SSH Brute Force Passwords by Day

gistfile1.txt

These are the top 10 passwords tried against an SSH honeypot I'm running. I'm taking a sample every day and running the data through Pipal to generate the lists. I'm planning to automate this and add all the other Pipal data as soon as I get time.

These stats aren't that interesting at the moment, but I'm hoping to look for trends or to try to spot odd things happening, such as new default creds being picked up and tested. Any suggestions, let me know.

7 August

123456 = 38 (11.11%)
root = 8 (2.34%)
12345678 = 8 (2.34%)
dbadmin = 8 (2.34%)
test123 = 5 (1.46%)
111111 = 5 (1.46%)
oracle123 = 5 (1.46%)
admin1 = 4 (1.17%)
1qaz@WSX = 4 (1.17%)
telegram = 4 (1.17%)

8 August

123456 = 106 (13.87%)
123 = 31 (4.06%)
1 = 15 (1.96%)
password = 13 (1.7%)
1234 = 13 (1.7%)
1qaz@WSX = 12 (1.57%)
12345 = 10 (1.31%)
admin = 10 (1.31%)
craft = 8 (1.05%)
root = 8 (1.05%)

9 August

123456 = 74 (13.68%)
1234 = 15 (2.77%)
password = 14 (2.59%)
testftp = 13 (2.4%)
guest1234 = 12 (2.22%)
Test1 = 12 (2.22%)
Root777 = 12 (2.22%)
Root123 = 12 (2.22%)
12345 = 12 (2.22%)
test = 12 (2.22%)

10 August

123456 = 71 (0.71%)
1234 = 14 (0.14%)
12345 = 13 (0.13%)
password = 11 (0.11%)
123 = 10 (0.1%)
admin = 10 (0.1%)
root = 10 (0.1%)
111111 = 9 (0.09%)
docker = 9 (0.09%)
1qaz@WSX = 8 (0.08%)