Some Basic Credential and Country Analysis of Incoming Mirai (IoT Botnet) Traffic
October 30, 2016
I’ve been messing with Robert Graham’s TelnetLogger project today and captured some IPs and credentials over around two hours.
I was curious of two things:
Which credentials would be most popular
Which were the most common source IPs
The listener has options for capturing both via:
telnetlogger -p passwds.txt -i ips.txt
What I did was create a simple script (HoneyCredIPTracker) that processes the output. It basically summons the all-powerful combo of:
sort | uniq -c | sort -nr
Fascinating to see which countries are trying most often, and what credentials they’re trying the most.
You can get the script here.