Cyber Threat Intelligence

Discover malicious IPs and domains with Akamai Guardicore Segmentation

IP Address: 41.174.104.229Malicious

IP Address: 41.174.104.229Malicious

This IP address attempted an attack on a machine in our threat sensors network

Threat Information

Role

Attacker, Connect-Back, Scanner

Services Targeted

MSSQL SMB

Tags

IDS - A Network Trojan was detected Known Malware SMB MS17-010 IDS - Attempted Administrator Privilege Gain

Associated Attack Servers

airtelbroadband.in

5.25.166.94 14.239.230.174 36.90.43.107 59.53.6.146 103.182.166.62 117.239.8.163 122.156.224.22 159.203.38.75 165.22.101.121 182.70.252.211 185.47.128.124 196.203.216.146 197.44.173.54 197.134.249.245 202.179.30.179 222.186.134.144

Basic Information

IP Address

41.174.104.229

Domain

-

ISP

Neotel Pty Ltd

Country

South Africa

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Akamai Guardicore Segmentation

2022-12-07

Last seen in Akamai Guardicore Segmentation

2024-06-05

What is Akamai Guardicore Segmentation
Akamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

IDS detected A Network Trojan was detected : Possible ETERNALBLUE Probe MS17-010 (MSF style)

IDS - A Network Trojan was detected

IDS detected A Network Trojan was detected : Possible ETERNALBLUE Probe MS17-010 (Generic Flags)

IDS - A Network Trojan was detected

IDS detected A Network Trojan was detected : ETERNALBLUE Probe Vulnerable System Response MS17-010

IDS - A Network Trojan was detected

IDS detected Attempted Administrator Privilege Gain : Windows SMB remote code execution attempt

IDS - Attempted Administrator Privilege Gain

IDS detected Attempted Administrator Privilege Gain : Windows SMB remote code execution attempt

IDS - Attempted Administrator Privilege Gain

IDS detected A Network Trojan was detected : Possible ETERNALBLUE MS17-010 Echo Response

IDS - A Network Trojan was detected

IDS detected Attempted Administrator Privilege Gain : ETERNALBLUE Exploit M2 MS17-010

IDS - Attempted Administrator Privilege Gain

IDS detected A Network Trojan was detected : Possible ETERNALBLUE MS17-010 Heap Spray

IDS - A Network Trojan was detected

The machine was exploited using the ms17-010 vulnerability

Connection was closed due to user inactivity