IP Address: 208.67.105.98Previously Malicious
IP Address: 208.67.105.98Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Successful SSH Login HTTP Download File Outgoing Connection Listening Download Operation SSH Download and Allow Execution Download and Execute Package Install |
Associated Attack Servers |
IP Address |
208.67.105.98 |
|
Domain |
- |
|
ISP |
- |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-07-21 |
Last seen in Akamai Guardicore Segmentation |
2022-08-10 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A possibly malicious Package Install was detected |
Download Operation Package Install |
A possibly malicious Download Operation was detected |
Download Operation Package Install |
Process /bin/bash generated outgoing network traffic to: 81.161.229.116:80 |
Outgoing Connection |
The file /tmp/nig.sh was downloaded and granted execution privileges |
|
Process /usr/local/bin/dash generated outgoing network traffic to: 81.161.229.116:80 |
Outgoing Connection |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password |
Successful SSH Login |
The file /tmp/fuckyomamma.mips was downloaded and granted execution privileges |
|
Process /usr/local/bin/dash generated outgoing network traffic to: 81.161.229.116:80 |
Outgoing Connection |
A possibly malicious Package Install was detected |
Download Operation Package Install |
A possibly malicious Download Operation was detected |
Download Operation Package Install |
The file /tmp/fuckyomamma.mipsel was downloaded and granted execution privileges 2 times |
Download and Allow Execution |
Process /bin/bash generated outgoing network traffic to: 81.161.229.116:80 |
Outgoing Connection |
Process /usr/bin/wget generated outgoing network traffic to: 81.161.229.116:80 2 times |
Outgoing Connection |
/tmp/nig.sh.1 was downloaded |
Download File |
Process /usr/bin/wget generated outgoing network traffic to: 81.161.229.116:80 2 times |
Outgoing Connection |
Process /usr/local/bin/dash started listening on ports: 6628 |
Listening |
The file /tmp/fuckyomamma.x86_64 was downloaded and executed |
Download and Execute |
Process /usr/local/bin/dash generated outgoing network traffic to: 81.161.229.116:80 2 times |
Outgoing Connection |
/tmp/fuckyomamma.arm7 was downloaded |
Download File |
The file /tmp/fuckyomamma.mips was downloaded and granted execution privileges |
|
/tmp/fuckyomamma.mipsel was downloaded |
Download File |
The file /tmp/fuckyomamma.arm7 was downloaded and granted execution privileges |
|
Process /usr/local/bin/dash generated outgoing network traffic to: 81.161.229.116:80 |
Outgoing Connection |
The file /tmp/fuckyomamma.arm was downloaded and granted execution privileges |
|
Process /usr/bin/wget generated outgoing network traffic to: 81.161.229.116:80 |
Outgoing Connection |
The file /tmp/fuckyomamma.x86_64 was downloaded and granted execution privileges |
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password |
Successful SSH Login |
Process /tmp/fuckyomamma.x86_64 started listening on ports: 6628 |
Listening |
A possibly malicious Package Install was detected |
Download Operation Package Install |
A possibly malicious Download Operation was detected |
Download Operation Package Install |
The file /tmp/fuckyomamma.arm6 was downloaded and granted execution privileges |
|
Process /usr/bin/wget generated outgoing network traffic to: 81.161.229.116:80 4 times |
Outgoing Connection |
/tmp/fuckyomamma.arm5 was downloaded |
Download File |
/tmp/nig.sh.2 was downloaded |
Download File |
The file /tmp/fuckyomamma.arm5 was downloaded and granted execution privileges |
|
/tmp/fuckyomamma.mips was downloaded |
Download File |
Process /usr/local/bin/dash generated outgoing network traffic to: 81.161.229.116:80 |
Outgoing Connection |
/tmp/fuckyomamma.mipsel was downloaded |
Download File |
The file /tmp/fuckyomamma.arc was downloaded and granted execution privileges |
|
/tmp/fuckyomamma.i586 was downloaded |
Download File |
Process /usr/local/bin/dash generated outgoing network traffic to: 81.161.229.116:80 |
Outgoing Connection |
/tmp/fuckyomamma.x86_64 was downloaded |
Download File |
Connection was closed due to timeout |
|
/tmp/fuckyomamma.arc |
SHA256: 19f7629a73ae84dc734e31d96a0b4bfee0a18f6b854127b1be091e3b0b219dc7 |
107800 bytes |
/tmp/fuckyomamma.arm5 |
SHA256: 4189bf206252eb88115bdbb0274169d0378e834ea267b34d16bc4f4e2194e063 |
46316 bytes |
/tmp/fuckyomamma.mips |
SHA256: 449d9b0001654dfefc0efee65086b82f88b2c689fa36a0dcc8c89a8ae004a14c |
40176 bytes |
/tmp/fuckyomamma.mipsel |
SHA256: 59231290c886769e6a745e8411331465c4ec25b8b19f87a14a17edcf4e1b73ad |
13216 bytes |
/tmp/fuckyomamma.arm |
SHA256: 7f0188f3bee04cba692cc30a0de5d8e6724a1b9febfcb3b48eb4cf1d15826cce |
55032 bytes |
/tmp/fuckyomamma.arm7 |
SHA256: b8e71b87d505cf2e069f6fee6585a02e9165fa545e58beeb34044c244f424fc9 |
127636 bytes |