TROYANOSYVIRUS
Amenaza ActivaMEDIO

42.200.78.166

Pais de Origen🇭🇰 Hong Kong
Primera Deteccion22/4/2026
Ultima Actividad22/4/2026
ISPHKT Limited
🎯
199
Ataques Totales
🔌
1
Puertos
📡
1
Tipos Ataque
🦠
19
Malware

Geolocalizacion

Pais
🇭🇰 Hong Kong
Ciudad
Desconocida
ASN
AS4760
ISP
HKT Limited

Tipos de Ataque

ssh_telnet_honeypot

Puertos Atacados

22

Malware Asociado

09a3e612f8cad1560057...0b2769bc6df09bf6cc34...28720365c5e7476a011e...28ba533b0f3c4df63d6b...3499dcfafeee9be9dc67...

Credenciales Intentadas

🔐ubuntu/Aa@123456789
1x
🔐testdb/testdb123
1x
🔐root/qazwsx2019@@
1x
🔐root/passwort
1x
🔐manager/test
1x
🔐postgresql/123456
1x
🔐deploy/frappe!@
1x
🔐root/root321..
1x
🔐ubuntu/Guest2024!
1x
🔐jose/3245gs5662d34
1x
🔐front-user/front-user123
1x
🔐john/test123
1x
🔐ali/Ali8
1x
🔐mysql/mysql@2025
1x
🔐root/1234!@#$qwer
1x

Comandos Ejecutados

$Enter new UNIX password:2x
$ls -lh $(which ls)1x
$cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'1x
$uname -a1x
$w1x
$echo "123456\niW5RijYGKOYe\niW5RijYGKOYe\n"|passwd1x
$cat /proc/cpuinfo | grep name | wc -l1x
$crontab -l1x
$cat /proc/cpuinfo | grep model | grep name | wc -l1x
$which ls1x

Exposicion segun Shodan InternetDBShodan

Datos de InternetDB, actualizacion no en tiempo real

Puertos
443119417238080808188991001222022
Hostnames
42-200-78-166.static.imsbiz.comwww.draytek.com
CPEs
cpe:/a:synology:diskstation_manager:7.1-42661cpe:/a:openbsd:openssh:6.6.1cpe:/a:f5:nginxcpe:/a:sencha:ext_js

Evaluacion de Riesgo

55
/100
BajoMedioAltoCritico