IP Address: 125.12.26.6Previously Malicious

Weekly Summary

Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network

Top Threats

Cyber Threat Intelligence

Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed

IP Address:
125.12.26.6​
Previously Malicious

This IP address attempted an attack on a machine protected by Guardicore Centra

Threat Information

Role

Attacker

Services Targeted

SSH

Tags

SSH Successful SSH Login Access Suspicious Domain DNS Query Download and Allow Execution Outgoing Connection SSH Brute Force Download File HTTP

Connect Back Servers

bahnhof.se ipredator.se systemservice.hldns.ru

155.4.112.119 46.246.42.220

Basic Information

IP Address

125.12.26.6

Domain

-

ISP

@Home Network Japan

Country

Japan

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Guardicore Centra

2019-06-09

Last seen in Guardicore Centra

2019-06-23

What is Guardicore Centra
Guardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

A user logged in using SSH with the following credentials: root / ***** - Authentication policy: White List (Part of a Brute Force Attempt)

SSH Brute Force Successful SSH Login

Process /usr/bin/wget attempted to access domains: systemservice.hldns.ru

DNS Query

Process /usr/bin/wget generated outgoing network traffic to: 46.246.42.220:80

Outgoing Connection

Process /usr/bin/wget attempted to access suspicious domains: ipredator.se

DNS Query Access Suspicious Domain Outgoing Connection

The file /tmp/bin.sh was downloaded and granted execution privileges

Download and Allow Execution

Process /usr/bin/wget generated outgoing network traffic to: 155.4.112.119:80 11 times

Outgoing Connection

The file /tmp/loligang.arm was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/loligang.arm5 was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/loligang.arm6 was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/loligang.arm7 was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/loligang.m68k was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/loligang.mips was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/loligang.mpsl was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/loligang.ppc was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/loligang.sh4 was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/loligang.spc was downloaded and granted execution privileges

Download and Allow Execution

/tmp/loligang.x86 was downloaded

Download File

Connection was closed due to user inactivity

Associated Files

/tmp/loligang.arm

SHA256: a9e1cfe93c290af300fd298ed0aab7bd0d2b5cc5ff3490435413729cd742a733

100992 bytes

/tmp/loligang.arm5

SHA256: 7ef0345bd92089d0ab6d43ee630427ee8e077185ef9f23aeb57a2a08f44fb985

62696 bytes

/tmp/loligang.arm6

SHA256: 281f5065b61da508bfb86f3a2d16104492c304397bb43283234db53e469d9ae4

107668 bytes

/tmp/loligang.arm7

SHA256: 9edaf6edc86119424f719a7526ecd4d6c9a4909749fe8698a163bbf1629c6b88

182265 bytes

/tmp/loligang.m68k

SHA256: c881f3069bb5685c67ccf3742969c92fc001477086f5e0999f630b7c338838f4

101760 bytes

/tmp/loligang.mips

SHA256: 9ecdcb96be11b1e9770a7b3dee9cb41277baf5caac3fe5ee795b58769b95761c

125676 bytes

/tmp/loligang.mpsl

SHA256: 8de0e02b4d14113d7b8e7b25624512eecf3afc3e5cac80c5534e09da28f58f06

125676 bytes

/tmp/loligang.ppc

SHA256: 0e24144e908b47c20d631ca59b02b60bb1bf1270dfa6a56d7e24f3ac3b7ca652

92244 bytes

/tmp/loligang.sh4

SHA256: bd54ed472459addeef3ce8e43777e9804a5500b21748006d91a53cc7d392c84e

87684 bytes

/tmp/loligang.spc

SHA256: 2279dc1bd43e67c14a2d6534c18efeddd949ec9bcd28722d10672b1e0d9b8caf

104420 bytes

Oops! - Do you see your IP here? Contact us at labs@guardicore.com to remove it from the Threat Intelligence data.

IP Address: 125.12.26.6​Previously Malicious