Attack campaign: quick look

After 12 hours of being official mirror of Parrot, our mirror in Vietnam was under heavy attack. The method has been used is Brute force attack against SSH service.

  • 07:00 AM (GMT +7) - May 10, 2020: First attack was recorded in log file
  • 11:34 PM (GMT +7) - May 10, 2020: Deployed domain name and added Parrot’s mirror list
  • 11:34 AM (GMT +7) - May 11, 2020: Collected log and created report

Quick look at the numbers:

  • 25617 requests (login failed) were sent
  • 444 IP addresses joined (possibly botnets, APT groups or skids)
  • All records were from 51 countries
  • 3420 different non-root usernames were used. Root was used 15908 times

Most “hard working” addresses

req-from-ip

Most “hard working” countries
req-from-countries

IP addresses from countries

Attacks sorted by usernames

All IP Addresses were joined that had more than 1 login failed request

4578 - 202.5.17.134
3252 - 112.85.42.187
1911 - 112.85.42.188
194 - 222.186.175.202
171 - 222.186.173.238
161 - 222.186.175.183
160 - 222.186.180.223
156 - 222.186.180.8
152 - 222.186.175.148
149 - 222.186.173.154
144 - 222.186.175.150
132 - 222.186.180.147
132 - 222.186.175.182
132 - 222.186.175.163
132 - 222.186.175.151
132 - 112.85.42.178
126 - 222.186.169.194
124 - 222.186.190.2
124 - 222.186.175.154
120 - 222.186.180.6
120 - 222.186.175.217
119 - 112.85.42.173
112 - 222.186.173.180
111 - 222.186.169.192
108 - 112.85.42.174
104 - 111.67.206.4
103 - 112.85.42.176
99 - 207.154.234.102
96 - 51.132.21.180
96 - 222.186.173.142
95 - 222.186.175.169
93 - 112.85.42.172
89 - 222.186.180.41
89 - 222.186.175.167
84 - 222.186.175.215
84 - 222.186.173.215
83 - 61.177.172.128
81 - 222.186.173.183
70 - 71.246.210.34
70 - 61.95.233.61
70 - 59.27.124.26
70 - 51.15.125.53
70 - 45.251.47.21
70 - 37.211.77.84
70 - 23.247.33.61
70 - 210.16.93.20
70 - 205.185.113.140
70 - 189.47.42.116
70 - 187.190.236.88
70 - 175.208.223.188
70 - 165.22.215.192
70 - 161.53.178.35
70 - 157.230.31.236
70 - 157.230.132.100
70 - 148.235.57.183
70 - 140.246.135.188
70 - 139.155.86.214
70 - 138.68.50.18
70 - 1.179.137.10
70 - 117.158.175.167
70 - 112.33.55.210
70 - 111.93.4.174
70 - 106.124.137.130
70 - 104.236.63.99
70 - 104.236.224.69
70 - 103.242.56.174
70 - 103.235.170.195
69 - 42.84.44.102
69 - 151.84.20.101
69 - 111.67.195.165
68 - 79.137.82.213
68 - 49.235.190.177
68 - 195.70.59.121
68 - 180.76.165.254
68 - 152.136.108.226
68 - 138.197.132.143
67 - 36.152.38.149
67 - 180.76.124.21
67 - 180.76.110.70
66 - 49.235.233.73
66 - 200.89.174.253
66 - 189.109.204.218
66 - 144.217.206.177
65 - 68.183.188.91
65 - 154.8.228.94
65 - 128.199.108.159
64 - 222.186.173.226
63 - 93.64.5.34
62 - 116.105.195.243
61 - 195.223.211.242
60 - 218.92.0.172
60 - 124.226.213.129
60 - 118.69.71.182
59 - 139.59.135.84
58 - 118.24.89.243
57 - 37.59.112.180
57 - 35.208.199.214
57 - 222.186.173.201
57 - 218.92.0.175
56 - 52.130.74.149
56 - 151.80.144.255
55 - 201.249.169.210
54 - 129.204.205.231
54 - 106.3.130.53
53 - 51.89.68.142
53 - 218.92.0.165
53 - 209.97.138.179
52 - 46.164.143.82
52 - 222.186.175.212
51 - 36.111.182.132
51 - 218.92.0.178
51 - 139.59.60.220
50 - 59.34.233.229
50 - 5.135.165.51
50 - 213.175.200.194
50 - 159.89.162.203
49 - 67.205.135.127
49 - 185.223.28.123
49 - 179.222.96.70
49 - 139.59.7.177
48 - 51.38.191.126
48 - 51.255.173.70
48 - 45.172.172.1
48 - 222.186.175.216
48 - 212.47.241.15
48 - 188.165.40.22
48 - 178.128.92.117
48 - 178.128.248.121
48 - 120.70.99.15
47 - 86.188.246.2
47 - 74.56.131.113
47 - 68.183.12.80
47 - 61.93.201.198
47 - 34.77.109.127
47 - 206.189.204.63
47 - 167.172.100.230
46 - 51.158.65.150
46 - 211.103.95.118
46 - 139.155.79.7
46 - 121.229.18.144
46 - 114.67.229.131
45 - 80.211.232.174
45 - 54.37.165.17
45 - 35.189.172.158
45 - 185.16.37.135
45 - 178.32.163.201
45 - 167.71.69.108
