![\"Red](\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1017-1.jpg\")
<\/figure><\/div>\n\n\n\nFigure 2-4 Proportions of attack types in 2020 H1<\/p>\n\n\n\n
![\"Red](\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1017-2.jpg\")
<\/figure><\/div>\n\n\n\nFigure 2-5 Change trend of high-risk port attacks in 2020 H1<\/p>\n\n\n\n
Ranking of Exploits in 2020 H1<\/h3>\n\n\n\n
Table 2-6 Exploit count of vulnerabilities in 2020 H1<\/p>\n\n\n\n
![\"Red](\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1017-3-1.jpg\")
<\/figure><\/div>\n\n\n\nThreat Awareness Services Across the Whole Network<\/h3>\n\n\n\n
Of all threats facing application services, those targeting port 433 took up more than 50%, and remaining involved the mDNS vulnerability for port UDP 5353, port NetBIOS 137, game port 27015, and port Memcache 11211, as shown in Figure 2-6.<\/p>\n\n\n\n
![\"Red](\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1017-4-1.jpg\")
<\/figure><\/div>\n\n\n\nFigure 2-6 Distribution of application service threats<\/p>\n\n\n\n
- Brute-Force Attacks<\/strong><\/li><\/ul>\n\n\n\n
2020 H1 saw the capture of 300,373,397 pieces of data, 451,199 of which were about user name\/password pairs. The top 5 exploited user name\/password pairs are as follows.<\/p>\n\n\n\n
Table 2-7 Exploit count of user name\/password pairs<\/p>\n\n\n\n
User Name\/Password Pair<\/td> Exploit Count<\/td><\/tr> root_admin<\/td> 20,564,126<\/td><\/tr> root_None<\/td> 6,639,143<\/td><\/tr> nproc_nproc<\/td> 663,805<\/td><\/tr> admin_admin<\/td> 57,627<\/td><\/tr> root_root<\/td> 49,999<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n Table 2-8 Common passwords used by attackers<\/p>\n\n\n\n
Password<\/td> Device<\/td> Password Complexity<\/td> Exploit Count<\/td><\/tr> admin<\/td> Common<\/td> Too simple<\/td> 20,647,020<\/td><\/tr> None<\/td> Common<\/td> Too simple<\/td> 6,682,366<\/td><\/tr> nproc<\/td> Common<\/td> Too simple<\/td> 663,805<\/td><\/tr> 123456<\/td> Common<\/td> Too simple<\/td> 421,153<\/td><\/tr> 123<\/td> Common<\/td> Too simple<\/td> 177,674<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n The top 5 countries\/regions with login attempts are as follows.<\/p>\n\n\n\n
Table 2-9 Top 5 Countries suffering brute-force attacks<\/p>\n\n\n\n
Attacked Country<\/td> Attack Count<\/td><\/tr> Netherlands<\/td> 144,942,075<\/td><\/tr> Seychelles<\/td> 23,088,226<\/td><\/tr> Russian Federation<\/td> 19,969630<\/td><\/tr> Moldova<\/td> 19,677,162<\/td><\/tr> USA<\/td> 17,597,244<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n - Intrusion Behaviors<\/strong><\/li><\/ul>\n\n\n\n
External attackers in the threat hunting system use the following commonest commands.<\/p>\n\n\n\n
Table 2-10 Common commands<\/p>\n\n\n\n
Command<\/td> Type of Intrusion Tools<\/td> Usage Count<\/td><\/tr> cat \/proc\/cpuinfo | grep name | wc -l<\/td> External command<\/td> 686,498<\/td><\/tr> cat \/bin\/busybox<\/td> External command<\/td> 180,643<\/td><\/tr> \/bin\/busybox cat \/bin\/busybox<\/td> External command<\/td> 150,244<\/td><\/tr> \/bin\/busybox TSUNAMI <\/td> External command<\/td> 150,182<\/td><\/tr> echo -en \\x45\\x43\\x48\\x4f\\x44\\x4f\\x4e\\x45<\/td> Tool embedded in the system<\/td> 143,927<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n Table 2-11 Top 5 attack IP addresses<\/p>\n\n\n\n
Attack IP Address<\/td> Attack Count<\/td><\/tr> 5.188.86.168<\/td> 8,897,556<\/td><\/tr> 5.188.86.165<\/td> 8,622,362<\/td><\/tr> 5.188.86.167<\/td> 8,132,853<\/td><\/tr> 5.188.86.164<\/td> 7,776,140<\/td><\/tr> 5.188.87.49<\/td> 7,695,391<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n Global Distribution of Attack IP Addresses<\/p>\n\n\n\n
![\"Red](\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1017-5-1.jpg\")
<\/figure><\/div>\n\n\n\nFigure 2-7 Global distribution of attack IP addresses<\/p>\n\n\n\n
The captured 22,784 samples involved 48 families and 43 download addresses. Family proportions in malicious samples are as follows:<\/p>\n\n\n\n
![\"Red](\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1017-6-1.jpg\")
<\/figure><\/div>\n\n\n\nFigure 2-8 Proportions of malicious family samples<\/p>\n\n\n\n
- Email Attacks<\/strong><\/li><\/ul>\n\n\n\n
In 2020 H1, we captured a total of 330,893 emails, of which 5141 were spam and 325,752 were phishing emails. We captured 7959 IP addresses from different sources. The attacks involved 2,102,120 destination emails.<\/p>\n\n\n\n
Table 2-12 Targeted email addresses<\/p>\n\n\n\n
