s2
--:--:--UTC

Searching APEX

Starting…

  1. Searching Threats, IOCs & Threat Intelligence locally
  2. Querying external providers
  3. Asking AI Forensic Validator
  4. Creating new entry from validated hit

0s elapsed

MB-947c8d6b5b163f060774dbc4aaa76661749bfe107f5d0323e17c7e8aa4543059 high

📛 Threat Title

Unknown: selfrep.sh

Category: Unknown Published: Source updated: First seen: Last updated: Source: Abuse.ch

Description

File type: sh. Size: 1877 bytes. Tags: sh. Reporter: abuse_ch. First seen: 2026-05-14 01:46:32.

Remediations (8)

  • Full text of "NEW" - Archive.org
    web:archive.org

    Full text of "NEW" See other formats Word . the , > < br to of and a : " in you that i it he is was for - with ) on ( ? his as this ; be at but not have had from will are they -- ! all by if him one your or up her there can so out them an my when she 1 no which me were we then 2 into 5 do what get go their now said would about time quot ] [ more only back been who down like has some --- just 3 ...

  • How do I fix CVE-2026-31431 on Ubuntu 24.04 LTS?
    web:askubuntu.com

    We are running a bunch of containers for a cyber security teaching environment, where students can execute arbitrary commands (unprivileged). Our system (Ubuntu 24.04.4 LTS) is affected by the recently-published "Copy Fail" vulnerability (CVE-2026-31431). Unfortunately, updating did not produce any new kernel packages, and we are still stuck with 6.8.0-110: # uname -a Linux teaching-host 6.8.0 ...

  • CoCalc -- howaddselfrep.txt
    web:cocalc.com

    CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual use to large groups and classes!

  • Self-Replication and Scanners | codenamebroo777/Cosmic-Mirai | DeepWiki
    web:deepwiki.com

    The SELFREP Compilation Flag The bot client's self-replication functionality is conditionally compiled using the SELFREP preprocessor flag. When enabled during compilation (via build.sh), the bot includes scanner modules that actively seek out vulnerable targets while simultaneously executing attack commands from the C&C server.

  • 8.10 Release Notes | Red Hat Enterprise Linux | 8 | Red Hat Documentation
    web:docs.redhat.com

    The Release Notes provide high-level coverage of the improvements and additions that have been implemented in Red Hat Enterprise Linux 8.10 and document known problems in this release, as well as notable bug fixes, Technology Previews, deprecated functionality, and other details.

  • DDOS-RootSec/Botnets/Self Reps/howaddselfrep.txt at master - GitHub
    web:github.com

    Explore RootSec&#39;s DDOS Archive, featuring top-tier scanners, powerful botnets (Mirai &amp; QBot) and other variants, high-impact exploits, advanced methods, and efficient sniffers. Ideal for cy...

  • Remediation vs. Mitigation: What's the Difference? | Panorays
    web:panorays.com

    Discover the difference between remediation and mitigation in risk management and how each strategy impacts security and resilience.

  • Checking your browser - reCAPTCHA - Google
    web:www.google.com

    Click here if you are not automatically redirected after 5 seconds.

Indicators of Compromise (4)

Each indicator is enriched from the IOC database, threat-intel feed corroboration (Threat Hunt) and VirusTotal. Click one to expand.

domain selfrep.sh VT: VT base fetch failed: HTTPError: 429 Client Error: Too Many Requests for url: https://www.virustotal.com/api/v3/domains/selfrep.sh

IOC database

Type
domain
Value
selfrep.sh
First seen
Last seen
Attached to this threat
Appears in
1 threat
Description
Extracted from Threat MB-947c8d6b5b163f060774dbc4aaa76661749bfe107f5d0323e17c7e8aa4543059

Open the full IOC page →

Threat Hunt — feed corroboration

Not present in any configured threat-intel feed.

Details From VirusTotal

VirusTotal: VT base fetch failed: HTTPError: 429 Client Error: Too Many Requests for url: https://www.virustotal.com/api/v3/domains/selfrep.sh

hash_sha256 947c8d6b5b163f060774dbc4aaa76661749bfe107f5d0323e17c7e8aa4543059 VT: VT base fetch failed: HTTPError: 429 Too Many Requests for files/947c8d6b5b163f060774dbc4aaa76661749bfe107f5d0323e17c7e8aa4543059
1 feed

IOC database

Type
hash_sha256
Value
947c8d6b5b163f060774dbc4aaa76661749bfe107f5d0323e17c7e8aa4543059
First seen
Last seen
Attached to this threat
Appears in
2 threats
Description
Unknown

