API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 22nd, 2018
364
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 90.07 KB | None | 0 0
raw download clone embed print report
  1. {"eventid": "cowrie.session.connect", "src_ip": "182.122.122.92", "src_port": 48299, "timestamp": "2018-01-21T22:35:42.292318Z", "message": "New connection: 182.122.122.92:48299 (192.168.1.39:2222) [session: df5370a8829b]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "df5370a8829b", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  2. {"macCS": ["hmac-md5", "hmac-sha1"], "session": "df5370a8829b", "kexAlgs": ["diffie-hellman-group1-sha1", "diffie-hellman-group14-sha1"], "message": "Remote SSH version: SSH-2.0-sshlib-0.1", "system": "HoneyPotSSHTransport,0,182.122.122.92", "src_ip": "182.122.122.92", "version": "SSH-2.0-sshlib-0.1", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T22:35:43.047236Z", "keyAlgs": ["ssh-dss", "ssh-rsa"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-cbc", "aes128-ctr"]}
  3. {"eventid": "cowrie.login.success", "username": "root", "timestamp": "2018-01-21T22:35:44.954355Z", "message": "login attempt [root/nosoup4u] succeeded", "system": "SSHService 'ssh-userauth' on HoneyPotSSHTransport,0,182.122.122.92", "isError": 0, "src_ip": "182.122.122.92", "session": "df5370a8829b", "password": "nosoup4u", "sensor": "SRV-POL-WAW"}
  4. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T22:35:45.344142Z", "message": "Connection lost after 3 seconds", "system": "HoneyPotSSHTransport,0,182.122.122.92", "isError": 0, "src_ip": "182.122.122.92", "duration": 3.0423948764801025, "session": "df5370a8829b", "sensor": "SRV-POL-WAW"}
  5. {"eventid": "cowrie.session.connect", "src_ip": "195.22.127.83", "src_port": 55029, "timestamp": "2018-01-21T22:35:47.308904Z", "message": "New connection: 195.22.127.83:55029 (192.168.1.39:2222) [session: e185a10c810d]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "e185a10c810d", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  6. {"macCS": ["hmac-md5", "hmac-sha1"], "session": "e185a10c810d", "kexAlgs": ["diffie-hellman-group1-sha1", "diffie-hellman-group14-sha1"], "message": "Remote SSH version: SSH-2.0-sshlib-0.2", "system": "HoneyPotSSHTransport,1,195.22.127.83", "src_ip": "195.22.127.83", "version": "SSH-2.0-sshlib-0.2", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T22:35:47.373615Z", "keyAlgs": ["ssh-dss", "ssh-rsa"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-cbc", "aes128-ctr"]}
  7. {"eventid": "cowrie.login.success", "username": "root", "timestamp": "2018-01-21T22:35:47.862986Z", "message": "login attempt [root/nosoup4u] succeeded", "system": "SSHService 'ssh-userauth' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "password": "nosoup4u", "sensor": "SRV-POL-WAW"}
  8. {"eventid": "cowrie.direct-tcpip.request", "timestamp": "2018-01-21T22:35:47.931027Z", "dst_ip": "195.22.127.83", "system": "SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "dst_port": 443, "src_port": 22, "message": "direct-tcp connection request to 195.22.127.83:443 from 127.0.0.1:22", "sensor": "SRV-POL-WAW"}
  9. {"eventid": "cowrie.client.size", "timestamp": "2018-01-21T22:35:51.636942Z", "message": "Terminal Size: 24 280", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "height": 280, "src_ip": "195.22.127.83", "width": 24, "isError": 0, "session": "e185a10c810d", "sensor": "SRV-POL-WAW"}
  10. {"eventid": "cowrie.log.open", "ttylog": "log/tty/20180121-223551-e185a10c810d-0i.log", "timestamp": "2018-01-21T22:35:51.674112Z", "message": "Opening TTY Log: log/tty/20180121-223551-e185a10c810d-0i.log", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "sensor": "SRV-POL-WAW"}
  11. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:52.038288Z", "message": "CMD: /gweerwe323f", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "/gweerwe323f", "sensor": "SRV-POL-WAW"}
  12. {"eventid": "cowrie.command.failed", "timestamp": "2018-01-21T22:35:52.045610Z", "message": "Command not found: /gweerwe323f", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "/gweerwe323f", "sensor": "SRV-POL-WAW"}
  13. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:52.054350Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "", "sensor": "SRV-POL-WAW"}
  14. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:52.100462Z", "message": "CMD: sudo /bin/sh ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "sudo /bin/sh ", "sensor": "SRV-POL-WAW"}
  15. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:52.108329Z", "message": "Command found: sudo /bin/sh", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "sudo /bin/sh", "sensor": "SRV-POL-WAW"}
  16. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:52.114651Z", "message": "Command found: /bin/sh", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "/bin/sh", "sensor": "SRV-POL-WAW"}
  17. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:52.126550Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "", "sensor": "SRV-POL-WAW"}
  18. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:52.174808Z", "message": "CMD: /bin/busybox cp; /gweerwe323f", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "/bin/busybox cp; /gweerwe323f", "sensor": "SRV-POL-WAW"}
  19. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:52.181977Z", "message": "Command found: /bin/busybox cp", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "/bin/busybox cp", "sensor": "SRV-POL-WAW"}
  20. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:52.192389Z", "message": "Command found: cp", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "cp", "sensor": "SRV-POL-WAW"}
  21. {"eventid": "cowrie.command.failed", "timestamp": "2018-01-21T22:35:52.203136Z", "message": "Command not found: /gweerwe323f", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "/gweerwe323f", "sensor": "SRV-POL-WAW"}
  22. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:52.213170Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "", "sensor": "SRV-POL-WAW"}
  23. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:52.267502Z", "message": "CMD: mount ;/gweerwe323f", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": " mount ;/gweerwe323f", "sensor": "SRV-POL-WAW"}
  24. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:52.278113Z", "message": "Command found: mount ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "mount ", "sensor": "SRV-POL-WAW"}
  25. {"eventid": "cowrie.command.failed", "timestamp": "2018-01-21T22:35:52.289793Z", "message": "Command not found: /gweerwe323f", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "/gweerwe323f", "sensor": "SRV-POL-WAW"}
  26. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:52.299382Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "", "sensor": "SRV-POL-WAW"}
  27. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:52.393788Z", "message": "CMD: echo -e '\\x47\\x72\\x6f\\x70/' > //.nippon; cat //.nippon; rm -f //.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": " echo -e '\\x47\\x72\\x6f\\x70/' > //.nippon; cat //.nippon; rm -f //.nippon", "sensor": "SRV-POL-WAW"}
  28. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:52.408692Z", "message": "Command found: echo -e '\\x47\\x72\\x6f\\x70/' > //.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "echo -e '\\x47\\x72\\x6f\\x70/' > //.nippon", "sensor": "SRV-POL-WAW"}
  29. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:52.428431Z", "message": "Command found: cat //.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "cat //.nippon", "sensor": "SRV-POL-WAW"}
  30. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:52.442439Z", "message": "Command found: rm -f //.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "rm -f //.nippon", "sensor": "SRV-POL-WAW"}
  31. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:52.451860Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "", "sensor": "SRV-POL-WAW"}
  32. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:52.526833Z", "message": "CMD: echo -e '\\x47\\x72\\x6f\\x70/tmp' > /tmp/.nippon; cat /tmp/.nippon; rm -f /tmp/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": " echo -e '\\x47\\x72\\x6f\\x70/tmp' > /tmp/.nippon; cat /tmp/.nippon; rm -f /tmp/.nippon", "sensor": "SRV-POL-WAW"}
