IP Address: 120.194.157.165Previously Malicious
IP Address: 120.194.157.165Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SCP SSH |
Tags |
5 Shell Commands Superuser Operation Listening SCP Download and Execute Port 2222 Scan Successful SSH Login Port 22 Scan SSH Download File Download and Allow Execution |
Associated Attack Servers |
1.117.204.70 5.61.57.196 103.145.148.138 117.146.172.106 183.252.37.216 |
IP Address |
120.194.157.165 |
|
Domain |
- |
|
ISP |
China Mobile Guangdong |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-12-03 |
Last seen in Akamai Guardicore Segmentation |
2022-01-24 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A possibly malicious Superuser Operation was detected 4 times |
Superuser Operation |
Process /dev/shm/ifconfig scanned port 22 on 46 IP Addresses |
Port 22 Scan |
Process /tmp/ifconfig scanned port 22 on 46 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig scanned port 22 on 37 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig scanned port 2222 on 46 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /dev/shm/ifconfig started listening on ports: 1234 and 8089 |
Listening |
The file /tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /tmp/apache2 was downloaded and executed 121 times |
Download and Execute |
Process /tmp/ifconfig started listening on ports: 1234 and 8084 |
Listening |
Process /tmp/ifconfig generated outgoing network traffic to: 1.15.195.128:22, 101.113.126.187:2222, 110.63.173.92:2222, 115.154.186.12:2222, 115.19.246.96:22, 116.101.112.232:22, 12.122.154.227:2222, 12.237.206.132:22, 122.59.100.190:2222, 122.81.214.184:22, 130.187.81.98:2222, 131.245.215.49:22, 133.166.123.20:22, 134.242.170.102:2222, 14.119.189.171:22, 14.55.247.29:22, 140.241.39.8:22, 144.27.153.203:22, 145.51.70.131:2222, 145.64.123.182:22, 146.229.232.73:2222, 150.214.232.27:22, 151.10.228.15:2222, 155.243.72.142:2222, 159.244.220.14:2222, 16.179.226.164:2222, 161.9.61.102:2222, 165.243.91.143:2222, 167.208.176.75:2222, 17.49.142.37:22, 172.22.7.41:22, 172.240.56.210:22, 172.47.155.193:2222, 181.8.210.214:2222, 184.14.132.27:22, 188.120.27.90:22, 190.189.113.54:2222, 191.78.203.99:22, 192.95.157.163:22, 196.20.119.35:22, 197.34.182.43:2222, 199.148.212.154:2222, 199.96.192.189:22, 20.252.214.177:22, 202.199.97.29:22, 205.97.108.250:22, 209.140.15.59:22, 214.90.135.94:2222, 216.62.17.141:2222, 219.215.240.109:22, 222.209.54.241:22, 23.33.62.36:22, 240.153.29.148:2222, 243.79.200.210:2222, 244.19.126.135:2222, 247.95.29.6:2222, 248.197.9.247:22, 248.207.4.25:22, 252.64.144.63:22, 27.233.81.37:22, 3.201.109.141:2222, 33.38.12.202:2222, 34.2.170.13:22, 35.150.186.68:2222, 35.185.32.215:2222, 35.22.86.83:22, 42.10.201.21:2222, 5.55.199.208:22, 5.55.199.208:2222, 55.228.225.176:22, 58.133.93.29:22, 67.21.209.247:22, 67.31.157.49:22, 70.136.197.230:2222, 74.245.125.113:2222, 79.122.50.43:22, 8.124.189.49:22, 83.161.74.68:22, 83.54.251.123:2222, 95.242.153.80:22, 97.128.152.25:22 and 97.194.66.104:2222 |
|
Process /tmp/ifconfig scanned port 2222 on 37 IP Addresses |
Port 22 Scan Port 2222 Scan |
Connection was closed due to timeout |
|