LebahNET Statistic – November 2015

1. Summary

CyberSecurity Malaysia has established a Honeynet project known as Lebahnet.

Lebahnet is a Honeypot Based Distributed System for detecting and capturing attacks that evades traditional security devices. This project was initiated in 2002.

Lebahnet as a lightweight and passive honeypot; emulate vulnerabilities of operating systems used in an enterprise to alert security administrator on source of attacks.

The project aims to provide valuable supporting information such as network trends and malicious activities for our incident handling and advisory activities currently carried out by MyCERT. Lebahnet also serves as a research network for our analysts to experiment with relevant tools and techniques.

MyCERT has deployed the LebahNET Sensor in several areas in Malaysia.

2. Analysis

The data is collected from LebahNET Sensors from 2015-11-01 to 2015-11-30.

Summary of collected data

Number of Hits: 82698
Total Malwares: 579
Unique Malwares: 101

Targeted Services

Top 10 Threat Origins

Top 10 IPs

# Source IP Total
1 92.222.66.177 (FR) 5465
2 222.186.30.215 (CN) 5457
3 61.147.103.166 (CN) 3837
4 91.223.180.141 (UA) 3532
5 61.147.103.106 (CN) 2875
6 201.33.229.234 (BR) 2330
7 23.228.81.69 (US) 2251
8 5.35.244.67 (DE) 1416
9 117.79.146.58 (CN) 1270
10 222.186.34.74 (CN) 912

Web Attack

Bruteforce Attack

Targeted Services

Top 10 Username

# Username Total
1 root 13205
2 sa 10471
3 admin 5517
4 ubnt 1445
5 user 661
6 test 570
7 oracle 475
8 support 465
9 mysql 443
10 app 373

Top 10 Password

# Password Total
1 admin 2182
2 root 2120
3 ubnt 1005
4 123456 951
5 12345 714
6 password 534
7 support 321
8 249
9 1234 231
10 123qwe 229

LebahNET Statistic – October 2015

1. Summary

CyberSecurity Malaysia has established a Honeynet project known as Lebahnet.

Lebahnet is a Honeypot Based Distributed System for detecting and capturing attacks that evades traditional security devices. This project was initiated in 2002.

Lebahnet as a lightweight and passive honeypot; emulate vulnerabilities of operating systems used in an enterprise to alert security administrator on source of attacks.

The project aims to provide valuable supporting information such as network trends and malicious activities for our incident handling and advisory activities currently carried out by MyCERT. Lebahnet also serves as a research network for our analysts to experiment with relevant tools and techniques.

MyCERT has deployed the LebahNET Sensor in several areas in Malaysia.

2. Analysis

The data is collected from LebahNET Sensors from 2015-10-01 to 2015-10-30.

Summary of collected data

Number of Hits: 103622
Total Malwares: 626
Unique Malwares: 95

Targeted Services

Top 10 Threat Origins

Top 10 IPs

# Source IP Total
1 222.186.61.6 (CN) 6360
2 222.186.61.10 (CN) 5588
3 222.186.61.17 (CN) 5185
4 222.186.34.74 (CN) 4923
5 61.147.103.166 (CN) 4486
6 180.97.215.126 (CN) 3823
7 60.169.74.139 (CN) 3681
8 61.147.103.106 (CN) 3458
9 177.43.8.13 (BR) 1976
10 36.48.159.93 (CN) 1480

Web Attack

Bruteforce Attack

Targeted Services

Top 10 Username

# Username Total
1 sa 26677
2 admin 16476
3 root 13594
4 mysql 2347
5 user 1746
6 ubnt 1665
7 test 1416
8 oracle 1143
9 server 834
10 support 497

Top 10 Password

# Password Total
1 admin 2319
2 root 2153
3 123456 1222
4 ubnt 1066
5 password 481
6 support 362
7 352
8 openelec 292
9 1234 280
10 12345 251

LebahNET Statistic – September 2015

1. Summary

CyberSecurity Malaysia has established a Honeynet project known as Lebahnet.

Lebahnet is a Honeypot Based Distributed System for detecting and capturing attacks that evades traditional security devices. This project was initiated in 2002.

Lebahnet as a lightweight and passive honeypot; emulate vulnerabilities of operating systems used in an enterprise to alert security administrator on source of attacks.

The project aims to provide valuable supporting information such as network trends and malicious activities for our incident handling and advisory activities currently carried out by MyCERT. Lebahnet also serves as a research network for our analysts to experiment with relevant tools and techniques.

MyCERT has deployed the LebahNET Sensor in several areas in Malaysia.

2. Analysis

The data is collected from LebahNET Sensors from 2015-09-01 to 2015-09-30.

Summary of collected data

Number of Hits: 35294
Total Malwares: 571
Unique Malwares: 47

Targeted Services

Top 10 Threat Origins

Top 10 IPs

# Source IP Total
1 222.186.61.10 (CN) 5032
2 222.186.34.74 (CN) 4711
3 61.147.103.166 (CN) 3688
4 45.35.33.50 (US) 1105
5 80.82.64.134 (NL) 659
6 117.21.176.17 (CN) 650
7 112.5.16.68 (CN) 630
8 58.63.245.217 (CN) 558
9 45.34.1.183 (US) 432
10 89.163.144.80 (DE) 360

Web Attack

Bruteforce Attack

Targeted Services

Top 10 Username

# Username Total
1 sa 9703
2 root 4018
3 admin 1663
4 ubnt 464
5 mysql 158
6 support 150
7 user 124
8 test 119
9 oracle 114
10 DUP root 99

Top 10 Password

# Password Total
1 admin 1247
2 root 615
3 ubnt 375
4 password 260
5 123456 222
6 1 112
7 support 108
8 12345 89
9 00 81
10 1234 78

LebahNET API – Malware Information

FireShot Screen Capture #038 - 'LebahNET - Distributed Honeypot Network' - dashboard_honeynet_org_my

We are pleased to announce that we have provided access to public to obtain information on malwares collected by our LebahNET Sensor. Interested parties may access this information by using our Public API.

These are public API that we’re offering to public:
– List of Malware MD5
– List of latest 10 Malware MD5 with timestamp
– Malware Information
– Download malware binary

Please email to us following information in order to receive the API key:

– Your First & Last Name (may not be a third party contact)
– Your Organization and Address
– Contact information for verification.

Our email address is: lebahnet@cybersecurity.my