IP Address: 122.54.205.206Previously Malicious
IP Address: 122.54.205.206Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
MSSQL SMB |
Tags |
Service Creation Access Suspicious Domain File Operation By CMD SMB CMD Service Start Download File DNS Query Service Stop SMB Share Connect PowerShell Service Deletion Listening MSSQL Successful SMB Login Download and Execute Scheduled Task Creation |
Associated Attack Servers |
- |
IP Address |
122.54.205.206 |
|
Domain |
- |
|
ISP |
Philippine Long Distance Telephone |
|
Country |
Philippines |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2018-09-23 |
Last seen in Akamai Guardicore Segmentation |
2021-06-29 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SMB with the following username: Administrator - Authentication policy: Reached Max Attempts |
Successful SMB Login |
The file C:\Windows\DvJKsVle.exe was downloaded and executed |
Download and Execute |
c:\windows\system32\services.exe installed and started %systemroot%\dvjksvle.exe as a service named xHjp under service group None |
Service Start Service Creation |
C:\Windows\temp\svchost.exe was downloaded |
Download File |
A user logged in using SMB with the following username: Administrator - Authentication policy: Previously Approved User 4 times |
Successful SMB Login |
The file C:\Windows\UiHPxuNT.exe was downloaded and executed |
Download and Execute |
c:\windows\system32\services.exe installed and started %systemroot%\uihpxunt.exe as a service named HaBX under service group None |
Service Start Service Creation |
C:\Windows\temp\tmp.vbs was downloaded |
Download File |
Service HaBX was stopped |
Service Stop |
Process netsvcs Service Group started listening on ports: 65529 |
Listening |
Process c:\windows\syswow64\windowspowershell\v1.0\powershell.exe attempted to access suspicious domains: t.amynx.com |
DNS Query Access Suspicious Domain |
The command line C:\Windows\PBYodx.exe was scheduled to run by modifying C:\Windows\System32\Tasks\PBYodx |
|
The command line c:\windows\djpTbN.exe was scheduled to run by modifying C:\Windows\System32\Tasks\csJAXF |
|
Connection was closed due to user inactivity |
|