2016-06-30. SMB attacked from 94.242.255.196,Luxembourg

{    “project”: “OpenBlackList (https://twitter.com/openblacklist)”,    “author”: “ElCatapan (https://twitter.com/ElCatapan)”,    “attack details”: {        “timestamp”: “2016-06-30 20:29:08”,        “source of the attack”: {            “ip”: “94.242.255.196”,            “domain”: “ip-static-94-242-255-196.server.lu”,            “geoloc”: “Luxembourg”        },        “honeypot sensor target”: “sensor01”,        “service attacked”: “SMB”,        “protocol”: “tcp”,        “source port”: 60434,        “destination port”: 445,        “dce/rpc”: [            {                “DCE/RPC bind”: []            },            {                “DCE/RPC request”: []            }        ],        “vulnerability exploited”: [],        “profiling”: [],        “url offered”: [],        “url download”: [],        “action”: []    },    “virus total analysis”: [],    “static analysis with peframe”: []}

2016-06-30. MSSQL attacked from 169.54.244.89,United States

{    “project”: “OpenBlackList (https://twitter.com/openblacklist)”,    “author”: “ElCatapan (https://twitter.com/ElCatapan)”,    “attack details”: {        “timestamp”: “2016-06-30 17:32:13”,        “source of the attack”: {            “ip”: “169.54.244.89”,            “domain”: “59.f4.36a9.ip4.static.sl-reverse.com”,            “geoloc”: “United States”        },        “honeypot sensor target”: “sensor01”,        “service attacked”: “MSSQL”,        “protocol”: “tcp”,        “source port”: 1344,        “destination port”: 1433,        “login”: [],        “mssql command”: [],        “mssql fingerprint”: []    }}

2016-06-30. SMB attacked from 94.242.255.196,Luxembourg

{    “project”: “OpenBlackList (https://twitter.com/openblacklist)”,    “author”: “ElCatapan (https://twitter.com/ElCatapan)”,    “attack details”: {        “timestamp”: “2016-06-30 16:50:55”,        “source of the attack”: {            “ip”: “94.242.255.196”,            “domain”: “ip-static-94-242-255-196.server.lu”,            “geoloc”: “Luxembourg”        },        “honeypot sensor target”: “sensor01”,        “service attacked”: “SMB”,        “protocol”: “tcp”,        “source port”: 41026,        “destination port”: 445,        “dce/rpc”: [            {                “DCE/RPC bind”: []            },            {                “DCE/RPC request”: []            }        ],        “vulnerability exploited”: [],        “profiling”: [],        “url offered”: [],        “url download”: [],        “action”: []    },    “virus total analysis”: [],    “static analysis with peframe”: []}

2016-06-30. SMB attacked from 93.174.93.181,Seychelles

{    “project”: “OpenBlackList (https://twitter.com/openblacklist)”,    “author”: “ElCatapan (https://twitter.com/ElCatapan)”,    “attack details”: {        “timestamp”: “2016-06-30 16:19:32”,        “source of the attack”: {            “ip”: “93.174.93.181”,            “domain”: “hosted-by.maxided.com”,            “geoloc”: “Seychelles”        },        “honeypot sensor target”: “sensor01”,        “service attacked”: “SMB”,        “protocol”: “tcp”,        “source port”: 51325,        “destination port”: 445,        “dce/rpc”: [            {                “DCE/RPC bind”: []            },            {                “DCE/RPC request”: []            }        ],        “vulnerability exploited”: [],        “profiling”: [],        “url offered”: [],        “url download”: [],        “action”: []    },    “virus total analysis”: [],    “static analysis with peframe”: []}

2016-06-30. SMB attacked from 89.248.162.212,Seychelles

{    “project”: “OpenBlackList (https://twitter.com/openblacklist)”,    “author”: “ElCatapan (https://twitter.com/ElCatapan)”,    “attack details”: {        “timestamp”: “2016-06-30 14:52:46”,        “source of the attack”: {            “ip”: “89.248.162.212”,            “domain”: “nl1.nlkoddos.com”,            “geoloc”: “Seychelles”        },        “honeypot sensor target”: “sensor01”,        “service attacked”: “SMB”,        “protocol”: “tcp”,        “source port”: 42886,        “destination port”: 445,        “dce/rpc”: [            {                “DCE/RPC bind”: []            },            {                “DCE/RPC request”: []            }        ],        “vulnerability exploited”: [],        “profiling”: [],        “url offered”: [],        “url download”: [],        “action”: []    },    “virus total analysis”: [],    “static analysis with peframe”: []}

