IP Address: 61.2.141.136Previously Malicious
IP Address: 61.2.141.136Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SCP SSH |
Tags |
Superuser Operation SCP Download and Execute Successful SSH Login SSH Download File Download and Allow Execution |
Associated Attack Servers |
3.244.92.129 17.200.145.82 18.123.202.81 29.126.126.168 36.69.131.107 46.164.44.237 47.37.138.79 50.7.86.202 51.10.67.166 54.176.172.47 57.82.76.191 66.90.110.58 78.133.140.2 81.70.93.65 90.23.240.185 97.154.152.112 103.152.118.20 106.140.19.215 107.110.88.7 111.126.64.228 120.248.226.169 125.201.151.146 129.27.2.219 144.91.98.84 145.84.236.190 149.249.251.158 150.5.93.82 159.72.188.124 159.86.150.141 |
IP Address |
61.2.141.136 |
|
Domain |
- |
|
ISP |
National Internet Backbone |
|
Country |
India |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-12-24 |
Last seen in Akamai Guardicore Segmentation |
2022-03-21 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 4 times |
Superuser Operation |
The file /var/tmp/ifconfig was downloaded and executed 4 times |
Download and Execute |
The file /var/tmp/apache2 was downloaded and executed 15 times |
Download and Execute |
Process /var/tmp/apache2 scanned port 22 on 36 IP Addresses |
Port 22 Scan |
Process /tmp/apache2 scanned port 22 on 36 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/apache2 scanned port 22 on 47 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/apache2 scanned port 2222 on 36 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /var/tmp/apache2 started listening on ports: 1234 and 8082 |
Listening |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
The file /tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /tmp/apache2 was downloaded and executed 176 times |
Download and Execute |
Process /tmp/apache2 started listening on ports: 1234 and 8088 |
Listening |
Process /tmp/apache2 generated outgoing network traffic to: 100.121.11.82:22, 102.44.122.67:2222, 107.32.235.99:22, 112.243.55.187:2222, 114.166.20.18:2222, 115.183.1.88:22, 118.180.116.229:22, 129.24.22.92:2222, 129.83.166.212:2222, 13.18.160.2:22, 133.153.161.130:2222, 135.62.19.132:22, 141.227.166.204:22, 145.160.110.24:2222, 149.248.11.65:22, 15.149.251.224:2222, 15.153.99.14:2222, 153.120.152.228:2222, 158.127.41.192:2222, 159.244.251.12:2222, 163.23.6.144:2222, 172.138.111.35:2222, 172.174.46.25:22, 172.237.77.22:2222, 175.139.227.175:2222, 18.219.206.197:22, 180.206.173.97:22, 188.29.61.169:2222, 19.163.80.182:2222, 191.186.45.191:2222, 20.103.184.35:22, 201.164.225.75:22, 202.81.223.176:2222, 203.175.92.149:22, 205.63.83.9:2222, 206.134.64.113:22, 206.151.232.31:2222, 208.202.216.79:2222, 210.80.238.31:2222, 212.78.59.150:2222, 215.90.32.214:2222, 216.237.250.141:22, 216.34.59.147:2222, 218.47.177.23:22, 23.170.239.122:22, 24.244.166.19:2222, 240.167.93.97:22, 242.97.208.219:2222, 246.221.119.185:22, 247.122.149.6:22, 247.213.154.220:2222, 27.103.89.221:2222, 32.241.58.43:22, 35.182.152.190:22, 38.77.134.116:22, 42.159.142.168:22, 43.96.130.218:22, 48.154.199.29:2222, 49.252.126.121:2222, 52.191.138.97:22, 55.112.233.19:2222, 55.166.184.148:2222, 55.224.74.191:2222, 59.144.149.144:22, 62.234.170.78:22, 63.174.194.48:2222, 65.194.8.218:2222, 70.27.250.89:2222, 70.78.21.213:2222, 73.225.75.215:2222, 76.115.131.9:22, 78.123.179.130:2222, 80.39.217.80:2222, 81.197.250.25:2222, 82.158.119.214:22, 83.175.133.99:22, 84.142.235.50:2222, 90.150.137.227:2222, 95.120.142.72:22, 95.20.75.241:2222, 96.7.63.124:22 and 99.179.108.137:22 |
|
Process /tmp/apache2 scanned port 2222 on 47 IP Addresses |
Port 22 Scan Port 2222 Scan |
Connection was closed due to timeout |
|