  33. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:52.539755Z", "message": "Command found: echo -e '\\x47\\x72\\x6f\\x70/tmp' > /tmp/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "echo -e '\\x47\\x72\\x6f\\x70/tmp' > /tmp/.nippon", "sensor": "SRV-POL-WAW"}
  34. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:52.554026Z", "message": "Command found: cat /tmp/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "cat /tmp/.nippon", "sensor": "SRV-POL-WAW"}
  35. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:52.567718Z", "message": "Command found: rm -f /tmp/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "rm -f /tmp/.nippon", "sensor": "SRV-POL-WAW"}
  36. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:52.578291Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "", "sensor": "SRV-POL-WAW"}
  37. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:52.657727Z", "message": "CMD: echo -e '\\x47\\x72\\x6f\\x70/var/tmp' > /var/tmp/.nippon; cat /var/tmp/.nippon; rm -f /var/tmp/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": " echo -e '\\x47\\x72\\x6f\\x70/var/tmp' > /var/tmp/.nippon; cat /var/tmp/.nippon; rm -f /var/tmp/.nippon", "sensor": "SRV-POL-WAW"}
  38. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:52.679571Z", "message": "Command found: echo -e '\\x47\\x72\\x6f\\x70/var/tmp' > /var/tmp/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "echo -e '\\x47\\x72\\x6f\\x70/var/tmp' > /var/tmp/.nippon", "sensor": "SRV-POL-WAW"}
  39. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:52.693964Z", "message": "Command found: cat /var/tmp/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "cat /var/tmp/.nippon", "sensor": "SRV-POL-WAW"}
  40. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:52.707735Z", "message": "Command found: rm -f /var/tmp/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "rm -f /var/tmp/.nippon", "sensor": "SRV-POL-WAW"}
  41. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:52.717127Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "", "sensor": "SRV-POL-WAW"}
  42. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:52.779010Z", "message": "CMD: echo -e '\\x47\\x72\\x6f\\x70/' > //.nippon; cat //.nippon; rm -f //.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": " echo -e '\\x47\\x72\\x6f\\x70/' > //.nippon; cat //.nippon; rm -f //.nippon", "sensor": "SRV-POL-WAW"}
  43. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:52.790277Z", "message": "Command found: echo -e '\\x47\\x72\\x6f\\x70/' > //.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "echo -e '\\x47\\x72\\x6f\\x70/' > //.nippon", "sensor": "SRV-POL-WAW"}
  44. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:52.802759Z", "message": "Command found: cat //.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "cat //.nippon", "sensor": "SRV-POL-WAW"}
  45. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:52.816374Z", "message": "Command found: rm -f //.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "rm -f //.nippon", "sensor": "SRV-POL-WAW"}
  46. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:52.827088Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "", "sensor": "SRV-POL-WAW"}
  47. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:52.920078Z", "message": "CMD: echo -e '\\x47\\x72\\x6f\\x70/lib/init/rw' > /lib/init/rw/.nippon; cat /lib/init/rw/.nippon; rm -f /lib/init/rw/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": " echo -e '\\x47\\x72\\x6f\\x70/lib/init/rw' > /lib/init/rw/.nippon; cat /lib/init/rw/.nippon; rm -f /lib/init/rw/.nippon", "sensor": "SRV-POL-WAW"}
  48. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:52.934557Z", "message": "Command found: echo -e '\\x47\\x72\\x6f\\x70/lib/init/rw' > /lib/init/rw/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "echo -e '\\x47\\x72\\x6f\\x70/lib/init/rw' > /lib/init/rw/.nippon", "sensor": "SRV-POL-WAW"}
  49. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:52.946681Z", "message": "Command found: cat /lib/init/rw/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "cat /lib/init/rw/.nippon", "sensor": "SRV-POL-WAW"}
  50. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:52.960693Z", "message": "Command found: rm -f /lib/init/rw/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "rm -f /lib/init/rw/.nippon", "sensor": "SRV-POL-WAW"}
  51. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:52.972381Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "", "sensor": "SRV-POL-WAW"}
  52. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:53.043006Z", "message": "CMD: echo -e '\\x47\\x72\\x6f\\x70/proc' > /proc/.nippon; cat /proc/.nippon; rm -f /proc/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": " echo -e '\\x47\\x72\\x6f\\x70/proc' > /proc/.nippon; cat /proc/.nippon; rm -f /proc/.nippon", "sensor": "SRV-POL-WAW"}
  53. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:53.056577Z", "message": "Command found: echo -e '\\x47\\x72\\x6f\\x70/proc' > /proc/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "echo -e '\\x47\\x72\\x6f\\x70/proc' > /proc/.nippon", "sensor": "SRV-POL-WAW"}
  54. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:53.071945Z", "message": "Command found: cat /proc/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "cat /proc/.nippon", "sensor": "SRV-POL-WAW"}
  55. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:53.084709Z", "message": "Command found: rm -f /proc/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "rm -f /proc/.nippon", "sensor": "SRV-POL-WAW"}
  56. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:53.095969Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "", "sensor": "SRV-POL-WAW"}
  57. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:53.165386Z", "message": "CMD: echo -e '\\x47\\x72\\x6f\\x70/sys' > /sys/.nippon; cat /sys/.nippon; rm -f /sys/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": " echo -e '\\x47\\x72\\x6f\\x70/sys' > /sys/.nippon; cat /sys/.nippon; rm -f /sys/.nippon", "sensor": "SRV-POL-WAW"}
  58. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:53.178906Z", "message": "Command found: echo -e '\\x47\\x72\\x6f\\x70/sys' > /sys/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "echo -e '\\x47\\x72\\x6f\\x70/sys' > /sys/.nippon", "sensor": "SRV-POL-WAW"}
  59. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:53.192844Z", "message": "Command found: cat /sys/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "cat /sys/.nippon", "sensor": "SRV-POL-WAW"}
  60. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:53.205509Z", "message": "Command found: rm -f /sys/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "rm -f /sys/.nippon", "sensor": "SRV-POL-WAW"}
  61. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:53.213703Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "", "sensor": "SRV-POL-WAW"}
  62. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:53.282668Z", "message": "CMD: echo -e '\\x47\\x72\\x6f\\x70/dev' > /dev/.nippon; cat /dev/.nippon; rm -f /dev/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": " echo -e '\\x47\\x72\\x6f\\x70/dev' > /dev/.nippon; cat /dev/.nippon; rm -f /dev/.nippon", "sensor": "SRV-POL-WAW"}
  63. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:53.296324Z", "message": "Command found: echo -e '\\x47\\x72\\x6f\\x70/dev' > /dev/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "echo -e '\\x47\\x72\\x6f\\x70/dev' > /dev/.nippon", "sensor": "SRV-POL-WAW"}
  64. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:53.313217Z", "message": "Command found: cat /dev/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "cat /dev/.nippon", "sensor": "SRV-POL-WAW"}
  65. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:53.328603Z", "message": "Command found: rm -f /dev/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "rm -f /dev/.nippon", "sensor": "SRV-POL-WAW"}
  66. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:53.337888Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "", "sensor": "SRV-POL-WAW"}
