IP Address: 14.98.12.162Previously Malicious
IP Address: 14.98.12.162Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SMB |
Tags |
Service Start MSRPC Successful MSRPC Login Service Creation Successful SMB Login SMB Access Suspicious Domain Service Deletion Outgoing Connection CMD |
Associated Attack Servers |
IP Address |
14.98.12.162 |
|
Domain |
- |
|
ISP |
Midc Sanpada |
|
Country |
India |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2018-12-09 |
Last seen in Akamai Guardicore Segmentation |
2023-01-14 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SMB with the following username: administrator - Authentication policy: Reached Max Attempts |
Successful SMB Login |
A user logged in using SMB with the following username: administrator - Authentication policy: Previously Approved User |
Successful SMB Login |
c:\windows\system32\services.exe installed and started mshta.exe as a service named AC01 under service group None 2 times |
Service Start Service Creation |
Service MSIServer was started |
Service Start |
A user logged in using MSRPC from JIK-PC with the following username: administrator - Authentication policy: Previously Approved User 2 times |
Successful MSRPC Login |
Process c:\windows\system32\msiexec.exe generated outgoing network traffic to: 202.142.167.174:16542, 218.75.71.98:19409, 36.134.79.185:17551 and 82.209.206.150:14283 |
Outgoing Connection |
A user logged in using SMB with the following username: administrator - Authentication policy: Previously Approved User |
Successful SMB Login |
Process c:\windows\system32\msiexec.exe attempted to access suspicious domains: zephyr.com.pk |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to user inactivity |
|