TROYANOSYVIRUS
Amenaza ActivaALTO

197.248.207.139

Pais de Origen🇰🇪 KE
Primera Deteccion21/3/2026
Ultima Actividad27/3/2026
ISPSafaricom
🎯
776
Ataques Totales
🔌
1
Puertos
📡
1
Tipos Ataque
🦠
34
Malware

Geolocalizacion

Pais
🇰🇪 KE
Ciudad
Nairobi
ASN
AS37061
ISP
Safaricom

Tipos de Ataque

ssh_telnet_honeypot

Puertos Atacados

22

Malware Asociado

01ba4719c80b6fe911b0...09a3e612f8cad1560057...12a6e9a84374d201590f...134039a7d2ef09ea804a...1f3b0db7777d0bdf0c3d...

Credenciales Intentadas

🔐345gs5662d34/345gs5662d34
8x
🔐ntps/ntps@123456
1x
🔐root/avatar
1x
🔐root/wang@123
1x
🔐vhpadmin/password
1x
🔐root/Asd123..
1x
🔐otrs/otrs@123456
1x
🔐1/1@123456
1x
🔐root/1887415157
1x
🔐root/1234569
1x
🔐root/Qwerty13
1x
🔐root/cc123123
1x
🔐user03/user03pass
1x
🔐sd/3245gs5662d34
1x
🔐ossuser/3245gs5662d34
1x

Comandos Ejecutados

$Enter new UNIX password:14x
$ls -lh $(which ls)8x
$cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'8x
$uname -a8x
$w8x
$cd ~; chattr -ia .ssh; lockr -ia .ssh8x
$cat /proc/cpuinfo | grep name | wc -l8x
$crontab -l8x
$cat /proc/cpuinfo | grep model | grep name | wc -l8x
$which ls8x

Exposicion segun Shodan InternetDBShodan

Datos de InternetDB, actualizacion no en tiempo real

Puertos
538012374438443
Vulnerabilidades
CVE-2017-6459CVE-2016-4954CVE-2016-7431CVE-2015-7850CVE-2015-5300CVE-2016-7427CVE-2016-7429CVE-2015-7974CVE-2015-3405CVE-2016-4956CVE-2015-7855CVE-2016-1550CVE-2015-7853CVE-2015-7854CVE-2020-15025CVE-2018-7182CVE-2016-7426CVE-2016-9311CVE-2015-7848CVE-2015-7977
Hostnames
197-248-207-139.safaricombusiness.co.ke
CPEs
cpe:/a:f5:nginxcpe:/a:ntp:ntp:4.2.8:p15

Evaluacion de Riesgo

62
/100
BajoMedioAltoCritico