45 - 167.172.175.9
45 - 145.239.78.111
44 - 91.121.145.227
44 - 54.39.96.155
44 - 46.101.204.20
44 - 134.175.236.132
43 - 95.110.248.243
43 - 62.148.142.202
43 - 61.234.48.7
43 - 59.63.178.146
43 - 182.61.58.227
43 - 145.239.82.11
43 - 106.13.5.175
42 - 51.104.40.179
42 - 106.13.175.126
42 - 104.248.130.10
41 - 51.79.51.35
41 - 222.186.180.17
41 - 218.92.0.173
41 - 206.189.47.166
41 - 14.29.184.152
41 - 139.198.9.141
41 - 13.230.186.61
41 - 119.92.118.59
40 - 94.177.246.39
40 - 51.77.200.101
40 - 46.44.201.212
40 - 181.49.107.180
40 - 106.13.52.83
40 - 106.12.56.126
39 - 92.170.205.192
39 - 51.137.145.162
39 - 206.189.145.251
39 - 188.168.82.246
39 - 188.166.164.10
39 - 170.150.72.28
39 - 150.109.149.170
39 - 146.185.145.222
39 - 109.168.66.27
39 - 103.78.81.227
38 - 210.56.23.100
38 - 187.62.100.30
38 - 183.103.115.2
38 - 182.61.36.56
38 - 118.70.109.185
38 - 113.125.16.234
37 - 68.183.95.108
37 - 194.182.71.107
37 - 187.12.167.85
37 - 171.61.88.249
37 - 144.91.67.1
36 - 27.78.14.83
36 - 218.92.0.145
36 - 206.189.200.15
36 - 132.232.92.86
36 - 123.206.47.228
36 - 106.13.168.150
36 - 103.10.60.98
35 - 80.211.76.170
35 - 37.189.34.65
35 - 106.53.12.243
35 - 106.12.142.52
34 - 75.31.93.181
34 - 49.88.112.55
34 - 218.92.0.212
34 - 203.63.75.248
34 - 186.67.27.174
34 - 103.81.156.8
33 - 59.41.198.154
33 - 52.130.85.229
33 - 111.229.139.95
33 - 106.13.184.139
32 - 77.109.173.12
32 - 218.78.73.117
32 - 200.55.196.142
32 - 186.215.235.9
32 - 181.165.200.14
32 - 132.145.146.78
32 - 106.54.208.37
31 - 92.222.156.151
31 - 223.247.153.131
31 - 182.254.172.63
31 - 180.76.54.158
31 - 118.25.91.103
31 - 112.186.79.4
31 - 103.48.192.48
30 - 83.233.120.250
30 - 207.180.234.140
30 - 106.54.245.12
30 - 106.54.229.142
30 - 102.68.17.48
29 - 51.68.227.98
29 - 2.228.87.194
29 - 212.33.194.107
29 - 188.131.239.119
29 - 129.204.5.153
29 - 122.51.22.134
29 - 118.186.2.18
28 - 180.76.238.70
28 - 129.211.146.50
27 - 5.189.178.54
27 - 218.92.0.158
27 - 181.126.83.125
27 - 148.70.118.201
27 - 121.8.161.74
26 - 59.63.163.49
26 - 200.187.127.8
26 - 189.112.179.115
26 - 188.166.109.87
26 - 139.199.248.156
26 - 129.226.161.114
26 - 114.141.132.88
26 - 107.170.195.87
25 - 51.38.65.175
25 - 49.233.138.118
25 - 106.54.182.239
24 - 51.178.86.49
24 - 34.89.215.144
24 - 106.13.178.27
23 - 60.250.164.169
23 - 117.50.110.210
23 - 112.85.42.181
23 - 106.13.60.222
23 - 106.12.45.30
22 - 218.92.0.171
22 - 198.55.96.147
22 - 121.79.131.234
22 - 106.12.117.62
21 - 80.211.67.90
21 - 213.21.53.2
21 - 190.15.59.5
21 - 187.116.104.119
20 - 92.57.74.239
20 - 85.24.194.43
19 - 90.8.63.76
19 - 58.211.122.66
19 - 43.229.153.76
19 - 170.106.50.166
19 - 122.51.186.145
18 - 91.121.45.5
18 - 76.185.1.251
18 - 51.116.179.7
18 - 218.78.36.85
18 - 190.144.125.66
18 - 189.240.62.227
17 - 93.186.254.240
17 - 218.92.0.184
17 - 112.85.42.180
16 - 68.168.128.94
16 - 219.136.239.10
16 - 201.32.178.190
16 - 111.229.155.209
16 - 103.47.200.80
15 - 49.73.184.20
15 - 213.202.168.102
14 - 95.167.139.66
13 - 77.23.10.115
13 - 173.82.100.155
12 - 68.236.122.177
12 - 218.92.0.168
12 - 218.92.0.138
12 - 198.50.177.42
11 - 23.236.77.8
10 - 218.24.106.222
10 - 202.104.112.217
10 - 191.233.232.180
10 - 187.189.241.135
10 - 167.71.232.61
10 - 121.66.252.158
9 - 43.224.130.146
9 - 147.135.208.234
9 - 142.4.214.151
8 - 51.75.52.195
8 - 223.171.32.55
8 - 218.204.17.44
8 - 190.94.18.2
8 - 106.13.63.120
7 - 59.48.40.34
7 - 15.206.79.8
7 - 122.224.217.44
6 - 78.96.209.42
6 - 201.226.239.98
6 - 13.59.185.201
6 - 115.31.172.51
5 - 75.38.216.58
4 - 95.167.225.81
4 - 2.7.42.91
4 - 27.128.233.104
4 - 171.100.68.150
4 - 111.67.204.249
3 - 45.5.0.7
3 - 34.200.214.229
3 - 18.130.209.7
3 - 111.229.85.222
2 - 66.98.113.238
2 - 49.232.146.216
2 - 31.202.97.15
2 - 14.162.144.248
2 - 120.236.189.171
2 - 111.30.114.22
2 - 108.160.199.217```
1 Like