STIX2 json for 2026-07-08

STIX2 json for all bruteforce attempts for 2026-07-08

Last Updated: 11:07 UTC

Download STIX2 json File

']", "pattern_type": "stix", "valid_from": "2026-07-08T00:00:00.000Z", "valid_until": "2026-08-07T23:59:59.000Z", "kill_chain_phases": [{"kill_chain_name": "lockheed-martin-cyber-kill-chain", "phase_name": "exploitation"}], "external_references": [{"source_name": "jamesbrine.com.au Threat Intelligence", "description": "Daily threat feed", "url": "https://jamesbrine.com.au/2026-07-08-stix2-json-feed/"}], "labels": ["sensor:digitaloceanlondon", "protocol:ftp", "protocol:git", "protocol:mssql", "protocol:mysql", "protocol:ntp", "protocol:portscan", "protocol:redis", "protocol:sip", "protocol:snmp", "protocol:ssh", "protocol:telnet", "protocol:web"], "created_by_ref": "identity--8f46cf6a-622e-4127-bbdd-968d59ea87e0", "created": "2026-07-09T11:00:01.394Z", "modified": "2026-07-09T11:00:01.394Z", "object_marking_refs": ["marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--85d4d585-b685-4abf-b619-778a4c35678a", "name": "Malicious Host", "description": "Observed: FTP, GIT, MSSQL, MYSQL, NTP, PORTSCAN, REDIS, SIP, SNMP, SSH, TELNET, WEB activity. Sensors: digitaloceanlondon", "indicator_types": ["malicious-activity"], "pattern": "[ipv4-addr:value = '']", "pattern_type": "stix", "valid_from": "2026-07-08T00:00:00.000Z", "valid_until": "2026-08-07T23:59:59.000Z", "kill_chain_phases": [{"kill_chain_name": "lockheed-martin-cyber-kill-chain", "phase_name": "exploitation"}], "external_references": [{"source_name": "jamesbrine.com.au Threat Intelligence", "description": "Daily threat feed", "url": "https://jamesbrine.com.au/2026-07-08-stix2-json-feed/"}], "labels": ["sensor:digitaloceanlondon", "protocol:ftp", "protocol:git", "protocol:mssql", "protocol:mysql", "protocol:ntp", "protocol:portscan", "protocol:redis", "protocol:sip", "protocol:snmp", "protocol:ssh", "protocol:telnet", "protocol:web"], "created_by_ref": "identity--8f46cf6a-622e-4127-bbdd-968d59ea87e0", "created": "2026-07-09T11:00:01.394Z", "modified": "2026-07-09T11:00:01.394Z", "object_marking_refs": ["marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--cec1c732-d2d5-4434-bbd7-588aeff2870a", "name": "Malicious Host", "description": "Observed: FTP, GIT, MSSQL, MYSQL, NTP, PORTSCAN, REDIS, SIP, SNMP, SSH, TELNET, WEB activity. Sensors: digitaloceanlondon", "indicator_types": ["malicious-activity"], "pattern": "[ipv4-addr:value = '']", "pattern_type": "stix", "valid_from": "2026-07-08T00:00:00.000Z", "valid_until": "2026-08-07T23:59:59.000Z", "kill_chain_phases": [{"kill_chain_name": "lockheed-martin-cyber-kill-chain", "phase_name": "exploitation"}], "external_references": [{"source_name": "jamesbrine.com.au Threat Intelligence", "description": "Daily threat feed", "url": "https://jamesbrine.com.au/2026-07-08-stix2-json-feed/"}], "labels": ["sensor:digitaloceanlondon", "protocol:ftp", "protocol:git", "protocol:mssql", "protocol:mysql", "protocol:ntp", "protocol:portscan", "protocol:redis", "protocol:sip", "protocol:snmp", "protocol:ssh", "protocol:telnet", "protocol:web"], "created_by_ref": "identity--8f46cf6a-622e-4127-bbdd-968d59ea87e0", "created": "2026-07-09T11:00:01.394Z", "modified": "2026-07-09T11:00:01.394Z", "object_marking_refs": ["marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--6d43a8d4-9dc1-4fc7-8e52-d39ff8734769", "name": "Malicious Host", "description": "Observed: FTP, GIT, MSSQL, MYSQL, NTP, PORTSCAN, REDIS, SIP, SNMP, SSH, TELNET, WEB activity. Sensors: digitaloceanlondon", "indicator_types": ["malicious-activity"], "pattern": "[ipv4-addr:value = '']", "pattern_type": "stix", "valid_from": "2026-07-08T00:00:00.000Z", "valid_until": "2026-08-07T23:59:59.000Z", "kill_chain_phases": [{"kill_chain_name": "lockheed-martin-cyber-kill-chain", "phase_name": "exploitation"}], "external_references": [{"source_name": "jamesbrine.com.au Threat Intelligence", "description": "Daily threat feed", "url": "https://jamesbrine.com.au/2026-07-08-stix2-json-feed/"}], "labels": ["sensor:digitaloceanlondon", "protocol:ftp", "protocol:git", "protocol:mssql", "protocol:mysql", "protocol:ntp", "protocol:portscan", "protocol:redis", "protocol:sip", "protocol:snmp", "protocol:ssh", "protocol:telnet", "protocol:web"], "created_by_ref": "identity--8f46cf6a-622e-4127-bbdd-968d59ea87e0", "created": "2026-07-09T11:00:01.394Z", "modified": "2026-07-09T11:00:01.394Z", "object_marking_refs": ["marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"]}, {"type": "indicator", "spec_version": "2.1", "id": "indicator--1e3db5c2-1e4c-4650-aa69-59648811d9c0", "name": "Malicious Host", "description": "Observed: FTP, GIT, MSSQL, MYSQL, NTP, PORTSCAN, REDIS, SIP, SNMP, SSH, TELNET, WEB activity. Sensors: digitaloceanlondon", "indicator_types": ["malicious-activity"], "pattern": "[ipv4-addr:value = ';

Share on: