ばぁどのハニーポット・うぉっちんぐ - 2019/02/02 ~ 2019/02/08 -
ハニーポット観察日記としての定期アウトプットです。
観察期間:2019年 02月02日 00:00:00 - 2019年02月08日 23:59:59
CVE
| CVE | 検知した回数 | 前回比 |
|---|---|---|
| CVE-2014-0160 | 16 | 0 |
| CVE-2005-4050 | 12 | -771 |
| CVE-2017-7269 | 9 | 6 |
| CVE-2003-0818 | 1 | 0 |
前回の大量検知が落ち着いた模様。 今週分は比較的CVEの検知率は低いようでした。
攻撃種別
| 攻撃種別 | カウント数 | % | 前回カウント数 |
|---|---|---|---|
| known attacker | 69244 | 95.09% | 123625 |
| bad reputation | 3315 | 4.55% | 5444 |
| 合計 | 72819 | ||
| 平均(集計2018年11月〜) | 49207回 |
比較的いつもの攻撃パターン、攻撃回数になったかなと感じました。 平均値からは少し上回るくらいなので、少し攻撃が多い週だったのかなというところ。
グラフで見ても先週のロシアからの攻撃がすごい特徴出来だったのがわかるかなと思います。
マルウェア
Cowrie
Total: 8
| ファイル名 | 取得日時 | タイプ | 検出率 |
|---|---|---|---|
| tmpKtJZl_ | 2019/02/02 03:31:56 | ELF 32-bit LSB executable | 40/58 |
| 0293300dd... | 2019/02/02 05:30:31 | ASCII text | 0/58 |
| tmpZge7V7 | 2019/02/03 14:04:20 | ELF 32-bit LSB executable | 41/59 |
| tmpOA2DY7 | 2019/02/04 13:41:45 | ELF 32-bit LSB executable | 39/58 |
| tmpQ1SGeP | 2019/02/05 03:31:10 | ELF 32-bit LSB executable | 41/59 |
| tmplzdv4F | 2019/02/05 13:28:20 | ELF 32-bit LSB executable | 41/59 |
| tmpN5oiMa | 2019/02/06 11:09:24 | ELF 32-bit LSB executable | 39/57 |
| tmpgARzy5 | 2019/02/07 05:28:50 | ELF 32-bit LSB executable | 39/57 |
Dionaea
Total: 70
| ファイル名 | 取得日時 | タイプ | 検出率 |
|---|---|---|---|
| c8c460007... | 2019/02/02 00:02:20 | PE32 executable (DLL) (GUI) Intel 80386 | 56/67 |
| 9229d74d2... | 2019/02/02 02:25:22 | PE32 executable (DLL) (GUI) Intel 80386 | 60/67 |
| ffe150c56... | 2019/02/02 05:54:26 | PE32 executable (DLL) (GUI) Intel 80386 | 55/67 |
| af76bbae1... | 2019/02/02 07:05:04 | PE32 executable (DLL) (GUI) Intel 80386 | 59/69 |
| 0c6348c5f... | 2019/02/02 09:12:12 | PE32 executable (DLL) (GUI) Intel 80386 | 57/69 |
| 2de98404e... | 2019/02/02 10:54:29 | PE32 executable (DLL) (GUI) Intel 80386 | 58/69 |
| 6350f8da9... | 2019/02/02 11:42:30 | PE32 executable (DLL) (GUI) Intel 80386 | 59/70 |
| ce494e90f... | 2019/02/02 12:22:54 | PE32 executable (DLL) (GUI) Intel 80386 | 59/69 |
| dd2b97420... | 2019/02/02 14:31:08 | PE32 executable (DLL) (GUI) Intel 80386 | 57/67 |
| e8feae1b8... | 2019/02/02 16:54:25 | PE32 executable (DLL) (GUI) Intel 80386 | 48/67 |
| 235e9af4c... | 2019/02/02 16:55:38 | PE32 executable (DLL) (GUI) Intel 80386 | 50/69 |
| e1873e6e5... | 2019/02/02 16:58:46 | PE32 executable (DLL) (GUI) Intel 80386 | 58/69 |
| 08f7b9282... | 2019/02/02 19:21:02 | PE32 executable (DLL) (GUI) Intel 80386 | 59/69 |
| 7dba1d4b7... | 2019/02/02 20:58:05 | PE32 executable (DLL) (GUI) Intel 80386 | 57/68 |
