Loading threats
Identifies post-authentication Telnet activity where BusyBox is used to stage a payload via echo redirection into a file, followed by multi-path shell execution (sh/system/linuxshell). Includes supporting commands such as directory navigation, network probing (ping), and firewall manipulation (iptables flush). Represents a scripted dropper-style execution workflow commonly used in automated botnet propagation and remote compromise.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 220.119.14.146 | 77% | 500 | 14 | 🇰🇷 KR | AS4766 | 2026-04-05 |
| 93.40.0.123 | 78% | 3 | 3 | 🇮🇹 IT | AS12874 | 2026-04-08 |