  67. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:53.423154Z", "message": "CMD: echo -e '\\x47\\x72\\x6f\\x70/dev/shm' > /dev/shm/.nippon; cat /dev/shm/.nippon; rm -f /dev/shm/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": " echo -e '\\x47\\x72\\x6f\\x70/dev/shm' > /dev/shm/.nippon; cat /dev/shm/.nippon; rm -f /dev/shm/.nippon", "sensor": "SRV-POL-WAW"}
  68. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:53.437676Z", "message": "Command found: echo -e '\\x47\\x72\\x6f\\x70/dev/shm' > /dev/shm/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "echo -e '\\x47\\x72\\x6f\\x70/dev/shm' > /dev/shm/.nippon", "sensor": "SRV-POL-WAW"}
  69. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:53.456584Z", "message": "Command found: cat /dev/shm/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "cat /dev/shm/.nippon", "sensor": "SRV-POL-WAW"}
  70. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:53.472048Z", "message": "Command found: rm -f /dev/shm/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "rm -f /dev/shm/.nippon", "sensor": "SRV-POL-WAW"}
  71. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:53.480654Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "", "sensor": "SRV-POL-WAW"}
  72. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:53.572774Z", "message": "CMD: echo -e '\\x47\\x72\\x6f\\x70/dev/pts' > /dev/pts/.nippon; cat /dev/pts/.nippon; rm -f /dev/pts/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": " echo -e '\\x47\\x72\\x6f\\x70/dev/pts' > /dev/pts/.nippon; cat /dev/pts/.nippon; rm -f /dev/pts/.nippon", "sensor": "SRV-POL-WAW"}
  73. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:53.587071Z", "message": "Command found: echo -e '\\x47\\x72\\x6f\\x70/dev/pts' > /dev/pts/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "echo -e '\\x47\\x72\\x6f\\x70/dev/pts' > /dev/pts/.nippon", "sensor": "SRV-POL-WAW"}
  74. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:53.605528Z", "message": "Command found: cat /dev/pts/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "cat /dev/pts/.nippon", "sensor": "SRV-POL-WAW"}
  75. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:53.620907Z", "message": "Command found: rm -f /dev/pts/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "rm -f /dev/pts/.nippon", "sensor": "SRV-POL-WAW"}
  76. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:53.630228Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "", "sensor": "SRV-POL-WAW"}
  77. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:53.651947Z", "message": "CMD: /gweerwe323f", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "/gweerwe323f", "sensor": "SRV-POL-WAW"}
  78. {"eventid": "cowrie.command.failed", "timestamp": "2018-01-21T22:35:53.658865Z", "message": "Command not found: /gweerwe323f", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "/gweerwe323f", "sensor": "SRV-POL-WAW"}
  79. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:53.668454Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "", "sensor": "SRV-POL-WAW"}
  80. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:53.819641Z", "message": "CMD: cat /bin/echo ;/gweerwe323f", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": " cat /bin/echo ;/gweerwe323f", "sensor": "SRV-POL-WAW"}
  81. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:35:53.831898Z", "message": "Command found: cat /bin/echo", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "cat /bin/echo", "sensor": "SRV-POL-WAW"}
  82. {"eventid": "cowrie.command.failed", "timestamp": "2018-01-21T22:35:53.840840Z", "message": "Command not found: /gweerwe323f", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "/gweerwe323f", "sensor": "SRV-POL-WAW"}
  83. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:35:53.848599Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "e185a10c810d", "input": "", "sensor": "SRV-POL-WAW"}
  84. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T22:38:55.563729Z", "message": "Connection lost after 188 seconds", "system": "HoneyPotSSHTransport,1,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "duration": 188.24173498153687, "session": "e185a10c810d", "sensor": "SRV-POL-WAW"}
  85. {"eventid": "cowrie.session.connect", "src_ip": "121.18.238.125", "src_port": 35089, "timestamp": "2018-01-21T22:58:25.367260Z", "message": "New connection: 121.18.238.125:35089 (192.168.1.39:2222) [session: ad60fce3966b]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "ad60fce3966b", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  86. {"eventid": "cowrie.session.connect", "src_ip": "95.168.232.189", "src_port": 34514, "timestamp": "2018-01-21T22:58:25.635431Z", "message": "New connection: 95.168.232.189:34514 (192.168.1.39:2222) [session: 8ce470c0e36a]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "8ce470c0e36a", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  87. {"macCS": ["hmac-sha1", "hmac-sha1-96", "hmac-md5", "hmac-md5-96", "hmac-ripemd160", "hmac-ripemd160@openssh.com"], "session": "ad60fce3966b", "kexAlgs": ["diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1"], "message": "Remote SSH version: SSH-2.0-PUTTY", "system": "HoneyPotSSHTransport,2,121.18.238.125", "src_ip": "121.18.238.125", "version": "SSH-2.0-PUTTY", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T22:58:25.748468Z", "keyAlgs": ["ssh-rsa", "ssh-dss"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-cbc", "aes128-cbc", "blowfish-cbc", "arcfour128", "arcfour", "cast128-cbc", "3des-cbc"]}
  88. {"macCS": ["hmac-md5", "hmac-sha1"], "session": "8ce470c0e36a", "kexAlgs": ["diffie-hellman-group1-sha1", "diffie-hellman-group14-sha1"], "message": "Remote SSH version: SSH-2.0-sshlib-0.1", "system": "HoneyPotSSHTransport,3,95.168.232.189", "src_ip": "95.168.232.189", "version": "SSH-2.0-sshlib-0.1", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T22:58:25.791549Z", "keyAlgs": ["ssh-dss", "ssh-rsa"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-cbc", "aes128-ctr"]}
  89. {"eventid": "cowrie.login.success", "username": "root", "timestamp": "2018-01-21T22:58:26.714118Z", "message": "login attempt [root/anko] succeeded", "system": "SSHService 'ssh-userauth' on HoneyPotSSHTransport,3,95.168.232.189", "isError": 0, "src_ip": "95.168.232.189", "session": "8ce470c0e36a", "password": "anko", "sensor": "SRV-POL-WAW"}
  90. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T22:58:26.801137Z", "message": "Connection lost after 1 seconds", "system": "HoneyPotSSHTransport,3,95.168.232.189", "isError": 0, "src_ip": "95.168.232.189", "duration": 1.1587481498718262, "session": "8ce470c0e36a", "sensor": "SRV-POL-WAW"}
  91. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T22:58:27.859172Z", "message": "Connection lost after 2 seconds", "system": "HoneyPotSSHTransport,2,121.18.238.125", "isError": 0, "src_ip": "121.18.238.125", "duration": 2.4825429916381836, "session": "ad60fce3966b", "sensor": "SRV-POL-WAW"}
  92. {"eventid": "cowrie.session.connect", "src_ip": "195.22.127.83", "src_port": 51072, "timestamp": "2018-01-21T22:58:29.427517Z", "message": "New connection: 195.22.127.83:51072 (192.168.1.39:2222) [session: 20c91039fd3f]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "20c91039fd3f", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  93. {"macCS": ["hmac-md5", "hmac-sha1"], "session": "20c91039fd3f", "kexAlgs": ["diffie-hellman-group1-sha1", "diffie-hellman-group14-sha1"], "message": "Remote SSH version: SSH-2.0-sshlib-0.2", "system": "HoneyPotSSHTransport,4,195.22.127.83", "src_ip": "195.22.127.83", "version": "SSH-2.0-sshlib-0.2", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T22:58:29.494103Z", "keyAlgs": ["ssh-dss", "ssh-rsa"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-cbc", "aes128-ctr"]}
  94. {"eventid": "cowrie.login.success", "username": "root", "timestamp": "2018-01-21T22:58:29.977413Z", "message": "login attempt [root/anko] succeeded", "system": "SSHService 'ssh-userauth' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "password": "anko", "sensor": "SRV-POL-WAW"}
  95. {"eventid": "cowrie.direct-tcpip.request", "timestamp": "2018-01-21T22:58:30.040335Z", "dst_ip": "195.22.127.83", "system": "SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "dst_port": 443, "src_port": 22, "message": "direct-tcp connection request to 195.22.127.83:443 from 127.0.0.1:22", "sensor": "SRV-POL-WAW"}
  96. {"eventid": "cowrie.client.size", "timestamp": "2018-01-21T22:58:33.178360Z", "message": "Terminal Size: 24 280", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "height": 280, "src_ip": "195.22.127.83", "width": 24, "isError": 0, "session": "20c91039fd3f", "sensor": "SRV-POL-WAW"}
  97. {"eventid": "cowrie.log.open", "ttylog": "log/tty/20180121-225833-20c91039fd3f-0i.log", "timestamp": "2018-01-21T22:58:33.213338Z", "message": "Opening TTY Log: log/tty/20180121-225833-20c91039fd3f-0i.log", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "sensor": "SRV-POL-WAW"}
  98. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:33.257061Z", "message": "CMD: /gweerwe323f", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "/gweerwe323f", "sensor": "SRV-POL-WAW"}
  99. {"eventid": "cowrie.command.failed", "timestamp": "2018-01-21T22:58:33.263139Z", "message": "Command not found: /gweerwe323f", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "/gweerwe323f", "sensor": "SRV-POL-WAW"}
  100. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:33.270484Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "", "sensor": "SRV-POL-WAW"}
  101. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:33.310870Z", "message": "CMD: sudo /bin/sh ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "sudo /bin/sh ", "sensor": "SRV-POL-WAW"}
  102. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:33.318201Z", "message": "Command found: sudo /bin/sh", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "sudo /bin/sh", "sensor": "SRV-POL-WAW"}
  103. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:33.324318Z", "message": "Command found: /bin/sh", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "/bin/sh", "sensor": "SRV-POL-WAW"}
  104. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:33.332883Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "", "sensor": "SRV-POL-WAW"}
  105. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:33.380865Z", "message": "CMD: /bin/busybox cp; /gweerwe323f", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "/bin/busybox cp; /gweerwe323f", "sensor": "SRV-POL-WAW"}
  106. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:33.387403Z", "message": "Command found: /bin/busybox cp", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "/bin/busybox cp", "sensor": "SRV-POL-WAW"}
  107. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:33.396063Z", "message": "Command found: cp", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "cp", "sensor": "SRV-POL-WAW"}
  108. {"eventid": "cowrie.command.failed", "timestamp": "2018-01-21T22:58:33.404271Z", "message": "Command not found: /gweerwe323f", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "/gweerwe323f", "sensor": "SRV-POL-WAW"}
  109. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:33.411295Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "", "sensor": "SRV-POL-WAW"}
  110. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:33.456853Z", "message": "CMD: mount ;/gweerwe323f", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": " mount ;/gweerwe323f", "sensor": "SRV-POL-WAW"}
  111. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:33.465850Z", "message": "Command found: mount ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "mount ", "sensor": "SRV-POL-WAW"}
  112. {"eventid": "cowrie.command.failed", "timestamp": "2018-01-21T22:58:33.474557Z", "message": "Command not found: /gweerwe323f", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "/gweerwe323f", "sensor": "SRV-POL-WAW"}
  113. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:33.481837Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "", "sensor": "SRV-POL-WAW"}
  114. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:33.549813Z", "message": "CMD: echo -e '\\x47\\x72\\x6f\\x70/' > //.nippon; cat //.nippon; rm -f //.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": " echo -e '\\x47\\x72\\x6f\\x70/' > //.nippon; cat //.nippon; rm -f //.nippon", "sensor": "SRV-POL-WAW"}
  115. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:33.559794Z", "message": "Command found: echo -e '\\x47\\x72\\x6f\\x70/' > //.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "echo -e '\\x47\\x72\\x6f\\x70/' > //.nippon", "sensor": "SRV-POL-WAW"}
  116. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:33.572396Z", "message": "Command found: cat //.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "cat //.nippon", "sensor": "SRV-POL-WAW"}
  117. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:33.583169Z", "message": "Command found: rm -f //.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "rm -f //.nippon", "sensor": "SRV-POL-WAW"}
  118. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:33.591667Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "", "sensor": "SRV-POL-WAW"}
  119. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:33.637971Z", "message": "CMD: echo -e '\\x47\\x72\\x6f\\x70/tmp' > /tmp/.nippon; cat /tmp/.nippon; rm -f /tmp/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": " echo -e '\\x47\\x72\\x6f\\x70/tmp' > /tmp/.nippon; cat /tmp/.nippon; rm -f /tmp/.nippon", "sensor": "SRV-POL-WAW"}
  120. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:33.648269Z", "message": "Command found: echo -e '\\x47\\x72\\x6f\\x70/tmp' > /tmp/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "echo -e '\\x47\\x72\\x6f\\x70/tmp' > /tmp/.nippon", "sensor": "SRV-POL-WAW"}
  121. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:33.659491Z", "message": "Command found: cat /tmp/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "cat /tmp/.nippon", "sensor": "SRV-POL-WAW"}
  122. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:33.671413Z", "message": "Command found: rm -f /tmp/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "rm -f /tmp/.nippon", "sensor": "SRV-POL-WAW"}
  123. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:33.679634Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "", "sensor": "SRV-POL-WAW"}
  124. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:33.731258Z", "message": "CMD: echo -e '\\x47\\x72\\x6f\\x70/var/tmp' > /var/tmp/.nippon; cat /var/tmp/.nippon; rm -f /var/tmp/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": " echo -e '\\x47\\x72\\x6f\\x70/var/tmp' > /var/tmp/.nippon; cat /var/tmp/.nippon; rm -f /var/tmp/.nippon", "sensor": "SRV-POL-WAW"}
  125. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:33.741894Z", "message": "Command found: echo -e '\\x47\\x72\\x6f\\x70/var/tmp' > /var/tmp/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "echo -e '\\x47\\x72\\x6f\\x70/var/tmp' > /var/tmp/.nippon", "sensor": "SRV-POL-WAW"}
  126. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:33.753542Z", "message": "Command found: cat /var/tmp/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "cat /var/tmp/.nippon", "sensor": "SRV-POL-WAW"}
  127. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:33.764495Z", "message": "Command found: rm -f /var/tmp/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "rm -f /var/tmp/.nippon", "sensor": "SRV-POL-WAW"}
  128. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:33.773478Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "", "sensor": "SRV-POL-WAW"}
  129. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:33.814676Z", "message": "CMD: echo -e '\\x47\\x72\\x6f\\x70/' > //.nippon; cat //.nippon; rm -f //.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": " echo -e '\\x47\\x72\\x6f\\x70/' > //.nippon; cat //.nippon; rm -f //.nippon", "sensor": "SRV-POL-WAW"}
  130. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:33.825100Z", "message": "Command found: echo -e '\\x47\\x72\\x6f\\x70/' > //.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "echo -e '\\x47\\x72\\x6f\\x70/' > //.nippon", "sensor": "SRV-POL-WAW"}
  131. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:33.836403Z", "message": "Command found: cat //.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "cat //.nippon", "sensor": "SRV-POL-WAW"}
  132. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:33.847182Z", "message": "Command found: rm -f //.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "rm -f //.nippon", "sensor": "SRV-POL-WAW"}
  133. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:33.855569Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "", "sensor": "SRV-POL-WAW"}
  134. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:33.914389Z", "message": "CMD: echo -e '\\x47\\x72\\x6f\\x70/lib/init/rw' > /lib/init/rw/.nippon; cat /lib/init/rw/.nippon; rm -f /lib/init/rw/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": " echo -e '\\x47\\x72\\x6f\\x70/lib/init/rw' > /lib/init/rw/.nippon; cat /lib/init/rw/.nippon; rm -f /lib/init/rw/.nippon", "sensor": "SRV-POL-WAW"}
  135. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:33.925841Z", "message": "Command found: echo -e '\\x47\\x72\\x6f\\x70/lib/init/rw' > /lib/init/rw/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "echo -e '\\x47\\x72\\x6f\\x70/lib/init/rw' > /lib/init/rw/.nippon", "sensor": "SRV-POL-WAW"}
  136. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:33.938414Z", "message": "Command found: cat /lib/init/rw/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "cat /lib/init/rw/.nippon", "sensor": "SRV-POL-WAW"}
  137. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:33.949601Z", "message": "Command found: rm -f /lib/init/rw/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "rm -f /lib/init/rw/.nippon", "sensor": "SRV-POL-WAW"}
  138. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:33.958653Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "", "sensor": "SRV-POL-WAW"}
  139. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:34.005460Z", "message": "CMD: echo -e '\\x47\\x72\\x6f\\x70/proc' > /proc/.nippon; cat /proc/.nippon; rm -f /proc/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": " echo -e '\\x47\\x72\\x6f\\x70/proc' > /proc/.nippon; cat /proc/.nippon; rm -f /proc/.nippon", "sensor": "SRV-POL-WAW"}
  140. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:34.016842Z", "message": "Command found: echo -e '\\x47\\x72\\x6f\\x70/proc' > /proc/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "echo -e '\\x47\\x72\\x6f\\x70/proc' > /proc/.nippon", "sensor": "SRV-POL-WAW"}
  141. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:34.029897Z", "message": "Command found: cat /proc/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "cat /proc/.nippon", "sensor": "SRV-POL-WAW"}
  142. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:34.042121Z", "message": "Command found: rm -f /proc/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "rm -f /proc/.nippon", "sensor": "SRV-POL-WAW"}
  143. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:34.050660Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "", "sensor": "SRV-POL-WAW"}
  144. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:34.095830Z", "message": "CMD: echo -e '\\x47\\x72\\x6f\\x70/sys' > /sys/.nippon; cat /sys/.nippon; rm -f /sys/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": " echo -e '\\x47\\x72\\x6f\\x70/sys' > /sys/.nippon; cat /sys/.nippon; rm -f /sys/.nippon", "sensor": "SRV-POL-WAW"}
  145. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:34.106155Z", "message": "Command found: echo -e '\\x47\\x72\\x6f\\x70/sys' > /sys/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "echo -e '\\x47\\x72\\x6f\\x70/sys' > /sys/.nippon", "sensor": "SRV-POL-WAW"}
  146. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:34.117676Z", "message": "Command found: cat /sys/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "cat /sys/.nippon", "sensor": "SRV-POL-WAW"}
  147. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:34.128502Z", "message": "Command found: rm -f /sys/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "rm -f /sys/.nippon", "sensor": "SRV-POL-WAW"}
  148. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:34.136721Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "", "sensor": "SRV-POL-WAW"}
  149. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:34.181987Z", "message": "CMD: echo -e '\\x47\\x72\\x6f\\x70/dev' > /dev/.nippon; cat /dev/.nippon; rm -f /dev/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": " echo -e '\\x47\\x72\\x6f\\x70/dev' > /dev/.nippon; cat /dev/.nippon; rm -f /dev/.nippon", "sensor": "SRV-POL-WAW"}
  150. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:34.193191Z", "message": "Command found: echo -e '\\x47\\x72\\x6f\\x70/dev' > /dev/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "echo -e '\\x47\\x72\\x6f\\x70/dev' > /dev/.nippon", "sensor": "SRV-POL-WAW"}
  151. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:34.206804Z", "message": "Command found: cat /dev/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "cat /dev/.nippon", "sensor": "SRV-POL-WAW"}
  152. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:34.219360Z", "message": "Command found: rm -f /dev/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "rm -f /dev/.nippon", "sensor": "SRV-POL-WAW"}
  153. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:34.228650Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "", "sensor": "SRV-POL-WAW"}
  154. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:34.283471Z", "message": "CMD: echo -e '\\x47\\x72\\x6f\\x70/dev/shm' > /dev/shm/.nippon; cat /dev/shm/.nippon; rm -f /dev/shm/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": " echo -e '\\x47\\x72\\x6f\\x70/dev/shm' > /dev/shm/.nippon; cat /dev/shm/.nippon; rm -f /dev/shm/.nippon", "sensor": "SRV-POL-WAW"}
  155. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:34.295723Z", "message": "Command found: echo -e '\\x47\\x72\\x6f\\x70/dev/shm' > /dev/shm/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "echo -e '\\x47\\x72\\x6f\\x70/dev/shm' > /dev/shm/.nippon", "sensor": "SRV-POL-WAW"}
  156. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:34.309811Z", "message": "Command found: cat /dev/shm/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "cat /dev/shm/.nippon", "sensor": "SRV-POL-WAW"}
  157. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:34.323572Z", "message": "Command found: rm -f /dev/shm/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "rm -f /dev/shm/.nippon", "sensor": "SRV-POL-WAW"}
  158. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:34.331968Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "", "sensor": "SRV-POL-WAW"}
  159. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:34.386741Z", "message": "CMD: echo -e '\\x47\\x72\\x6f\\x70/dev/pts' > /dev/pts/.nippon; cat /dev/pts/.nippon; rm -f /dev/pts/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": " echo -e '\\x47\\x72\\x6f\\x70/dev/pts' > /dev/pts/.nippon; cat /dev/pts/.nippon; rm -f /dev/pts/.nippon", "sensor": "SRV-POL-WAW"}
  160. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:34.398462Z", "message": "Command found: echo -e '\\x47\\x72\\x6f\\x70/dev/pts' > /dev/pts/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "echo -e '\\x47\\x72\\x6f\\x70/dev/pts' > /dev/pts/.nippon", "sensor": "SRV-POL-WAW"}
  161. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:34.411877Z", "message": "Command found: cat /dev/pts/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "cat /dev/pts/.nippon", "sensor": "SRV-POL-WAW"}
  162. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:34.424899Z", "message": "Command found: rm -f /dev/pts/.nippon", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "rm -f /dev/pts/.nippon", "sensor": "SRV-POL-WAW"}
  163. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:34.433010Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "", "sensor": "SRV-POL-WAW"}
  164. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:34.446050Z", "message": "CMD: /gweerwe323f", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "/gweerwe323f", "sensor": "SRV-POL-WAW"}
  165. {"eventid": "cowrie.command.failed", "timestamp": "2018-01-21T22:58:34.452251Z", "message": "Command not found: /gweerwe323f", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "/gweerwe323f", "sensor": "SRV-POL-WAW"}
