IP Address: 1.241.242.54Previously Malicious
IP Address: 1.241.242.54Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
System File Modification Port 1234 Scan SSH Listening 5 Shell Commands SCP Port 80 Scan Port 8080 Scan Superuser Operation Download and Allow Execution Successful SSH Login Download and Execute Download File Outgoing Connection |
Associated Attack Servers |
IP Address |
1.241.242.54 |
|
Domain |
- |
|
ISP |
SK Broadband |
|
Country |
Korea, Republic of |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-08-18 |
Last seen in Akamai Guardicore Segmentation |
2022-08-23 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
The file /root/ifconfig was downloaded and granted execution privileges |
Download and Allow Execution |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
System file /etc/apache2 was modified 4 times |
System File Modification |
The file /etc/ifconfig was downloaded and executed 6 times |
Download and Execute |
Process /etc/ifconfig scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 1234 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/bash scanned port 1234 on 26 IP Addresses 2 times |
Port 1234 Scan |
The file /etc/apache2 was downloaded and executed 160 times |
Download and Execute |
Process /etc/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 102.11.148.72:80, 102.11.148.72:8080, 117.80.212.33:1234, 118.129.69.84:80, 118.129.69.84:8080, 122.251.130.79:80, 122.251.130.79:8080, 123.112.215.224:80, 123.112.215.224:8080, 124.115.231.214:1234, 14.67.54.23:80, 14.67.54.23:8080, 145.242.105.219:80, 145.242.105.219:8080, 147.105.215.75:80, 147.105.215.75:8080, 16.115.118.83:80, 161.107.113.27:1234, 161.35.79.199:1234, 161.70.98.32:1234, 172.217.2.36:443, 172.67.133.228:443, 173.18.35.41:1234, 183.213.26.13:1234, 190.12.120.30:1234, 190.138.240.233:1234, 190.96.175.11:80, 190.96.175.11:8080, 197.93.156.38:80, 197.93.156.38:8080, 200.143.34.141:80, 200.143.34.141:8080, 203.142.154.54:80, 203.142.154.54:8080, 207.204.216.57:80, 207.204.216.57:8080, 212.57.36.20:1234, 215.206.213.239:80, 215.206.213.239:8080, 218.146.15.97:1234, 219.145.138.85:80, 219.145.138.85:8080, 220.243.148.80:1234, 222.134.240.91:1234, 223.171.91.127:1234, 223.171.91.160:1234, 24.127.169.20:80, 24.127.169.20:8080, 251.24.129.101:80, 251.24.129.101:8080, 26.43.200.91:80, 26.43.200.91:8080, 30.79.171.57:80, 30.79.171.57:8080, 31.182.65.236:80, 31.19.237.170:1234, 40.88.21.161:80, 40.88.21.161:8080, 43.242.247.139:1234, 45.250.73.92:80, 45.250.73.92:8080, 51.159.19.47:1234, 51.75.146.174:443, 52.131.214.42:80, 52.131.214.42:8080, 53.82.37.48:80, 53.82.37.48:8080, 58.197.123.58:80, 58.197.123.58:8080, 58.229.125.66:1234, 59.3.186.45:1234, 61.77.105.219:1234, 67.41.253.54:80, 67.41.253.54:8080, 67.60.179.96:80, 67.60.179.96:8080, 72.153.228.115:80, 72.153.228.115:8080, 74.201.52.75:80, 74.201.52.75:8080, 75.231.249.95:80, 75.231.249.95:8080, 84.204.148.99:1234, 89.212.123.191:1234, 90.237.195.209:80, 90.237.195.209:8080, 94.153.165.43:1234 and 98.18.32.89:80 |
Outgoing Connection |
Process /etc/ifconfig started listening on ports: 1234, 8088 and 8184 |
Listening |
Process /etc/ifconfig scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 80 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 8080 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|
/var/tmp/ifconfig |
SHA256: 2aacc3f6c14a2bd120ce9f7cab7af1f4d3e207bea33d56f02a14f75613a7930c |
786432 bytes |
/var/tmp/ifconfig |
SHA256: 2fd96aa6470f930f543ef665fcc62ffa4dfe6646b8f506c11b452a191800285b |
2392064 bytes |
/var/tmp/ifconfig |
SHA256: 63ce5e408bc30df5efb4e48cb2e893e84b58da0ea31d834ce11db915f0dfaba2 |
32768 bytes |