Report Overview
Visitedpublic
2024-11-06 16:35:52
Tags
Submit Tags
URL
114.217.246.201:52208/bin.sh
Finishing URL
about:privatebrowsing
IP / ASN
114.217.246.201
#140292 CHINATELECOM Jiangsu province Suzhou 5G network
Title
about:privatebrowsing

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
0

Host Summary

HostRankRegisteredFirst SeenLast Seen
114.217.246.201
unknownunknownNo dataNo data

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

SeveritySource IPDestination IPAlert
highClient IP
114.217.246.201
URLhaus Known malware download URL detected (3224795)
high
114.217.246.201
Client IPET POLICY Executable and linking format (ELF) file download
high
114.217.246.201
Client IPET POLICY Executable and linking format (ELF) file download
high
114.217.246.201
Client IPET POLICY Executable and linking format (ELF) file download
high
114.217.246.201
Client IPET POLICY Executable and linking format (ELF) file download
high
114.217.246.201
Client IPET POLICY Executable and linking format (ELF) file download
high
114.217.246.201
Client IPET POLICY Executable and linking format (ELF) file download
high
114.217.246.201
Client IPET POLICY Executable and linking format (ELF) file download
high
114.217.246.201
Client IPET POLICY Executable and linking format (ELF) file download
high
114.217.246.201
Client IPET POLICY Executable and linking format (ELF) file download
high
114.217.246.201
Client IPET POLICY Executable and linking format (ELF) file download
high
114.217.246.201
Client IPET POLICY Executable and linking format (ELF) file download

Threat Detection Systems

Public InfoSec YARA rules
SeverityIndicatorAlert
medium114.217.246.201:52208/bin.shDetects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.
medium114.217.246.201:52208/bin.shDetects multiple Mirai variants
medium114.217.246.201:52208/bin.shDetects Generic ShellScript Downloader
medium114.217.246.201:52208/bin.shLinux.Trojan.Mirai
medium114.217.246.201:52208/bin.shLinux.Trojan.Mirai
medium114.217.246.201:52208/bin.shLinux.Trojan.Mirai

OpenPhish

No alerts detected


PhishTank

No alerts detected


Mnemonic Secure DNS

No alerts detected


Quad9 DNS
SeverityIndicatorAlert
medium114.217.246.201Sinkholed

ThreatFox

No alerts detected


File detected

URL
114.217.246.201:52208/bin.sh
IP / ASN
114.217.246.201
#140292 CHINATELECOM Jiangsu province Suzhou 5G network
File Overview
File TypeELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV)
Size308 kB (307960 bytes)
MD5eec5c6c219535fba3a0492ea8118b397
SHA1292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21

Detections

AnalyzerVerdictAlert
Public Nextron YARA rulesmalware
Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.
YARAhub by abuse.chmalware
Detects multiple Mirai variants
YARAhub by abuse.chmalware
Detects Generic ShellScript Downloader
Elastic Security YARA Rulesmalware
Linux.Trojan.Mirai
Elastic Security YARA Rulesmalware
Linux.Trojan.Mirai
Elastic Security YARA Rulesmalware
Linux.Trojan.Mirai
VirusTotalmalicious
VirusTotal - Scan result 50/64
ClamAVmalicious
Unix.Trojan.Mirai-7100807-0

JavaScript (0)

HTTP Transactions (1)

URLIPResponseSize