IP Address: 103.45.184.71Previously Malicious
IP Address: 103.45.184.71Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
SSH Brute Force Read Password Secrets Log Tampering Scheduled Task Configuration Service Configuration Executable File Modification System File Modification Kill Process Service Start Successful SSH Login Package Manager Configuration DNS Query Superuser Operation Package Install Download and Execute 63 Shell Commands Outgoing Connection Download and Allow Execution SSH Bulk Files Tampering Service Stop |
Associated Attack Servers |
IP Address |
103.45.184.71 |
|
Domain |
- |
|
ISP |
Shenzhen Qianhai bird cloud computing Co. |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-04-02 |
Last seen in Akamai Guardicore Segmentation |
2021-04-08 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List (Part of a Brute Force Attempt) |
SSH Brute Force Successful SSH Login |
A possibly malicious Package Install was detected 2 times |
Kill Process Package Install Superuser Operation |
A possibly malicious Superuser Operation was detected 2 times |
Kill Process Package Install Superuser Operation |
A possibly malicious Package Install was detected 14 times |
Kill Process Package Install Superuser Operation |
Process /usr/bin/apt-get attempted to access domains: _http._tcp.security.ubuntu.com and security.ubuntu.com |
DNS Query |
Process /usr/bin/apt-get attempted to access domains: _http._tcp.archive.ubuntu.com and archive.ubuntu.com 2 times |
DNS Query |
Process /usr/bin/apt-get generated outgoing network traffic to: 91.189.88.142:80 and 91.189.91.39:80 |
Outgoing Connection |
Process /usr/bin/apt-get generated outgoing network traffic to: 91.189.88.142:80 and 91.189.88.152:80 |
Outgoing Connection |
Process /usr/bin/apt-get generated outgoing network traffic to: 91.189.88.152:80 |
Outgoing Connection |
System file /etc/ld.so.cache~ was modified 144 times |
System File Modification |
Service apt-daily-upgrade.timer was stopped |
Service Stop |
The file /usr/lib/apt/apt.systemd.daily was downloaded and granted execution privileges |
|
The file /usr/lib/apt/apt-helper was downloaded and granted execution privileges |
Download and Allow Execution |
The file /usr/lib/apt/methods/http was downloaded and granted execution privileges |
Download and Allow Execution |
The file /usr/lib/apt/methods/file was downloaded and granted execution privileges |
Download and Allow Execution |
The file /usr/lib/apt/methods/gpgv was downloaded and granted execution privileges |
|
The file /usr/lib/apt/methods/ftp was downloaded and granted execution privileges |
|
The file /usr/lib/apt/methods/mirror was downloaded and granted execution privileges |
Download and Allow Execution |
The file /usr/lib/apt/methods/store was downloaded and granted execution privileges |
|
The file /usr/lib/apt/methods/rsh was downloaded and granted execution privileges |
|
The file /usr/lib/apt/methods/rred was downloaded and granted execution privileges |
|
The file /usr/lib/apt/methods/copy was downloaded and granted execution privileges |
Download and Allow Execution |
The file /usr/lib/apt/methods/cdrom was downloaded and granted execution privileges |
Download and Allow Execution |
The file /usr/lib/dpkg/methods/apt/setup was downloaded and granted execution privileges |
Download and Allow Execution |
The file /usr/lib/dpkg/methods/apt/install was downloaded and granted execution privileges |
|
The file /usr/lib/dpkg/methods/apt/update was downloaded and granted execution privileges |
|
The file /usr/bin/apt-cache was downloaded and granted execution privileges |
Download and Allow Execution |
The file /usr/bin/apt was downloaded and granted execution privileges |
Download and Allow Execution |
Executable file /usr/bin/apt-config was modified 16 times |
Executable File Modification |
The file /usr/bin/apt-config was downloaded and granted execution privileges |
|
The file /usr/bin/apt-key was downloaded and granted execution privileges |
Download and Allow Execution |
The file /usr/bin/apt-mark was downloaded and granted execution privileges |
Download and Allow Execution |
The file /usr/bin/apt-cdrom was downloaded and granted execution privileges |
Download and Allow Execution |
The file /usr/share/bug/apt/script was downloaded and granted execution privileges |
Download and Allow Execution |
System file /lib/systemd/system/apt-daily-upgrade.timer was modified 16 times |
System File Modification |
System file /lib/systemd/system/apt-daily-upgrade.service was modified 16 times |
System File Modification |
System file /lib/systemd/system/apt-daily.service.dpkg-new was modified 16 times |
System File Modification |
System file /etc/apt/apt.conf.d/01-vendor-ubuntu.dpkg-new was modified 16 times |
System File Modification |
System file /etc/apt/apt.conf.d/01autoremove.dpkg-new was modified 16 times |
System File Modification |
The file /etc/apt/auth.conf.d was downloaded and granted execution privileges |
Download and Allow Execution |
System file /etc/cron.daily/apt-compat.dpkg-new was modified 16 times |
System File Modification |
The file /etc/cron.daily/apt-compat.dpkg-new was downloaded and granted execution privileges |
|
System file /etc/kernel/postinst.d/apt-auto-removal.dpkg-new was modified 16 times |
System File Modification |
The file /etc/kernel/postinst.d/apt-auto-removal.dpkg-new was downloaded and granted execution privileges |
Download and Allow Execution |
Executable file /usr/bin/apt-cache was modified |
Executable File Modification |
Executable file /usr/bin/apt was modified |
Executable File Modification |
Executable file /usr/bin/apt-config was modified |
Executable File Modification |
Executable file /usr/bin/apt-key was modified |
Executable File Modification |
Executable file /usr/bin/apt-mark was modified |
Executable File Modification |
Executable file /usr/bin/apt-cdrom was modified |
Executable File Modification |
Executable file /usr/bin/apt-get was modified |
Executable File Modification |
System file /lib/systemd/system/apt-daily.timer was modified |
System File Modification |
System file /lib/systemd/system/apt-daily-upgrade.timer was modified |
System File Modification |
System file /lib/systemd/system/apt-daily-upgrade.service was modified |
System File Modification |
System file /lib/systemd/system/apt-daily.service was modified |
System File Modification |
/etc/cron.daily/apt-compat.dpkg-new scheduled task was modified |
|
Service apt-daily-upgrade.timer was started |
Service Start |
Service apt-daily.timer was started |
Service Start |
The file /usr/bin/apt-get was downloaded and executed 16 times |
Download and Execute |
The file /usr/lib/apt/solvers/apt.dpkg-new was downloaded and granted execution privileges |
Download and Allow Execution |
The file /usr/lib/apt/solvers/dump.dpkg-new was downloaded and granted execution privileges |
Download and Allow Execution |
A possibly malicious Kill Process was detected 4 times |
Kill Process Package Install Superuser Operation |
A possibly malicious Package Install was detected 6 times |
Kill Process Package Install Superuser Operation |
A possibly malicious Superuser Operation was detected 2 times |
Kill Process Package Install Superuser Operation |
History File Tampering detected from /usr/sbin/sshd |
Log Tampering |
Connection was closed due to timeout |
|
Process /usr/bin/apt-get performed bulk changes in {/usr/share/locale} and {/usr/share/man} on 101 files |
Bulk Files Tampering |