TROYANOSYVIRUS
Amenaza ActivaALTO

177.94.206.38

Pais de Origen🇧🇷 Brasil
Primera Deteccion14/1/2026
Ultima Actividad9/4/2026
ISPTELEFONICA BRASIL S.A
🎯
805
Ataques Totales
🔌
2
Puertos
📡
2
Tipos Ataque
🦠
34
Malware

Geolocalizacion

Pais
🇧🇷 Brasil
Ciudad
Indaiatuba
ASN
AS27699
ISP
TELEFONICA BRASIL S.A

Tipos de Ataque

ssh_telnet_honeypot
tcp_trap

Puertos Atacados

222222

Malware Asociado

01af1025ed0b0218c8d2...01ba4719c80b6fe911b0...08901ea20edd35186d9a...09a3e612f8cad1560057...1288cc11f362aca7b0b1...

Credenciales Intentadas

🔐345gs5662d34/345gs5662d34
7x
🔐mary/3245gs5662d34
1x
🔐gits/gits1234
1x
🔐root/123!@#Aa
1x
🔐root/12345.qwer
1x
🔐gbasedbt/gbasedbt
1x
🔐oracle/3245gs5662d34
1x
🔐sammy/sammy03!
1x
🔐root/123-ZXCV
1x
🔐forge/password
1x
🔐vpn/Vpn0
1x
🔐arma3server/123
1x
🔐boss/boss
1x
🔐root/Abc!@#123
1x
🔐root/root999!
1x

Comandos Ejecutados

$Enter new UNIX password:14x
$which ls8x
$lscpu | grep Model8x
$uname -m8x
$lockr -ia .ssh8x
$w8x
$free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'8x
$cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'8x
$uname8x
$whoami8x

Exposicion segun Shodan InternetDBShodan

Datos de InternetDB, actualizacion no en tiempo real

Puertos
22445102443200
Vulnerabilidades
CVE-2010-4478CVE-2023-51385CVE-2018-20685CVE-2010-4755CVE-2021-36368CVE-2016-10009CVE-2014-2653CVE-2023-38408CVE-2015-6564CVE-2014-1692CVE-2023-48795CVE-2016-10011CVE-2016-10012CVE-2020-15778CVE-2014-2532CVE-2016-10010CVE-2011-4327CVE-2019-6111CVE-2007-2768CVE-2015-5600
Hostnames
177-94-206-38.dsl.telesp.net.br
CPEs
cpe:/a:openbsd:openssh:5.3

Evaluacion de Riesgo

75
/100
BajoMedioAltoCritico