diff --git a/http/honeypot/cisco-asa-honeypot-detect.yaml b/http/honeypot/cisco-asa-honeypot-detect.yaml deleted file mode 100644 index f73a6097d5..0000000000 --- a/http/honeypot/cisco-asa-honeypot-detect.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: cisco-asa-honeypot-detect - -info: - name: Cisco ASA Honeypot - Detect - author: UnaPibaGeek - severity: info - description: | - A Cisco ASA honeypot has been identified. - The HTTP response reveals a possible setup of the Cisco ASA web application honeypot. - metadata: - max-request: 2 - vendor: cisco - product: asa - tags: cisco,asa,honeypot,ir,cti - -http: - - method: GET - path: - - "{{BaseURL}}/+CSCOE+/logon.html?fcadbadd=1" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - part: body - words: - - '' \ No newline at end of file diff --git a/network/honeypot/dionaea-mongodb-honeypot-detect.yaml b/network/honeypot/dionaea-mongodb-honeypot-detect.yaml deleted file mode 100644 index 60eaf0328c..0000000000 --- a/network/honeypot/dionaea-mongodb-honeypot-detect.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: dionaea-mongodb-honeypot-detect - -info: - name: Dionaea MongoDB Honeypot - Detect - author: UnaPibaGeek - severity: info - description: | - A MongoDB honeypot has been identified. - The response to the 'buildinfo' command differs from real installations, signaling a possible deceptive setup. - metadata: - max-request: 2 - product: dionaea - vendor: mongodb - tags: dionaea,mongodb,honeypot,ir,cti,network - -tcp: - - inputs: - - data: 3b0000003c300000ffffffffd40700000000000061646d696e2e24636d640000000000ffffffff14000000106275696c64696e666f000100000000 - type: hex - - host: - - "{{Hostname}}" - port: 27017 - read-size: 2048 - - matchers: - - type: word - part: raw - words: - - "version" - negative: true - - extractors: - - type: regex - regex: - - "([A-Za-z:0-9.]+)" \ No newline at end of file