2017-02-26. SMB attacked from 111.20.190.18,China

{    “project”: “OpenBlackList (https://twitter.com/openblacklist)”,    “author”: “ElCatapan (https://twitter.com/ElCatapan)”,    “attack details”: {        “timestamp”: “2017-02-26 15:59:19”,        “source of the attack”: {            “ip”: “111.20.190.18”,            “domain”: “AS9808-China Mobile Communications CorporationMobile Communications Network Operator in ChinaInternet Service Provider in China”,            “geoloc”: “China”        },        “honeypot sensor target”: “sensor03”,        “service attacked”: “SMB”,        “protocol”: “tcp”,        “source port”: 38585,        “destination port”: 445,        “dce/rpc”: [            {                “DCE/RPC bind”: []            },            {                “DCE/RPC request”: []            }        ],        “vulnerability exploited”: [],        “profiling”: [],        “url offered”: [],        “url download”: [],        “action”: []    },    “virus total analysis”: [],    “static analysis with peframe”: []}

2017-02-26. SMB attacked from 111.20.190.18,China

{    “project”: “OpenBlackList (https://twitter.com/openblacklist)”,    “author”: “ElCatapan (https://twitter.com/ElCatapan)”,    “attack details”: {        “timestamp”: “2017-02-26 15:59:17”,        “source of the attack”: {            “ip”: “111.20.190.18”,            “domain”: “AS9808-China Mobile Communications CorporationMobile Communications Network Operator in ChinaInternet Service Provider in China”,            “geoloc”: “China”        },        “honeypot sensor target”: “sensor03”,        “service attacked”: “SMB”,        “protocol”: “tcp”,        “source port”: 38584,        “destination port”: 445,        “dce/rpc”: [            {                “DCE/RPC bind”: []            },            {                “DCE/RPC request”: []            }        ],        “vulnerability exploited”: [],        “profiling”: [],        “url offered”: [],        “url download”: [],        “action”: []    },    “virus total analysis”: [],    “static analysis with peframe”: []}

2017-02-26. SMB attacked from 111.20.190.18,China

{    “project”: “OpenBlackList (https://twitter.com/openblacklist)”,    “author”: “ElCatapan (https://twitter.com/ElCatapan)”,    “attack details”: {        “timestamp”: “2017-02-26 15:59:16”,        “source of the attack”: {            “ip”: “111.20.190.18”,            “domain”: “AS9808-China Mobile Communications CorporationMobile Communications Network Operator in ChinaInternet Service Provider in China”,            “geoloc”: “China”        },        “honeypot sensor target”: “sensor03”,        “service attacked”: “SMB”,        “protocol”: “tcp”,        “source port”: 38583,        “destination port”: 445,        “dce/rpc”: [            {                “DCE/RPC bind”: []            },            {                “DCE/RPC request”: []            }        ],        “vulnerability exploited”: [],        “profiling”: [],        “url offered”: [],        “url download”: [],        “action”: []    },    “virus total analysis”: [],    “static analysis with peframe”: []}

2017-02-26. SMB attacked from 111.20.190.18,China

{    “project”: “OpenBlackList (https://twitter.com/openblacklist)”,    “author”: “ElCatapan (https://twitter.com/ElCatapan)”,    “attack details”: {        “timestamp”: “2017-02-26 15:59:15”,        “source of the attack”: {            “ip”: “111.20.190.18”,            “domain”: “AS9808-China Mobile Communications CorporationMobile Communications Network Operator in ChinaInternet Service Provider in China”,            “geoloc”: “China”        },        “honeypot sensor target”: “sensor03”,        “service attacked”: “SMB”,        “protocol”: “tcp”,        “source port”: 38582,        “destination port”: 445,        “dce/rpc”: [            {                “DCE/RPC bind”: []            },            {                “DCE/RPC request”: []            }        ],        “vulnerability exploited”: [],        “profiling”: [],        “url offered”: [],        “url download”: [],        “action”: []    },    “virus total analysis”: [],    “static analysis with peframe”: []}

2017-02-26. SMB attacked from 111.20.190.18,China

{    “project”: “OpenBlackList (https://twitter.com/openblacklist)”,    “author”: “ElCatapan (https://twitter.com/ElCatapan)”,    “attack details”: {        “timestamp”: “2017-02-26 15:59:03”,        “source of the attack”: {            “ip”: “111.20.190.18”,            “domain”: “AS9808-China Mobile Communications CorporationMobile Communications Network Operator in ChinaInternet Service Provider in China”,            “geoloc”: “China”        },        “honeypot sensor target”: “sensor03”,        “service attacked”: “SMB”,        “protocol”: “tcp”,        “source port”: 38581,        “destination port”: 445,        “dce/rpc”: [            {                “DCE/RPC bind”: []            },            {                “DCE/RPC request”: []            }        ],        “vulnerability exploited”: [],        “profiling”: [],        “url offered”: [],        “url download”: [],        “action”: []    },    “virus total analysis”: [],    “static analysis with peframe”: []}

2017-02-26. SMB attacked from 111.20.190.18,China

{    “project”: “OpenBlackList (https://twitter.com/openblacklist)”,    “author”: “ElCatapan (https://twitter.com/ElCatapan)”,    “attack details”: {        “timestamp”: “2017-02-26 15:59:02”,        “source of the attack”: {            “ip”: “111.20.190.18”,            “domain”: “AS9808-China Mobile Communications CorporationMobile Communications Network Operator in ChinaInternet Service Provider in China”,            “geoloc”: “China”        },        “honeypot sensor target”: “sensor03”,        “service attacked”: “SMB”,        “protocol”: “tcp”,        “source port”: 38579,        “destination port”: 445,        “dce/rpc”: [            {                “DCE/RPC bind”: []            },            {                “DCE/RPC request”: []            }        ],        “vulnerability exploited”: [],        “profiling”: [],        “url offered”: [],        “url download”: [],        “action”: []    },    “virus total analysis”: [],    “static analysis with peframe”: []}

