TAMUctf 19 Writeup Honeypot Dionaea

Dionaea

Warning this challenge contains some malware samples.

1.What was the most common src ip?

2.What is the common name for the most commonly downloaded malware?

1.What was the most common src ip?

ログを整形してsrc_ipを集計する。

$ cat dionaea.json* > log.json
$ cat log.json | grep 'src_hostname' | jq '.src_ip' | sort | uniq -c | sort -nr
    128 "::ffff:193.56.29.24"
     68 "::ffff:193.56.29.16"
     66 "::ffff:193.56.29.27"
     66 "::ffff:193.56.29.21"
     66 "::ffff:193.56.29.13"
     66 "::ffff:193.56.29.12"
     48 "::ffff:193.56.29.10"
     46 "::ffff:193.56.29.63"
     44 "::ffff:193.56.29.68"
     44 "::ffff:193.56.29.57"
     44 "::ffff:193.56.29.43"
     44 "::ffff:193.56.29.39"
     44 "::ffff:193.56.29.38"
     44 "::ffff:193.56.29.34"
     44 "::ffff:193.56.29.31"

What was the most common src ip?

FLAG1 : 193.56.29.24

What is the common name for the most commonly downloaded malware?

バイナリのフォルダを見ると5,145KBのファイルが多く見られた。 ので取り敢えずvirus totalに投げた。

f:id:Yunolay:20190225164843p:plain

そしたら誰かがWannaCryって言ってた。

2.What is the common name for the most commonly downloaded malware?

FLAG2 : WannaCry