0ec-4aaf-b66e-972e950d210f",
"indicator--5cea37de-ec80-49f9-9381-972e950d210f",
"indicator--5cea37de-17b0-4f9c-9baf-972e950d210f",
"indicator--5cea37de-5ab4-4375-a017-972e950d210f",
"indicator--5cea37de-a6b4-462b-8be3-972e950d210f",
"indicator--5cea37de-ed3c-41c7-8f4f-972e950d210f",
"indicator--5cea37de-1d1c-4fe6-9621-972e950d210f",
"indicator--5cea37de-484c-4c8f-b73f-972e950d210f",
"indicator--5cea37de-9064-45d1-b272-972e950d210f",
"indicator--5cea37de-d944-48ed-82f6-972e950d210f",
"indicator--5cea37de-2094-46dc-bcf6-972e950d210f",
"indicator--5cea37de-432c-430f-93fe-972e950d210f",
"indicator--5cea37de-811c-4fc5-8b39-972e950d210f",
"indicator--5cea37de-cac4-4a2b-bdb2-972e950d210f",
"indicator--5cea37de-dfb0-4b79-a3ca-972e950d210f",
"indicator--5cea37de-ec68-4670-8ba5-972e950d210f",
"indicator--5cea37de-2800-48c0-a45c-972e950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"honeypot-basic:data-capture=\"attacks\"",
"honeypot-basic:containment=\"block\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-f300-4161-a740-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '141.98.10.41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-0ac4-4201-8fdd-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '141.98.10.42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-4740-4b1d-9827-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '141.98.10.52']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-7ac0-4a2a-bbe7-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '141.98.10.53']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-f170-4490-90cf-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '141.98.80.48']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-e2ec-4c1f-b0ce-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '142.93.201.146']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-900c-440f-a723-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.137.111.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-80c0-4de0-9626-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.137.111.145']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-bb48-4d4d-b8b9-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.137.111.44']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-0ffc-438a-91c6-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.137.111.77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-5aec-4940-b523-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.211.245.170']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-ba90-4e9d-bdb0-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.211.245.198']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-02c4-40b9-855c-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.222.209.97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-7398-423d-8c84-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.234.216.220']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-9ee4-4d37-9087-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.234.218.129']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-9f38-4ced-9100-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.234.219.60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-bf94-48cf-a460-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.145']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-4cac-45d6-a674-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.164']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-f860-4f26-a3bf-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.165']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-81b4-4de8-b44a-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.166']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-12d8-498f-9acb-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.168']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-bcfc-4971-b85b-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.169']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-4bc8-4bca-986d-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.173']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-b514-419a-bd79-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.175']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-febc-479a-bbd2-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.176']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-5480-49da-a5bd-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.180']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-c0ec-4aaf-b66e-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.182']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-ec80-49f9-9381-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-17b0-4f9c-9baf-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.55']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-5ab4-4375-a017-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-a6b4-462b-8be3-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-ed3c-41c7-8f4f-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.36.81.64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-1d1c-4fe6-9621-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '192.99.175.117']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-484c-4c8f-b73f-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '37.49.227.146']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-9064-45d1-b272-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.125.65.77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-d944-48ed-82f6-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.125.65.84']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-2094-46dc-bcf6-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.125.65.91']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-432c-430f-93fe-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.125.65.96']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-811c-4fc5-8b39-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.13.36.1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-cac4-4a2b-bdb2-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.13.36.22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-dfb0-4b79-a3ca-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.227.253.107']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-ec68-4670-8ba5-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '61.173.148.170']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cea37de-2800-48c0-a45c-972e950d210f",
"created_by_ref": "identity--569e04b2-efd0-45bd-b83a-4f7b950d210f",
"created": "2019-05-26T06:53:18.000Z",
"modified": "2019-05-26T06:53:18.000Z",
"description": "ESMTP SASL Authentication Brute force attacker IP address",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '94.177.227.97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-26T06:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}