-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcowrie.json
265 lines (265 loc) · 91.1 KB
/
cowrie.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
{"eventid": "cowrie.session.connect", "timestamp": "2017-02-11T10:50:44.693595Z", "session": "630a36c1", "message": "New connection: 89.173.75.35:55800 (10.8.41.81:2222) [session: 630a36c1]", "src_port": 55800, "system": "cowrie.ssh.factory.CowrieSSHFactory", "isError": 0, "src_ip": "89.173.75.35", "dst_port": 2222, "dst_ip": "10.8.41.81", "sensor": "scw-7462ef"}
{"eventid": "cowrie.client.version", "macCS": ["hmac-sha2-256", "hmac-sha1", "hmac-sha1-96", "hmac-md5"], "timestamp": "2017-02-11T10:50:44.778990Z", "session": "630a36c1", "kexAlgs": ["diffie-hellman-group-exchange-sha256", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1", "rsa2048-sha256", "rsa1024-sha1"], "keyAlgs": ["ssh-rsa", "ssh-dss"], "message": "Remote SSH version: SSH-2.0-PuTTY_Release_0.67", "system": "HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "version": "SSH-2.0-PuTTY_Release_0.67", "compCS": ["none", "zlib"], "sensor": "scw-7462ef", "encCS": ["aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-ctr", "aes192-cbc", "aes128-ctr", "aes128-cbc", "blowfish-ctr", "blowfish-cbc", "3des-ctr", "3des-cbc", "arcfour256", "arcfour128"]}
{"eventid": "cowrie.login.failed", "username": "aha", "timestamp": "2017-02-11T10:50:50.157727Z", "message": "login attempt [aha/lol] failed", "system": "SSHService 'ssh-userauth' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "630a36c1", "password": "lol", "sensor": "scw-7462ef"}
{"eventid": "cowrie.login.failed", "username": "aha", "timestamp": "2017-02-11T10:50:52.648440Z", "message": "login attempt [aha/lol] failed", "system": "SSHService 'ssh-userauth' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "630a36c1", "password": "lol", "sensor": "scw-7462ef"}
{"eventid": "cowrie.login.failed", "username": "aha", "timestamp": "2017-02-11T10:50:54.346721Z", "message": "login attempt [aha/lo] failed", "system": "SSHService 'ssh-userauth' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "630a36c1", "password": "lo", "sensor": "scw-7462ef"}
{"eventid": "cowrie.login.failed", "username": "aha", "timestamp": "2017-02-11T10:50:55.874183Z", "message": "login attempt [aha/das] failed", "system": "SSHService 'ssh-userauth' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "630a36c1", "password": "das", "sensor": "scw-7462ef"}
{"eventid": "cowrie.login.failed", "username": "aha", "timestamp": "2017-02-11T10:50:57.814126Z", "message": "login attempt [aha/aha] failed", "system": "SSHService 'ssh-userauth' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "630a36c1", "password": "aha", "sensor": "scw-7462ef"}
{"eventid": "cowrie.login.failed", "username": "aha", "timestamp": "2017-02-11T10:50:59.620619Z", "message": "login attempt [aha/aha] failed", "system": "SSHService 'ssh-userauth' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "630a36c1", "password": "aha", "sensor": "scw-7462ef"}
{"eventid": "cowrie.login.failed", "username": "aha", "timestamp": "2017-02-11T10:51:01.255600Z", "message": "login attempt [aha/aa] failed", "system": "SSHService 'ssh-userauth' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "630a36c1", "password": "aa", "sensor": "scw-7462ef"}
{"eventid": "cowrie.login.failed", "username": "aha", "timestamp": "2017-02-11T10:51:02.994046Z", "message": "login attempt [aha/aa] failed", "system": "SSHService 'ssh-userauth' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "630a36c1", "password": "aa", "sensor": "scw-7462ef"}
{"eventid": "cowrie.login.failed", "username": "aha", "timestamp": "2017-02-11T10:51:04.592177Z", "message": "login attempt [aha/a] failed", "system": "SSHService 'ssh-userauth' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "630a36c1", "password": "a", "sensor": "scw-7462ef"}
{"eventid": "cowrie.session.closed", "timestamp": "2017-02-11T10:51:49.208966Z", "message": "Connection lost after 64 seconds", "system": "HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "duration": 64.51155686378479, "session": "630a36c1", "sensor": "scw-7462ef"}
{"eventid": "cowrie.session.connect", "timestamp": "2017-02-11T10:54:13.512842Z", "session": "2e8ad94f", "message": "New connection: 89.173.75.35:55808 (10.8.41.81:2222) [session: 2e8ad94f]", "src_port": 55808, "system": "cowrie.ssh.factory.CowrieSSHFactory", "isError": 0, "src_ip": "89.173.75.35", "dst_port": 2222, "dst_ip": "10.8.41.81", "sensor": "scw-7462ef"}
{"eventid": "cowrie.client.version", "macCS": ["hmac-sha2-256", "hmac-sha1", "hmac-sha1-96", "hmac-md5"], "timestamp": "2017-02-11T10:54:13.584195Z", "session": "2e8ad94f", "kexAlgs": ["diffie-hellman-group-exchange-sha256", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1", "rsa2048-sha256", "rsa1024-sha1"], "keyAlgs": ["ssh-rsa", "ssh-dss"], "message": "Remote SSH version: SSH-2.0-PuTTY_Release_0.67", "system": "HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "version": "SSH-2.0-PuTTY_Release_0.67", "compCS": ["none", "zlib"], "sensor": "scw-7462ef", "encCS": ["aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-ctr", "aes192-cbc", "aes128-ctr", "aes128-cbc", "blowfish-ctr", "blowfish-cbc", "3des-ctr", "3des-cbc", "arcfour256", "arcfour128"]}
{"eventid": "cowrie.login.failed", "username": "root", "timestamp": "2017-02-11T10:54:18.876062Z", "message": "login attempt [root/root] failed", "system": "SSHService 'ssh-userauth' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "password": "root", "sensor": "scw-7462ef"}
{"eventid": "cowrie.login.success", "username": "root", "timestamp": "2017-02-11T10:54:23.720915Z", "message": "login attempt [root/roo] succeeded", "system": "SSHService 'ssh-userauth' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "password": "roo", "sensor": "scw-7462ef"}
{"eventid": "cowrie.client.size", "timestamp": "2017-02-11T10:54:25.304458Z", "message": "Terminal Size: 24 80", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "height": 80, "src_ip": "89.173.75.35", "width": 24, "isError": 0, "session": "2e8ad94f", "sensor": "scw-7462ef"}
{"eventid": "cowrie.log.open", "timestamp": "2017-02-11T10:54:25.309559Z", "message": "Opening TTY Log: log/tty/20170211-105425-2e8ad94f-0i.log", "ttylog": "log/tty/20170211-105425-2e8ad94f-0i.log", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T10:54:30.152168Z", "message": "CMD: test", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "test", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.failed", "timestamp": "2017-02-11T10:54:30.156159Z", "message": "Command not found: test", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "test", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T10:54:34.356218Z", "message": "CMD: apt install htop", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "apt install htop", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.failed", "timestamp": "2017-02-11T10:54:34.361226Z", "message": "Command not found: apt install htop", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "apt install htop", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T10:54:39.272389Z", "message": "CMD: apt-get install htop", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "apt-get install htop", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T10:54:39.276541Z", "message": "Command found: apt-get install htop", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "apt-get install htop", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T10:55:33.382574Z", "message": "CMD: htop", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "htop", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T10:55:33.387696Z", "message": "Command found: htop ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "htop ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T10:55:35.816448Z", "message": "CMD: which htop", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "which htop", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T10:55:35.819483Z", "message": "Command found: which htop", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "which htop", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T10:55:38.504092Z", "message": "CMD: /usr/bin/htop", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "/usr/bin/htop", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T10:55:38.507498Z", "message": "Command found: /usr/bin/htop ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "/usr/bin/htop ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T10:55:40.980505Z", "message": "CMD: cd /etc", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "cd /etc", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T10:55:40.984357Z", "message": "Command found: cd /etc", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "cd /etc", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T10:55:41.576812Z", "message": "CMD: ls", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "ls", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T10:55:41.580790Z", "message": "Command found: ls ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "ls ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T10:55:43.814627Z", "message": "CMD: cat passwd", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "cat passwd", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T10:55:43.819226Z", "message": "Command found: cat /etc/passwd", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "cat /etc/passwd", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T10:55:58.036851Z", "message": "CMD: cd /home/richard", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "cd /home/richard", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T10:55:58.040605Z", "message": "Command found: cd /home/richard", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "cd /home/richard", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T10:55:59.291412Z", "message": "CMD: ls", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "ls", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T10:55:59.295401Z", "message": "Command found: ls ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "ls ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T10:56:01.013082Z", "message": "CMD: ls", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "ls", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T10:56:01.016925Z", "message": "Command found: ls ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "ls ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T10:56:03.659558Z", "message": "CMD: ls -altr", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "ls -altr", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T10:56:03.664320Z", "message": "Command found: ls -altr", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "ls -altr", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T10:56:05.042724Z", "message": "CMD: ps aix", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "ps aix", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T10:56:05.047247Z", "message": "Command found: ps aix", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "ps aix", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T10:56:07.601274Z", "message": "CMD: ps aux", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "ps aux", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T10:56:07.605392Z", "message": "Command found: ps aux", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "ps aux", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T10:56:12.869290Z", "message": "CMD: who", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "who", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T10:56:12.873546Z", "message": "Command found: who ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "who ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T10:56:14.803150Z", "message": "CMD: last", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "last", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T10:56:14.806924Z", "message": "Command found: last ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "last ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T10:56:16.210939Z", "message": "CMD: last", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "last", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T10:56:16.214936Z", "message": "Command found: last ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "2e8ad94f", "input": "last ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.log.closed", "timestamp": "2017-02-11T10:56:18.780787Z", "message": "Closing TTY Log: log/tty/20170211-105425-2e8ad94f-0i.log after 113 seconds", "ttylog": "log/tty/20170211-105425-2e8ad94f-0i.log", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "src_ip": "89.173.75.35", "session": "2e8ad94f", "duration": 113.47141218185425, "sensor": "scw-7462ef", "isError": 0, "size": 10519}
{"eventid": "cowrie.session.closed", "timestamp": "2017-02-11T10:56:18.786139Z", "message": "Connection lost after 125 seconds", "system": "HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "duration": 125.26951503753662, "session": "2e8ad94f", "sensor": "scw-7462ef"}
{"eventid": "cowrie.session.connect", "timestamp": "2017-02-11T11:02:35.079506Z", "session": "29e97062", "message": "New connection: 89.173.75.35:56062 (10.8.41.81:2222) [session: 29e97062]", "src_port": 56062, "system": "cowrie.ssh.factory.CowrieSSHFactory", "isError": 0, "src_ip": "89.173.75.35", "dst_port": 2222, "dst_ip": "10.8.41.81", "sensor": "scw-7462ef"}
{"eventid": "cowrie.client.version", "macCS": ["hmac-sha2-256", "hmac-sha1", "hmac-sha1-96", "hmac-md5"], "timestamp": "2017-02-11T11:02:35.450958Z", "session": "29e97062", "kexAlgs": ["diffie-hellman-group-exchange-sha256", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1", "rsa2048-sha256", "rsa1024-sha1"], "keyAlgs": ["ssh-rsa", "ssh-dss"], "message": "Remote SSH version: SSH-2.0-PuTTY_Release_0.67", "system": "HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "version": "SSH-2.0-PuTTY_Release_0.67", "compCS": ["none", "zlib"], "sensor": "scw-7462ef", "encCS": ["aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-ctr", "aes192-cbc", "aes128-ctr", "aes128-cbc", "blowfish-ctr", "blowfish-cbc", "3des-ctr", "3des-cbc", "arcfour256", "arcfour128"]}
{"eventid": "cowrie.login.failed", "username": "test", "timestamp": "2017-02-11T11:02:39.622954Z", "message": "login attempt [test/test] failed", "system": "SSHService 'ssh-userauth' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "29e97062", "password": "test", "sensor": "scw-7462ef"}
{"eventid": "cowrie.login.failed", "username": "test", "timestamp": "2017-02-11T11:02:42.449120Z", "message": "login attempt [test/test] failed", "system": "SSHService 'ssh-userauth' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "29e97062", "password": "test", "sensor": "scw-7462ef"}
{"eventid": "cowrie.login.failed", "username": "test", "timestamp": "2017-02-11T11:02:44.305479Z", "message": "login attempt [test/a] failed", "system": "SSHService 'ssh-userauth' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "29e97062", "password": "a", "sensor": "scw-7462ef"}
{"eventid": "cowrie.login.failed", "username": "test", "timestamp": "2017-02-11T11:02:46.665408Z", "message": "login attempt [test/1] failed", "system": "SSHService 'ssh-userauth' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "29e97062", "password": "1", "sensor": "scw-7462ef"}
{"eventid": "cowrie.login.failed", "username": "test", "timestamp": "2017-02-11T11:02:48.049331Z", "message": "login attempt [test/1] failed", "system": "SSHService 'ssh-userauth' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "29e97062", "password": "1", "sensor": "scw-7462ef"}
{"eventid": "cowrie.session.closed", "timestamp": "2017-02-11T11:04:15.222488Z", "message": "Connection lost after 100 seconds", "system": "HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "duration": 100.13909196853638, "session": "29e97062", "sensor": "scw-7462ef"}
{"eventid": "cowrie.session.connect", "timestamp": "2017-02-11T11:04:34.047081Z", "session": "1aa16023", "message": "New connection: 89.173.75.35:56071 (10.8.41.81:2222) [session: 1aa16023]", "src_port": 56071, "system": "cowrie.ssh.factory.CowrieSSHFactory", "isError": 0, "src_ip": "89.173.75.35", "dst_port": 2222, "dst_ip": "10.8.41.81", "sensor": "scw-7462ef"}
{"eventid": "cowrie.client.version", "macCS": ["hmac-sha2-256", "hmac-sha1", "hmac-sha1-96", "hmac-md5"], "timestamp": "2017-02-11T11:04:34.334417Z", "session": "1aa16023", "kexAlgs": ["diffie-hellman-group-exchange-sha256", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1", "rsa2048-sha256", "rsa1024-sha1"], "keyAlgs": ["ssh-rsa", "ssh-dss"], "message": "Remote SSH version: SSH-2.0-PuTTY_Release_0.67", "system": "HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "version": "SSH-2.0-PuTTY_Release_0.67", "compCS": ["none", "zlib"], "sensor": "scw-7462ef", "encCS": ["aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-ctr", "aes192-cbc", "aes128-ctr", "aes128-cbc", "blowfish-ctr", "blowfish-cbc", "3des-ctr", "3des-cbc", "arcfour256", "arcfour128"]}
{"eventid": "cowrie.client.size", "timestamp": "2017-02-11T11:04:38.138334Z", "message": "Terminal Size: 24 80", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "height": 80, "src_ip": "89.173.75.35", "width": 24, "isError": 0, "session": "1aa16023", "sensor": "scw-7462ef"}
{"eventid": "cowrie.log.open", "timestamp": "2017-02-11T11:04:38.142989Z", "message": "Opening TTY Log: log/tty/20170211-110438-1aa16023-0i.log", "ttylog": "log/tty/20170211-110438-1aa16023-0i.log", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "1aa16023", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:04:42.630302Z", "message": "CMD: ls", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "1aa16023", "input": "ls", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:04:42.634429Z", "message": "Command found: ls ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "1aa16023", "input": "ls ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:04:48.634640Z", "message": "CMD: test", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "1aa16023", "input": "test", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.failed", "timestamp": "2017-02-11T11:04:48.638464Z", "message": "Command not found: test", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "1aa16023", "input": "test", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:04:49.892400Z", "message": "CMD: who", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "1aa16023", "input": "who", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:04:49.896249Z", "message": "Command found: who ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "1aa16023", "input": "who ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:04:50.966464Z", "message": "CMD: last", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "1aa16023", "input": "last", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:04:50.970274Z", "message": "Command found: last ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "1aa16023", "input": "last ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:05:33.309151Z", "message": "CMD: last", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "1aa16023", "input": "last", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:05:33.313377Z", "message": "Command found: last ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "1aa16023", "input": "last ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:05:34.064926Z", "message": "CMD: last", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "1aa16023", "input": "last", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:05:34.068770Z", "message": "Command found: last ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "1aa16023", "input": "last ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:05:34.661246Z", "message": "CMD: last", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "1aa16023", "input": "last", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:05:34.665204Z", "message": "Command found: last ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "1aa16023", "input": "last ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:05:35.976877Z", "message": "CMD: who", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "1aa16023", "input": "who", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:05:35.980545Z", "message": "Command found: who ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "1aa16023", "input": "who ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:05:37.364986Z", "message": "CMD: last", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "1aa16023", "input": "last", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:05:37.368870Z", "message": "Command found: last ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "1aa16023", "input": "last ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.log.closed", "timestamp": "2017-02-11T11:05:44.366772Z", "message": "Closing TTY Log: log/tty/20170211-110438-1aa16023-0i.log after 66 seconds", "ttylog": "log/tty/20170211-110438-1aa16023-0i.log", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,0,89.173.75.35", "src_ip": "89.173.75.35", "session": "1aa16023", "duration": 66.22394800186157, "sensor": "scw-7462ef", "isError": 0, "size": 739}
{"eventid": "cowrie.session.closed", "timestamp": "2017-02-11T11:05:44.372091Z", "message": "Connection lost after 70 seconds", "system": "HoneyPotSSHTransport,0,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "duration": 70.32114911079407, "session": "1aa16023", "sensor": "scw-7462ef"}
{"eventid": "cowrie.session.connect", "timestamp": "2017-02-11T11:05:50.606415Z", "session": "76bf8f0c", "message": "New connection: 89.173.75.35:56074 (10.8.41.81:2222) [session: 76bf8f0c]", "src_port": 56074, "system": "cowrie.ssh.factory.CowrieSSHFactory", "isError": 0, "src_ip": "89.173.75.35", "dst_port": 2222, "dst_ip": "10.8.41.81", "sensor": "scw-7462ef"}
{"eventid": "cowrie.client.version", "macCS": ["hmac-sha2-256", "hmac-sha1", "hmac-sha1-96", "hmac-md5"], "timestamp": "2017-02-11T11:05:50.682683Z", "session": "76bf8f0c", "kexAlgs": ["diffie-hellman-group-exchange-sha256", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1", "rsa2048-sha256", "rsa1024-sha1"], "keyAlgs": ["ssh-rsa", "ssh-dss"], "message": "Remote SSH version: SSH-2.0-PuTTY_Release_0.67", "system": "HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "version": "SSH-2.0-PuTTY_Release_0.67", "compCS": ["none", "zlib"], "sensor": "scw-7462ef", "encCS": ["aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-ctr", "aes192-cbc", "aes128-ctr", "aes128-cbc", "blowfish-ctr", "blowfish-cbc", "3des-ctr", "3des-cbc", "arcfour256", "arcfour128"]}
{"eventid": "cowrie.client.size", "timestamp": "2017-02-11T11:05:55.233254Z", "message": "Terminal Size: 24 80", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "height": 80, "src_ip": "89.173.75.35", "width": 24, "isError": 0, "session": "76bf8f0c", "sensor": "scw-7462ef"}
{"eventid": "cowrie.log.open", "timestamp": "2017-02-11T11:05:55.238315Z", "message": "Opening TTY Log: log/tty/20170211-110555-76bf8f0c-0i.log", "ttylog": "log/tty/20170211-110555-76bf8f0c-0i.log", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:05:57.042440Z", "message": "CMD: who", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "who", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:05:57.046194Z", "message": "Command found: who ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "who ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:06:02.094874Z", "message": "CMD: last", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "last", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:06:02.099187Z", "message": "Command found: last ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "last ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:06:13.039883Z", "message": "CMD: ls", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "ls", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:06:13.044016Z", "message": "Command found: ls ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "ls ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:06:14.886830Z", "message": "CMD: cd /etc", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "cd /etc", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:06:14.890592Z", "message": "Command found: cd /etc", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "cd /etc", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:06:15.481957Z", "message": "CMD: ls", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "ls", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:06:15.486128Z", "message": "Command found: ls ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "ls ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:06:17.705332Z", "message": "CMD: rm -rf *", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "rm -rf *", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:06:17.710970Z", "message": "Command found: rm -rf /etc/shadow- /etc/bindresvport.blacklist /etc/manpath.config /etc/dkms /etc/discover.conf.d /etc/issue /etc/mime.types /etc/logrotate.d /etc/debian_version /etc/sysctl.d /etc/adduser.conf /etc/blkid.tab /etc/timezone /etc/kbd /etc/rc1.d /etc/skel /etc/initramfs-tools /etc/logrotate.conf /etc/shells /etc/ufw /etc/calendar /etc/iproute2 /etc/issue.net /etc/default /etc/pam.conf /etc/rsyslog.conf /etc/insserv /etc/motd /etc/ld.so.conf.d /etc/init /etc/acpi /etc/python /etc/insserv.conf /etc/localtime /etc/rc6.d /etc/rpc /etc/rc3.d /etc/mailcap /etc/libaudit.conf /etc/fstab /etc/ucf.conf /etc/rmt /etc/vim /etc/menu-methods /etc/python2.7 /etc/sysctl.conf /etc/logcheck /etc/protocols /etc/dictionaries-common /etc/locale.gen /etc/udev /etc/hostname /etc/cron.hourly /etc/crontab /etc/shadow /etc/systemd /etc/profile /etc/drirc /etc/rc4.d /etc/cron.d /etc/dhcp /etc/bash_completion.d /etc/environment /etc/nanorc /etc/insserv.conf.d /etc/gshadow /etc/passwd /etc/group- /etc/profile.d /etc/terminfo /etc/locale.alias /etc/mke2fs.conf /etc/modules /etc/rc2.d /etc/ssh /etc/opt /etc/menu /etc/modprobe.d /etc/X11 /etc/pam.d /etc/nsswitch.conf /etc/magic.mime /etc/cron.daily /etc/gshadow- /etc/network /etc/.pwd.lock /etc/security /etc/inittab /etc/iscsi /etc/staff-group-for-usr-local /etc/rc5.d /etc/kernel-img.conf /etc/gai.conf /etc/emacs /etc/rc.local /etc/init.d /etc/nologin /etc/rcS.d /etc/debconf.conf /etc/mtab /etc/mailcap.order /etc/grub.d /etc/bash.bashrc /etc/rc0.d /etc/cron.weekly /etc/rsyslog.d /etc/blkid.tab.old /etc/group /etc/selinux /etc/alternatives /etc/ld.so.cache /etc/magic /etc/passwd- /etc/hosts /etc/discover-modprobe.conf /etc/services /etc/host.conf /etc/securetty /etc/hosts.deny /etc/apt /etc/wgetrc /etc/hosts.allow /etc/cron.monthly /etc/resolv.conf /etc/console-setup /etc/deluser.conf /etc/dpkg /etc/networks /etc/fstab.d /etc/ld.so.conf /etc/groff /etc/inputrc /etc/login.defs /etc/os-release /etc/kernel", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "rm -rf /etc/shadow- /etc/bindresvport.blacklist /etc/manpath.config /etc/dkms /etc/discover.conf.d /etc/issue /etc/mime.types /etc/logrotate.d /etc/debian_version /etc/sysctl.d /etc/adduser.conf /etc/blkid.tab /etc/timezone /etc/kbd /etc/rc1.d /etc/skel /etc/initramfs-tools /etc/logrotate.conf /etc/shells /etc/ufw /etc/calendar /etc/iproute2 /etc/issue.net /etc/default /etc/pam.conf /etc/rsyslog.conf /etc/insserv /etc/motd /etc/ld.so.conf.d /etc/init /etc/acpi /etc/python /etc/insserv.conf /etc/localtime /etc/rc6.d /etc/rpc /etc/rc3.d /etc/mailcap /etc/libaudit.conf /etc/fstab /etc/ucf.conf /etc/rmt /etc/vim /etc/menu-methods /etc/python2.7 /etc/sysctl.conf /etc/logcheck /etc/protocols /etc/dictionaries-common /etc/locale.gen /etc/udev /etc/hostname /etc/cron.hourly /etc/crontab /etc/shadow /etc/systemd /etc/profile /etc/drirc /etc/rc4.d /etc/cron.d /etc/dhcp /etc/bash_completion.d /etc/environment /etc/nanorc /etc/insserv.conf.d /etc/gshadow /etc/passwd /etc/group- /etc/profile.d /etc/terminfo /etc/locale.alias /etc/mke2fs.conf /etc/modules /etc/rc2.d /etc/ssh /etc/opt /etc/menu /etc/modprobe.d /etc/X11 /etc/pam.d /etc/nsswitch.conf /etc/magic.mime /etc/cron.daily /etc/gshadow- /etc/network /etc/.pwd.lock /etc/security /etc/inittab /etc/iscsi /etc/staff-group-for-usr-local /etc/rc5.d /etc/kernel-img.conf /etc/gai.conf /etc/emacs /etc/rc.local /etc/init.d /etc/nologin /etc/rcS.d /etc/debconf.conf /etc/mtab /etc/mailcap.order /etc/grub.d /etc/bash.bashrc /etc/rc0.d /etc/cron.weekly /etc/rsyslog.d /etc/blkid.tab.old /etc/group /etc/selinux /etc/alternatives /etc/ld.so.cache /etc/magic /etc/passwd- /etc/hosts /etc/discover-modprobe.conf /etc/services /etc/host.conf /etc/securetty /etc/hosts.deny /etc/apt /etc/wgetrc /etc/hosts.allow /etc/cron.monthly /etc/resolv.conf /etc/console-setup /etc/deluser.conf /etc/dpkg /etc/networks /etc/fstab.d /etc/ld.so.conf /etc/groff /etc/inputrc /etc/login.defs /etc/os-release /etc/kernel", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:06:18.841025Z", "message": "CMD: ls", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "ls", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:06:18.844681Z", "message": "Command found: ls ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "ls ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:06:19.747391Z", "message": "CMD: cd", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "cd", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:06:19.750325Z", "message": "Command found: cd ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "cd ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:06:21.495721Z", "message": "CMD: cd /", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "cd /", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:06:21.498956Z", "message": "Command found: cd /", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "cd /", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:06:22.156222Z", "message": "CMD: s", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "s", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.failed", "timestamp": "2017-02-11T11:06:22.160079Z", "message": "Command not found: s", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "s", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:06:23.064517Z", "message": "CMD: ls", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "ls", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:06:23.068431Z", "message": "Command found: ls ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "ls ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:06:24.977814Z", "message": "CMD: rm -rf *", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "rm -rf *", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:06:24.981834Z", "message": "Command found: rm -rf /lost+found /vmlinuz /srv /sys /run /sbin /proc /mnt /bin /usr /tmp /var /initrd.img /etc /opt /boot /selinux /home /media /lib /root /dev", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "rm -rf /lost+found /vmlinuz /srv /sys /run /sbin /proc /mnt /bin /usr /tmp /var /initrd.img /etc /opt /boot /selinux /home /media /lib /root /dev", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:06:25.917844Z", "message": "CMD: ls", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "ls", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.failed", "timestamp": "2017-02-11T11:06:25.921539Z", "message": "Command not found: ls", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "ls", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:06:27.745267Z", "message": "CMD: cd", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "cd", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:06:27.748462Z", "message": "Command found: cd ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "cd ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:06:28.608247Z", "message": "CMD: cat", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "cat", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.failed", "timestamp": "2017-02-11T11:06:28.611908Z", "message": "Command not found: cat", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "76bf8f0c", "input": "cat", "sensor": "scw-7462ef"}
{"eventid": "cowrie.log.closed", "timestamp": "2017-02-11T11:06:33.575092Z", "message": "Closing TTY Log: log/tty/20170211-110555-76bf8f0c-0i.log after 38 seconds", "ttylog": "log/tty/20170211-110555-76bf8f0c-0i.log", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,1,89.173.75.35", "src_ip": "89.173.75.35", "session": "76bf8f0c", "duration": 38.336968183517456, "sensor": "scw-7462ef", "isError": 0, "size": 4674}
{"eventid": "cowrie.session.closed", "timestamp": "2017-02-11T11:06:33.580653Z", "message": "Connection lost after 42 seconds", "system": "HoneyPotSSHTransport,1,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "duration": 42.970574140548706, "session": "76bf8f0c", "sensor": "scw-7462ef"}
{"eventid": "cowrie.session.connect", "timestamp": "2017-02-11T11:06:36.591768Z", "session": "33d747fd", "message": "New connection: 89.173.75.35:56077 (10.8.41.81:2222) [session: 33d747fd]", "src_port": 56077, "system": "cowrie.ssh.factory.CowrieSSHFactory", "isError": 0, "src_ip": "89.173.75.35", "dst_port": 2222, "dst_ip": "10.8.41.81", "sensor": "scw-7462ef"}
{"eventid": "cowrie.client.version", "macCS": ["hmac-sha2-256", "hmac-sha1", "hmac-sha1-96", "hmac-md5"], "timestamp": "2017-02-11T11:06:36.661260Z", "session": "33d747fd", "kexAlgs": ["diffie-hellman-group-exchange-sha256", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1", "rsa2048-sha256", "rsa1024-sha1"], "keyAlgs": ["ssh-rsa", "ssh-dss"], "message": "Remote SSH version: SSH-2.0-PuTTY_Release_0.67", "system": "HoneyPotSSHTransport,2,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "version": "SSH-2.0-PuTTY_Release_0.67", "compCS": ["none", "zlib"], "sensor": "scw-7462ef", "encCS": ["aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-ctr", "aes192-cbc", "aes128-ctr", "aes128-cbc", "blowfish-ctr", "blowfish-cbc", "3des-ctr", "3des-cbc", "arcfour256", "arcfour128"]}
{"eventid": "cowrie.client.size", "timestamp": "2017-02-11T11:06:40.357933Z", "message": "Terminal Size: 24 80", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,2,89.173.75.35", "height": 80, "src_ip": "89.173.75.35", "width": 24, "isError": 0, "session": "33d747fd", "sensor": "scw-7462ef"}
{"eventid": "cowrie.log.open", "timestamp": "2017-02-11T11:06:40.362749Z", "message": "Opening TTY Log: log/tty/20170211-110640-33d747fd-0i.log", "ttylog": "log/tty/20170211-110640-33d747fd-0i.log", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,2,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "33d747fd", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:06:42.269613Z", "message": "CMD: cd /etc", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,2,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "33d747fd", "input": "cd /etc", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:06:42.273154Z", "message": "Command found: cd /etc", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,2,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "33d747fd", "input": "cd /etc", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:06:43.283600Z", "message": "CMD: ls", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,2,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "33d747fd", "input": "ls", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:06:43.287668Z", "message": "Command found: ls ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,2,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "33d747fd", "input": "ls ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:06:45.619647Z", "message": "CMD: cd /", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,2,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "33d747fd", "input": "cd /", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:06:45.623591Z", "message": "Command found: cd /", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,2,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "33d747fd", "input": "cd /", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:06:46.113824Z", "message": "CMD: ls", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,2,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "33d747fd", "input": "ls", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:06:46.117715Z", "message": "Command found: ls ", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,2,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "session": "33d747fd", "input": "ls ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.log.closed", "timestamp": "2017-02-11T11:06:47.538979Z", "message": "Closing TTY Log: log/tty/20170211-110640-33d747fd-0i.log after 7 seconds", "ttylog": "log/tty/20170211-110640-33d747fd-0i.log", "system": "SSHChannel session (0) on SSHService 'ssh-connection' on HoneyPotSSHTransport,2,89.173.75.35", "src_ip": "89.173.75.35", "session": "33d747fd", "duration": 7.176410913467407, "sensor": "scw-7462ef", "isError": 0, "size": 4183}
{"eventid": "cowrie.session.closed", "timestamp": "2017-02-11T11:06:47.544281Z", "message": "Connection lost after 10 seconds", "system": "HoneyPotSSHTransport,2,89.173.75.35", "isError": 0, "src_ip": "89.173.75.35", "duration": 10.948907852172852, "session": "33d747fd", "sensor": "scw-7462ef"}
{"eventid": "cowrie.session.connect", "timestamp": "2017-02-11T11:13:22.447487Z", "session": "4f1cc4b7", "message": "New connection: 221.194.44.195:45915 (10.8.41.81:2222) [session: 4f1cc4b7]", "src_port": 45915, "system": "cowrie.ssh.factory.CowrieSSHFactory", "isError": 0, "src_ip": "221.194.44.195", "dst_port": 2222, "dst_ip": "10.8.41.81", "sensor": "scw-7462ef"}
{"eventid": "cowrie.client.version", "macCS": ["hmac-sha1", "hmac-sha1-96", "hmac-md5", "hmac-md5-96", "hmac-ripemd160", "hmac-ripemd160@openssh.com"], "timestamp": "2017-02-11T11:13:22.940056Z", "session": "4f1cc4b7", "kexAlgs": ["diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1"], "keyAlgs": ["ssh-rsa", "ssh-dss"], "message": "Remote SSH version: SSH-2.0-PUTTY", "system": "HoneyPotSSHTransport,3,221.194.44.195", "isError": 0, "src_ip": "221.194.44.195", "version": "SSH-2.0-PUTTY", "compCS": ["none"], "sensor": "scw-7462ef", "encCS": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-cbc", "aes128-cbc", "blowfish-cbc", "arcfour128", "arcfour", "cast128-cbc", "3des-cbc"]}
{"eventid": "cowrie.session.closed", "timestamp": "2017-02-11T11:13:25.450227Z", "message": "Connection lost after 2 seconds", "system": "HoneyPotSSHTransport,3,221.194.44.195", "isError": 0, "src_ip": "221.194.44.195", "duration": 2.9988129138946533, "session": "4f1cc4b7", "sensor": "scw-7462ef"}
{"eventid": "cowrie.session.connect", "timestamp": "2017-02-11T11:16:37.995285Z", "session": "b59c5686", "message": "New connection: 221.194.44.231:60899 (10.8.41.81:2222) [session: b59c5686]", "src_port": 60899, "system": "cowrie.ssh.factory.CowrieSSHFactory", "isError": 0, "src_ip": "221.194.44.231", "dst_port": 2222, "dst_ip": "10.8.41.81", "sensor": "scw-7462ef"}
{"eventid": "cowrie.client.version", "macCS": ["hmac-sha1", "hmac-sha1-96", "hmac-md5", "hmac-md5-96", "hmac-ripemd160", "hmac-ripemd160@openssh.com"], "timestamp": "2017-02-11T11:16:39.224279Z", "session": "b59c5686", "kexAlgs": ["diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1"], "keyAlgs": ["ssh-rsa", "ssh-dss"], "message": "Remote SSH version: SSH-2.0-PUTTY", "system": "HoneyPotSSHTransport,0,221.194.44.231", "isError": 0, "src_ip": "221.194.44.231", "version": "SSH-2.0-PUTTY", "compCS": ["none"], "sensor": "scw-7462ef", "encCS": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-cbc", "aes128-cbc", "blowfish-cbc", "arcfour128", "arcfour", "cast128-cbc", "3des-cbc"]}
{"eventid": "cowrie.session.closed", "timestamp": "2017-02-11T11:16:43.114012Z", "message": "Connection lost after 5 seconds", "system": "HoneyPotSSHTransport,0,221.194.44.231", "isError": 0, "src_ip": "221.194.44.231", "duration": 5.115101099014282, "session": "b59c5686", "sensor": "scw-7462ef"}
{"eventid": "cowrie.session.connect", "timestamp": "2017-02-11T11:19:20.187359Z", "session": "d779deb4", "message": "New connection: 198.199.98.246:42318 (10.8.41.81:2222) [session: d779deb4]", "src_port": 42318, "system": "cowrie.ssh.factory.CowrieSSHFactory", "isError": 0, "src_ip": "198.199.98.246", "dst_port": 2222, "dst_ip": "10.8.41.81", "sensor": "scw-7462ef"}
{"eventid": "cowrie.session.closed", "timestamp": "2017-02-11T11:19:20.192162Z", "message": "Connection lost after 0 seconds", "system": "HoneyPotSSHTransport,1,198.199.98.246", "isError": 0, "src_ip": "198.199.98.246", "duration": 0.00115203857421875, "session": "d779deb4", "sensor": "scw-7462ef"}
{"eventid": "cowrie.session.connect", "timestamp": "2017-02-11T11:19:22.828444Z", "session": "2796a6c6", "message": "New connection: 198.199.98.246:49414 (10.8.41.81:2223) [session: TT0]", "src_port": 49414, "system": "cowrie.telnet.transport.HoneyPotTelnetFactory", "isError": 0, "src_ip": "198.199.98.246", "dst_port": 2223, "dst_ip": "10.8.41.81", "sensor": "scw-7462ef"}
{"eventid": "cowrie.session.closed", "timestamp": "2017-02-11T11:19:22.834695Z", "message": "Connection lost after 0 seconds", "system": "CowrieTelnetTransport,0,198.199.98.246", "isError": 0, "src_ip": "198.199.98.246", "duration": 0.006369829177856445, "session": "2796a6c6", "sensor": "scw-7462ef"}
{"eventid": "cowrie.session.connect", "timestamp": "2017-02-11T11:21:23.159734Z", "session": "730f7d09", "message": "New connection: 221.194.47.208:52481 (10.8.41.81:2222) [session: 730f7d09]", "src_port": 52481, "system": "cowrie.ssh.factory.CowrieSSHFactory", "isError": 0, "src_ip": "221.194.47.208", "dst_port": 2222, "dst_ip": "10.8.41.81", "sensor": "scw-7462ef"}
{"eventid": "cowrie.client.version", "macCS": ["hmac-sha1", "hmac-sha1-96", "hmac-md5", "hmac-md5-96", "hmac-ripemd160", "hmac-ripemd160@openssh.com"], "timestamp": "2017-02-11T11:21:23.566970Z", "session": "730f7d09", "kexAlgs": ["diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group1-sha1"], "keyAlgs": ["ssh-rsa", "ssh-dss"], "message": "Remote SSH version: SSH-2.0-PUTTY", "system": "HoneyPotSSHTransport,2,221.194.47.208", "isError": 0, "src_ip": "221.194.47.208", "version": "SSH-2.0-PUTTY", "compCS": ["none"], "sensor": "scw-7462ef", "encCS": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes192-cbc", "aes128-cbc", "blowfish-cbc", "arcfour128", "arcfour", "cast128-cbc", "3des-cbc"]}
{"eventid": "cowrie.session.closed", "timestamp": "2017-02-11T11:21:25.273219Z", "message": "Connection lost after 2 seconds", "system": "HoneyPotSSHTransport,2,221.194.47.208", "isError": 0, "src_ip": "221.194.47.208", "duration": 2.1099188327789307, "session": "730f7d09", "sensor": "scw-7462ef"}
{"eventid": "cowrie.session.connect", "timestamp": "2017-02-11T11:21:59.870406Z", "session": "c81ef7d5", "message": "New connection: 14.176.150.199:49400 (10.8.41.81:2223) [session: TT1]", "src_port": 49400, "system": "cowrie.telnet.transport.HoneyPotTelnetFactory", "isError": 0, "src_ip": "14.176.150.199", "dst_port": 2223, "dst_ip": "10.8.41.81", "sensor": "scw-7462ef"}
{"eventid": "cowrie.login.success", "username": "root", "timestamp": "2017-02-11T11:22:00.956446Z", "message": "login attempt [root/password] succeeded", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "password": "password", "sensor": "scw-7462ef"}
{"eventid": "cowrie.log.open", "timestamp": "2017-02-11T11:22:02.223176Z", "message": "Opening TTY Log: log/tty/20170211-112202-None-1i.log", "ttylog": "log/tty/20170211-112202-None-1i.log", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:22:02.806238Z", "message": "CMD: enable", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "enable", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:22:02.810303Z", "message": "Command found: enable ", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "enable ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:22:02.815038Z", "message": "CMD: shell", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "shell", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.failed", "timestamp": "2017-02-11T11:22:02.819217Z", "message": "Command not found: shell", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "shell", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:22:02.822748Z", "message": "CMD: sh", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "sh", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:22:02.826662Z", "message": "Command found: sh ", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "sh ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:22:03.088077Z", "message": "CMD: cat /proc/mounts; /bin/busybox FFRFP", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "cat /proc/mounts; /bin/busybox FFRFP", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:22:03.092949Z", "message": "Command found: cat /proc/mounts", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "cat /proc/mounts", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:22:03.096921Z", "message": "Command found: /bin/busybox FFRFP", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "/bin/busybox FFRFP", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:22:03.419240Z", "message": "CMD: cd /dev/shm; (cat .s || cp /bin/echo .s); /bin/busybox FFRFP", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "cd /dev/shm; (cat .s || cp /bin/echo .s); /bin/busybox FFRFP", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:22:03.423456Z", "message": "Command found: cd /dev/shm", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "cd /dev/shm", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:22:03.427934Z", "message": "Command found: cat .s", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "cat .s", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:22:03.433315Z", "message": "Command found: cp /bin/echo .s", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "cp /bin/echo .s", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:22:03.437769Z", "message": "Command found: /bin/busybox FFRFP", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "/bin/busybox FFRFP", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:22:03.699921Z", "message": "CMD: nc; wget; /bin/busybox FFRFP", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "nc; wget; /bin/busybox FFRFP", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.failed", "timestamp": "2017-02-11T11:22:03.704113Z", "message": "Command not found: nc", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "nc", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:22:03.707917Z", "message": "Command found: wget ", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "wget ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:22:03.711708Z", "message": "Command found: /bin/busybox FFRFP", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "/bin/busybox FFRFP", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:22:03.974356Z", "message": "CMD: (dd bs=52 count=1 if=.s || cat .s)", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "(dd bs=52 count=1 if=.s || cat .s)", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.failed", "timestamp": "2017-02-11T11:22:03.979646Z", "message": "Command not found: dd bs=52 count=1 if=.s", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "dd bs=52 count=1 if=.s", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:22:03.983587Z", "message": "Command found: cat /dev/shm/.s", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "cat /dev/shm/.s", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:22:04.243704Z", "message": "CMD: /bin/busybox FFRFP", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "/bin/busybox FFRFP", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:22:04.246925Z", "message": "Command found: /bin/busybox FFRFP", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "session": "c81ef7d5", "input": "/bin/busybox FFRFP", "sensor": "scw-7462ef"}
{"eventid": "cowrie.log.closed", "timestamp": "2017-02-11T11:25:04.246326Z", "message": "Closing TTY Log: log/tty/20170211-112202-None-1i.log after 182 seconds", "ttylog": "log/tty/20170211-112202-None-1i.log", "system": "CowrieTelnetTransport,1,14.176.150.199", "src_ip": "14.176.150.199", "session": "c81ef7d5", "duration": 182.02333998680115, "sensor": "scw-7462ef", "isError": 0, "size": 2690}
{"eventid": "cowrie.session.closed", "timestamp": "2017-02-11T11:25:04.251178Z", "message": "Connection lost after 184 seconds", "system": "CowrieTelnetTransport,1,14.176.150.199", "isError": 0, "src_ip": "14.176.150.199", "duration": 184.38091802597046, "session": "c81ef7d5", "sensor": "scw-7462ef"}
{"eventid": "cowrie.session.connect", "timestamp": "2017-02-11T11:34:54.455440Z", "session": "622077cd", "message": "New connection: 180.181.172.223:57552 (10.8.41.81:2223) [session: TT2]", "src_port": 57552, "system": "cowrie.telnet.transport.HoneyPotTelnetFactory", "isError": 0, "src_ip": "180.181.172.223", "dst_port": 2223, "dst_ip": "10.8.41.81", "sensor": "scw-7462ef"}
{"eventid": "cowrie.session.closed", "timestamp": "2017-02-11T11:34:54.710825Z", "message": "Connection lost after 0 seconds", "system": "CowrieTelnetTransport,2,180.181.172.223", "isError": 0, "src_ip": "180.181.172.223", "duration": 0.255511999130249, "session": "622077cd", "sensor": "scw-7462ef"}
{"eventid": "cowrie.session.connect", "timestamp": "2017-02-11T11:41:03.288605Z", "session": "f61a1d9d", "message": "New connection: 178.238.196.143:36359 (10.8.41.81:2223) [session: TT3]", "src_port": 36359, "system": "cowrie.telnet.transport.HoneyPotTelnetFactory", "isError": 0, "src_ip": "178.238.196.143", "dst_port": 2223, "dst_ip": "10.8.41.81", "sensor": "scw-7462ef"}
{"eventid": "cowrie.login.success", "username": "admin", "timestamp": "2017-02-11T11:41:03.981982Z", "message": "login attempt [admin/1111] succeeded", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "password": "1111", "sensor": "scw-7462ef"}
{"eventid": "cowrie.log.open", "timestamp": "2017-02-11T11:41:05.472536Z", "message": "Opening TTY Log: log/tty/20170211-114105-None-3i.log", "ttylog": "log/tty/20170211-114105-None-3i.log", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:41:05.789589Z", "message": "CMD: enable", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "enable", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:41:05.793692Z", "message": "Command found: enable ", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "enable ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:41:05.798493Z", "message": "CMD: shell", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "shell", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.failed", "timestamp": "2017-02-11T11:41:05.802332Z", "message": "Command not found: shell", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "shell", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:41:05.805984Z", "message": "CMD: sh", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "sh", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:41:05.809819Z", "message": "Command found: sh ", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "sh ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:41:06.000528Z", "message": "CMD: cat /proc/mounts; /bin/busybox QZPNZ", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "cat /proc/mounts; /bin/busybox QZPNZ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:41:06.005144Z", "message": "Command found: cat /proc/mounts", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "cat /proc/mounts", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:41:06.009371Z", "message": "Command found: /bin/busybox QZPNZ", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "/bin/busybox QZPNZ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:41:06.184588Z", "message": "CMD: cd /dev/shm; (cat .s || cp /bin/echo .s); /bin/busybox QZPNZ", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "cd /dev/shm; (cat .s || cp /bin/echo .s); /bin/busybox QZPNZ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:41:06.188758Z", "message": "Command found: cd /dev/shm", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "cd /dev/shm", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:41:06.193559Z", "message": "Command found: cat .s", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "cat .s", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:41:06.198939Z", "message": "Command found: cp /bin/echo .s", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "cp /bin/echo .s", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:41:06.203699Z", "message": "Command found: /bin/busybox QZPNZ", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "/bin/busybox QZPNZ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:41:06.368290Z", "message": "CMD: nc; wget; /bin/busybox QZPNZ", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "nc; wget; /bin/busybox QZPNZ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.failed", "timestamp": "2017-02-11T11:41:06.372607Z", "message": "Command not found: nc", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "nc", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:41:06.376486Z", "message": "Command found: wget ", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "wget ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:41:06.380466Z", "message": "Command found: /bin/busybox QZPNZ", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "/bin/busybox QZPNZ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:41:06.545965Z", "message": "CMD: (dd bs=52 count=1 if=.s || cat .s)", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "(dd bs=52 count=1 if=.s || cat .s)", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.failed", "timestamp": "2017-02-11T11:41:06.551023Z", "message": "Command not found: dd bs=52 count=1 if=.s", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "dd bs=52 count=1 if=.s", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:41:06.555150Z", "message": "Command found: cat /dev/shm/.s", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "cat /dev/shm/.s", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:41:06.717738Z", "message": "CMD: /bin/busybox QZPNZ", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "/bin/busybox QZPNZ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:41:06.721415Z", "message": "Command found: /bin/busybox QZPNZ", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "session": "f61a1d9d", "input": "/bin/busybox QZPNZ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.log.closed", "timestamp": "2017-02-11T11:42:46.854270Z", "message": "Closing TTY Log: log/tty/20170211-114105-None-3i.log after 101 seconds", "ttylog": "log/tty/20170211-114105-None-3i.log", "system": "CowrieTelnetTransport,3,178.238.196.143", "src_ip": "178.238.196.143", "session": "f61a1d9d", "duration": 101.38198494911194, "sensor": "scw-7462ef", "isError": 0, "size": 2658}
{"eventid": "cowrie.session.closed", "timestamp": "2017-02-11T11:42:46.858526Z", "message": "Connection lost after 103 seconds", "system": "CowrieTelnetTransport,3,178.238.196.143", "isError": 0, "src_ip": "178.238.196.143", "duration": 103.57014298439026, "session": "f61a1d9d", "sensor": "scw-7462ef"}
{"eventid": "cowrie.session.connect", "timestamp": "2017-02-11T11:45:01.954343Z", "session": "c371f890", "message": "New connection: 116.107.73.162:46506 (10.8.41.81:2223) [session: TT4]", "src_port": 46506, "system": "cowrie.telnet.transport.HoneyPotTelnetFactory", "isError": 0, "src_ip": "116.107.73.162", "dst_port": 2223, "dst_ip": "10.8.41.81", "sensor": "scw-7462ef"}
{"eventid": "cowrie.login.success", "username": "root", "timestamp": "2017-02-11T11:45:03.364214Z", "message": "login attempt [root/default] succeeded", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "password": "default", "sensor": "scw-7462ef"}
{"eventid": "cowrie.log.open", "timestamp": "2017-02-11T11:45:04.831531Z", "message": "Opening TTY Log: log/tty/20170211-114504-None-4i.log", "ttylog": "log/tty/20170211-114504-None-4i.log", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:45:05.522115Z", "message": "CMD: enable", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "enable", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:45:05.526121Z", "message": "Command found: enable ", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "enable ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:45:05.531502Z", "message": "CMD: shell", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "shell", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.failed", "timestamp": "2017-02-11T11:45:05.535484Z", "message": "Command not found: shell", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "shell", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:45:05.539139Z", "message": "CMD: sh", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "sh", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:45:05.543305Z", "message": "Command found: sh ", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "sh ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:45:05.895078Z", "message": "CMD: cat /proc/mounts; /bin/busybox VJJRM", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "cat /proc/mounts; /bin/busybox VJJRM", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:45:05.899734Z", "message": "Command found: cat /proc/mounts", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "cat /proc/mounts", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:45:05.904040Z", "message": "Command found: /bin/busybox VJJRM", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "/bin/busybox VJJRM", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:45:06.986403Z", "message": "CMD: cd /dev/shm; (cat .s || cp /bin/echo .s); /bin/busybox VJJRM", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "cd /dev/shm; (cat .s || cp /bin/echo .s); /bin/busybox VJJRM", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:45:06.991097Z", "message": "Command found: cd /dev/shm", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "cd /dev/shm", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:45:06.996160Z", "message": "Command found: cat .s", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "cat .s", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:45:07.002197Z", "message": "Command found: cp /bin/echo .s", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "cp /bin/echo .s", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:45:07.007156Z", "message": "Command found: /bin/busybox VJJRM", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "/bin/busybox VJJRM", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:45:07.358321Z", "message": "CMD: