IP Address: 27.74.198.230Previously Malicious
IP Address: 27.74.198.230Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Port 1234 Scan SSH Superuser Operation Download and Allow Execution Successful SSH Login Download and Execute |
Associated Attack Servers |
103.90.177.102 120.224.34.31 154.19.123.74 161.70.98.32 172.64.110.32 172.64.111.32 209.216.177.158 |
IP Address |
27.74.198.230 |
|
Domain |
- |
|
ISP |
Viettel Group |
|
Country |
Viet Nam |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-09-25 |
Last seen in Akamai Guardicore Segmentation |
2022-10-14 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
System file /etc/apache2 was modified 4 times |
System File Modification |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /etc/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /etc/apache2 was downloaded and executed 180 times |
Download and Execute |
Process /usr/sbin/sshd scanned port 1234 on 27 IP Addresses |
Port 1234 Scan |
Process /etc/apache2 scanned port 1234 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 1234 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 80 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/nc.openbsd scanned port 1234 on 27 IP Addresses |
Port 1234 Scan |
Process /etc/apache2 generated outgoing network traffic to: 101.42.90.177:1234, 103.152.118.20:1234, 117.16.44.111:1234, 117.190.229.242:80, 117.190.229.242:8080, 117.54.14.169:1234, 117.80.212.33:1234, 117.95.16.139:80, 117.95.16.139:8080, 118.218.209.149:1234, 118.41.204.72:1234, 123.27.100.35:80, 123.27.100.35:8080, 129.56.24.57:80, 129.56.24.57:8080, 133.117.92.243:80, 133.117.92.243:8080, 147.182.233.56:1234, 155.66.143.63:80, 155.66.143.63:8080, 159.78.88.141:80, 159.78.88.141:8080, 169.15.133.61:80, 169.15.133.61:8080, 169.153.161.244:80, 169.153.161.244:8080, 169.47.208.206:80, 170.17.104.79:80, 170.17.104.79:8080, 172.64.162.15:443, 172.64.163.15:443, 173.18.35.41:1234, 178.63.12.91:80, 178.63.12.91:8080, 178.84.66.63:80, 178.84.66.63:8080, 183.213.26.13:1234, 186.84.48.200:80, 186.84.48.200:8080, 190.138.240.233:1234, 191.242.182.210:1234, 194.1.100.115:80, 194.1.100.115:8080, 194.198.252.17:80, 2.67.205.172:80, 2.67.205.172:8080, 201.97.55.73:80, 201.97.55.73:8080, 206.134.101.143:80, 206.191.235.47:80, 206.191.235.47:8080, 209.216.177.158:1234, 210.99.20.194:1234, 211.162.184.120:1234, 212.57.36.20:1234, 214.151.82.137:80, 214.151.82.137:8080, 220.243.148.80:1234, 222.103.98.58:1234, 222.121.63.87:1234, 223.171.91.127:1234, 223.171.91.160:1234, 223.171.91.191:1234, 23.47.239.96:80, 23.47.239.96:8080, 243.108.204.67:80, 243.108.204.67:8080, 252.61.94.129:80, 252.61.94.129:8080, 31.241.180.231:80, 31.241.180.231:8080, 40.50.219.150:80, 40.50.219.150:8080, 51.159.19.47:1234, 51.75.146.174:443, 56.179.105.16:80, 56.179.105.16:8080, 64.48.229.150:80, 64.48.229.150:8080, 68.191.179.155:80, 68.191.179.155:8080, 72.189.218.83:80, 72.189.218.83:8080, 72.38.228.16:80, 72.38.228.16:8080, 77.156.239.24:80, 77.156.239.24:8080, 82.149.112.170:1234 and 89.212.123.191:1234 |
Outgoing Connection |
Process /etc/apache2 started listening on ports: 1234, 8085 and 8183 |
Listening |
Process /etc/apache2 scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 80 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
Process /usr/local/mysql/bin/mysqld started listening on ports: 3306 |
Listening |
Process /usr/local/apache2/bin/httpd started listening on ports: 80 |
Listening |
Process /usr/local/mysql/bin/mysqld started listening on ports: 3306 |
Listening |
Process /usr/local/apache2/bin/httpd started listening on ports: 80 2 times |
Listening |
Process /lib/systemd/systemd started listening on ports: 80 |
Listening |
The file /usr/local/bin/dash was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|