Cyber Threat Intelligence

Discover malicious IPs and domains with Akamai Guardicore Segmentation

IP Address: 15.164.208.24Previously Malicious

IP Address: 15.164.208.24Previously Malicious

This IP address attempted an attack on a machine in our threat sensors network

Threat Information

Role

Attacker, Scanner

Services Targeted

SSH

Tags

2 Shell Commands Download Operation Successful SSH Login Scheduled Task Creation SSH Download and Execute Outgoing Connection

Associated Attack Servers

92.207.203.157

Basic Information

IP Address

15.164.208.24

Domain

-

ISP

Amazon.com

Country

Korea, Republic of

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Akamai Guardicore Segmentation

2022-06-29

Last seen in Akamai Guardicore Segmentation

2022-06-30

What is Akamai Guardicore Segmentation
Akamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List

Successful SSH Login

A possibly malicious Download Operation was detected 4 times

Download Operation

Process /usr/bin/wget generated outgoing network traffic to: 92.207.203.157:80 2 times

Outgoing Connection

Process /usr/bin/wget generated outgoing network traffic to: 92.207.203.157:80 4 times

Outgoing Connection

Process /usr/local/bin/dash generated outgoing network traffic to: 92.207.203.157:80

Outgoing Connection

Process /usr/local/bin/dash generated outgoing network traffic to: 92.207.203.157:80

Outgoing Connection

Process /usr/bin/wget generated outgoing network traffic to: 92.207.203.157:80 4 times

Outgoing Connection

The file /root/pty was downloaded and executed 17 times

Download and Execute

The file /root/irq1 was downloaded and granted execution privileges

Process /usr/bin/wget generated outgoing network traffic to: 92.207.203.157:80

Outgoing Connection

The file /root/irq2 was downloaded and granted execution privileges

Process /usr/local/bin/dash generated outgoing network traffic to: 92.207.203.157:80

Outgoing Connection

The file /var/tmp/pty was downloaded and granted execution privileges

Connection was closed due to timeout