IP Address: 45.133.174.64Previously Malicious
IP Address: 45.133.174.64Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Read Password Secrets HTTP Outgoing Connection 26 Shell Commands DNS Query Access Suspicious Domain User Created Users and Groups Package Install System File Modification Kill Process Service Deletion Download File Service Configuration Service Creation Human Download Operation Service Start Successful SSH Login SSH Listening Networking Operation Download and Allow Execution |
Associated Attack Servers |
IP Address |
45.133.174.64 |
|
Domain |
- |
|
ISP |
- |
|
Country |
- |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-10-31 |
Last seen in Akamai Guardicore Segmentation |
2021-11-15 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A possibly malicious Networking Operation was detected |
Download Operation Networking Operation Kill Process Package Install |
A possibly malicious Package Install was detected |
Download Operation Networking Operation Kill Process Package Install |
A possibly malicious Download Operation was detected |
Download Operation Networking Operation Kill Process Package Install |
Process /usr/bin/wget attempted to access suspicious domains: g0d.do.am and ucoz.net |
DNS Query Access Suspicious Domain Outgoing Connection |
Process /usr/bin/wget generated outgoing network traffic to: 213.174.157.150:443 and 213.174.157.150:80 |
Outgoing Connection |
/tmp/dr.tgz was downloaded |
Download File |
A possibly malicious Package Install was detected |
Download Operation Networking Operation Kill Process Package Install |
Process /usr/bin/apt-get attempted to access domains: _http._tcp.archive.ubuntu.com and archive.ubuntu.com |
DNS Query |
Process /usr/bin/apt-get generated outgoing network traffic to: 91.189.88.142:80 |
Outgoing Connection |
The file /usr/share/doc/oidentd was downloaded and granted execution privileges |
|
The file /usr/sbin/oidentd.dpkg-new was downloaded and granted execution privileges |
Download and Allow Execution |
The file /etc/init.d/oidentd was downloaded and granted execution privileges |
Download and Allow Execution |
System file /etc/logcheck/ignore.d.server/oidentd was modified 16 times |
System File Modification |
System file /etc/oidentd_masq.conf.dpkg-new was modified 16 times |
System File Modification |
System file /etc/default/oidentd was modified 16 times |
System File Modification |
System file /etc/oidentd.conf was modified 16 times |
System File Modification |
System file /etc/group- was modified 9 times |
System File Modification |
System file /etc/group was modified 9 times |
System File Modification |
System file /etc/group.225 was modified 4 times |
System File Modification |
System file /etc/gshadow- was modified 9 times |
System File Modification |
System file /etc/gshadow+ was modified 9 times |
System File Modification |
System file /etc/gshadow.225 was modified 9 times |
System File Modification |
System file /etc/passwd- was modified 9 times |
System File Modification |
System file /etc/passwd+ was modified 9 times |
System File Modification |
User oident was created with the password ********* |
User Created |
System file /etc/shadow- was modified 36 times |
System File Modification |
System file /etc/passwd.225 was modified 4 times |
System File Modification |
System file /etc/passwd.235 was modified 9 times |
System File Modification |
System file /etc/init.d/.depend.boot was modified 4 times |
System File Modification |
System file /etc/init.d/.depend.start was modified 4 times |
System File Modification |
System file /etc/init.d/.depend.stop was modified 4 times |
System File Modification |
Service K01oidentd was created |
Service Creation |
Service S02oidentd was created |
Service Creation |
Service oidentd.dpkg-new was created |
Service Creation |
Service oidentd was started |
Service Start |
Process /usr/sbin/oidentd started listening on ports: 113 |
Listening |
A possibly malicious Kill Process was detected |
Download Operation Networking Operation Kill Process Package Install |
Connection was closed due to user inactivity |
|