IP Address: 148.70.189.89Previously Malicious
Weekly Summary
Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network
Top Threats
Cyber Threat Intelligence
Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed
IP Address:
148.70.189.89
Previously Malicious
This IP address attempted an attack on a machine protected by Guardicore Centra
Threat Information
|
Role |
Attacker, Scanner |
|
Services Targeted |
SSH |
|
Tags |
Download and Execute SSH Access Suspicious Domain Port 7946 Scan Outgoing Connection Download and Allow Execution Listening New SSH Key Successful SSH Login Scheduled Task Creation |
|
Associated Attack Servers |
opendns.com amazonaws.com linode.com whatismyipaddress.com akamaitechnologies.com one.one 66.171.248.178 103.219.112.66 52.44.169.135 1.1.1.1 208.67.222.222 23.50.52.227 176.58.123.25 34.196.181.158 104.20.17.242 104.114.79.195 |
Basic Information
|
IP Address |
148.70.189.89 |
|
|
Domain |
- |
|
|
ISP |
Tencent cloud computing |
|
|
Country |
China |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Guardicore Centra |
2019-09-21 |
|
Last seen in Guardicore Centra |
2019-09-28 |
What is Guardicore CentraGuardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
Attack Flow
|
A user logged in using SSH with the following credentials: root / ********** - Authentication policy: Reached Max Attempts |
Successful SSH Login |
|
Process /usr/bin/wget generated outgoing network traffic to: 103.219.112.66:8000 |
Outgoing Connection |
|
Process /usr/bin/wget generated outgoing network traffic to: 103.219.112.66:8000 |
Outgoing Connection |
|
The file /usr/bin/lunlfa4 was downloaded and executed 21 times |
Download and Execute |
|
The file /usr/bin/getconf was downloaded and executed |
Download and Execute |
|
Process /usr/bin/lunlfa4 started listening on ports: 7946 |
Listening |
|
Process /usr/bin/lunlfa4 generated outgoing network traffic to: 1.1.1.1:53, 101.132.186.165:7946, 101.231.202.132:7946, 103.238.226.56:7946, 103.36.84.148:7946, 103.45.112.3:7946, 104.20.17.242:80, 106.12.6.104:7946, 106.52.169.230:7946, 106.52.194.40:7946, 111.85.182.2:7946, 113.88.12.235:7946, 114.215.70.222:7946, 117.73.2.211:7946, 118.187.31.11:7946, 118.24.130.208:7946, 118.25.149.162:7946, 118.25.37.165:7946, 118.89.243.105:7946, 119.195.133.231:7946, 119.195.211.191:7946, 119.23.235.180:7946, 119.27.163.94:7946, 121.168.178.192:7946, 122.114.143.128:7946, 122.114.158.88:7946, 123.206.197.226:7946, 125.136.32.101:7946, 129.211.111.201:7946, 132.232.52.142:7946, 134.175.72.36:7946, 139.199.106.127:7946, 139.199.133.202:7946, 14.192.11.16:7946, 14.46.57.160:7946, 14.46.57.245:7946, 140.143.230.207:7946, 140.143.243.93:7946, 140.143.27.215:7946, 142.93.208.69:7946, 144.217.234.169:7946, 154.85.99.246:7946, 154.92.23.80:7946, 172.105.40.51:7946, 172.245.52.188:7946, 176.58.123.25:80, 192.227.140.90:7946, 198.1.81.46:7946, 198.251.83.42:7946, 203.93.23.253:7946, 208.67.222.222:443, 216.239.32.21:80, 216.239.34.21:80, 23.50.52.227:80, 47.105.126.138:7946, 47.92.107.57:7946, 49.234.152.78:7946, 52.44.169.135:80, 58.208.25.47:7946, 59.10.86.80:7946, 60.205.166.161:7946, 61.147.247.41:7946, 61.77.183.222:7946, 66.171.248.178:80, 85.214.235.157:7946 and 92.103.89.93:7946 |
Outgoing Connection |
|
Process /usr/bin/lunlfa4 attempted to access suspicious domains: one.one |
Access Suspicious Domain Outgoing Connection |
|
Process /usr/bin/lunlfa4 scanned port 7946 on 57 IP Addresses |
Port 7946 Scan |
|
Connection was closed due to timeout |
|
|
An attempt to download /root/.ssh/authorized_keys was made |
New SSH Key |
Associated Files
|
/usr/bin/lunlfa4 |
SHA256: 2dfce07d7066cca93bc85d5c235ee9b4ed6cf4776a9f45dfcc8b14790e8b2912 |
4268416 bytes |