nc; wget; /bin/busybox VJJRM", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "nc; wget; /bin/busybox VJJRM", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.failed", "timestamp": "2017-02-11T11:45:07.363015Z", "message": "Command not found: nc", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "nc", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:45:07.367620Z", "message": "Command found: wget ", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "wget ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:45:07.371890Z", "message": "Command found: /bin/busybox VJJRM", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "/bin/busybox VJJRM", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:45:07.726429Z", "message": "CMD: (dd bs=52 count=1 if=.s || cat .s)", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "(dd bs=52 count=1 if=.s || cat .s)", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.failed", "timestamp": "2017-02-11T11:45:07.731524Z", "message": "Command not found: dd bs=52 count=1 if=.s", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "dd bs=52 count=1 if=.s", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:45:07.735965Z", "message": "Command found: cat /dev/shm/.s", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "cat /dev/shm/.s", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:45:08.085210Z", "message": "CMD: /bin/busybox VJJRM", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "/bin/busybox VJJRM", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:45:08.088599Z", "message": "Command found: /bin/busybox VJJRM", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "session": "c371f890", "input": "/bin/busybox VJJRM", "sensor": "scw-7462ef"}
{"eventid": "cowrie.log.closed", "timestamp": "2017-02-11T11:46:48.241970Z", "message": "Closing TTY Log: log/tty/20170211-114504-None-4i.log after 103 seconds", "ttylog": "log/tty/20170211-114504-None-4i.log", "system": "CowrieTelnetTransport,4,116.107.73.162", "src_ip": "116.107.73.162", "session": "c371f890", "duration": 103.41068696975708, "sensor": "scw-7462ef", "isError": 0, "size": 2649}
{"eventid": "cowrie.session.closed", "timestamp": "2017-02-11T11:46:48.246228Z", "message": "Connection lost after 106 seconds", "system": "CowrieTelnetTransport,4,116.107.73.162", "isError": 0, "src_ip": "116.107.73.162", "duration": 106.29205989837646, "session": "c371f890", "sensor": "scw-7462ef"}
{"eventid": "cowrie.session.connect", "timestamp": "2017-02-11T11:47:19.054833Z", "session": "29b2b814", "message": "New connection: 114.203.233.42:48989 (10.8.41.81:2223) [session: TT5]", "src_port": 48989, "system": "cowrie.telnet.transport.HoneyPotTelnetFactory", "isError": 0, "src_ip": "114.203.233.42", "dst_port": 2223, "dst_ip": "10.8.41.81", "sensor": "scw-7462ef"}
{"eventid": "cowrie.login.success", "username": "admin", "timestamp": "2017-02-11T11:47:20.252653Z", "message": "login attempt [admin/123456] succeeded", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "password": "123456", "sensor": "scw-7462ef"}
{"eventid": "cowrie.log.open", "timestamp": "2017-02-11T11:47:21.582595Z", "message": "Opening TTY Log: log/tty/20170211-114721-None-5i.log", "ttylog": "log/tty/20170211-114721-None-5i.log", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:47:22.163382Z", "message": "CMD: enable", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "enable", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:47:22.167266Z", "message": "Command found: enable ", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "enable ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:47:22.172006Z", "message": "CMD: shell", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "shell", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.failed", "timestamp": "2017-02-11T11:47:22.175855Z", "message": "Command not found: shell", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "shell", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:47:22.179409Z", "message": "CMD: sh", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "sh", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:47:22.183389Z", "message": "Command found: sh ", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "sh ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:47:22.486612Z", "message": "CMD: cat /proc/mounts; /bin/busybox EZBLV", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "cat /proc/mounts; /bin/busybox EZBLV", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:47:22.491173Z", "message": "Command found: cat /proc/mounts", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "cat /proc/mounts", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:47:22.495587Z", "message": "Command found: /bin/busybox EZBLV", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "/bin/busybox EZBLV", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:47:22.797229Z", "message": "CMD: cd /dev/shm; (cat .s || cp /bin/echo .s); /bin/busybox EZBLV", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "cd /dev/shm; (cat .s || cp /bin/echo .s); /bin/busybox EZBLV", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:47:22.801652Z", "message": "Command found: cd /dev/shm", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "cd /dev/shm", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:47:22.805996Z", "message": "Command found: cat .s", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "cat .s", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:47:22.811043Z", "message": "Command found: cp /bin/echo .s", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "cp /bin/echo .s", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:47:22.815430Z", "message": "Command found: /bin/busybox EZBLV", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "/bin/busybox EZBLV", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:47:23.114105Z", "message": "CMD: nc; wget; /bin/busybox EZBLV", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "nc; wget; /bin/busybox EZBLV", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.failed", "timestamp": "2017-02-11T11:47:23.118293Z", "message": "Command not found: nc", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "nc", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:47:23.122467Z", "message": "Command found: wget ", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "wget ", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:47:23.126346Z", "message": "Command found: /bin/busybox EZBLV", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "/bin/busybox EZBLV", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:47:23.427270Z", "message": "CMD: (dd bs=52 count=1 if=.s || cat .s)", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "(dd bs=52 count=1 if=.s || cat .s)", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.failed", "timestamp": "2017-02-11T11:47:23.432494Z", "message": "Command not found: dd bs=52 count=1 if=.s", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "dd bs=52 count=1 if=.s", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:47:23.436806Z", "message": "Command found: cat /dev/shm/.s", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "cat /dev/shm/.s", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.input", "timestamp": "2017-02-11T11:47:23.732706Z", "message": "CMD: /bin/busybox EZBLV", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "/bin/busybox EZBLV", "sensor": "scw-7462ef"}
{"eventid": "cowrie.command.success", "timestamp": "2017-02-11T11:47:23.736008Z", "message": "Command found: /bin/busybox EZBLV", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "session": "29b2b814", "input": "/bin/busybox EZBLV", "sensor": "scw-7462ef"}
{"eventid": "cowrie.log.closed", "timestamp": "2017-02-11T11:49:03.440145Z", "message": "Closing TTY Log: log/tty/20170211-114721-None-5i.log after 101 seconds", "ttylog": "log/tty/20170211-114721-None-5i.log", "system": "CowrieTelnetTransport,5,114.203.233.42", "src_ip": "114.203.233.42", "session": "29b2b814", "duration": 101.85768508911133, "sensor": "scw-7462ef", "isError": 0, "size": 2658}
{"eventid": "cowrie.session.closed", "timestamp": "2017-02-11T11:49:03.444896Z", "message": "Connection lost after 104 seconds", "system": "CowrieTelnetTransport,5,114.203.233.42", "isError": 0, "src_ip": "114.203.233.42", "duration": 104.39020013809204, "session": "29b2b814", "sensor": "scw-7462ef"}