TROYANOSYVIRUS
Active ThreatMEDIUM

185.196.11.192

Country of Origin🇨🇭 CH
First Detection1/6/2026
Last Activity1/6/2026
ISPGlobal-Data System IT Corporation
🎯
372
Total Attacks
🔌
1
Ports
📡
1
Attack Types
🦠
22
Malware

Geolocation

Country
🇨🇭 CH
City
Unknown
ASN
AS42624
ISP
Global-Data System IT Corporation

Attack Types

cowrie

Attacked Ports

22

Associated Malware

357d4e8a2973c0235fc3...28720365c5e7476a011e...afd0dd76c8d59e416fec...e2f1988aa6244e13e23e...50e721e49c013f00c62c...

Attempted Credentials

🔐345gs5662d34/345gs5662d34
3x
🔐claude/3245gs5662d34
2x
🔐tiago/tiago
1x
🔐root/Password$1
1x
🔐root/ubuntu18svm
1x
🔐manager/123
1x
🔐root/Admin123#
1x
🔐cpd/cpd
1x
🔐root/qwertz
1x
🔐rafael/123
1x
🔐claude/123
1x
🔐claude/claude123
1x
🔐hang/hang
1x
🔐root/rootuser
1x
🔐ubuntu/qwerty12
1x

Executed Commands

$w3x
$lscpu | grep Model3x
$free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'3x
$cat /proc/cpuinfo | grep name | wc -l3x
$cd ~; chattr -ia .ssh; lockr -ia .ssh3x
$crontab -l3x
$top3x
$uname -m3x
$uname3x
$whoami3x

Risk Assessment

55
/100
LowMediumHighCritical