  166. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:34.459300Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "", "sensor": "SRV-POL-WAW"}
  167. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:34.600338Z", "message": "CMD: cat /bin/echo ;/gweerwe323f", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": " cat /bin/echo ;/gweerwe323f", "sensor": "SRV-POL-WAW"}
  168. {"eventid": "cowrie.command.success", "timestamp": "2018-01-21T22:58:34.610126Z", "message": "Command found: cat /bin/echo", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "cat /bin/echo", "sensor": "SRV-POL-WAW"}
  169. {"eventid": "cowrie.command.failed", "timestamp": "2018-01-21T22:58:34.619227Z", "message": "Command not found: /gweerwe323f", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "/gweerwe323f", "sensor": "SRV-POL-WAW"}
  170. {"eventid": "cowrie.command.input", "timestamp": "2018-01-21T22:58:34.626794Z", "message": "CMD: ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "session": "20c91039fd3f", "input": "", "sensor": "SRV-POL-WAW"}
  171. {"eventid": "cowrie.session.connect", "src_ip": "221.194.44.211", "src_port": 44955, "timestamp": "2018-01-21T22:59:55.936124Z", "message": "New connection: 221.194.44.211:44955 (192.168.1.39:2222) [session: 1d0910a4d986]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "1d0910a4d986", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  172. {"macCS": ["hmac-sha1", "hmac-sha1-96", "hmac-md5", "hmac-md5-96", "hmac-ripemd160", "hmac-ripemd160@openssh.com"], "session": "1d0910a4d986", "kexAlgs": ["diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1"], "message": "Remote SSH version: SSH-2.0-PUTTY", "system": "HoneyPotSSHTransport,5,221.194.44.211", "src_ip": "221.194.44.211", "version": "SSH-2.0-PUTTY", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T22:59:56.327185Z", "keyAlgs": ["ssh-rsa", "ssh-dss"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-cbc", "aes128-cbc", "blowfish-cbc", "arcfour128", "arcfour", "cast128-cbc", "3des-cbc"]}
  173. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T22:59:58.301379Z", "message": "Connection lost after 2 seconds", "system": "HoneyPotSSHTransport,5,221.194.44.211", "isError": 0, "src_ip": "221.194.44.211", "duration": 2.351745843887329, "session": "1d0910a4d986", "sensor": "SRV-POL-WAW"}
  174. {"eventid": "cowrie.session.connect", "src_ip": "221.194.47.245", "src_port": 41137, "timestamp": "2018-01-21T23:01:12.260519Z", "message": "New connection: 221.194.47.245:41137 (192.168.1.39:2222) [session: b29714cec78b]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "b29714cec78b", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  175. {"macCS": ["hmac-sha1", "hmac-sha1-96", "hmac-md5", "hmac-md5-96", "hmac-ripemd160", "hmac-ripemd160@openssh.com"], "session": "b29714cec78b", "kexAlgs": ["diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1"], "message": "Remote SSH version: SSH-2.0-PUTTY", "system": "HoneyPotSSHTransport,6,221.194.47.245", "src_ip": "221.194.47.245", "version": "SSH-2.0-PUTTY", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T23:01:12.654795Z", "keyAlgs": ["ssh-rsa", "ssh-dss"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-cbc", "aes128-cbc", "blowfish-cbc", "arcfour128", "arcfour", "cast128-cbc", "3des-cbc"]}
  176. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T23:01:14.561561Z", "message": "Connection lost after 2 seconds", "system": "HoneyPotSSHTransport,6,221.194.47.245", "isError": 0, "src_ip": "221.194.47.245", "duration": 2.28279185295105, "session": "b29714cec78b", "sensor": "SRV-POL-WAW"}
  177. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T23:02:15.581181Z", "message": "Connection lost after 226 seconds", "system": "HoneyPotSSHTransport,4,195.22.127.83", "isError": 0, "src_ip": "195.22.127.83", "duration": 226.14005398750305, "session": "20c91039fd3f", "sensor": "SRV-POL-WAW"}
  178. {"eventid": "cowrie.session.connect", "src_ip": "115.238.245.2", "src_port": 38975, "timestamp": "2018-01-21T23:03:15.749705Z", "message": "New connection: 115.238.245.2:38975 (192.168.1.39:2222) [session: 2c30a7cae8ad]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "2c30a7cae8ad", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  179. {"macCS": ["hmac-sha1", "hmac-sha1-96", "hmac-md5", "hmac-md5-96", "hmac-ripemd160", "hmac-ripemd160@openssh.com"], "session": "2c30a7cae8ad", "kexAlgs": ["diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1"], "message": "Remote SSH version: SSH-2.0-PUTTY", "system": "HoneyPotSSHTransport,7,115.238.245.2", "src_ip": "115.238.245.2", "version": "SSH-2.0-PUTTY", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T23:03:17.529394Z", "keyAlgs": ["ssh-rsa", "ssh-dss"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-cbc", "aes128-cbc", "blowfish-cbc", "arcfour128", "arcfour", "cast128-cbc", "3des-cbc"]}
  180. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T23:03:21.188464Z", "message": "Connection lost after 5 seconds", "system": "HoneyPotSSHTransport,7,115.238.245.2", "isError": 0, "src_ip": "115.238.245.2", "duration": 5.42556095123291, "session": "2c30a7cae8ad", "sensor": "SRV-POL-WAW"}
  181. {"eventid": "cowrie.session.connect", "src_ip": "221.194.47.243", "src_port": 34055, "timestamp": "2018-01-21T23:06:14.304115Z", "message": "New connection: 221.194.47.243:34055 (192.168.1.39:2222) [session: 53eeac30e552]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "53eeac30e552", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  182. {"macCS": ["hmac-sha1", "hmac-sha1-96", "hmac-md5", "hmac-md5-96", "hmac-ripemd160", "hmac-ripemd160@openssh.com"], "session": "53eeac30e552", "kexAlgs": ["diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1"], "message": "Remote SSH version: SSH-2.0-PUTTY", "system": "HoneyPotSSHTransport,8,221.194.47.243", "src_ip": "221.194.47.243", "version": "SSH-2.0-PUTTY", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T23:06:14.685502Z", "keyAlgs": ["ssh-rsa", "ssh-dss"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-cbc", "aes128-cbc", "blowfish-cbc", "arcfour128", "arcfour", "cast128-cbc", "3des-cbc"]}
  183. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T23:06:16.553988Z", "message": "Connection lost after 2 seconds", "system": "HoneyPotSSHTransport,8,221.194.47.243", "isError": 0, "src_ip": "221.194.47.243", "duration": 2.2362771034240723, "session": "53eeac30e552", "sensor": "SRV-POL-WAW"}
  184. {"eventid": "cowrie.session.connect", "src_ip": "119.249.54.217", "src_port": 57760, "timestamp": "2018-01-21T23:08:23.649325Z", "message": "New connection: 119.249.54.217:57760 (192.168.1.39:2222) [session: e0fffd65dbd5]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "e0fffd65dbd5", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  185. {"macCS": ["hmac-sha1", "hmac-sha1-96", "hmac-md5", "hmac-md5-96", "hmac-ripemd160", "hmac-ripemd160@openssh.com"], "session": "e0fffd65dbd5", "kexAlgs": ["diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1"], "message": "Remote SSH version: SSH-2.0-PUTTY", "system": "HoneyPotSSHTransport,9,119.249.54.217", "src_ip": "119.249.54.217", "version": "SSH-2.0-PUTTY", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T23:08:24.024485Z", "keyAlgs": ["ssh-rsa", "ssh-dss"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-cbc", "aes128-cbc", "blowfish-cbc", "arcfour128", "arcfour", "cast128-cbc", "3des-cbc"]}
  186. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T23:08:25.782074Z", "message": "Connection lost after 2 seconds", "system": "HoneyPotSSHTransport,9,119.249.54.217", "isError": 0, "src_ip": "119.249.54.217", "duration": 2.118212938308716, "session": "e0fffd65dbd5", "sensor": "SRV-POL-WAW"}
  187. {"eventid": "cowrie.session.connect", "src_ip": "122.226.181.164", "src_port": 35298, "timestamp": "2018-01-21T23:16:28.936972Z", "message": "New connection: 122.226.181.164:35298 (192.168.1.39:2222) [session: 31bd9b99025e]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "31bd9b99025e", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  188. {"macCS": ["hmac-sha1", "hmac-sha1-96", "hmac-md5", "hmac-md5-96", "hmac-ripemd160", "hmac-ripemd160@openssh.com"], "session": "31bd9b99025e", "kexAlgs": ["diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1"], "message": "Remote SSH version: SSH-2.0-PUTTY", "system": "HoneyPotSSHTransport,10,122.226.181.164", "src_ip": "122.226.181.164", "version": "SSH-2.0-PUTTY", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T23:16:29.661329Z", "keyAlgs": ["ssh-rsa", "ssh-dss"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-cbc", "aes128-cbc", "blowfish-cbc", "arcfour128", "arcfour", "cast128-cbc", "3des-cbc"]}
