Akamai Guardicore Segmentation CTI

Threat Information

Role	Attacker, Scanner
Services Targeted	SMB
Tags	Outgoing Connection NetBIOS MS08-067 Known Malware IDS - Attempted Administrator Privilege Gain SMB Turn Off DEP IDS - A Network Trojan was detected Cookie Hijacking Download File Access Suspicious Domain SMB Null Session Login
Associated Attack Servers	sbcglobal.net 172.3.111.17

Basic Information

IP Address	113.116.98.202
Domain	-
ISP	-
Country	China
WHOIS	Created Date	-
	Updated Date	-
	Organization	-

First seen in Akamai Guardicore Segmentation	2024-01-29
Last seen in Akamai Guardicore Segmentation	2024-01-29

What is Akamai Guardicore Segmentation
Akamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

The machine was exploited using the ms08-067 vulnerability
x. was downloaded	Download File
Process netsvcs Service Group generated outgoing network traffic to: 172.3.111.17:1504	Outgoing Connection
Process netsvcs Service Group attempted to access suspicious domains: sbcglobal.net	Outgoing Connection Access Suspicious Domain
IDS detected Attempted Administrator Privilege Gain : Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (15)	IDS - Attempted Administrator Privilege Gain
IDS detected Attempted Administrator Privilege Gain : Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (25)	IDS - Attempted Administrator Privilege Gain
IDS detected A Network Trojan was detected : Conficker.b Shellcode	IDS - A Network Trojan was detected
Connection was closed due to user inactivity

Cyber Threat Intelligence

Discover malicious IPs and domains with Akamai Guardicore Segmentation

Threat Information

Basic Information

Attack Flow