TROYANOSYVIRUS
Active ThreatHIGH

197.5.145.8

Country of Origin🇹🇳 TN
First Detection1/9/2026
Last Activity1/11/2026
ISPTunisie-Telecom
🎯
644
Total Attacks
🔌
1
Ports
📡
1
Attack Types
🦠
26
Malware

Geolocation

Country
🇹🇳 TN
City
Unknown
ASN
AS327934
ISP
Tunisie-Telecom

Attack Types

cowrie

Attacked Ports

22

Associated Malware

258d27ef446476b91f20...28720365c5e7476a011e...afd0dd76c8d59e416fec...7661439454ecfd6ca983...50e721e49c013f00c62c...

Attempted Credentials

🔐345gs5662d34/345gs5662d34
5x
🔐root/LeitboGi0ro
2x
🔐claude/147258
1x
🔐test/d3pl0y
1x
🔐ubuntu/123456!!
1x
🔐root/0000
1x
🔐vpn/abc12345
1x
🔐root/123456
1x
🔐server/qwe123!@#
1x
🔐test/qaz123
1x
🔐teamspeak/q1w2e3r4t5
1x
🔐ftpuser/Admin123!
1x
🔐root/Server2024
1x
🔐user/abc@123
1x
🔐steam/Qazwsx123
1x

Executed Commands

$lockr -ia .ssh5x
$top5x
$which ls5x
$lscpu | grep Model5x
$cat /proc/cpuinfo | grep model | grep name | wc -l5x
$cd ~; chattr -ia .ssh; lockr -ia .ssh5x
$uname5x
$cat /proc/cpuinfo | grep name | wc -l5x
$whoami5x
$df -h | head -n 2 | awk 'FNR == 2 {print $2;}'5x

Risk Assessment

60
/100
LowMediumHighCritical