2016-06-30. SMB attacked from 89.248.172.115,Seychelles

{    “project”: “OpenBlackList (https://twitter.com/openblacklist)”,    “author”: “ElCatapan (https://twitter.com/ElCatapan)”,    “attack details”: {        “timestamp”: “2016-06-30 14:50:35”,        “source of the attack”: {            “ip”: “89.248.172.115”,            “domain”: “no-reverse-dns-configured.com”,            “geoloc”: “Seychelles”        },        “honeypot sensor target”: “sensor01”,        “service attacked”: “SMB”,        “protocol”: “tcp”,        “source port”: 37618,        “destination port”: 445,        “dce/rpc”: [            {                “DCE/RPC bind”: []            },            {                “DCE/RPC request”: []            }        ],        “vulnerability exploited”: [],        “profiling”: [],        “url offered”: [],        “url download”: [],        “action”: []    },    “virus total analysis”: [],    “static analysis with peframe”: []}

2016-06-30. SMB attacked from 89.248.162.212,Seychelles

{    “project”: “OpenBlackList (https://twitter.com/openblacklist)”,    “author”: “ElCatapan (https://twitter.com/ElCatapan)”,    “attack details”: {        “timestamp”: “2016-06-30 06:23:08”,        “source of the attack”: {            “ip”: “89.248.162.212”,            “domain”: “nl1.nlkoddos.com”,            “geoloc”: “Seychelles”        },        “honeypot sensor target”: “sensor01”,        “service attacked”: “SMB”,        “protocol”: “tcp”,        “source port”: 55127,        “destination port”: 445,        “dce/rpc”: [            {                “DCE/RPC bind”: []            },            {                “DCE/RPC request”: []            }        ],        “vulnerability exploited”: [],        “profiling”: [],        “url offered”: [],        “url download”: [],        “action”: []    },    “virus total analysis”: [],    “static analysis with peframe”: []}

2016-06-30. SMB attacked from 93.174.93.181,Seychelles

{    “project”: “OpenBlackList (https://twitter.com/openblacklist)”,    “author”: “ElCatapan (https://twitter.com/ElCatapan)”,    “attack details”: {        “timestamp”: “2016-06-30 03:43:07”,        “source of the attack”: {            “ip”: “93.174.93.181”,            “domain”: “hosted-by.maxided.com”,            “geoloc”: “Seychelles”        },        “honeypot sensor target”: “sensor01”,        “service attacked”: “SMB”,        “protocol”: “tcp”,        “source port”: 54598,        “destination port”: 445,        “dce/rpc”: [            {                “DCE/RPC bind”: []            },            {                “DCE/RPC request”: []            }        ],        “vulnerability exploited”: [],        “profiling”: [],        “url offered”: [],        “url download”: [],        “action”: []    },    “virus total analysis”: [],    “static analysis with peframe”: []}

2016-06-30. SMB attacked from 93.174.93.181,Seychelles

{    “project”: “OpenBlackList (https://twitter.com/openblacklist)”,    “author”: “ElCatapan (https://twitter.com/ElCatapan)”,    “attack details”: {        “timestamp”: “2016-06-30 03:43:07”,        “source of the attack”: {            “ip”: “93.174.93.181”,            “domain”: “hosted-by.maxided.com”,            “geoloc”: “Seychelles”        },        “honeypot sensor target”: “sensor01”,        “service attacked”: “SMB”,        “protocol”: “tcp”,        “source port”: 54598,        “destination port”: 445,        “dce/rpc”: [            {                “DCE/RPC bind”: []            },            {                “DCE/RPC request”: []            }        ],        “vulnerability exploited”: [],        “profiling”: [],        “url offered”: [],        “url download”: [],        “action”: []    },    “virus total analysis”: [],    “static analysis with peframe”: []}

2016-06-30. SMB attacked from 93.174.93.181,Seychelles

{    “project”: “OpenBlackList (https://twitter.com/openblacklist)”,    “author”: “ElCatapan (https://twitter.com/ElCatapan)”,    “attack details”: {        “timestamp”: “2016-06-30 03:43:07”,        “source of the attack”: {            “ip”: “93.174.93.181”,            “domain”: “hosted-by.maxided.com”,            “geoloc”: “Seychelles”        },        “honeypot sensor target”: “sensor01”,        “service attacked”: “SMB”,        “protocol”: “tcp”,        “source port”: 54598,        “destination port”: 445,        “dce/rpc”: [            {                “DCE/RPC bind”: []            },            {                “DCE/RPC request”: []            }        ],        “vulnerability exploited”: [],        “profiling”: [],        “url offered”: [],        “url download”: [],        “action”: []    },    “virus total analysis”: [],    “static analysis with peframe”: []}