IP Address: 104.194.238.124Previously Malicious

Weekly Summary

Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network

Top Threats

Cyber Threat Intelligence

Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed

IP Address:
104.194.238.124​
Previously Malicious

This IP address attempted an attack on a machine protected by Guardicore Centra

Threat Information

Role

Attacker, Scanner

Services Targeted

HadoopYARN

Tags

HTTP HadoopYARN Malicious File IDS - Web Application Attack Outgoing Connection Download and Allow Execution Download and Execute Download File Inbound HTTP Request

Associated Attack Servers

191.237.42.69 46.29.165.120

Basic Information

IP Address

104.194.238.124

Domain

-

ISP

Multacom Corporation

Country

United States

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Guardicore Centra

2018-09-30

Last seen in Guardicore Centra

2018-09-30

What is Guardicore Centra
Guardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

Process /usr/bin/wget generated outgoing network traffic to: 46.29.165.120:80 5 times

Outgoing Connection

The file /usr/local/apache2/cgi-bin/ws/v1/cluster/weed.sh was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/weedntpd was downloaded and granted execution privileges

Download and Allow Execution

IDS detected Web Application Attack : 401TRG Generic Webshell Request - POST with wget in body

IDS - Web Application Attack

/tmp/weedntpd was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/weedsshd was downloaded and granted execution privileges

Download and Allow Execution

/tmp/weedsshd was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/weedopenssh was downloaded and granted execution privileges

Download and Allow Execution

/tmp/weedopenssh was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/weedbash was downloaded and executed

Download and Execute

Connection was closed due to user inactivity

/tmp/weedbash was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

Associated Files

/usr/local/apache2/cgi-bin/ws/v1/cluster/weed.sh

SHA256: a53d304bde9695fce587d2da1fe3da12bdb05f247e64b3aa25905b1cb3b6fd5f

1830 bytes

/tmp/weedntpd

SHA256: 840e5a646ff05ee9971dc463fcac5a8b8ce065dda0019dadaffbb7bf97f55d25

187046 bytes

/tmp/weedsshd

SHA256: 40cd1efcaa11ac5779da1d825d0d38098ef05daad8bff6ba0ad1d909a815eeb5

187046 bytes

/tmp/weedopenssh

SHA256: a8bab41b33cd3035ab4ef773a295ff94b5b7a89007007c9b97945b6d0eaefb50

137773 bytes

/tmp/weedbash

SHA256: 46188d938bf783dbe23a668233e4432e1d0015511e7a731755a870a84d757f96

149000 bytes

Oops! - Do you see your IP here? Contact us at labs@guardicore.com to remove it from the Threat Intelligence data.

IP Address: 104.194.238.124​Previously Malicious