IP Address: 178.128.249.60Previously Malicious

Weekly Summary

Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network

Top Threats

Cyber Threat Intelligence

Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed

IP Address:
178.128.249.60​
Previously Malicious

This IP address attempted an attack on a machine protected by Guardicore Centra

Threat Information

Role

Attacker

Services Targeted

HTTP

Tags

IDS - Web Application Attack Inbound HTTP Request HTTP Download and Execute Access Suspicious Domain Download File Download and Allow Execution Outgoing Connection

Connect Back Servers

ip-91-121-50.eu hostwindsdns.com

52.232.33.74 13.93.93.231 52.173.242.8 13.94.200.48 104.46.40.157 104.168.140.207 52.186.127.89 137.116.195.72 13.92.99.153 40.68.244.223 13.93.93.21 13.69.86.194 52.166.72.240 167.99.195.48 13.82.52.9 40.121.222.121 13.73.167.164 40.71.213.194 40.68.42.232 40.68.37.80 52.174.17.41 91.121.50.19 40.76.38.75 13.73.166.169 52.173.137.29 13.90.251.147 13.81.59.79 13.82.182.9 40.68.167.82 52.178.106.195

Basic Information

IP Address

178.128.249.60

Domain

-

ISP

Digital Ocean

Country

Greece

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Guardicore Centra

2019-04-01

Last seen in Guardicore Centra

2019-04-21

What is Guardicore Centra
Guardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

Process /usr/bin/wget generated outgoing network traffic to: 91.121.50.19:80 3 times

Outgoing Connection

Process /usr/bin/wget attempted to access suspicious domains: ip-91-121-50.eu 3 times

Access Suspicious Domain Outgoing Connection

The file /tmp/mysql.sock.lock was downloaded and granted execution privileges

The file /tmp/yarn was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/Unstable.sh was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/un5.x86 was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/un5t48l3 was downloaded and executed

Download and Execute

IDS detected Web Application Attack : 401TRG Generic Webshell Request - POST with wget in body

IDS - Web Application Attack

Connection was closed due to user inactivity

Associated Files

/tmp/yarn

SHA256: d3ed55a98a72130f3b770157c4632c58b53a4c0cf39ad241ea7fdeb85e219358

2423 bytes

/tmp/g0dm0d333.x86

SHA256: f357c0bd2f247be3072361dd97c8e87425816792eced976be24f8b3aed23f4cd

30008 bytes

/tmp/un5t48l3

SHA256: 2fef9b6c0fd93ab929c7587b83c738ea73b8b1ef53f29998254bbb7c5db2a194

64452 bytes

/tmp/yarn

SHA256: 405a6c3b33ff0a1a274b2bec4ef6244ed7943d834f274a2b4790cc9c9309fadb

2473 bytes

/tmp/update_modules.x86

SHA256: 4c02a4232022e8ea2477c3dbedbf15dea50fa5c6b1f54571c72c26b26599f158

29944 bytes

/tmp/un5t48l3

SHA256: eb812e39471ff1b58144452b80ef2f4152f7afdc6ed7506e2bb732adce260f70

64356 bytes

/tmp/yarn

SHA256: 43fac116ed2aca65d8cb790718628cfab624e5e937fb1d3d1a6ff059b54d4c16

3043 bytes

/tmp/update_12e3d2d2qqwq_modules.x86

SHA256: c532a79dd78230d88413d86ae9abfeefcb70f0b045c1638bdf8737ac0f022bd2

29944 bytes

/tmp/unstable

SHA256: e544878f9a9fcb64de2e6e30c167e47e4a0c3ea89644d68b5bebfbcd09280b36

64356 bytes

/tmp/Unstable.sh

SHA256: c50c265f190859c44fafe42f32c05fdb9fd5c4111a4bbd9a0a3822438b81b41e

1873 bytes

/tmp/Unstable.sh

SHA256: 6ee9c8b5d67a062f2ad90972e7902f46568e8acdfcb0de76b8947a61702e08f3

1883 bytes

/tmp/un5.x86

SHA256: 800379da9608fd3cb01f47970600baebbfa2e20efdb2a0c56a493e85388edc3d

19646 bytes

/tmp/un5.x86

SHA256: fd27d4152683434925200fb00e43123e1a20a149f8c5fbf906564621e13479ee

29896 bytes

/tmp/update_modules.x86

SHA256: 919540c03f30d762cc4ab456462672b50f7924010ee7464355e71c055e349fcc

11679 bytes

/tmp/Unstable.sh

SHA256: fb6c8e3c354f5498b1efbfb9f869853223030263dd386ef56bfb1a395fc44c35

2053 bytes

/tmp/unstable.x86

SHA256: e3c17e333e7733ca34c015b05e6a0c1ebc6e6f346206623ede9d853fd3f2fc2d

29556 bytes

/tmp/un5.x86

SHA256: 4313a91172049ee9ba4df706d8787bc490058b8343b827f3ebf6f96903a26868

29888 bytes

Oops! - Do you see your IP here? Contact us at labs@guardicore.com to remove it from the Threat Intelligence data.

IP Address: 178.128.249.60​Previously Malicious