| 46f177ed7... | 2019/02/02 21:13:41 | PE32 executable (DLL) (GUI) Intel 80386 | 59/69 |
| f07db0ce2... | 2019/02/02 21:31:51 | PE32 executable (DLL) (GUI) Intel 80386 | 59/67 |
| 24899e33d... | 2019/02/03 00:23:09 | PE32 executable (DLL) (GUI) Intel 80386 | 48/69 |
| 54abc6dbc... | 2019/02/03 00:46:04 | PE32 executable (DLL) (GUI) Intel 80386 | 55/65 |
| fd9282883... | 2019/02/03 04:17:15 | PE32 executable (DLL) (GUI) Intel 80386 | 59/69 |
| 8e6bfea06... | 2019/02/03 04:20:58 | PE32 executable (DLL) (GUI) Intel 80386 | 59/69 |
| b039e20a8... | 2019/02/03 04:40:58 | PE32 executable (DLL) (GUI) Intel 80386 | 58/67 |
| 42a4e20be... | 2019/02/03 06:48:38 | PE32 executable (DLL) (GUI) Intel 80386 | 58/69 |
| 44bc540ed... | 2019/02/03 07:36:08 | PE32 executable (DLL) (GUI) Intel 80386 | 59/69 |
| 23d048d04... | 2019/02/03 08:10:21 | PE32 executable (DLL) (GUI) Intel 80386 | 59/69 |
| 516632c1d... | 2019/02/03 15:11:06 | PE32 executable (DLL) (GUI) Intel 80386 | 56/67 |
| 3efedcd8e... | 2019/02/03 16:51:42 | PE32 executable (DLL) (GUI) Intel 80386 | 58/68 |
| ef894d1c6... | 2019/02/03 17:10:32 | PE32 executable (DLL) (GUI) Intel 80386 | 60/69 |
| 50b93e08b... | 2019/02/03 21:07:54 | PE32 executable (DLL) (GUI) Intel 80386 | 60/70 |
| a049ba6bb... | 2019/02/03 21:44:43 | PE32 executable (DLL) (GUI) Intel 80386 | 60/69 |
| cf4f46336... | 2019/02/04 00:40:59 | PE32 executable (DLL) (GUI) Intel 80386 | 60/70 |
| 32bc71ae2... | 2019/02/04 01:39:59 | PE32 executable (DLL) (GUI) Intel 80386 | 56/68 |
| 54dd9593f... | 2019/02/04 02:45:45 | PE32 executable (DLL) (GUI) Intel 80386 | 58/69 |
| 670004788... | 2019/02/04 03:59:21 | PE32 executable (DLL) (GUI) Intel 80386 | 60/70 |
| a6324d10c... | 2019/02/04 05:15:06 | PE32 executable (DLL) (GUI) Intel 80386 | 58/67 |
| 48eb7351a... | 2019/02/04 07:41:30 | PE32 executable (DLL) (GUI) Intel 80386 | 59/69 |
| 3553aeb71... | 2019/02/04 10:58:00 | PE32 executable (DLL) (GUI) Intel 80386 | 59/68 |
| 394e1af68... | 2019/02/04 13:26:38 | PE32 executable (DLL) (GUI) Intel 80386 | 53/67 |
| bb6a6a051... | 2019/02/04 14:05:18 | PE32 executable (DLL) (GUI) Intel 80386 | 59/68 |
| 850b7d647... | 2019/02/04 14:53:57 | PE32 executable (DLL) (GUI) Intel 80386 | - |
| 0064e2641... | 2019/02/04 18:59:14 | PE32 executable (DLL) (GUI) Intel 80386 | 59/69 |
| d31d25eed... | 2019/02/04 23:00:47 | PE32 executable (DLL) (GUI) Intel 80386 | 56/67 |
| e5840a975... | 2019/02/05 01:22:11 | PE32 executable (DLL) (GUI) Intel 80386 | 58/69 |
