Honeypot results May 2012

Find below the latest graphs of the honeypot I’m running. Overall an increase in the number of connection with some huge speak at the end of April and beginning of May.

Note: due to a system restart, the honeypot was not running for a few days at the end of May beginning of June.
Note 2: this honeypot is a Dionaea instance. If you want to set up an instance on your server, follow the step-by-step guide on the Dionaea website.

Overview

Honeypot May 2012 Overview

SMBD

Honeypot May 2012 - SMBD

epmapper

Honeypot May 2012 - epmapper

Virustotal.com results for the binairies

;

md5sum
Number Of AVs tested Number Of Detections
1b9252f5e92df81b05e92b7a78a53453 42 40
1eba5e9f0b36c78e3738bbcc5b91e1ce 43 21
3744a915a808ee55d2f7211b189e7f62 42 20
4c84b1218ed048001e48e37c66b222ad 42 40
72cdd383072dde65cb97f8a86b1e81f7 42 40
77002f650a06b5c4991fdcbf39c1d90f 44 42
81702d56f938354c3ce1eb33504ba2dc 42 41
886d83e63011c2562a4c77b5bc48fd4b 42 32
8a5ce07df6a5357dafa84f5317aaad35 42 41
8cb557e0c48c632e39498b5d0595976c 42 40
8df94395bd82d543f66f5e3fab9cbb85 42 37
98bab9234417017bb45b23a1a3b990da 42 41
b4ee98ef7f6dd90c962e22ae0b295aad 43 42
bf79e90feed96f50c0ba5d7f212757e9 43 36
c3da398f3e2996f952e1f3df7591706c 43 42
c5ff7232868333107fa3efe895f12361 43 41

Credits:

Thanks to Didier Stevens for his tool to upload a batch of files on Virustotal.com and get the results in a proper format.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s