  189. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T23:16:33.193733Z", "message": "Connection lost after 4 seconds", "system": "HoneyPotSSHTransport,10,122.226.181.164", "isError": 0, "src_ip": "122.226.181.164", "duration": 4.249819040298462, "session": "31bd9b99025e", "sensor": "SRV-POL-WAW"}
  190. {"eventid": "cowrie.session.connect", "src_ip": "221.194.47.236", "src_port": 53844, "timestamp": "2018-01-21T23:18:52.283594Z", "message": "New connection: 221.194.47.236:53844 (192.168.1.39:2222) [session: 1f96676627b7]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "1f96676627b7", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  191. {"macCS": ["hmac-sha1", "hmac-sha1-96", "hmac-md5", "hmac-md5-96", "hmac-ripemd160", "hmac-ripemd160@openssh.com"], "session": "1f96676627b7", "kexAlgs": ["diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1"], "message": "Remote SSH version: SSH-2.0-PUTTY", "system": "HoneyPotSSHTransport,11,221.194.47.236", "src_ip": "221.194.47.236", "version": "SSH-2.0-PUTTY", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T23:18:52.653492Z", "keyAlgs": ["ssh-rsa", "ssh-dss"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-cbc", "aes128-cbc", "blowfish-cbc", "arcfour128", "arcfour", "cast128-cbc", "3des-cbc"]}
  192. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T23:18:54.907789Z", "message": "Connection lost after 2 seconds", "system": "HoneyPotSSHTransport,11,221.194.47.236", "isError": 0, "src_ip": "221.194.47.236", "duration": 2.61729097366333, "session": "1f96676627b7", "sensor": "SRV-POL-WAW"}
  193. {"eventid": "cowrie.session.connect", "src_ip": "221.194.47.221", "src_port": 56746, "timestamp": "2018-01-21T23:19:26.038476Z", "message": "New connection: 221.194.47.221:56746 (192.168.1.39:2222) [session: 2d1ea5049238]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "2d1ea5049238", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  194. {"macCS": ["hmac-sha1", "hmac-sha1-96", "hmac-md5", "hmac-md5-96", "hmac-ripemd160", "hmac-ripemd160@openssh.com"], "session": "2d1ea5049238", "kexAlgs": ["diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1"], "message": "Remote SSH version: SSH-2.0-PUTTY", "system": "HoneyPotSSHTransport,12,221.194.47.221", "src_ip": "221.194.47.221", "version": "SSH-2.0-PUTTY", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T23:19:26.709989Z", "keyAlgs": ["ssh-rsa", "ssh-dss"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-cbc", "aes128-cbc", "blowfish-cbc", "arcfour128", "arcfour", "cast128-cbc", "3des-cbc"]}
  195. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T23:19:30.422177Z", "message": "Connection lost after 4 seconds", "system": "HoneyPotSSHTransport,12,221.194.47.221", "isError": 0, "src_ip": "221.194.47.221", "duration": 4.376700162887573, "session": "2d1ea5049238", "sensor": "SRV-POL-WAW"}
  196. {"eventid": "cowrie.session.connect", "src_ip": "122.226.181.167", "src_port": 56978, "timestamp": "2018-01-21T23:28:39.991598Z", "message": "New connection: 122.226.181.167:56978 (192.168.1.39:2222) [session: b0f5a4c6b30b]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "b0f5a4c6b30b", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  197. {"macCS": ["hmac-sha1", "hmac-sha1-96", "hmac-md5", "hmac-md5-96", "hmac-ripemd160", "hmac-ripemd160@openssh.com"], "session": "b0f5a4c6b30b", "kexAlgs": ["diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1"], "message": "Remote SSH version: SSH-2.0-PUTTY", "system": "HoneyPotSSHTransport,13,122.226.181.167", "src_ip": "122.226.181.167", "version": "SSH-2.0-PUTTY", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T23:28:42.343530Z", "keyAlgs": ["ssh-rsa", "ssh-dss"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-cbc", "aes128-cbc", "blowfish-cbc", "arcfour128", "arcfour", "cast128-cbc", "3des-cbc"]}
  198. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T23:28:44.910347Z", "message": "Connection lost after 4 seconds", "system": "HoneyPotSSHTransport,13,122.226.181.167", "isError": 0, "src_ip": "122.226.181.167", "duration": 4.9072558879852295, "session": "b0f5a4c6b30b", "sensor": "SRV-POL-WAW"}
  199. {"eventid": "cowrie.session.connect", "src_ip": "115.238.245.4", "src_port": 49631, "timestamp": "2018-01-21T23:31:32.690941Z", "message": "New connection: 115.238.245.4:49631 (192.168.1.39:2222) [session: 4e3a9bf559c0]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "4e3a9bf559c0", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  200. {"macCS": ["hmac-sha1", "hmac-sha1-96", "hmac-md5", "hmac-md5-96", "hmac-ripemd160", "hmac-ripemd160@openssh.com"], "session": "4e3a9bf559c0", "kexAlgs": ["diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1"], "message": "Remote SSH version: SSH-2.0-PUTTY", "system": "HoneyPotSSHTransport,14,115.238.245.4", "src_ip": "115.238.245.4", "version": "SSH-2.0-PUTTY", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T23:31:33.363947Z", "keyAlgs": ["ssh-rsa", "ssh-dss"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-cbc", "aes128-cbc", "blowfish-cbc", "arcfour128", "arcfour", "cast128-cbc", "3des-cbc"]}
  201. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T23:31:38.286272Z", "message": "Connection lost after 5 seconds", "system": "HoneyPotSSHTransport,14,115.238.245.4", "isError": 0, "src_ip": "115.238.245.4", "duration": 5.588032960891724, "session": "4e3a9bf559c0", "sensor": "SRV-POL-WAW"}
  202. {"eventid": "cowrie.session.connect", "src_ip": "119.249.54.217", "src_port": 38636, "timestamp": "2018-01-21T23:33:13.234790Z", "message": "New connection: 119.249.54.217:38636 (192.168.1.39:2222) [session: b03f5becbd12]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "b03f5becbd12", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  203. {"macCS": ["hmac-sha1", "hmac-sha1-96", "hmac-md5", "hmac-md5-96", "hmac-ripemd160", "hmac-ripemd160@openssh.com"], "session": "b03f5becbd12", "kexAlgs": ["diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1"], "message": "Remote SSH version: SSH-2.0-PUTTY", "system": "HoneyPotSSHTransport,15,119.249.54.217", "src_ip": "119.249.54.217", "version": "SSH-2.0-PUTTY", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T23:33:13.754128Z", "keyAlgs": ["ssh-rsa", "ssh-dss"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-cbc", "aes128-cbc", "blowfish-cbc", "arcfour128", "arcfour", "cast128-cbc", "3des-cbc"]}
  204. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T23:33:15.654724Z", "message": "Connection lost after 2 seconds", "system": "HoneyPotSSHTransport,15,119.249.54.217", "isError": 0, "src_ip": "119.249.54.217", "duration": 2.412381887435913, "session": "b03f5becbd12", "sensor": "SRV-POL-WAW"}
  205. {"eventid": "cowrie.session.connect", "src_ip": "115.238.245.6", "src_port": 57803, "timestamp": "2018-01-21T23:35:11.370507Z", "message": "New connection: 115.238.245.6:57803 (192.168.1.39:2222) [session: 03107ac4b08d]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "03107ac4b08d", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  206. {"macCS": ["hmac-sha1", "hmac-sha1-96", "hmac-md5", "hmac-md5-96", "hmac-ripemd160", "hmac-ripemd160@openssh.com"], "session": "03107ac4b08d", "kexAlgs": ["diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1"], "message": "Remote SSH version: SSH-2.0-PUTTY", "system": "HoneyPotSSHTransport,16,115.238.245.6", "src_ip": "115.238.245.6", "version": "SSH-2.0-PUTTY", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T23:35:12.061125Z", "keyAlgs": ["ssh-rsa", "ssh-dss"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-cbc", "aes128-cbc", "blowfish-cbc", "arcfour128", "arcfour", "cast128-cbc", "3des-cbc"]}
  207. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T23:35:17.725073Z", "message": "Connection lost after 6 seconds", "system": "HoneyPotSSHTransport,16,115.238.245.6", "isError": 0, "src_ip": "115.238.245.6", "duration": 6.347073793411255, "session": "03107ac4b08d", "sensor": "SRV-POL-WAW"}
