s2
--:--:--UTC

Searching APEX

Starting…

  1. Searching Threats, IOCs & Threat Intelligence locally
  2. Querying external providers
  3. Asking AI Forensic Validator
  4. Creating new entry from validated hit

0s elapsed

MB-04d2cbdc23ea67dd1f7942fcd5659823db6180e3f3864e7134c177f2b2378666 high

📛 Threat Title

Unknown: load.sh

Category: Unknown First seen: Last updated: Source: Abuse.ch

Description

File type: sh. Size: 1877 bytes. Tags: sh. Reporter: abuse_ch. First seen: 2026-05-13 20:53:24.

Remediations (8)

  • Mitigating 'Copy Fail' Vulnerability (CVE-2026-31431) using Advanced ...
    web:access.redhat.com

    This article outlines two mitigation strategies for the "Copy Fail" vulnerability (CVE-2026-31431, referenced in RHSB-2026-02 and Red Hat Knowledgebase article 7141931) using a Governance Policy within Red Hat Advanced Cluster Management for Kubernetes (ACM). Below two options are provided to block access to the vulnerable kernel functions can be blocked either through a kernel argument or via ...

  • How do I fix CVE-2026-31431 on Ubuntu 24.04 LTS?
    web:askubuntu.com

    We are running a bunch of containers for a cyber security teaching environment, where students can execute arbitrary commands (unprivileged). Our system (Ubuntu 24.04.4 LTS) is affected by the recently-published "Copy Fail" vulnerability (CVE-2026-31431). Unfortunately, updating did not produce any new kernel packages, and we are still stuck with 6.8.0-110: # uname -a Linux teaching-host 6.8.0 ...

  • cPanel-Fix/security-remediation.sh at main - GitHub
    web:github.com

    One security- remediation .sh for CVE-2026-41940 (cPanel), CVE-2026-31431 (kernel "Copy Fail"), CSF, optional domain/proxy cleanup, and optional operator hardening. - cPanel-Fix/security- remediation .sh at main · MrAriaNet/cPanel-Fix

  • amdisrar/cve-2026-31431-mitigation - GitHub
    web:github.com

    CVE-2026-31431 Mitigation Script This repository provides a temporary mitigation and revert script for CVE-2026-31431, a Linux kernel local privilege escalation vulnerability.

  • Container Scanning appears broken on self-hosted - GitLab
    web:gitlab.com

    I'm not entirely sure what's going wrong, but it appears there's no trivy db available on the self-hosted instance.

  • Workaround instructions to address CVE-2026-22719 in Aria ... - myBroadcom
    web:knowledge.broadcom.com

    CVE-2026-22719 has direct impact to Aria Operations 8.18.x, and Aria Operations 9.0.x This vulnerability and its impact on the mentioned VMware products are documented in the following VMware Security Advisory (VMSA), please review this document before continuing: CVE-2026-22719 - VMSA-2026-0001 See the Change log at the end of this article for all changes and subscribe to the article for updates.

  • Vulnerability Summary for the Week of April 27, 2026 - CISA
    web:www.cisa.gov

    High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source Info

  • DirtyFrag Linux Vulnerabilities (CVE-2026-43284 & CVE-2026-43500 ...
    web:www.dbtsupport.com

    Understand the Linux DirtyFrag vulnerability and find interim mitigation for CVE-2026-43284 and CVE-2026-43500 now.

Indicators of Compromise (4)

Each indicator is enriched from the IOC database, threat-intel feed corroboration (Threat Hunt) and VirusTotal. Click one to expand.

domain load.sh VT: VT base fetch failed: HTTPError: 429 Client Error: Too Many Requests for url: https://www.virustotal.com/api/v3/domains/load.sh

IOC database

Type
domain
Value
load.sh
First seen
Last seen
Attached to this threat
Appears in
1 threat
Description
Extracted from Threat MB-04d2cbdc23ea67dd1f7942fcd5659823db6180e3f3864e7134c177f2b2378666

Open the full IOC page →

Threat Hunt — feed corroboration

Not present in any configured threat-intel feed.

Details From VirusTotal

VirusTotal: VT base fetch failed: HTTPError: 429 Client Error: Too Many Requests for url: https://www.virustotal.com/api/v3/domains/load.sh

hash_sha256 04d2cbdc23ea67dd1f7942fcd5659823db6180e3f3864e7134c177f2b2378666 VT: VT base fetch failed: HTTPError: 429 Client Error: Too Many Requests for url: https://www.virustotal.com/api/v3/files/04d2cbdc23ea67dd1f7942fcd5659823db6180e3f3864e7134c177f2b2378666
1 feed

IOC database

Type
hash_sha256
Value
04d2cbdc23ea67dd1f7942fcd5659823db6180e3f3864e7134c177f2b2378666
First seen
Last seen
Attached to this threat
Appears in
2 threats
Description
Unknown