| f3bb6d5f6... | 2019/02/05 03:04:11 | PE32 executable (DLL) (GUI) Intel 80386 | 59/69 |
| b9f56ec74... | 2019/02/05 05:11:31 | PE32 executable (DLL) (GUI) Intel 80386 | 58/69 |
| 556763ad7... | 2019/02/05 08:27:17 | PE32 executable (DLL) (GUI) Intel 80386 | 56/66 |
| bf3f73772... | 2019/02/05 10:04:20 | PE32 executable (DLL) (GUI) Intel 80386 | 54/66 |
| 15ca4f8fd... | 2019/02/05 11:54:52 | PE32 executable (DLL) (GUI) Intel 80386 | 53/69 |
| b8c85c7e5... | 2019/02/05 12:55:10 | PE32 executable (DLL) (GUI) Intel 80386 | 57/67 |
| 6d0270440... | 2019/02/05 12:58:20 | PE32 executable (DLL) (GUI) Intel 80386 | 60/69 |
| 9fbd39f44... | 2019/02/05 13:31:20 | PE32 executable (DLL) (GUI) Intel 80386 | 59/70 |
| ad7134b92... | 2019/02/05 15:23:14 | PE32 executable (DLL) (GUI) Intel 80386 | 59/70 |
| 7f0d0ca64... | 2019/02/05 19:41:38 | PE32 executable (DLL) (GUI) Intel 80386 | 56/70 |
| 08857a433... | 2019/02/05 21:05:55 | PE32 executable (DLL) (GUI) Intel 80386 | 59/69 |
| 4fbfa7542... | 2019/02/05 21:33:20 | PE32 executable (DLL) (GUI) Intel 80386 | 59/70 |
| 230cef07f... | 2019/02/06 02:29:19 | PE32 executable (DLL) (GUI) Intel 80386 | 59/70 |
| db1d89ef8... | 2019/02/06 16:37:06 | PE32 executable (DLL) (GUI) Intel 80386 | 58/68 |
| bd5da13b9... | 2019/02/06 16:52:13 | PE32 executable (DLL) (GUI) Intel 80386 | 58/68 |
| fa200675f... | 2019/02/06 21:42:17 | PE32 executable (DLL) (GUI) Intel 80386 | 60/69 |
| 78eae7fce... | 2019/02/07 01:25:02 | PE32 executable (DLL) (GUI) Intel 80386 | 59/69 |
| 912482c75... | 2019/02/07 08:15:31 | PE32 executable (DLL) (GUI) Intel 80386 | 57/67 |
| 8bd8a9c38... | 2019/02/07 11:39:08 | PE32 executable (DLL) (GUI) Intel 80386 | 58/69 |
| 5dba8e1a6... | 2019/02/07 11:42:28 | PE32 executable (DLL) (GUI) Intel 80386 | 54/66 |
| d176d2173... | 2019/02/07 14:22:44 | PE32 executable (DLL) (GUI) Intel 80386 | 55/67 |
| 9a1ae1d49... | 2019/02/07 15:29:03 | PE32 executable (DLL) (GUI) Intel 80386 | 59/70 |
| 8f6a66a53... | 2019/02/07 15:56:24 | PE32 executable (DLL) (GUI) Intel 80386 | 58/69 |
| 135c4f212... | 2019/02/07 17:11:46 | PE32 executable (DLL) (GUI) Intel 80386 | 61/70 |
| 914d2640d... | 2019/02/07 17:46:52 | PE32 executable (DLL) (GUI) Intel 80386 | 56/68 |
| 98593450d... | 2019/02/07 19:00:47 | PE32 executable (DLL) (GUI) Intel 80386 | 58/68 |
| a9e3a39c3... | 2019/02/07 23:45:22 | PE32 executable (DLL) (GUI) Intel 80386 | 57/68 |
| 11752ce61... | 2019/02/08 01:04:07 | PE32 executable (DLL) (GUI) Intel 80386 | 59/70 |
所感
今週は比較的落ち着いた結果になったかなと思います。 先週が少し異常だったのがわかる。 そろそろログ分析も行いたい(やるやる詐欺)