  208. {"eventid": "cowrie.session.connect", "src_ip": "221.194.44.211", "src_port": 50415, "timestamp": "2018-01-21T23:38:07.811627Z", "message": "New connection: 221.194.44.211:50415 (192.168.1.39:2222) [session: d1cc94518454]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "d1cc94518454", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  209. {"macCS": ["hmac-sha1", "hmac-sha1-96", "hmac-md5", "hmac-md5-96", "hmac-ripemd160", "hmac-ripemd160@openssh.com"], "session": "d1cc94518454", "kexAlgs": ["diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1"], "message": "Remote SSH version: SSH-2.0-PUTTY", "system": "HoneyPotSSHTransport,17,221.194.44.211", "src_ip": "221.194.44.211", "version": "SSH-2.0-PUTTY", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T23:38:08.237421Z", "keyAlgs": ["ssh-rsa", "ssh-dss"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-cbc", "aes128-cbc", "blowfish-cbc", "arcfour128", "arcfour", "cast128-cbc", "3des-cbc"]}
  210. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T23:38:10.056022Z", "message": "Connection lost after 2 seconds", "system": "HoneyPotSSHTransport,17,221.194.44.211", "isError": 0, "src_ip": "221.194.44.211", "duration": 2.2374508380889893, "session": "d1cc94518454", "sensor": "SRV-POL-WAW"}
  211. {"eventid": "cowrie.session.connect", "src_ip": "221.194.47.239", "src_port": 51025, "timestamp": "2018-01-21T23:43:34.754136Z", "message": "New connection: 221.194.47.239:51025 (192.168.1.39:2222) [session: 5bab7f4a3d92]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "5bab7f4a3d92", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  212. {"macCS": ["hmac-sha1", "hmac-sha1-96", "hmac-md5", "hmac-md5-96", "hmac-ripemd160", "hmac-ripemd160@openssh.com"], "session": "5bab7f4a3d92", "kexAlgs": ["diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1"], "message": "Remote SSH version: SSH-2.0-PUTTY", "system": "HoneyPotSSHTransport,18,221.194.47.239", "src_ip": "221.194.47.239", "version": "SSH-2.0-PUTTY", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T23:43:35.103045Z", "keyAlgs": ["ssh-rsa", "ssh-dss"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-cbc", "aes128-cbc", "blowfish-cbc", "arcfour128", "arcfour", "cast128-cbc", "3des-cbc"]}
  213. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T23:43:36.926215Z", "message": "Connection lost after 2 seconds", "system": "HoneyPotSSHTransport,18,221.194.47.239", "isError": 0, "src_ip": "221.194.47.239", "duration": 2.1650941371917725, "session": "5bab7f4a3d92", "sensor": "SRV-POL-WAW"}
  214. {"eventid": "cowrie.session.connect", "src_ip": "121.18.238.125", "src_port": 59438, "timestamp": "2018-01-21T23:50:09.967906Z", "message": "New connection: 121.18.238.125:59438 (192.168.1.39:2222) [session: 6ebe09fdf2d2]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "6ebe09fdf2d2", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  215. {"macCS": ["hmac-sha1", "hmac-sha1-96", "hmac-md5", "hmac-md5-96", "hmac-ripemd160", "hmac-ripemd160@openssh.com"], "session": "6ebe09fdf2d2", "kexAlgs": ["diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1"], "message": "Remote SSH version: SSH-2.0-PUTTY", "system": "HoneyPotSSHTransport,19,121.18.238.125", "src_ip": "121.18.238.125", "version": "SSH-2.0-PUTTY", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T23:50:10.347347Z", "keyAlgs": ["ssh-rsa", "ssh-dss"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-cbc", "aes128-cbc", "blowfish-cbc", "arcfour128", "arcfour", "cast128-cbc", "3des-cbc"]}
  216. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T23:50:12.303813Z", "message": "Connection lost after 2 seconds", "system": "HoneyPotSSHTransport,19,121.18.238.125", "isError": 0, "src_ip": "121.18.238.125", "duration": 2.328510046005249, "session": "6ebe09fdf2d2", "sensor": "SRV-POL-WAW"}
  217. {"eventid": "cowrie.session.connect", "src_ip": "115.44.97.237", "src_port": 46626, "timestamp": "2018-01-21T23:50:57.484774Z", "message": "New connection: 115.44.97.237:46626 (192.168.1.39:2222) [session: f59d7018c992]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "f59d7018c992", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  218. {"macCS": ["hmac-md5", "hmac-sha1"], "session": "f59d7018c992", "kexAlgs": ["diffie-hellman-group1-sha1", "diffie-hellman-group14-sha1"], "message": "Remote SSH version: SSH-2.0-sshlib-0.1", "system": "HoneyPotSSHTransport,20,115.44.97.237", "src_ip": "115.44.97.237", "version": "SSH-2.0-sshlib-0.1", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T23:50:59.346646Z", "keyAlgs": ["ssh-dss", "ssh-rsa"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-cbc", "aes128-ctr"]}
  219. {"eventid": "cowrie.login.success", "username": "root", "timestamp": "2018-01-21T23:51:01.350380Z", "message": "login attempt [root/default] succeeded", "system": "SSHService 'ssh-userauth' on HoneyPotSSHTransport,20,115.44.97.237", "isError": 0, "src_ip": "115.44.97.237", "session": "f59d7018c992", "password": "default", "sensor": "SRV-POL-WAW"}
  220. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T23:51:01.742489Z", "message": "Connection lost after 4 seconds", "system": "HoneyPotSSHTransport,20,115.44.97.237", "isError": 0, "src_ip": "115.44.97.237", "duration": 4.248394966125488, "session": "f59d7018c992", "sensor": "SRV-POL-WAW"}
  221. {"eventid": "cowrie.session.connect", "src_ip": "119.249.54.217", "src_port": 47201, "timestamp": "2018-01-21T23:58:05.154120Z", "message": "New connection: 119.249.54.217:47201 (192.168.1.39:2222) [session: bc0b1a0e9eba]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "bc0b1a0e9eba", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  222. {"macCS": ["hmac-sha1", "hmac-sha1-96", "hmac-md5", "hmac-md5-96", "hmac-ripemd160", "hmac-ripemd160@openssh.com"], "session": "bc0b1a0e9eba", "kexAlgs": ["diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1"], "message": "Remote SSH version: SSH-2.0-PUTTY", "system": "HoneyPotSSHTransport,21,119.249.54.217", "src_ip": "119.249.54.217", "version": "SSH-2.0-PUTTY", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T23:58:05.503253Z", "keyAlgs": ["ssh-rsa", "ssh-dss"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-cbc", "aes128-cbc", "blowfish-cbc", "arcfour128", "arcfour", "cast128-cbc", "3des-cbc"]}
  223. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T23:58:07.393534Z", "message": "Connection lost after 2 seconds", "system": "HoneyPotSSHTransport,21,119.249.54.217", "isError": 0, "src_ip": "119.249.54.217", "duration": 2.2319929599761963, "session": "bc0b1a0e9eba", "sensor": "SRV-POL-WAW"}
  224. {"eventid": "cowrie.session.connect", "src_ip": "221.194.44.211", "src_port": 55802, "timestamp": "2018-01-21T23:58:10.337129Z", "message": "New connection: 221.194.44.211:55802 (192.168.1.39:2222) [session: ee3a40e2e791]", "dst_ip": "192.168.1.39", "system": "cowrie.ssh.factory.CowrieSSHFactory", "protocol": "ssh", "isError": 0, "session": "ee3a40e2e791", "dst_port": 2222, "sensor": "SRV-POL-WAW"}
  225. {"macCS": ["hmac-sha1", "hmac-sha1-96", "hmac-md5", "hmac-md5-96", "hmac-ripemd160", "hmac-ripemd160@openssh.com"], "session": "ee3a40e2e791", "kexAlgs": ["diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1"], "message": "Remote SSH version: SSH-2.0-PUTTY", "system": "HoneyPotSSHTransport,22,221.194.44.211", "src_ip": "221.194.44.211", "version": "SSH-2.0-PUTTY", "sensor": "SRV-POL-WAW", "eventid": "cowrie.client.version", "timestamp": "2018-01-21T23:58:10.764849Z", "keyAlgs": ["ssh-rsa", "ssh-dss"], "isError": 0, "compCS": ["none"], "encCS": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-cbc", "aes128-cbc", "blowfish-cbc", "arcfour128", "arcfour", "cast128-cbc", "3des-cbc"]}
  226. {"eventid": "cowrie.session.closed", "timestamp": "2018-01-21T23:58:14.062875Z", "message": "Connection lost after 3 seconds", "system": "HoneyPotSSHTransport,22,221.194.44.211", "isError": 0, "src_ip": "221.194.44.211", "duration": 3.714103937149048, "session": "ee3a40e2e791", "sensor": "SRV-POL-WAW"}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!