TROYANOSYVIRUS
Amenaza ActivaCRITICO

45.186.251.70

Pais de Origen🇧🇷 Brasil
Primera Deteccion28/12/2025
Ultima Actividad25/3/2026
ISPGLFIBRA SERVICOS DE TELECOMUNICACOES LTDA
🎯
767
Ataques Totales
🔌
7
Puertos
📡
2
Tipos Ataque
🦠
34
Malware

Geolocalizacion

Pais
🇧🇷 Brasil
Ciudad
Erechim
ASN
AS269455
ISP
GLFIBRA SERVICOS DE TELECOMUNICACOES LTDA

Tipos de Ataque

ssh_telnet_honeypot
tcp_trap

Puertos Atacados

222222802222222223223100155555

Malware Asociado

09a3e612f8cad1560057...0cfcf02443b766aa327c...0e500f7806bc776bbc85...117ad48e68e0fc620b7f...1d787437a9a581fea0ca...

Credenciales Intentadas

🔐mc/12345678
1x
🔐grafana/password
1x
🔐myftp/1234
1x
🔐syj/1234
1x
🔐hh/hh
1x
🔐crawl/123456
1x
🔐rico/password
1x
🔐deploy/3245gs5662d34
1x
🔐root/ASDqwe123!@#
1x
🔐ravi/12345678
1x
🔐zhy/zhy1234
1x
🔐345gs5662d34/345gs5662d34
1x
🔐deploy/12345678
1x

Comandos Ejecutados

$Enter new UNIX password:2x
$ls -lh $(which ls)1x
$cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'1x
$echo "12345678\nsrdTAhp8Dfyw\nsrdTAhp8Dfyw\n"|passwd1x
$uname -a1x
$w1x
$cat /proc/cpuinfo | grep name | wc -l1x
$crontab -l1x
$cat /proc/cpuinfo | grep model | grep name | wc -l1x
$which ls1x

Exposicion segun Shodan InternetDBShodan

Datos de InternetDB, actualizacion no en tiempo real

Puertos
80111123330650225060
Vulnerabilidades
CVE-2025-58098CVE-2013-2765CVE-2009-2299CVE-2011-2688CVE-2011-1176CVE-2012-4360CVE-2013-0941CVE-2012-3526CVE-2007-4723CVE-2012-4001CVE-2025-55753CVE-2025-59775CVE-2013-0942CVE-2009-0796CVE-2013-4365CVE-2025-66200CVE-2025-65082
Hostnames
45-186-251-70.glfibra.com.br
CPEs
cpe:/a:ntp:ntp:3cpe:/o:debian:debian_linuxcpe:/a:oracle:mysql:8.0.41-32cpe:/a:apache:http_server:2.4.65cpe:/o:linux:linux_kernelcpe:/a:openbsd:openssh:8.4p1

Evaluacion de Riesgo

85
/100
BajoMedioAltoCritico