Obviously just a bit of a joke. It may be a clue as to some of the contents - but this isn't what they did by any stretch. Firstly, you cannot pipe stuff into an aes256 extension and magically have it encrypted. Secondly, no cracker worth their salt "rm -rf
/"'s a server until they've made sure that the regular backups have been corrupted. Third, why would you pipe into a file and then remove it if successful with the very next command?