Email<\/td> Usage Count<\/td><\/tr> spameri@tiscali.it<\/td> 4314<\/td><\/tr> emeka@malatrade.com<\/td> 2815<\/td><\/tr> toronto20000b@outlook.com<\/td> 371<\/td><\/tr> usgovtax@zohomail.com<\/td> 329<\/td><\/tr> vinbetonn@outlook.com<\/td> 328<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n Table 2-13 Targeted email service providers<\/p>\n\n\n\n
Email Service Provider<\/td> Usage Count<\/td><\/tr> yahoo.com<\/td> 454,993<\/td><\/tr> gmail.com<\/td> 274,926<\/td><\/tr> aol.com<\/td> 220,067<\/td><\/tr> hotmail.com<\/td> 189,272<\/td><\/tr> msn.com<\/td> 43,264<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n - Application Vulnerability Exploits<\/strong><\/li><\/ul>\n\n\n\n
In 2020 H1, we captured 4,819,491 pieces of data, including 275,055 about exploits.<\/p>\n\n\n\n
Database Services<\/strong><\/p>\n\n\n\n
We captured 4,819,491 source IP addresses, of which 6576 were from MySQL, 83,035 from MS SQL, 6701 from Redis, and 6701 from non-relational databases. 4115 user name\/password pairs were exploited in brute-force attacks. These IP addresses also involved 15,585 kinds of source client software.<\/p>\n\n\n\n
Table 2-14 Database statements most frequently used by attackers<\/p>\n\n\n\n
![\"Red](\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1017-12-1.jpg\")
<\/figure><\/div>\n\n\n\n- Web Services<\/strong><\/li><\/ul>\n\n\n\n
In 2020 H1, we captured 51,730,540 pieces of data, which involved 313,743 source IP addresses, 19,969 source User Agents, 310,992 request paths, and 12 kinds of service.<\/p>\n\n\n\n
DDoS Reflection Attacks<\/h3>\n\n\n\n
Among DDoS reflection attacks, DNS services were most frequently attacked in May. Of all 24,794,034 attacks, those targeting 2.185.238.144 accounted for the largest proportion, lasting 86.08 hours.<\/p>\n\n\n\n
![\"Red](\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1017-7-1.jpg\")
<\/figure><\/div>\n\n\n\nFigure 2-9 Distribution of DDoS reflection attacks by service <\/p>\n\n\n\n
The distribution of source IP addresses of reflection attacks is as follows:<\/p>\n\n\n\n
![\"Red](\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1017-8-1.jpg\")
<\/figure><\/div>\n\n\n\nFigure 2-10 distribution of source IP addresses of reflection attacks by service<\/p>\n\n\n\n
IoT Services<\/h3>\n\n\n\n
6,462,645 attack payloads targeted IoT services, involving 20 devices and seven services. Besides, 313,743 attack IP sources were captured, which came from 208 countries and regions. The following figure indicates the IP quantity trend:<\/p>\n\n\n\n
![\"Red](\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1017-9-1.jpg\")
<\/figure><\/div>\n\n\n\nFigure 2-11 IP quantity trend<\/p>\n\n\n\n
![\"Red](\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1017-10.jpg\")
<\/figure><\/div>\n\n\n\nFigure 2-12 Global distribution of attacked IP sources<\/p>\n\n\n\n
Cryptomining Botnet Trend<\/h3>\n\n\n\n
Through NSFOCUS’s threat hunting system, we have kept an eye on a botnet specializing in Monero cryptomining for a long time. The botnet intrudes upon hosts by cracking weak passwords and gains control privileges by implanting bot programs. Meanwhile, it downloads and executes Monero cryptomining scripts via the downloader for malicious cryptomining.<\/p>\n\n\n\n
The cryptomining botnet became increasingly active in 2010 H1, involving a total of 20,830 active bots. China was the country with the most bots, which were as many as 8304, accounting for 40% of the total. Port 22 was opened on 13,664 bots, approximately 66% of all bots. According to known asset intelligence, routers and cameras were dominant device types reduced to bots. As for cracked weak passwords, this botnet used nproc-nproc most frequently. Details are as follows.<\/p>\n\n\n\n
- Activity<\/strong><\/li><\/ul>\n\n\n\n
According to statistics about monthly active bots, we can learn how active the botnet was in 2020 H1. As shown in Figure 2-13, this botnet became increasingly active in 2010 H1. June saw the most bots, which were as many as 10,133.<\/p>\n\n\n\n
![\"Red](\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1017-11-1.jpg\")
<\/figure><\/div>\n\n\n\nFigure 2-13 Activity of the cryptomining botnet in 2020 H1<\/p>\n\n\n\n
- Geographical Distribution of Bots<\/strong><\/li><\/ul>\n\n\n\n
We conducted a geographical analysis of cryptomining bots and figured out top 10 bot countries. As shown in Figure 2-14, China was the country with the most bots, which were as many as 8304, accounting for 40% of the total.<\/p>\n\n\n\n
