Contents

The calm after the storm. HoneypotDB breakdown 27/09/2020

Honeypot Breakdown

Week 3’s metrics are in, and this week shows a slight reduction in events since last’s weeks frenzy.

Capturing 1,877,547 events and 307,021 SSH sessions, HoneypotDB has captured 4,578 usernames and 19,859 passwords this week, both of which are available for download via HoneypotDB’s API https://honeypotdb.com/api/lists/usernames https://honeypotdb.com/api/lists/passwords .

Of the 345,192 login attempts captured this week from 11,477 IPs, 334,970 failed and 10,222 won the random draw and we’re successful. These successful logins led to 11,042 unique commands this week, with uname -a holding the top spot

Command Count
uname -a 6,478
cat /proc/cpuinfo &#124 grep name &#124 wc -l 6,457
cat /proc/cpuinfo &#124 grep name &#124 head -n 1 &#124 awk ‘{print $4,$5,$6,$7,$8,$9;}’ 6,455
free -m &#124 grep Mem &#124 awk ‘{print $2 ,$3, $4, $5, $6, $7}’ 6,454
ls -lh $(which ls) 6,451
which ls 6,451
crontab -l 6,449
w 6,448
uname 6,446
uname -m 6,446

Looking more Geographically HoneypotDB saw 1,900 unique ISPs this week from 134 countries, will China holding onto the crown with 756,267 events

139 files were captured this week, that’s anything uploaded, downloaded or sent to stdout/stderr all of which can be found over at HoneypotDB’s malware drops repository https://hpdb-malware-drops.s3.amazonaws.com/index.html

As allways, here is this week in pretty metrics!

/15-honeypotdb-breakdown-2020-09-27/honeypotdb-breakdown-2020-09-27.png
Honeypot Breakdown 20092020