IP Address: 185.145.253.66Previously Malicious
Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network
IP Address:
185.145.253.66
Previously Malicious
This IP address attempted an attack on a machine protected by Guardicore Centra
Role |
Attacker, Scanner |
Services Targeted |
- SCP SSH |
Tags |
Successful SSH Login Download and Allow Execution Download and Execute Malicious File Outgoing Connection Access Suspicious Domain DNS Query 1 Shell Commands SSH Download Operation |
Associated Attack Servers |
ip-46-105-103.eu ptr1.ru ip-37-59-55.eu ip-91-121-2.eu ip-37-59-54.eu wp.startreceive.tk pool.minexmr.com ip-188-165-254.eu ip-37-59-56.eu ip-91-121-87.eu your-server.de 78.46.91.134 37.59.55.60 46.105.103.169 37.59.56.102 94.130.206.79 37.59.54.205 91.121.2.76 178.63.48.196 91.121.87.10 185.212.128.154 188.165.254.85 78.46.89.102 |
IP Address |
185.145.253.66 |
|
Domain |
- |
|
ISP |
L.r Smart Solutions Ltd |
|
Country |
Israel |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Guardicore Centra |
2018-04-01 |
Last seen in Guardicore Centra |
2018-04-15 |
What is Guardicore CentraGuardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
Process /usr/bin/wget attempted to access suspicious domains: wp.startreceive.tk and ptr1.ru 2 times |
Access Suspicious Domain Outgoing Connection DNS Query |
Process /usr/bin/wget generated outgoing network traffic to: 185.212.128.154:80 2 times |
Outgoing Connection |
The file /tmp/config.json was downloaded and granted execution privileges |
Download and Allow Execution |
The file /tmp/xm111 was downloaded and executed 7 times |
Download and Execute |
Process /tmp/xm111 attempted to access domains: pool.minexmr.com |
DNS Query |
Process /tmp/xm111 generated outgoing network traffic to: 46.105.103.169:5555 |
Outgoing Connection |
Process /tmp/xm111 attempted to access suspicious domains: ip-46-105-103.eu |
Access Suspicious Domain Outgoing Connection DNS Query |
Connection was closed due to timeout |
|
/tmp/xm111 was identified as malicious by YARA according to rules: Crypto Signatures |
Malicious File |
/tmp/xm111 |
SHA256: b070d06a3615f3db67ad3beab43d6d21f3c88026aa2b4726a93df47145cd30ec |
1762784 bytes |
/tmp/r2r2-a |
SHA256: 09fa626ac488bca48d94c9774d6ae37d9d1d52256c807b6341f0a08bdd722abf |
5294812 bytes |
/tmp/push.sh |
SHA256: 80f82c1d452fc9df931664210f7e9d09728b73f1d179d2ee7584c0563ca83c43 |
568 bytes |
IP Address: 185.145.253.66Previously Malicious