https://nicoleman0.github.io/blog-site/tags/botnet/Recent content in Botnet on Corvus BlogHugoen-usMon, 02 Feb 2026 00:00:00 +0000https://nicoleman0.github.io/blog-site/posts/campaign_1/Mon, 02 Feb 2026 00:00:00 +0000https://nicoleman0.github.io/blog-site/posts/campaign_1/<h2 id="background">Background</h2> <p>I set my ICS/SCADA honeypot (Conpot) up mainly to try and analyze/monitor attacks on industrial systems (this one poses as a PLC for an HVAC system), however the majority of the attempts I&rsquo;ve noticed have been opportunistic web-based attacks targeting the associated page on port 80.</p> <p>Recently, I&rsquo;ve noticed some similar looking attacks coming from Asia, both trying to connect to a C2 server.</p> <h2 id="log-analysis">Log Analysis</h2> <p>Here is an example of one of the logs I captured:</p>