Update #2:**Mirai Botnet User: Pass Tracking**
Yesterday while browsing Twitter I stumbled across TelnetLogger and HoneyCredIPTracker and decided I would add them to my collection process from the CapAnalysis project. The general idea here is that Telnet Logger logs all of the telnet attempts on a server, and since the server I am using for POL is internet facing I decided I would throw it on there and see what happens and the results I get. Here is the intro from the Telnet Logger GitHub page which explains the goal:
“It’s designed to track the Mirai botnet. Right now (Oct 23, 2016) infected Mirai machines from around the world are trying to connect to Telnet on every IP address about once per minute. This program logs both which IP addresses are doing the attempts, and which passwords they are using.”
And the description from the HoneyCredIPTracker
“Initially set up to capture connections to Robert Graham’s TelnetLogger project that he created to look at Mirai connections, but it can be used to look at IPs.”
I have some automation setup that will update Credentials and IP address file every hour at 5 min after. Take a look and let me know your thoughts.