Akamai Guardicore Segmentation CTI

Threat Information

Role	Attacker, Scanner
Services Targeted	SMB
Tags	NetBIOS Access Suspicious Domain Known Malware Turn Off DEP IDS - A Network Trojan was detected IDS - Attempted Administrator Privilege Gain MS08-067 SMB Download File Cookie Hijacking SMB Null Session Login Outgoing Connection
Associated Attack Servers	tpgi.com.au 220.240.230.219

Basic Information

IP Address	122.238.68.54
Domain	-
ISP	-
Country	China
WHOIS	Created Date	-
	Updated Date	-
	Organization	-

First seen in Akamai Guardicore Segmentation	2023-07-16
Last seen in Akamai Guardicore Segmentation	2023-07-16

What is Akamai Guardicore Segmentation
Akamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

The machine was exploited using the ms08-067 vulnerability
x. was downloaded	Download File
Process netsvcs Service Group generated outgoing network traffic to: 220.240.230.219:3328	Outgoing Connection
Process netsvcs Service Group attempted to access suspicious domains: tpgi.com.au	Access Suspicious Domain Outgoing Connection
IDS detected Attempted Administrator Privilege Gain : Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (15)	IDS - Attempted Administrator Privilege Gain
IDS detected Attempted Administrator Privilege Gain : Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (25)	IDS - Attempted Administrator Privilege Gain
IDS detected A Network Trojan was detected : Conficker.b Shellcode	IDS - A Network Trojan was detected
Connection was closed due to user inactivity

Cyber Threat Intelligence

Discover malicious IPs and domains with Akamai Guardicore Segmentation

Threat Information

Basic Information

Attack Flow