TROYANOSYVIRUS
Active ThreatMEDIUM

122.54.18.220

Country of Origin🇵🇭 Philippines
First Detection1/5/2026
Last Activity1/5/2026
ISPPhilippine Long Distance Telephone Company
🎯
236
Total Attacks
🔌
1
Ports
📡
1
Attack Types
🦠
18
Malware

Geolocation

Country
🇵🇭 Philippines
City
San Carlos
ASN
AS9299
ISP
Philippine Long Distance Telephone Company

Attack Types

cowrie

Attacked Ports

22

Associated Malware

28720365c5e7476a011e...64426356ffcabc3671e5...afd0dd76c8d59e416fec...a28dd0be4d71a20d853d...c32b4937ce8564ea904a...

Attempted Credentials

🔐root/Qweqwe123.
1x
🔐root/King@123
1x
🔐claude/claude
1x
🔐abdo/abdo
1x
🔐root/zz
1x
🔐app/1
1x
🔐admin1/admin@123
1x
🔐newuser/newusernewuser
1x
🔐root/password@2025
1x
🔐geral/geral
1x
🔐root/Password@2021
1x
🔐claude/123
1x
🔐claude/claude123
1x
🔐no-reply/123456
1x
🔐david/david@123
1x

Executed Commands

$crontab -l1x
$cat /proc/cpuinfo | grep model | grep name | wc -l1x
$which ls1x
$lscpu | grep Model1x
$Enter new UNIX password:1x
$uname1x
$whoami1x
$df -h | head -n 2 | awk 'FNR == 2 {print $2;}'1x
$ls -lh $(which ls)1x
$echo -e "k8s\nqz1s6uQOaCuJ\nqz1s6uQOaCuJ"|passwd|bash1x

Risk Assessment

55
/100
LowMediumHighCritical