1 Week Worth of Data in a Mittre Attack Honeypot
We are proud of sharing the following Honeypot activity
information gathered in the Christmas week 21st to 27th December 2020
If you kwnow how the hackers are going to attack and what tactics and tools are they meant to use, you will be able to protect you
Our Cybersecurity honeypot was
able to monitor multiple attempts
| Rule ID | Description | Level | Count |
|---|---|---|---|
|
550 |
Integrity checksum changed |
7 |
13768 |
|
60103 |
Windows logon success |
3 |
319 |
|
63104 |
A windows log file was cleared |
5 |
284 |
|
553 |
File deleted |
7 |
40 |
|
60110 |
User account changed |
8 |
11 |
|
5710 |
sshd: attempt to login using non-existent user |
5 |
6 |
|
60118 |
Windows work station logon success |
3 |
5 |
|
60144 |
Security enabled local group member added |
5 |
5 |
|
60747 |
WMI service started successfully |
3 |
5 |
|
5011 |
PAM: login session opened |
3 |
4 |
|
5715 |
sshd: authentication success |
4 |
4 |
|
87105 |
User account enabled or created |
3 |
4 |
|
87105 |
Virustotal: Alert - c:\users\administrator\desktop\logdelete.bat - 2 engines detected this file |
12 |
3 |
|
87105 |
Virustotal: Alert - c:\users\administrator\desktop\defendercontrol.bat - 3 engines detected this file |
12 |
2 |
|
60141 |
Security enabled global group member added |
5 |
2 |
|
504 |
Ossec agent disconnected |
3 |
1 |
|
60145 |
Security enabled global group member removed |
5 |
1 |
|
63103 |
The audit log was cleared |
5 |
1 |