TROYANOSYVIRUS
Amenaza ActivaMEDIO

74.91.224.229

Pais de Origen🇸🇬 Singapur
Primera Deteccion17/4/2026
Ultima Actividad17/4/2026
ISPOracle Corporation
🎯
178
Ataques Totales
🔌
1
Puertos
📡
1
Tipos Ataque
🦠
18
Malware

Geolocalizacion

Pais
🇸🇬 Singapur
Ciudad
Loyang
ASN
AS31898
ISP
Oracle Corporation

Tipos de Ataque

ssh_telnet_honeypot

Puertos Atacados

22

Malware Asociado

09a3e612f8cad1560057...28720365c5e7476a011e...28ba533b0f3c4df63d6b...50e721e49c013f00c62c...5c0be87ed7434d69005f...

Credenciales Intentadas

🔐deploy/123qwe123
1x
🔐steam/Admin@123
1x
🔐root/abcd
1x
🔐nuser/nuser
1x
🔐root/qwe2025
1x
🔐teamspeak/teamspeak29!
1x
🔐bbb/bbb
1x
🔐admin/1qazXSW@3edc
1x
🔐jack/jackjack
1x
🔐sammy/test
1x
🔐git/3245gs5662d34
1x
🔐root/123456-QWER
1x
🔐pay/pay
1x
🔐ctf/ctf
1x
🔐test/Password01
1x

Comandos Ejecutados

$Enter new UNIX password:2x
$ls -lh $(which ls)1x
$echo -e "passw0rd\n9qbvEib0k7an\n9qbvEib0k7an"|passwd|bash1x
$cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'1x
$uname -a1x
$w1x
$cat /proc/cpuinfo | grep name | wc -l1x
$crontab -l1x
$cat /proc/cpuinfo | grep model | grep name | wc -l1x
$echo "passw0rd\n9qbvEib0k7an\n9qbvEib0k7an\n"|passwd1x

Exposicion segun Shodan InternetDBShodan

Datos de InternetDB, actualizacion no en tiempo real

Puertos
265380110111143443465587993995207920822083208620873306
Vulnerabilidades
CVE-2024-3566CVE-2024-5458CVE-2024-25117CVE-2007-3205CVE-2022-4900CVE-2013-2220
Hostnames
www.urc.com.sgurc.com.sgv24006959.sin01.serveradd.com74-91-224-229.unifiedlayer.com
CPEs
cpe:/a:oracle:mysqlcpe:/a:apache:http_servercpe:/a:wordpress:wordpress:4.9.26cpe:/a:php:php:7.4.33cpe:/a:exim:exim:4.99.1

Evaluacion de Riesgo

55
/100
BajoMedioAltoCritico