TROYANOSYVIRUS
Amenaza ActivaALTO

197.248.207.139

Pais de Origen🇰🇪 KE
Primera Deteccion21/3/2026
Ultima Actividad24/4/2026
ISPSafaricom
🎯
980
Ataques Totales
🔌
1
Puertos
📡
1
Tipos Ataque
🦠
36
Malware

Geolocalizacion

Pais
🇰🇪 KE
Ciudad
Nairobi
ASN
AS37061
ISP
Safaricom

Tipos de Ataque

ssh_telnet_honeypot

Puertos Atacados

22

Malware Asociado

01ba4719c80b6fe911b0...09a3e612f8cad1560057...12a6e9a84374d201590f...134039a7d2ef09ea804a...1f3b0db7777d0bdf0c3d...

Credenciales Intentadas

🔐345gs5662d34/345gs5662d34
6x
🔐yasin/3245gs5662d34
1x
🔐root/cc123123
1x
🔐git/Abcd1234
1x
🔐root/wang@123
1x
🔐root/aa112233
1x
🔐root/Asd123..
1x
🔐lin/3245gs5662d34
1x
🔐ubuntu/developer1234
1x
🔐es/elastic
1x
🔐claude/claude123
1x
🔐root/1887415157
1x
🔐root/1234569
1x
🔐root/Qwerty13
1x
🔐root/soeusei
1x

Comandos Ejecutados

$Enter new UNIX password:10x
$ls -lh $(which ls)6x
$cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'6x
$uname -a6x
$w6x
$cat /proc/cpuinfo | grep name | wc -l6x
$cd ~; chattr -ia .ssh; lockr -ia .ssh6x
$crontab -l6x
$cat /proc/cpuinfo | grep model | grep name | wc -l6x
$which ls6x

Exposicion segun Shodan InternetDBShodan

Datos de InternetDB, actualizacion no en tiempo real

Puertos
538012374438443
Vulnerabilidades
CVE-2017-6459CVE-2016-4954CVE-2016-7431CVE-2015-7850CVE-2015-5300CVE-2016-7427CVE-2016-7429CVE-2015-7974CVE-2015-3405CVE-2016-4956CVE-2015-7855CVE-2016-1550CVE-2015-7853CVE-2015-7854CVE-2020-15025CVE-2018-7182CVE-2016-7426CVE-2016-9311CVE-2015-7848CVE-2015-7977
Hostnames
197-248-207-139.safaricombusiness.co.ke
CPEs
cpe:/a:f5:nginxcpe:/a:ntp:ntp:4.2.8:p15

Evaluacion de Riesgo

65
/100
BajoMedioAltoCritico