Open the full IOC page →

Threat Hunt — feed corroboration

Listed by 1 threat-intel feed vendor: Abuse.ch. Open in Threat Hunt →

Details From VirusTotal

VirusTotal: VT base fetch failed: HTTPError: 429 Client Error: Too Many Requests for url: https://www.virustotal.com/api/v3/files/04d2cbdc23ea67dd1f7942fcd5659823db6180e3f3864e7134c177f2b2378666

hash_sha1 c88298b3850f562518ecfb91226b947dafdae0bb VT: VT base fetch failed: HTTPError: 429 Client Error: Too Many Requests for url: https://www.virustotal.com/api/v3/files/c88298b3850f562518ecfb91226b947dafdae0bb
2 feeds

IOC database

Type
hash_sha1
Value
c88298b3850f562518ecfb91226b947dafdae0bb
First seen
Last seen
Attached to this threat
Appears in
2 threats

Open the full IOC page →

Threat Hunt — feed corroboration

Listed by 2 threat-intel feed vendors: Abuse.ch, threatview.io. Open in Threat Hunt →

Details From VirusTotal

VirusTotal: VT base fetch failed: HTTPError: 429 Client Error: Too Many Requests for url: https://www.virustotal.com/api/v3/files/c88298b3850f562518ecfb91226b947dafdae0bb

hash_md5 65d77a33f57ca2fae69c3add65416313 VT 30 / 75 2 feeds

IOC database

Type
hash_md5
Value
65d77a33f57ca2fae69c3add65416313
First seen
Last seen
Attached to this threat
Appears in
2 threats

Open the full IOC page →

Threat Hunt — feed corroboration

Listed by 2 threat-intel feed vendors: Abuse.ch, threatview.io. Open in Threat Hunt →

Flagged by 30 of 75 VirusTotal vendors

VendorVerdictDetection
AhnLab-V3 malicious Downloader/Shell.Generic.S2969
alibabacloud malicious Trojan[downloader]:Linux/Wacatac.C9nj
Arcabit malicious Trojan.Generic.D261BD72
Avast malicious BV:Downloader-AEH [Drp]
AVG malicious BV:Downloader-AEH [Drp]
Avira malicious HTML/ExpKit.Gen2
BitDefender malicious Trojan.Generic.39959922
CTX malicious shell.trojan.generic
Cynet malicious Malicious (score: 99)
DrWeb malicious Linux.DownLoader.683
Emsisoft malicious Trojan.Generic.39959922 (B)
ESET-NOD32 malicious Linux/TrojanDownloader.SH.FFM trojan
F-Secure malicious Malware.HTML/ExpKit.Gen2
Fortinet malicious BASH/Mirai.AEH!tr.dldr
GData malicious Trojan.Generic.39959922
Google malicious Detected
huorong malicious TrojanDownloader/Linux.Agent.cv
Ikarus malicious Trojan-Downloader.Linux.Sh
Kaspersky malicious HEUR:Trojan-Downloader.Shell.Agent.a
Kingsoft malicious Win32.Troj.Undef.a
Lionic malicious Trojan.Script.Agent.a!c
McAfeeD malicious ti!04D2CBDC23EA
Microsoft malicious Trojan:Win32/Vigorf.A
MicroWorld-eScan malicious Trojan.Generic.39959922
Symantec malicious CL.Downloader!gen277
Tencent malicious Html.Trojan.Expkit.Ozfl
TrendMicro malicious Possible_BASHDLOD.SMLBO1
TrendMicro-HouseCall malicious Possible_BASHDLOD.SMLBO1
Varist malicious SH/Mirai.C.gen!Camelot
VIPRE malicious Trojan.Generic.39959922

Details From VirusTotal

Basic Properties
MD565d77a33f57ca2fae69c3add65416313
SHA-1c88298b3850f562518ecfb91226b947dafdae0bb
SHA-25604d2cbdc23ea67dd1f7942fcd5659823db6180e3f3864e7134c177f2b2378666
SSDEEP48:Z7ft/Qct+ztp/tBPtyjt161EWVtHrtQqfWDtNrHztQiQztH6Eta1NtpAz:t+c+//O4VBfWD/HzKzwEONwz
TLSHT19441D6CC1099B443E0AAEEC7BA64C94795069AD16DDFBA79EF902833D4DA4407037729
File typeShell script
File type tagshell
File extensionsh
MagicPOSIX shell script, ASCII text executable, with CRLF line terminators
File size1.8 KB
History
First seen on VirusTotal2026-05-13 19:17 UTC
Last submission2026-05-13 21:12 UTC
Last analysis2026-05-15 03:10 UTC
Last modified on VirusTotal2026-05-15 07:28 UTC
Known Names
  • load.sh
  • _04d2cbdc23ea67dd1f7942fcd5659823db6180e3f3864e7134c177f2b2378666.sh
  • ztgi5z.exe

References (1)

AI Forensic Analysis

Only Available for Registered Users. Sign in to view.