WARNING: UNTRUSTED MALWARE/INCIDENT-RESPONSE SAMPLES

These files were collected for defensive analysis and archival purposes only.
DO NOT execute them on a router, workstation, server, or other production system.

Observed behavior in localbackgo.sh includes:
- downloading and launching architecture-specific ELF executables;
- persistence through an iKuai static-route command-injection payload;
- DNS interception rules for selected domains;
- recurring retrieval of a second-stage shell script.

Collection source:
  http://43.159.60.211:9337/localbackgo.sh
Collected (UTC): 2026-07-12

Archive layout:
  samples/localbackgo.sh       primary script
  samples/localgo.sh           second-stage/region-control script
  samples/ikuaidnson_*         architecture-specific ELF payloads
  sources.tsv                  original URLs and retrieval status
  SHA256SUMS                   SHA-256 checksums
  FILE-TYPES.txt               static file(1) identification

No sample in this archive was executed. Files were downloaded and statically inventoried only.
The mips and mipsel source URLs returned byte-identical files at collection time.
