IP Address: 223.171.91.182Previously Malicious
IP Address: 223.171.91.182Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Port 1234 Scan SSH 6 Shell Commands Listening SCP Port 80 Scan Port 8080 Scan Superuser Operation Download and Allow Execution Successful SSH Login Download and Execute Download File Outgoing Connection |
Associated Attack Servers |
7.101.65.227 22.124.18.25 54.127.65.38 66.228.28.19 84.116.26.182 94.153.165.43 101.34.24.6 101.92.13.1 117.50.179.58 124.222.13.124 136.77.14.92 137.132.128.102 139.155.206.168 150.51.148.112 166.200.193.151 172.64.110.32 172.64.111.32 202.179.16.32 207.191.17.58 209.216.177.238 223.68.93.158 247.62.24.51 |
IP Address |
223.171.91.182 |
|
Domain |
- |
|
ISP |
LG Uplus |
|
Country |
Korea, Republic of |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-24 |
Last seen in Akamai Guardicore Segmentation |
2023-02-14 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 5 times |
Successful SSH Login |
/tmp/ifconfig was downloaded |
Download File |
./ifconfig was downloaded |
Download File |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 107 times |
Download and Execute |
Process /root/ifconfig scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 1234 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/bash scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /root/ifconfig generated outgoing network traffic to: 1.220.98.197:1234, 103.105.12.48:1234, 107.252.128.136:80, 107.252.128.136:8080, 117.16.218.118:80, 117.16.218.118:8080, 117.80.212.33:1234, 120.236.78.194:1234, 122.205.240.60:80, 122.205.240.60:8080, 124.223.14.100:1234, 142.250.190.68:443, 152.21.128.67:80, 152.21.128.67:8080, 155.202.153.37:80, 155.202.153.37:8080, 16.58.225.31:80, 16.58.225.31:8080, 161.107.113.27:1234, 161.107.113.34:1234, 161.35.79.199:1234, 161.56.20.191:80, 161.56.20.191:8080, 166.93.242.160:80, 172.67.133.228:443, 174.46.218.42:80, 174.46.218.42:8080, 180.119.161.168:80, 180.119.161.168:8080, 184.149.87.130:80, 184.149.87.130:8080, 185.132.113.107:80, 185.132.113.107:8080, 189.49.105.243:80, 189.49.105.243:8080, 190.60.239.44:1234, 191.14.158.135:80, 191.14.158.135:8080, 191.242.188.103:1234, 199.69.225.75:80, 199.69.225.75:8080, 20.141.185.205:1234, 202.125.110.152:80, 202.125.110.152:8080, 202.61.203.229:1234, 208.159.175.74:80, 208.159.175.74:8080, 209.216.177.158:1234, 209.216.177.238:1234, 22.175.12.230:80, 22.175.12.230:8080, 222.134.240.91:1234, 222.165.136.99:1234, 223.133.29.231:80, 223.133.29.231:8080, 223.15.30.4:80, 223.15.30.4:8080, 223.171.91.127:1234, 24.124.41.82:80, 24.124.41.82:8080, 244.202.214.169:80, 244.202.214.169:8080, 29.91.230.129:80, 29.91.230.129:8080, 3.217.6.175:80, 3.217.6.175:8080, 31.19.237.170:1234, 39.175.68.100:1234, 46.13.164.29:1234, 51.159.19.47:1234, 51.75.146.174:443, 60.243.48.198:80, 60.243.48.198:8080, 61.77.105.219:1234, 64.11.75.123:80, 64.11.75.123:8080, 72.143.77.252:80, 72.143.77.252:8080, 80.14.116.171:80, 80.14.116.171:8080, 82.66.5.84:1234, 85.34.236.172:80, 85.34.236.172:8080, 9.135.104.241:80, 90.46.69.155:80, 90.46.69.155:8080, 94.153.165.43:1234, 97.141.244.87:80 and 97.141.244.87:8080 |
Outgoing Connection |
Process /root/ifconfig started listening on ports: 1234, 8080 and 8187 |
Listening |
Process /root/ifconfig scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 80 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|
/var/tmp/ifconfig |
SHA256: 003fc3b1c6259d744b011cde32a47e8cb0b00708ebec1465839b9c14279bc70b |
262144 bytes |
/var/tmp/ifconfig |
SHA256: 861921d16b4f8870dda3d79aecaa828b713b8e41b29ec977aca10c236356144e |
1507328 bytes |
/var/tmp/ifconfig |
SHA256: 8a53c1d12942d21d2876a4b8d1eeed8a33a4a9d9f6d1ff3474980278e76a7cc9 |
1310720 bytes |
/var/tmp/ifconfig |
SHA256: 8a80c7f19c03dc2a33a1f698b2bf2acf83fb6fd9f7c78a3a66541327a8bf62d4 |
425984 bytes |
/var/tmp/ifconfig |
SHA256: bc4c4c39f98753ec5421a21b33179c026cae4f44f6ce47de8355c24546601af4 |
196608 bytes |
/var/tmp/ifconfig |
SHA256: d9b749e456a80f1c690f3d3a80a74ef3cdaab9bbf91ad2392fa97c3085fbd8f1 |
229376 bytes |
/var/tmp/ifconfig |
SHA256: f28c1becc58c6ae5d449da0b0f68f4def9db80ba792ab4486a7177e0ecd62b74 |
851968 bytes |
/root/ifconfig |
SHA256: f5c07ee7e6943a9fa0a949bfbe10730dfe89f5614126f9c2dd050ab796ba2dc4 |
458752 bytes |