IP Address: 143.198.231.66Previously Malicious
IP Address: 143.198.231.66Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Download Operation HTTP Log Tampering Download File SSH Brute Force SSH Successful SSH Login Download and Execute 1 Shell Commands Outgoing Connection Download and Allow Execution |
Associated Attack Servers |
IP Address |
143.198.231.66 |
|
Domain |
- |
|
ISP |
Auto-trol Technology Corporation |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-29 |
Last seen in Akamai Guardicore Segmentation |
2022-04-01 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List (Part of a Brute Force Attempt) |
SSH Brute Force Successful SSH Login |
A possibly malicious Download Operation was detected 2 times |
Download Operation |
History File Tampering detected from /usr/sbin/sshd |
Log Tampering |
Process /usr/bin/wget generated outgoing network traffic to: 31.210.20.60:80 |
Outgoing Connection |
The file /tmp/SnOoPy.sh was downloaded and granted execution privileges |
Download and Allow Execution |
Process /usr/local/bin/dash generated outgoing network traffic to: 31.210.20.60:80 |
Outgoing Connection |
The file /tmp/m-i.p-s.SNOOPY was downloaded and granted execution privileges |
Download and Allow Execution |
Process /usr/local/bin/dash generated outgoing network traffic to: 31.210.20.60:80 |
Outgoing Connection |
The file /tmp/m-p.s-l.SNOOPY was downloaded and granted execution privileges |
Download and Allow Execution |
Process /usr/bin/wget generated outgoing network traffic to: 31.210.20.60:80 4 times |
Outgoing Connection |
/tmp/s-h.4-.SNOOPY was downloaded |
Download File |
The file /tmp/s-h.4-.SNOOPY was downloaded and granted execution privileges |
|
Process /usr/local/bin/dash generated outgoing network traffic to: 31.210.20.60:80 2 times |
Outgoing Connection |
The file /tmp/x-8.6-.SNOOPY was downloaded and executed 3 times |
Download and Execute |
Process /tmp/x-8.6-.SNOOPY generated outgoing network traffic to: 31.210.20.60:839 |
Outgoing Connection |
Process /usr/bin/wget generated outgoing network traffic to: 31.210.20.60:80 2 times |
Outgoing Connection |
The file /tmp/a-r.m-6.SNOOPY was downloaded and granted execution privileges |
|
The file /tmp/x-3.2-.SNOOPY was downloaded and executed 2 times |
Download and Execute |
The file /tmp/a-r.m-7.SNOOPY was downloaded and granted execution privileges |
|
Process /usr/local/bin/dash generated outgoing network traffic to: 31.210.20.60:80 |
Outgoing Connection |
The file /tmp/p-p.c-.SNOOPY was downloaded and granted execution privileges |
|
Process /usr/bin/wget generated outgoing network traffic to: 31.210.20.60:80 |
Outgoing Connection |
The file /tmp/i-5.8-6.SNOOPY was downloaded and granted execution privileges |
Download and Allow Execution |
Process /usr/bin/wget generated outgoing network traffic to: 31.210.20.60:80 |
Outgoing Connection |
The file /tmp/p-p.c-.SNOOPY was downloaded and granted execution privileges |
Download and Allow Execution |
The file /tmp/a-r.m-4.SNOOPY was downloaded and granted execution privileges |
Download and Allow Execution |
/tmp/a-r.m-5.SNOOPY was downloaded |
Download File |
The file /tmp/a-r.m-5.SNOOPY was downloaded and granted execution privileges |
|
Connection was closed due to timeout |
|
/tmp/p-p.c-.SNOOPY |
SHA256: 03f8928a5e6789403db0f3755627e04f327dd236eaedd49cb0721b9837d816e9 |
97583 bytes |
/tmp/x-3.2-.SNOOPY |
SHA256: 0540bf9561768b2a46c0b57134d088060e4fd6a2ffa33799ab58b19b9a6ee17b |
74069 bytes |
/tmp/yoyobins.sh |
SHA256: 0645e7f78c29233afc3c175ffc1c8d92b381533c468a75d1e11598248821f3fb |
1504 bytes |
/tmp/x-8.6-.SNOOPY |
SHA256: 30fdc525c60dfa5eccf96a5a39da711512c0ff8631a0554a109f5ecc2a887e1d |
85864 bytes |
/tmp/i-5.8-6.SNOOPY |
SHA256: 605b5d10a7eba3a81571b81f82e8e709978e5e1fa1b01ce14afb8b3ab1542251 |
91132 bytes |
/tmp/a-r.m-7.SNOOPY |
SHA256: 7239f59ef46b6aa968b266d856a56341581355f48517f4f26b3be2b12586f85a |
84841 bytes |
/tmp/a-r.m-5.SNOOPY |
SHA256: a9a2354bea3b64170cca0ae2ff4500c1f344bfcd2617d914a3be1bb5d0f4163e |
92493 bytes |
/tmp/mipsel |
SHA256: c34ed4437547d633cb8b4d26dd459ea7bc2a6f96857a22a8f015b81552a541f0 |
155476 bytes |
/tmp/m-i.p-s.SNOOPY |
SHA256: c7020125ec6038d88b0d1454cfa9e09ddb8d6a91876becf03a27287aff86d85e |
113320 bytes |
/tmp/mips |
SHA256: ef2453137001132be313014ee7282e29a49ef4241346c29e294865d1e28578ed |
155428 bytes |
/tmp/SnOoPy.sh |
SHA256: f2d804b9253a992121d095964ae963686bb18345f9d239a4ac4c7636835778d9 |
2085 bytes |