Cyber Threat Intelligence

Discover malicious IPs and domains with Akamai Guardicore Segmentation

IP Address: 154.223.167.114Previously Malicious

IP Address: 154.223.167.114Previously Malicious

This IP address attempted an attack on a machine in our threat sensors network

Threat Information

Role

Attacker, Scanner

Services Targeted

SSH

Tags

Access Suspicious Domain IDS - A Network Trojan was detected Outgoing Connection HTTP Download File Successful SSH Login SSH Download Operation

Associated Attack Servers

130.83.42.12 182.52.51.215 182.53.197.62

Basic Information

IP Address

154.223.167.114

Domain

-

ISP

CloudInnovation infrastructure

Country

Hong Kong

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Akamai Guardicore Segmentation

2020-12-12

Last seen in Akamai Guardicore Segmentation

2021-06-22

What is Akamai Guardicore Segmentation
Akamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

A user logged in using SSH with the following credentials: root / ********** - Authentication policy: White List

Successful SSH Login

A user logged in using SSH with the following credentials: root / ********** - Authentication policy: Correct Password 2 times

Successful SSH Login

A possibly malicious Download Operation was detected 3 times

Download Operation

Process /bin/bash generated outgoing network traffic to: 182.53.197.62:80 3 times

Outgoing Connection

Process /bin/bash attempted to access suspicious domains: totinternet.net 3 times

Access Suspicious Domain Outgoing Connection

/root/23s.1 was downloaded

Download File

/root/23s.2 was downloaded

Download File

The file /root/23s was downloaded and granted execution privileges

IDS detected A Network Trojan was detected : Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)

IDS - A Network Trojan was detected

Connection was closed due to user inactivity