1. Summary
CyberSecurity Malaysia has established a Honeynet project known as Lebahnet.
Lebahnet is a Honeypot Based Distributed System for detecting and capturing attacks that evades traditional security devices. This project was initiated in 2002.
Lebahnet as a lightweight and passive honeypot; emulate vulnerabilities of operating systems used in an enterprise to alert security administrator on source of attacks.
The project aims to provide valuable supporting information such as network trends and malicious activities for our incident handling and advisory activities currently carried out by MyCERT. Lebahnet also serves as a research network for our analysts to experiment with relevant tools and techniques.
MyCERT has deployed the LebahNET Sensor in several areas in Malaysia.
2. Analysis
The data is collected from LebahNET Sensors from 2015-11-01 to 2015-11-30.
Summary of collected data
Number of Hits: 82698
Total Malwares: 579
Unique Malwares: 101
Targeted Services
Top 10 Threat Origins
Top 10 IPs
| # | Source IP | Total |
| 1 | 92.222.66.177 (FR) | 5465 |
| 2 | 222.186.30.215 (CN) | 5457 |
| 3 | 61.147.103.166 (CN) | 3837 |
| 4 | 91.223.180.141 (UA) | 3532 |
| 5 | 61.147.103.106 (CN) | 2875 |
| 6 | 201.33.229.234 (BR) | 2330 |
| 7 | 23.228.81.69 (US) | 2251 |
| 8 | 5.35.244.67 (DE) | 1416 |
| 9 | 117.79.146.58 (CN) | 1270 |
| 10 | 222.186.34.74 (CN) | 912 |
Web Attack
Bruteforce Attack
Targeted Services
Top 10 Username
| # | Username | Total |
| 1 | root | 13205 |
| 2 | sa | 10471 |
| 3 | admin | 5517 |
| 4 | ubnt | 1445 |
| 5 | user | 661 |
| 6 | test | 570 |
| 7 | oracle | 475 |
| 8 | support | 465 |
| 9 | mysql | 443 |
| 10 | app | 373 |
Top 10 Password
| # | Password | Total |
| 1 | admin | 2182 |
| 2 | root | 2120 |
| 3 | ubnt | 1005 |
| 4 | 123456 | 951 |
| 5 | 12345 | 714 |
| 6 | password | 534 |
| 7 | support | 321 |
| 8 | – | 249 |
| 9 | 1234 | 231 |
| 10 | 123qwe | 229 |