![\"Red](\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1017-13-1.jpg\")
<\/figure><\/div>\n\n\n\nFigure 2-14 Top 10 countries in terms of the number of bots<\/p>\n\n\n\n
- Distribution of Ports Opened on Bots<\/strong><\/li><\/ul>\n\n\n\n
We paid attention to the distribution of ports opened on these bots. As shown in Figure 2-15, top 10 ports opened on these bots were ports 22, 80, 443, 3306, 21, 8080, 123, 3389, 53, and 25. Port 22 took the first place, covering approximately 66% of all bots.<\/p>\n\n\n\n
![\"Red](\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1017-14-1.jpg\")
<\/figure><\/div>\n\n\n\nFigure 2-15 Top 10 ports opened on bots<\/p>\n\n\n\n
- Distribution of Bot Devices by Type<\/strong><\/li><\/ul>\n\n\n\n
According to known asset intelligence, 9% of these bots were IoT devices. As shown in Figure 2-16, 35% of these IoT devices were routers, and 29% were cameras.<\/p>\n\n\n\n
![\"Red](\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/10\/1017-15.jpg\")
<\/figure><\/div>\n\n\n\nFigure 2-16 Distribution of Bot Devices by Type<\/p>\n\n\n\n
- Cracked Weak Passwords<\/strong><\/li><\/ul>\n\n\n\n
By launching attacks via weak password cracking, attackers gained unauthorized access to and intruded upon hosts. Top 5 weak passwords are shown in Figure 2-17. nproc-nproc is the weak password most frequently used by the cryptomining botnet.<\/p>\n\n\n\n
Figure 2-17 Top 5 weak passwords<\/p>\n\n\n\n
Ranking<\/strong><\/td> User Name\/Password<\/strong><\/td> Usage Count<\/strong><\/td><\/tr> 1<\/td> nproc-nproc<\/td> 220,182<\/td><\/tr> 2<\/td> 123456-root<\/td> 177<\/td><\/tr> 3<\/td> root-1234<\/td> 101<\/td><\/tr> 4<\/td> zd-123456<\/td> 66<\/td><\/tr> 5<\/td> root-password0<\/td> 66<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n - Countermeasures<\/strong><\/li><\/ul>\n\n\n\n
We find that most cryptomining botnets are spread mainly by scanning ports and cracking weak passwords. Therefore, the repeatedly discussed issues of key vulnerability fix and weak password intrusion are still noteworthy. Again, users who are concerned about the security of their networks\/systems are advised to note the following:<\/p>\n\n\n\n
- Raise the awareness of security issues concerning weak passwords in Telnet and other services and use strong passwords.<\/li>
- Deploy necessary security software and hardware products to secure systems.<\/li>
- Install patches and fix vulnerabilities without delay to avoid exploits.<\/li>
- Check all service ports that are opened and close unnecessary ones.<\/li><\/ul>\n<\/body><\/html>\n","protected":false},"excerpt":{"rendered":"
Honeypot-captured Threats in 2020 H1 In terms of honeypot-captured threats, in 2020 H1, Internet attack activities mainly consisted of malicious scanning, over 50% of which were attacks on or scanning of port 443. As for exploits, most attacks were directed at Power cameras, Dlink routers, and JBoss servers. Weak password attacks were mainly launched from […]<\/p>\n","protected":false},"author":1,"featured_media":11427,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[3,15],"tags":[],"class_list":["post-11729","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-research-reports"],"acf":[],"yoast_head":"\n
Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-2 - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-2 - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"Honeypot-captured Threats in 2020 H1 In terms of honeypot-captured threats, in 2020 H1, Internet attack activities mainly consisted of malicious scanning,\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-17T00:50:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-17T18:07:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/09\/0915-1.jpg\" \/>\n<meta name=\"author\" content=\"NSFOCUS\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-2 - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"Honeypot-captured Threats in 2020 H1 In terms of honeypot-captured threats, in 2020 H1, Internet attack activities mainly consisted of malicious scanning,\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/09\/0915-1.