IP Address: 193.151.180.62Previously Malicious
IP Address: 193.151.180.62Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
HTTP Successful SSH Login Download File Listening Download Operation SSH Download and Allow Execution Outgoing Connection Package Install |
Associated Attack Servers |
IP Address |
193.151.180.62 |
|
Domain |
- |
|
ISP |
Mejuta UAB |
|
Country |
Lithuania |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-07-18 |
Last seen in Akamai Guardicore Segmentation |
2022-07-18 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A possibly malicious Download Operation was detected |
Download Operation Package Install |
A possibly malicious Package Install was detected |
Download Operation Package Install |
Process /usr/bin/wget generated outgoing network traffic to: 81.161.229.116:80 3 times |
Outgoing Connection |
The file /tmp/nig.sh was downloaded and granted execution privileges |
Download and Allow Execution |
Process /usr/local/bin/dash generated outgoing network traffic to: 81.161.229.116:80 2 times |
Outgoing Connection |
/tmp/fuckyomamma.mips was downloaded |
Download File |
The file /tmp/fuckyomamma.mips was downloaded and granted execution privileges |
|
Process /usr/bin/wget generated outgoing network traffic to: 81.161.229.116:80 2 times |
Outgoing Connection |
The file /tmp/fuckyomamma.mipsel was downloaded and granted execution privileges |
|
The file /tmp/fuckyomamma.x86_64 was downloaded and granted execution privileges |
|
Process /usr/local/bin/dash started listening on ports: 6628 |
Listening |
/tmp/fuckyomamma.arm7 was downloaded |
Download File |
The file /tmp/fuckyomamma.arm7 was downloaded and granted execution privileges |
|
Process /usr/local/bin/dash generated outgoing network traffic to: 81.161.229.116:80 |
Outgoing Connection |
/tmp/fuckyomamma.arm was downloaded |
Download File |
The file /tmp/fuckyomamma.arm was downloaded and granted execution privileges |
|
The file /tmp/fuckyomamma.arm6 was downloaded and granted execution privileges |
|
/tmp/fuckyomamma.arm5 was downloaded |
Download File |
The file /tmp/fuckyomamma.arm5 was downloaded and granted execution privileges |
|
Process /usr/bin/wget generated outgoing network traffic to: 81.161.229.116:80 |
Outgoing Connection |
The file /tmp/fuckyomamma.arc was downloaded and granted execution privileges |
|
Process /usr/local/bin/dash generated outgoing network traffic to: 81.161.229.116:80 |
Outgoing Connection |
/tmp/fuckyomamma.i586 was downloaded |
Download File |
Connection was closed due to timeout |
|
/tmp/fuckyomamma.arc |
SHA256: 19f7629a73ae84dc734e31d96a0b4bfee0a18f6b854127b1be091e3b0b219dc7 |
107800 bytes |
/tmp/fuckyomamma.arm5 |
SHA256: 4189bf206252eb88115bdbb0274169d0378e834ea267b34d16bc4f4e2194e063 |
46316 bytes |
/tmp/fuckyomamma.arm |
SHA256: 7f0188f3bee04cba692cc30a0de5d8e6724a1b9febfcb3b48eb4cf1d15826cce |
55032 bytes |
/tmp/fuckyomamma.arm7 |
SHA256: b8e71b87d505cf2e069f6fee6585a02e9165fa545e58beeb34044c244f424fc9 |
127636 bytes |