All posts by Marc

Monthly stats: October 2015

Stats

  • Total attacks: 5149873
  • Total unique Attackers: 149031
  • Total unique MD5s: 662
  • Total unique urls: 2985

Countries

COUNTRY ATTACKS PERCENTAGE
Bulgaria 669010 13.391580
Venezuela 588031 11.770623
China 508521 10.179070
Russia 476921 9.546533
Brazil 377183 7.550076
United States 279216 5.589070
Japan 233278 4.669528
Egypt 188663 3.776469
Hong Kong 182791 3.658929
Ukraine 145716 2.916799

Continue reading Monthly stats: October 2015

Monthly stats: August 2015

Stats

  • Total attacks: 3303872
  • Total unique Attackers: 147233
  • Total unique MD5s: 457
  • Total unique urls: 1749

Countries

Country Attacks Percentage
China 473535 15.245589
United States 344286 11.084382
Egypt 304413 9.800660
Venezuela 303171 9.760673
Japan 278638 8.970827
Vietnam 139704 4.497808
Russia 134387 4.326626
Turkey 123942 3.990347
Brazil 120939 3.893664
Hong Kong 85259 2.744937

Continue reading Monthly stats: August 2015

Monthly stats: July 2015

July has been an exciting month for us. We have been steadily expanding our worldwide honeypot sensor coverage to a total of 57 sensors in the following countries: NL, US, UK, DE, RO, JP, UA, SA, AU, SG, HK, BR

But the majority of our effort has been building out our extensive analytic capabilities for data mining threat intelligence world wide.

We have chosen splunk to assist us in this endeavor and we would like to share with you some of our metrics.

Continue reading Monthly stats: July 2015

DDos botnet defaced

While collecting stats from last month we did a nice discovery in the ssh logs from  kippo.

kippo_file_found

( we talk about gb.sh )

It first came up at our splunk dashboard, and while checking the link it was still online.  Curious to find out more about the file we started to dig into it.

We learned that the shell script is actually downloading another 6 files that are pre compiled and will be given executable rights, as last they will be started.

Continue reading DDos botnet defaced