IP Address: 61.145.24.116Previously Malicious
IP Address: 61.145.24.116Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Superuser Operation SCP Download and Execute Successful SSH Login SSH Download File Download and Allow Execution |
Associated Attack Servers |
IP Address |
61.145.24.116 |
|
Domain |
- |
|
ISP |
China Telecom Guangdong |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-01-30 |
Last seen in Akamai Guardicore Segmentation |
2022-02-01 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 6 times |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 12 times |
Superuser Operation |
Process /dev/shm/apache2 scanned port 22 on 39 IP Addresses |
Port 22 Scan |
Process /root/ifconfig scanned port 22 on 39 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 22 on 31 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 2222 on 39 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /dev/shm/apache2 started listening on ports: 1234 and 8084 |
Listening |
The file /tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /tmp/apache2 was downloaded and executed 4 times |
Download and Execute |
Process /tmp/ifconfig started listening on ports: 1234 and 8080 |
Listening |
./ifconfig was downloaded 2 times |
Download File |
The file /root/ifconfig was downloaded and executed 7 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 23 times |
Download and Execute |
Process /root/ifconfig started listening on ports: 1234 and 8085 |
Listening |
The file /root/ifconfig was downloaded and executed 4 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 159 times |
Download and Execute |
Process /root/ifconfig generated outgoing network traffic to: 100.164.160.245:2222, 100.87.187.134:22, 103.110.142.170:2222, 104.160.52.143:2222, 106.121.67.175:22, 11.113.78.72:2222, 119.209.115.126:22, 119.235.217.201:2222, 120.107.167.103:22, 126.128.12.135:22, 132.217.118.52:22, 134.156.146.243:22, 14.47.22.234:22, 142.238.237.54:2222, 147.242.182.61:22, 15.26.84.143:2222, 151.121.187.176:2222, 165.135.16.158:2222, 166.167.151.187:22, 168.150.182.127:2222, 170.102.198.165:2222, 178.37.88.101:2222, 180.53.244.218:22, 181.220.157.160:22, 182.217.213.202:22, 183.203.203.199:22, 19.207.171.112:22, 190.99.213.208:2222, 191.233.242.193:22, 194.18.116.224:2222, 196.150.213.50:22, 197.29.203.87:22, 20.179.101.197:2222, 20.193.226.186:2222, 204.126.217.59:22, 205.170.141.25:2222, 208.163.122.217:22, 218.163.166.213:22, 24.192.109.58:22, 242.220.131.73:2222, 244.133.5.170:22, 244.159.32.251:22, 246.25.158.195:2222, 246.39.88.234:2222, 248.249.141.125:2222, 249.152.215.49:2222, 250.52.20.103:2222, 26.21.79.16:22, 28.54.46.194:22, 34.246.99.75:2222, 35.120.191.9:22, 35.143.251.62:22, 44.21.120.58:2222, 51.246.142.62:22, 52.219.104.222:22, 53.196.10.12:22, 56.127.20.39:2222, 57.25.134.44:2222, 59.2.16.161:22, 65.33.101.205:22, 72.161.42.7:22, 76.107.53.232:22, 80.49.199.233:22, 87.9.190.216:2222, 92.144.247.76:2222, 93.210.187.74:22, 95.96.161.172:2222, 98.13.82.188:22 and 98.92.218.192:2222 |
|
Process /root/ifconfig scanned port 2222 on 31 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /bin/bash was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|