2017-02-26. SMB attacked from 111.20.190.18,China

{    “project”: “OpenBlackList (https://twitter.com/openblacklist)”,    “author”: “ElCatapan (https://twitter.com/ElCatapan)”,    “attack details”: {        “timestamp”: “2017-02-26 15:58:57”,        “source of the attack”: {            “ip”: “111.20.190.18”,            “domain”: “AS9808-China Mobile Communications CorporationMobile Communications Network Operator in ChinaInternet Service Provider in China”,            “geoloc”: “China”        },        “honeypot sensor target”: “sensor03”,        “service attacked”: “SMB”,        “protocol”: “tcp”,        “source port”: 38577,        “destination port”: 445,        “dce/rpc”: [            {                “DCE/RPC bind”: [                    {                        “servicename”: “samr”,                        “uuid”: “12345778-1234-abcd-ef00-0123456789ac”,                        “transfersyntax”: “8a885d04-1ceb-11c9-9fe8-08002b104860”                    },                    {                        “servicename”: “samr”,                        “uuid”: “12345778-1234-abcd-ef00-0123456789ac”,                        “transfersyntax”: “6cb71c2c-9812-4540-0100-000000000000”                    }                ]            },            {                “DCE/RPC request”: [                    {                        “operationname”: “Connect5”,                        “operationnumber”: 64,                        “servicename”: “samr”,                        “uuid”: “12345778-1234-abcd-ef00-0123456789ac”                    },                    {                        “operationname”: “EnumDomains”,                        “operationnumber”: 6,                        “servicename”: “samr”,                        “uuid”: “12345778-1234-abcd-ef00-0123456789ac”                    },                    {                        “operationname”: “LookupDomain”,                        “operationnumber”: 5,                        “servicename”: “samr”,                        “uuid”: “12345778-1234-abcd-ef00-0123456789ac”                    },                    {                        “operationname”: “OpenDomain”,                        “operationnumber”: 7,                        “servicename”: “samr”,                        “uuid”: “12345778-1234-abcd-ef00-0123456789ac”                    },                    {                        “operationname”: “EnumDomainUsers”,                        “operationnumber”: 13,                        “servicename”: “samr”,                        “uuid”: “12345778-1234-abcd-ef00-0123456789ac”                    },                    {                        “operationname”: “Close”,                        “operationnumber”: 1,                        “servicename”: “samr”,                        “uuid”: “12345778-1234-abcd-ef00-0123456789ac”                    },                    {                        “operationname”: “Close”,                        “operationnumber”: 1,                        “servicename”: “samr”,                        “uuid”: “12345778-1234-abcd-ef00-0123456789ac”                    }                ]            }        ],        “vulnerability exploited”: [],        “profiling”: [],        “url offered”: [],        “url download”: [],        “action”: []    },    “virus total analysis”: [],    “static analysis with peframe”: []}

2017-02-26. SMB attacked from 111.20.190.18,China

{    “project”: “OpenBlackList (https://twitter.com/openblacklist)”,    “author”: “ElCatapan (https://twitter.com/ElCatapan)”,    “attack details”: {        “timestamp”: “2017-02-26 15:58:56”,        “source of the attack”: {            “ip”: “111.20.190.18”,            “domain”: “AS9808-China Mobile Communications CorporationMobile Communications Network Operator in ChinaInternet Service Provider in China”,            “geoloc”: “China”        },        “honeypot sensor target”: “sensor03”,        “service attacked”: “SMB”,        “protocol”: “tcp”,        “source port”: 38576,        “destination port”: 445,        “dce/rpc”: [            {                “DCE/RPC bind”: []            },            {                “DCE/RPC request”: []            }        ],        “vulnerability exploited”: [],        “profiling”: [],        “url offered”: [],        “url download”: [],        “action”: []    },    “virus total analysis”: [],    “static analysis with peframe”: []}

2017-02-26. SMB attacked from 80.82.65.79,Seychelles

{    “project”: “OpenBlackList (https://twitter.com/openblacklist)”,    “author”: “ElCatapan (https://twitter.com/ElCatapan)”,    “attack details”: {        “timestamp”: “2017-02-26 15:09:00”,        “source of the attack”: {            “ip”: “80.82.65.79”,            “domain”: “tg16.pectol.pl”,            “geoloc”: “Seychelles”        },        “honeypot sensor target”: “sensor03”,        “service attacked”: “SMB”,        “protocol”: “tcp”,        “source port”: 37656,        “destination port”: 445,        “dce/rpc”: [            {                “DCE/RPC bind”: []            },            {                “DCE/RPC request”: []            }        ],        “vulnerability exploited”: [],        “profiling”: [],        “url offered”: [],        “url download”: [],        “action”: []    },    “virus total analysis”: [],    “static analysis with peframe”: []}

2017-02-26. MSSQL attacked from 61.177.191.186,China

{    “project”: “OpenBlackList (https://twitter.com/openblacklist)”,    “author”: “ElCatapan (https://twitter.com/ElCatapan)”,    “attack details”: {        “timestamp”: “2017-02-26 14:33:48”,        “source of the attack”: {            “ip”: “61.177.191.186”,            “domain”: “AS4134-JISHUZHICHENG-CORPYangzhou CityJiangsu Province”,            “geoloc”: “China”        },        “honeypot sensor target”: “sensor03”,        “service attacked”: “MSSQL”,        “protocol”: “tcp”,        “source port”: 12543,        “destination port”: 1433,        “login”: [],        “mssql command”: [],        “mssql fingerprint”: []    }}