IP Address: 27.1.44.56Previously Malicious
IP Address: 27.1.44.56Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
SSH SCP Superuser Operation Download File Download and Allow Execution Successful SSH Login Download and Execute |
Associated Attack Servers |
IP Address |
27.1.44.56 |
|
Domain |
- |
|
ISP |
DLIVE |
|
Country |
Korea, Republic of |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-06-09 |
Last seen in Akamai Guardicore Segmentation |
2022-12-18 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
./ifconfig was downloaded 2 times |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 18 times |
Superuser Operation |
The file /tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /tmp/apache2 was downloaded and executed 98 times |
Download and Execute |
Process /tmp/apache2 scanned port 1234 on 24 IP Addresses |
Port 1234 Scan |
Process /root/apache2 scanned port 1234 on 24 IP Addresses 2 times |
Port 1234 Scan |
Process /var/tmp/apache2 scanned port 1234 on 24 IP Addresses |
Port 1234 Scan |
Process /root/apache2 scanned port 1234 on 24 IP Addresses 2 times |
Port 1234 Scan |
Process /etc/ifconfig scanned port 1234 on 24 IP Addresses 2 times |
Port 1234 Scan |
Process /tmp/apache2 started listening on ports: 1234, 8084 and 8186 |
Listening |
Process /tmp/apache2 generated outgoing network traffic to: 1.1.1.1:443, 142.250.191.164:443, 172.64.200.11:443, 51.75.146.174:443, 8.8.4.4:443 and 8.8.8.8:443 |
Outgoing Connection |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
Process /root/apache2 generated outgoing network traffic to: 1.1.1.1:443, 124.115.231.214:1234, 124.115.231.214:22, 139.209.222.134:1234, 142.250.191.164:443, 172.64.201.11:443, 211.162.184.120:1234, 222.165.136.99:1234, 51.75.146.174:443, 8.8.4.4:443 and 8.8.8.8:443 |
Outgoing Connection |
Process /root/apache2 started listening on ports: 1234, 8088 and 8182 |
Listening |
The file /root/apache2 was downloaded and executed 30 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 241 times |
Download and Execute |
Process /root/apache2 generated outgoing network traffic to: 1.1.1.1:443, 120.236.79.182:1234, 142.250.191.164:443, 150.107.95.20:1234, 172.64.200.11:443, 206.189.25.255:1234, 222.100.124.62:1234, 222.134.240.91:1234, 222.134.240.92:1234, 46.13.164.29:1234, 49.233.159.222:1234, 51.75.146.174:443, 61.84.162.66:1234, 8.8.8.8:443, 80.147.162.151:1234 and 93.176.229.145:1234 |
Outgoing Connection |
Process /root/apache2 started listening on ports: 1234, 8086 and 8188 |
Listening |
The file /var/tmp/ifconfig was downloaded and executed 11 times |
Download and Execute |
The file /var/tmp/apache2 was downloaded and executed 43 times |
Download and Execute |
The file /var/tmp/apache2 was downloaded and executed 73 times |
Download and Execute |
Process /var/tmp/apache2 started listening on ports: 1234, 8085 and 8182 |
Listening |
Process /var/tmp/apache2 generated outgoing network traffic to: 1.1.1.1:443, 142.250.191.164:443, 172.64.200.11:443, 51.75.146.174:443 and 8.8.8.8:443 |
Outgoing Connection |
The file /root/ifconfig was downloaded and executed 8 times |
Download and Execute |
Process /root/apache2 started listening on ports: 1234, 8081, 8182 and 8186 |
Listening |
Process /root/apache2 generated outgoing network traffic to: 1.1.1.1:443, 1.220.98.197:1234, 142.250.191.164:443, 172.64.201.11:443, 190.12.120.30:1234, 51.75.146.174:443, 52.131.32.110:1234, 8.8.4.4:443 and 8.8.8.8:443 |
Outgoing Connection |
The file /root/apache2 was downloaded and executed 97 times |
Download and Execute |
The file /root/ifconfig was downloaded and executed 3 times |
Download and Execute |
Process /root/apache2 started listening on ports: 1234, 8089 and 8183 |
Listening |
Process /root/apache2 generated outgoing network traffic to: 1.1.1.1:443, 142.250.191.164:443, 172.64.201.11:443, 51.75.146.174:443 and 8.8.8.8:443 |
Outgoing Connection |
The file /etc/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /etc/apache2 was downloaded and executed 121 times |
Download and Execute |
Process /etc/ifconfig started listening on ports: 1234, 8084 and 8188 |
Listening |
Process /etc/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 123.132.238.210:1234, 142.250.191.164:443, 172.64.200.11:443, 191.242.182.210:1234, 222.103.98.58:1234, 51.75.146.174:443, 8.8.8.8:443 and 80.147.162.151:1234 |
Outgoing Connection |
The file /etc/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /etc/apache2 was downloaded and executed 2806 times |
Download and Execute |
Process /etc/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 124.115.231.214:1234, 142.250.191.164:443, 172.64.201.11:443, 190.12.120.30:1234, 223.171.91.127:1234, 51.75.146.174:443, 8.8.8.8:443 and 86.133.233.66:1234 |
Outgoing Connection |
Process /etc/ifconfig started listening on ports: 1234, 8086 and 8180 |
Listening |
Connection was closed due to timeout |
|
/var/tmp/ifconfig |
SHA256: 1118f58badaea9c524290c7ac9bee6703ff6656960121dc52bdb9c378775276a |
3109968 bytes |
/var/tmp/ifconfig |
SHA256: 1b40245f21f1cb845b7fdf2428315166a8b1d8d5e1e42cd290cd8e479ed61ad7 |
2129920 bytes |
/var/tmp/ifconfig |
SHA256: d631c9ebe71bca046338a9f986aa6e9ca1bbac1610bd8bb781996cc103537ceb |
1769472 bytes |