About the Project Since July of 2020, I have been running a “honeypot” of sorts made by anthok to capture all requests coming in on specific ports. By listening on ports commonly used by databases such as Elasticsearch or Redis, we’ve been able to observe a lot of bot behavior. Most of the requests resulted in trying to gain an initial foothold onto the environment to run a bash script to bring down their stage-1 malware.| Arch Cloud Labs
About The Project Given the recent news of the Meow attacks, I was curious about obtaining malware data related to Elasticsearch attacks. I’m a huge fan of Elasticsearch and use it heavily in my side-projects. I’m aware of the dangers of exposing a fresh database install on the open internet. So I simply set up a netcat listener and redirected the output to a file. I was pleasantly surprised at how successful this was.| Arch Cloud Labs