Our selection of alerts on honeypots: report 2 – january 2023

This last two weeks, international TEHTRIS honeypots have been under the usual massive wave of malicious activities. To be more precise, the ones located in Northeast Asia Pacific were the most targeted. One IP conducting several malicious activities Precise health data are being searched out in Canada Bi-monthly statistics: Top 10 of credentials tested by […]

Our selection of alerts on honeypots: report 1 – january 2023

The holiday season did not mean that cyber threat actors were taking a break – quite far from it. And we watched as they kept on attacking TEHTRIS international honeypots… On this bi-monthly report, we focus on activities linked with the Mirai botnet and associated with User Agent MtmKilledYou, as well as other vulnerability exploit […]

Honeypots: activity of the week 51

This week, TEHTRIS is referring to 3 malicious activities observed on its international honeypot network. IP addresses unknown from public blacklists hosted in China targeting NetGear routers ZmEu: a crawler bot looking for vulnerabilities in phpMyAdmin Persistence of bruteforce attacks on the SMB protocol by unknown IP addresses from public blacklists of malicious IP IP […]

Honeypots: activity of the week 50

More than 116,000 different IP addresses interacted with TEHTRIS honeypots deployed in Europe this week. Unsurprisingly, the nationalities of the most active IP addresses are American (23%), Dutch (15%), Chinese (7%), Russian (7%) and Bulgarian (6%) – the same prevalent nationalities as observed previously. TEHTRIS reveals the top 10 logins and passwords used by attackers […]

Honeypots: activity of the week 49

TEHTRIS honeypots network recorded again numerous malicious activities performed this week. Focus on 3 events and the related IoCs. Attempt to exploit the ShellShock vulnerability on a finnish infrastructure Attempted exploitation of a VMWare vulnerability SSH: 30% of attempts related to the same logins/passwords Attempt to exploit the ShellShock vulnerability on a finnish infrastructure In […]

Honeypots: activity of the week 48

In week 48, the IP addresses responsible for most of the malicious network activity on TEHTRIS honeypots are recorded in the United-States (19,42%), in Netherlands (15,44%), in United-Kingdom (11,68%), in Bulgaria (7,96%), in China (7,43%) et in Russia (6,06%). This week, TEHTRIS is referring to 3 malicious activities observed on its international honeypot network. Persisting […]

Honeypots: activity of the week 47

Malicious scans on the Internet are continuous and massive. Attackers use automatic recognition to discover vulnerable devices. Here is a focus on 4 types of activity that have been observed on the TEHTRIS honeypots network in week 47. Vulnerabilities exploit by a botnet that deletes potential competing botnets Massive vulnerability scanning coupled with domain name […]

Honeypots: activity of the week 46

TEHTRIS international honeypot network analysis provides information on the types of scans and malicious actions performed by cyber attackers. In week 46, we studied 3 activities. SSH abuse on PostgreSQL SMB targeted by unknown malicious IP Exploit of Netcore routers backdoor SSH abuse on PostgreSQL PostgreSQL, also known as Postgres, is an object-relational database management […]

Honeypots: activity of the week 45

TEHTRIS honeypot analysis provides information on the types of scans and malicious actions performed by cyber attackers. Let’s have a look at 4 types of events observed in week 45. Exploit attempt of the VMware CVE-2022-22954 (CVSSv3 9.8) vulnerability RCE vulnerability in D-Link routers Exploit attempt of CVE-2017-5638 Bruteforce on SMB protocol Exploit attempt of […]

Honeypots: activity of the week 44

In week 44, the IP addresses responsible for most of the malicious network activity on TEHTRIS honeypots are recorded in the Netherlands (24,53%), in the United-States (19,75%), in China (9,78%), in Bulgaria (8,38%) and in Russia (6,8%). This week, TEHTRIS is referring to 2 malicious activities observed on its international honeypot network. 1. Credentials abuse […]