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"NSFOCUS\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\\\/\"},\"author\":{\"name\":\"NSFOCUS\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-2\",\"datePublished\":\"2020-10-17T00:50:39+00:00\",\"dateModified\":\"2026-04-17T18:07:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\\\/\"},\"wordCount\":1193,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/0915-1.jpg\",\"articleSection\":[\"Blog\",\"Research & Reports\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\\\/\",\"name\":\"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-2 - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/0915-1.jpg\",\"datePublished\":\"2020-10-17T00:50:39+00:00\",\"dateModified\":\"2026-04-17T18:07:47+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/0915-1.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/0915-1.jpg\",\"width\":468,\"height\":200,\"caption\":\"Earth horizon with digital code overlay.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-2\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"NSFOCUS\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"NSFOCUS\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-2 - NSFOCUS","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\/","og_locale":"pt_BR","og_type":"article","og_title":"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-2 - NSFOCUS","og_description":"Honeypot-captured Threats in 2020 H1 In terms of honeypot-captured threats, in 2020 H1, Internet attack activities mainly consisted of malicious scanning,","og_url":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\/","og_site_name":"NSFOCUS","article_published_time":"2020-10-17T00:50:39+00:00","article_modified_time":"2026-04-17T18:07:47+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/09\/0915-1.jpg","type":"","width":"","height":""}],"author":"NSFOCUS","twitter_card":"summary_large_image","twitter_title":"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-2 - NSFOCUS","twitter_description":"Honeypot-captured Threats in 2020 H1 In terms of honeypot-captured threats, in 2020 H1, Internet attack activities mainly consisted of malicious scanning,","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/09\/0915-1.jpg","twitter_misc":{"Escrito por":"NSFOCUS","Est. tempo de leitura":"6 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\/"},"author":{"name":"NSFOCUS","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-2","datePublished":"2020-10-17T00:50:39+00:00","dateModified":"2026-04-17T18:07:47+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\/"},"wordCount":1193,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/09\/0915-1.jpg","articleSection":["Blog","Research & Reports"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\/","url":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\/","name":"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-2 - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/09\/0915-1.jpg","datePublished":"2020-10-17T00:50:39+00:00","dateModified":"2026-04-17T18:07:47+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/09\/0915-1.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/09\/0915-1.jpg","width":468,"height":200,"caption":"Earth horizon with digital code overlay."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/analysis-of-2020-h1-botnet-and-honeypot-captured-threat-trends-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-2"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/#website","url":"https:\/\/nsfocusglobal.com\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"NSFOCUS","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"NSFOCUS"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/11729","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=11729"}],"version-history":[{"count":1,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/11729\/revisions"}],"predecessor-version":[{"id":32720,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/11729\/revisions\/32720"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/11427"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=11729"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=11729"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=11729"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Countermeasures<\/strong><\/li><\/ul>\n\n\n\n
- Cracked Weak Passwords<\/strong><\/li><\/ul>\n\n\n\n
- Distribution of Bot Devices by Type<\/strong><\/li><\/ul>\n\n\n\n
- Distribution of Ports Opened on Bots<\/strong><\/li><\/ul>\n\n\n\n
- Geographical Distribution of Bots<\/strong><\/li><\/ul>\n\n\n\n
- Activity<\/strong><\/li><\/ul>\n\n\n\n
- Web Services<\/strong><\/li><\/ul>\n\n\n\n
- Application Vulnerability Exploits<\/strong><\/li><\/ul>\n\n\n\n
- Email Attacks<\/strong><\/li><\/ul>\n\n\n\n
- Intrusion Behaviors<\/strong><\/li><\/ul>\n\n\n\n