IP Address: 134.209.155.245Previously Malicious

Weekly Summary

Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network

Top Threats

Cyber Threat Intelligence

Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed

IP Address:
134.209.155.245​
Previously Malicious

This IP address attempted an attack on a machine protected by Guardicore Centra

Threat Information

Role

Attacker, Scanner

Services Targeted

SSH

Tags

HTTP Download and Execute Download Operation 1 Shell Commands Download File Successful SSH Login SSH Download and Allow Execution Outgoing Connection Access Suspicious Domain

Associated Attack Servers

infinity-hosting.com

137.74.237.193

Basic Information

IP Address

134.209.155.245

Domain

-

ISP

Digital Ocean

Country

United States

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Guardicore Centra

2019-07-21

Last seen in Guardicore Centra

2019-08-19

What is Guardicore Centra
Guardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List

Successful SSH Login

A possibly malicious Download Operation was detected 2 times

Download Operation

Process /usr/bin/wget generated outgoing network traffic to: 137.74.237.193:80 7 times

Outgoing Connection

Process /usr/bin/wget attempted to access suspicious domains: infinity-hosting.com 7 times

Access Suspicious Domain Outgoing Connection

The file /tmp/bins.sh was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/TacoBellGodYo.mips was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/TacoBellGodYo.mpsl was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/TacoBellGodYo.sh4 was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/TacoBellGodYo.x86 was downloaded and executed 2 times

Download and Execute

The file /tmp/TacoBellGodYo.arm6 was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/TacoBellGodYo.i686 was downloaded and executed 3 times

Download and Execute

Process /tmp/TacoBellGodYo.i686 generated outgoing network traffic to: 137.74.237.193:151

Outgoing Connection

Process /tmp/TacoBellGodYo.i686 attempted to access suspicious domains: infinity-hosting.com

Access Suspicious Domain Outgoing Connection

Process /usr/bin/wget generated outgoing network traffic to: 137.74.237.193:80

Outgoing Connection

Process /usr/bin/wget attempted to access suspicious domains: infinity-hosting.com

Access Suspicious Domain Outgoing Connection

The file /tmp/TacoBellGodYo.ppc was downloaded and granted execution privileges

Download and Allow Execution

Connection was closed due to timeout

Associated Files

/tmp/bins.sh

SHA256: 4707caf429ca37302d88f6a7bd4142f833ffb061434c2587c124a06517535cbb

2506 bytes

/tmp/TacoBellGodYo.mips

SHA256: b603169a40b301b675a7d32e11ca7fb08195f29481cbfb52ec82274878255f84

174393 bytes

/tmp/TacoBellGodYo.mpsl

SHA256: 05166de51b8b8223358dbbfab40d73b74a933f5874ae402a70505eb5130010fe

174505 bytes

/tmp/TacoBellGodYo.sh4

SHA256: 40dc978d0a9d8ec886d22a716ee1f58dbe025b0211c2f7535146658685d2aaa2

125007 bytes

/tmp/TacoBellGodYo.x86

SHA256: 64e2fb7202cfdcbc5bf4b7da42b6971a0ebd00a183b93f17da625f2833fa1c5e

126841 bytes

/tmp/TacoBellGodYo.arm6

SHA256: 7339edb267bdadf1a97bb3e0a93865a23f1d5352cadc6fdfa8bd41dda1594d48

156463 bytes

/tmp/TacoBellGodYo.i686

SHA256: 09c2440bbcc5ad36f69cf68bb2dd5600ac85598cf145c80f0063b7c1cc24447c

116622 bytes

/tmp/TacoBellGodYo.ppc

SHA256: 4a5da66f382eb791b7018510e34c1ff858ac6bfb704595411fb19992ea62fac7

54993 bytes

/tmp/TacoBellGodYo.ppc

SHA256: d63f5223c456a695196338c096939aa4ea1c2daaf66a7953a01be5b8cecafb5c

134795 bytes

/tmp/TacoBellGodYo.i586

SHA256: 63068eec501387498c888ac81d01c5dab5fea037dcc7a8c0f85703da45adc912

53645 bytes

/tmp/TacoBellGodYo.ppc

SHA256: 1d14d5d2bc1de7d1854b6a927aadb74f2b53d15e57e4022e6ddcd0c806f27bbc

103521 bytes

Oops! - Do you see your IP here? Contact us at labs@guardicore.com to remove it from the Threat Intelligence data.

IP Address: 134.209.155.245​Previously Malicious