Open the full IOC page →

Threat Hunt — feed corroboration

Listed by 1 threat-intel feed vendor: Abuse.ch. Open in Threat Hunt →

Details From VirusTotal

VirusTotal: VT base fetch failed: HTTPError: 429 Too Many Requests for files/947c8d6b5b163f060774dbc4aaa76661749bfe107f5d0323e17c7e8aa4543059

hash_sha1 5177075231b4e58d8fd2d75410ab4a50c56dd658 VT: VT base fetch failed: HTTPError: 429 Too Many Requests for files/5177075231b4e58d8fd2d75410ab4a50c56dd658
2 feeds

IOC database

Type
hash_sha1
Value
5177075231b4e58d8fd2d75410ab4a50c56dd658
First seen
Last seen
Attached to this threat
Appears in
2 threats

Open the full IOC page →

Threat Hunt — feed corroboration

Listed by 2 threat-intel feed vendors: Abuse.ch, threatview.io. Open in Threat Hunt →

Details From VirusTotal

VirusTotal: VT base fetch failed: HTTPError: 429 Too Many Requests for files/5177075231b4e58d8fd2d75410ab4a50c56dd658

hash_md5 31f14d0d1160b7e8e8da0e7699b9be31 VT 29 / 75 2 feeds

IOC database

Type
hash_md5
Value
31f14d0d1160b7e8e8da0e7699b9be31
First seen
Last seen
Attached to this threat
Appears in
2 threats

Open the full IOC page →

Threat Hunt — feed corroboration

Listed by 2 threat-intel feed vendors: Abuse.ch, threatview.io. Open in Threat Hunt →

Flagged by 29 of 75 VirusTotal vendors

VendorVerdictDetection
AhnLab-V3 malicious Downloader/Shell.Generic.S2969
alibabacloud malicious Trojan[downloader]:Linux/Wacatac.B9nj
Arcabit malicious Trojan.Generic.D261C073
Avast malicious BV:Downloader-AEH [Drp]
AVG malicious BV:Downloader-AEH [Drp]
Avira malicious HTML/ExpKit.Gen2
BitDefender malicious Trojan.Generic.39960691
CTX malicious shell.trojan.expkit
Cynet malicious Malicious (score: 99)
DrWeb malicious Linux.DownLoader.683
Emsisoft malicious Trojan.Generic.39960691 (B)
ESET-NOD32 malicious Linux/TrojanDownloader.SH.FFM trojan
F-Secure malicious Malware.HTML/ExpKit.Gen2
Fortinet malicious BASH/Mirai.AEH!tr.dldr
GData malicious Trojan.Generic.39960691
Google malicious Detected
huorong malicious TrojanDownloader/Linux.Agent.cv
Ikarus malicious Trojan-Downloader.Linux.Sh
Kaspersky malicious HEUR:Trojan-Downloader.Shell.Agent.a
Kingsoft malicious Win32.Troj.Undef.a
Lionic malicious Trojan.Script.Shell.4!c
McAfeeD malicious ti!947C8D6B5B16
Microsoft malicious Trojan:Win32/Vigorf.A
MicroWorld-eScan malicious Trojan.Generic.39960691
Symantec malicious CL.Downloader!gen277
Tencent malicious Html.Trojan.Expkit.Ekjl
TrendMicro malicious Possible_BASHDLOD.SMLBO1
TrendMicro-HouseCall malicious Possible_BASHDLOD.SMLBO1
Varist malicious SH/Mirai.C.gen!Camelot

Details From VirusTotal

Basic Properties
MD531f14d0d1160b7e8e8da0e7699b9be31
SHA-15177075231b4e58d8fd2d75410ab4a50c56dd658
SHA-256947c8d6b5b163f060774dbc4aaa76661749bfe107f5d0323e17c7e8aa4543059
SSDEEP24:kGNY1DGuRJRUv/WRgG2GsGRGlGVfWwGTQgGiRGwGGSfGpw5GZHw0sj7:39ubEWV9PEIVfWDTQziEwNSuWcZHW
TLSHT1F54194CB14150FF2C20DEFC6FB648955D107AAF0F7D7977AA61308627C9A7807916B81
File typeShell script
File type tagshell
File extensionsh
MagicPOSIX shell script, ASCII text executable, with CRLF line terminators
File size1.8 KB
History
First seen on VirusTotal2026-05-14 01:48 UTC
Last submission2026-05-14 02:00 UTC
Last analysis2026-05-15 10:16 UTC
Last modified on VirusTotal2026-05-15 12:26 UTC
Known Names
  • selfrep.sh
  • mjmldwf.exe
  • _947c8d6b5b163f060774dbc4aaa76661749bfe107f5d0323e17c7e8aa4543059.sh

References (1)

AI Forensic Analysis

Only Available for Registered Users. Sign in to view.