Honey Games
Below∅Day At the end of the last summer, we kicked of a small honeypot project where we deployed HoneyDB agents across 18 countries.
Hello & Happy 2023!
At the end of the last summer, we kicked of a small honeypot project where we deployed HoneyDB agents across 18 countries. There’s a couple regions with more than one agent installed, otherwise it’s an agent per country. Agents are configured to run services like RDP, VNC, SSH, FTP, MySQL, WebLogic, Elasticsearch, Telnet, Redis and others. Below is an outline of the agent architecture and their locations. Out of curiosity we setup these agents to monitor their activities and collect data to be crunched and beautifully displayed via Splunk dashboards. Starting today we are going to be sharing our data. Moving forward, all updates will be sent out via @below∅day and our git.
HoneyDB Agents
Top 50 Attack Hosts [for the full list, check out the git]
202.139.198.181 >> Mueang Nonthaburi, TH : AS135566 Thailand Government Data Center (TGDCC)
111.22.113.168 >> Changsha, CN : AS56047 China Mobile communications corporation
45.81.39.103 >> Amsterdam, NL : AS211252 Delis LLC
164.163.98.28 >> Carlópolis, BR : AS265949 INFO TELECOM INTERNET LTDA
51.255.71.16 >> Roubaix, FR : AS16276 OVH SAS
124.133.28.21 >> Jinan, CN : AS4837 CHINA UNICOM China169 Backbone
116.131.149.222 >> Tianjin, CN : AS4837 CHINA UNICOM China169 Backbone
185.216.35.46 >> Prague, CZ : AS9009 M247 Europe SRL
193.138.218.160 >> Malmö, SE : AS39351 31173 Services AB
104.236.5.183 >> Clifton, US : AS14061 DigitalOcean, LLC
82.102.19.110 >> Saint-Amand-les-Eaux, FR : AS9009 M247 Europe SRL
37.120.194.174 >> Copenhagen, DK : AS9009 M247 Europe SRL
188.163.96.4 >> Zaporizhzhya, UA : AS15895 Kyivstar PJSC
171.244.57.196 >> Hanoi, VN : AS38731 Vietel - CHT Compamy Ltd
89.248.165.213 >> The Hague, NL : AS202425 IP Volume inc
203.138.24.130 >> Yokohama, JP : AS2514 NTT PC Communications, Inc.
194.99.104.58 >> Madrid, ES : AS9009 M247 Europe SRL
154.22.127.56 >> San Jose, US : AS139646 HONG KONG Megalayer Technology Co.,Limited
35.162.102.100 >> Boardman, US : AS16509 Amazon.com, Inc.
45.12.5.100 >> Moscow, RU : AS212872 Serverio technologijos MB
195.206.107.134 >> Madrid, ES : AS9009 M247 Europe SRL
45.12.6.136 >> Moscow, RU : AS212872 Serverio technologijos MB
45.130.87.15 >> Stockholm, SE : AS42201 PVDataNet AB
45.12.6.138 >> Moscow, RU : AS212872 Serverio technologijos MB
45.12.6.145 >> Moscow, RU : AS212872 Serverio technologijos MB
45.12.6.139 >> Moscow, RU : AS212872 Serverio technologijos MB
45.12.5.156 >> Moscow, RU : AS212872 Serverio technologijos MB
147.135.137.107 >> Roubaix, FR : AS16276 OVH SAS
112.133.106.140 >> Jeju City, KR : AS9946 KCTV JEJU BROADCASTING
84.18.110.194 >> Naberezhnyye Chelny, RU : AS28840 PJSC TATTELECOM
216.189.154.168 >> New York City, US : AS7489 HostUS
45.84.120.94 >> Dallas, US : AS9009 M247 Europe SRL
84.18.110.170 >> Naberezhnyye Chelny, RU : AS28840 PJSC TATTELECOM
45.65.213.86 >> Ribeirão Preto, BR : AS266525 Eurocorp Vialux Internet Eireli
113.220.28.137 >> Changsha, CN : AS4134 CHINANET-BACKBONE
175.5.14.19 >> Changsha, CN : AS4134 CHINANET-BACKBONE
222.242.249.239 >> Changsha, CN : AS4134 CHINANET-BACKBONE
45.65.213.13 >> Ribeirão Preto, BR : AS266525 Eurocorp Vialux Internet Eireli
45.65.213.49 >> Ribeirão Preto, BR : AS266525 Eurocorp Vialux Internet Eireli
45.65.213.53 >> Ribeirão Preto, BR : AS266525 Eurocorp Vialux Internet Eireli
146.70.111.86 >> Belgrade, RS : AS9009 M247 Europe SRL
23.224.144.90 >> Los Angeles, US : AS40065 CNSERVERS LLC
118.34.201.246 >> Suwon, KR : AS4766 Korea Telecom
120.27.41.13 >> Qingdao, CN : AS37963 Hangzhou Alibaba Advertising Co.,Ltd.
139.99.8.163 >> Singapore, SG : AS16276 OVH SAS
211.199.73.243 >> Daegu, KR : AS4766 Korea Telecom
20.141.129.111 >> Boydton, US : AS8070 Microsoft Corporation
185.246.221.248 >> Brielle, NL : AS211252 Delis LLC
109.205.213.36 >> New York City, US : AS19318 Interserver, Inc
31.220.3.140 >> Amsterdam, NL : AS206264 Amarutu Technology Ltd
Top Attack Origins
Top Targeted HoneyDB Agents
Top Services Attacked
Events by Service
