LebahNET Statistic – November 2015

1. Summary

CyberSecurity Malaysia has established a Honeynet project known as Lebahnet.

Lebahnet is a Honeypot Based Distributed System for detecting and capturing attacks that evades traditional security devices. This project was initiated in 2002.

Lebahnet as a lightweight and passive honeypot; emulate vulnerabilities of operating systems used in an enterprise to alert security administrator on source of attacks.

The project aims to provide valuable supporting information such as network trends and malicious activities for our incident handling and advisory activities currently carried out by MyCERT. Lebahnet also serves as a research network for our analysts to experiment with relevant tools and techniques.

MyCERT has deployed the LebahNET Sensor in several areas in Malaysia.

2. Analysis

The data is collected from LebahNET Sensors from 2015-11-01 to 2015-11-30.

Summary of collected data

Number of Hits: 82698
Total Malwares: 579
Unique Malwares: 101

Targeted Services

Top 10 Threat Origins

Top 10 IPs

# Source IP Total
1 92.222.66.177 (FR) 5465
2 222.186.30.215 (CN) 5457
3 61.147.103.166 (CN) 3837
4 91.223.180.141 (UA) 3532
5 61.147.103.106 (CN) 2875
6 201.33.229.234 (BR) 2330
7 23.228.81.69 (US) 2251
8 5.35.244.67 (DE) 1416
9 117.79.146.58 (CN) 1270
10 222.186.34.74 (CN) 912

Web Attack

Bruteforce Attack

Targeted Services

Top 10 Username

# Username Total
1 root 13205
2 sa 10471
3 admin 5517
4 ubnt 1445
5 user 661
6 test 570
7 oracle 475
8 support 465
9 mysql 443
10 app 373

Top 10 Password

# Password Total
1 admin 2182
2 root 2120
3 ubnt 1005
4 123456 951
5 12345 714
6 password 534
7 support 321
8 249
9 1234 231
10 123qwe 229

Leave a Reply

Your email address will not be published. Required fields are marked *