IP Address: 138.68.8.34Previously Malicious

Weekly Summary

Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network

Top Threats

Cyber Threat Intelligence

Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed

IP Address:
138.68.8.34​
Previously Malicious

This IP address attempted an attack on a machine protected by Guardicore Centra

Threat Information

Role

Attacker

Services Targeted

HTTP

Tags

HTTP IDS - Web Application Attack Download and Allow Execution Inbound HTTP Request Outgoing Connection Download and Execute Download File

Connect Back Servers

colocrossing.com

168.63.110.59 40.77.30.79 168.63.110.58 13.92.155.251 168.63.109.146 192.227.176.105 40.117.126.87

Basic Information

IP Address

138.68.8.34

Domain

-

ISP

Digital Ocean

Country

United States

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Guardicore Centra

2019-06-23

Last seen in Guardicore Centra

2019-07-06

What is Guardicore Centra
Guardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

The file /tmp/bins.sh was downloaded and granted execution privileges

Download and Allow Execution

Process /usr/bin/wget generated outgoing network traffic to: 192.227.176.105:80 9 times

Outgoing Connection

The file /tmp/Demon.mips was downloaded and granted execution privileges

Download and Allow Execution

IDS detected Web Application Attack : 401TRG Generic Webshell Request - POST with wget in body

IDS - Web Application Attack

The file /tmp/Demon.mpsl was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/Demon.sh4 was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/Demon.x86 was downloaded and executed 2 times

Download and Execute

The file /tmp/Demon.arm6 was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/Demon.i686 was downloaded and executed 2 times

Download and Execute

The file /tmp/Demon.ppc was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/Demon.m68k was downloaded and granted execution privileges

Download and Allow Execution

Process /tmp/Demon.i586 generated outgoing network traffic to: 192.227.176.105:282

Outgoing Connection

The file /tmp/Demon.i586 was downloaded and executed 3 times

Download and Execute

Process /usr/bin/wget generated outgoing network traffic to: 192.227.176.105:80 6 times

Outgoing Connection

The file /tmp/Demon.sparc was downloaded and granted execution privileges

The file /tmp/Demon.arm4 was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/Demon.arm5 was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/Demon.arm7 was downloaded and granted execution privileges

Download and Allow Execution

Connection was closed due to user inactivity

Associated Files

/tmp/bins.sh

SHA256: b4e60b9224897e711006261081f981628de1aa4ad6e158adb0efdbba5bde2c3d

2092 bytes

/tmp/Demon.mips

SHA256: 790db12fd630b77bfe74edeb821a9d2843f407b126a337f229d1b6e4c9ca1d50

104715 bytes

/tmp/Demon.mpsl

SHA256: 0483d4c821aa220aa9fad48ce2dbff79db5177ceacd1015a4548047f42e981f9

104827 bytes

/tmp/Demon.sh4

SHA256: b227cd88d4dbd5f40beccc3261d50250e1b2020ab0fcf1b49d17e6a41633f381

72116 bytes

/tmp/Demon.x86

SHA256: e7ca0eeddfa2ad9dca2c52e824132868360d3d387c6fbcd5b059121c5d05c630

80458 bytes

/tmp/Demon.arm6

SHA256: a202208df323d16a792f987a4fbb28356e3f86b3bf997b08738e903e051fbe63

106532 bytes

/tmp/Demon.i686

SHA256: 513c65085ba000ab30658787bc44936bcdf3075790799f2e2f634556315f656b

68895 bytes

/tmp/Demon.ppc

SHA256: 6de42612d7889bb51800ee66ed223ec85e60045bb0ca16302c484d4b00624ce1

80352 bytes

/tmp/Demon.i586

SHA256: 2410c5022986d52c7ac04cfc235e8b9298f9e709c777cc47ebda6c0df117eb23

68255 bytes

/tmp/Demon.arm4

SHA256: d427dd7fbc06557cfe71bbf1ecb4a5896b1f425d36d3d7f8a67b770836c4cd92

91830 bytes

/tmp/Demon.arm5

SHA256: a16c5faab93806666b9d22abd7af115ef89cf58f7d58deebb2812ab5bf988ae3

85260 bytes

/tmp/Demon.arm7

SHA256: 910d5b0a5558e5bf86ba723545f2e44a78d98a2995926a74ff147174d2589180

144789 bytes

/tmp/soul.sh

SHA256: ac4456c786b1eba0c61d9ae9eac8963802bfd6498b29bc663a2609cd0e33c193

1720 bytes

/tmp/soul.mips

SHA256: 83352545e752acf4e0e9455bd01eba45e9ae9c9875b055fac3532bec9e886a23

165221 bytes

/tmp/soul.mpsl

SHA256: be0e6b0cb28636a6b122967bcb3b609e6eeeacb7c7e0d7903e45837926e921af

165221 bytes

/tmp/soul.sh4

SHA256: eceaddbe02da0f2315b64e0c88a1785daaa708f8f6c09c24ad85db41c983421e

123912 bytes

/tmp/soul.x86

SHA256: 8a33d8be0d4c4f9c38f6b0fac9183bc7e6086c0d166181ff5c267dea36ffd641

133677 bytes

/tmp/soul.arm6

SHA256: b75b8a94996c9dc41d29a852503ebd4659499c28faa3c9b720d7f27f935910ac

157764 bytes

/tmp/soul.x32

SHA256: d6226eadd8c2859fa41a0e4bd899431e88e492ba9ea9ffcf676cca86548c0eda

118854 bytes

/tmp/soul.ppc

SHA256: e4904257ce1e5d3e356c0ff8b1bfe2098b94a4b4be728c7fdf11de4a2fb5491f

143890 bytes

/tmp/soul.i586

SHA256: c57d28b770c3c9401e9475dd22b51afd3000326d41a4f4d33d63be8099d890d9

115782 bytes

/tmp/bins.sh

SHA256: e0e80f5f9a586186a7bff30e3359f971311f3ee01779d2b1625c6cc955f24881

2072 bytes

/tmp/Okami.mips

SHA256: 0efdb55169af196b20adae51b07839e2d98f8c1f3a5b76a3ec39a153437146a1

123182 bytes

/tmp/Okami.mpsl

SHA256: 6b1e3be28c7b9e9ec7df5f9bd111c68e4c2818405e87eae2c693b327ca9076fe

123182 bytes

/tmp/Okami.sh4

SHA256: 952c4c759ad0ee7c28110122f4501009e60564593342c6ac67594a6dedfa75bc

85865 bytes

/tmp/Okami.x86

SHA256: b4cea4fd6f32297a662e6d325d53375390932db93c0e6e71ce4a8cdc6acad931

93801 bytes

/tmp/Okami.arm6

SHA256: 6c3542320407955358c97e44e590e17f45de3922b849e14f8f78913b891bdec9

120681 bytes

/tmp/Okami.i686

SHA256: 2cfc78fec9d7d88d9ebe20616b2c10c8be625752c90b667f66d9ab113504d20b

82007 bytes

/tmp/Okami.ppc

SHA256: a77c7ba1c8fc45dd6a1e0903c6168a5489a5b98098d53c45866c2a6d4760242d

94075 bytes

/tmp/Okami.i586

SHA256: 4c9c11689f513031b40b22d4e33bb11549e09c10d05e42937595dd71b954b75e

82007 bytes

Oops! - Do you see your IP here? Contact us at labs@guardicore.com to remove it from the Threat Intelligence data.

IP Address: 138.68.8.34​Previously Malicious