IP Address: 47.243.181.238Previously Malicious
IP Address: 47.243.181.238Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SCP SSH |
Tags |
System File Modification Superuser Operation Listening SCP 3 Shell Commands Download and Execute Port 2222 Scan Successful SSH Login Port 22 Scan SSH Download File Download and Allow Execution |
Associated Attack Servers |
50.217.153.73 50.237.89.161 79.47.57.130 101.35.138.55 103.156.150.248 179.106.38.141 |
IP Address |
47.243.181.238 |
|
Domain |
- |
|
ISP |
Alibaba |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-11-18 |
Last seen in Akamai Guardicore Segmentation |
2021-12-29 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 3 times |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 4 times |
Superuser Operation |
Process /dev/shm/apache2 scanned port 22 on 43 IP Addresses |
Port 22 Scan |
Process /etc/ifconfig scanned port 22 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig scanned port 2222 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig scanned port 22 on 42 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /dev/shm/apache2 started listening on ports: 1234 and 8084 |
Listening |
The file /var/tmp/ifconfig was downloaded and granted execution privileges |
Download and Allow Execution |
System file /etc/ifconfig was modified 9 times |
System File Modification |
System file /etc/apache2 was modified 4 times |
System File Modification |
The file /etc/ifconfig was downloaded and executed 5 times |
Download and Execute |
Process /etc/ifconfig started listening on ports: 1234 and 8085 |
Listening |
The file /etc/apache2 was downloaded and executed 108 times |
Download and Execute |
The file /usr/bin/free was downloaded and executed 3 times |
Download and Execute |
Process /etc/ifconfig generated outgoing network traffic to: 106.155.133.132:2222, 108.180.20.7:2222, 110.188.199.189:2222, 111.108.168.150:2222, 111.91.141.141:2222, 120.193.97.245:22, 121.190.167.142:2222, 121.219.226.202:2222, 124.102.158.74:22, 125.8.57.161:2222, 126.141.244.197:22, 129.42.72.217:22, 130.121.142.16:22, 131.58.157.119:22, 135.231.11.156:2222, 135.33.93.208:22, 139.54.83.172:22, 142.151.182.75:2222, 153.55.151.234:2222, 154.20.2.220:2222, 157.145.174.237:22, 159.141.59.191:22, 162.130.213.224:2222, 164.243.116.76:22, 164.251.246.45:22, 169.127.251.56:2222, 17.224.56.65:2222, 17.38.112.161:22, 172.204.110.188:2222, 174.44.231.109:2222, 177.183.115.132:2222, 180.170.71.13:22, 183.66.192.170:2222, 188.35.212.213:22, 19.48.191.131:2222, 190.118.132.47:2222, 192.149.19.13:2222, 193.159.126.38:2222, 193.72.32.71:2222, 198.130.77.113:2222, 199.147.138.69:2222, 2.161.108.250:22, 20.6.192.30:2222, 205.243.140.44:22, 211.123.45.205:2222, 212.98.123.23:22, 217.14.202.19:2222, 221.178.234.35:22, 221.178.234.35:2222, 24.241.106.20:22, 240.40.43.146:22, 243.49.142.194:22, 246.105.164.72:2222, 247.104.116.26:22, 248.157.188.86:22, 248.219.157.168:22, 249.194.144.214:22, 250.156.77.161:2222, 252.183.212.72:22, 26.151.242.68:2222, 27.7.9.33:22, 35.236.28.63:2222, 40.181.14.95:22, 44.2.115.240:22, 49.123.140.245:22, 49.66.174.175:22, 5.118.230.87:2222, 52.26.67.19:2222, 54.1.138.196:22, 54.19.52.118:22, 54.35.45.8:22, 57.225.47.236:22, 59.103.25.106:22, 63.38.61.152:2222, 64.10.202.151:2222, 66.106.193.10:22, 7.143.20.33:2222, 77.127.3.121:2222, 83.130.82.142:2222, 86.34.87.204:22, 86.50.3.110:22, 86.59.179.221:22, 93.204.73.167:2222 and 97.158.133.221:22 |
|
Process /etc/ifconfig scanned port 2222 on 42 IP Addresses |
Port 22 Scan Port 2222 Scan |
Connection was closed due to timeout |
|