IP Address: 185.220.101.34Malicious
Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network
IP Address:
185.220.101.34
Malicious
This IP address attempted an attack on a machine protected by Guardicore Centra
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Networking Operation Download File 24 Shell Commands SCP Scheduled Task Creation Download and Execute Malicious File SSH Successful SSH Login Protect File Outgoing Connection |
Associated Attack Servers |
ip-37-187-154.eu ca.minexmr.com ip-66-70-238.net ip-37-59-45.eu ip-139-99-120.net sg.minexmr.com pool.minexmr.com ip-158-69-25.net infoo-services.be ip-37-59-43.eu fr.minexmr.com your-server.de de.minexmr.com 78.46.91.134 94.156.189.41 37.59.43.131 139.99.120.50 158.69.25.62 37.59.45.174 185.206.146.35 139.99.120.73 37.187.154.79 66.70.238.157 78.46.89.102 158.69.25.71 |
IP Address |
185.220.101.34 |
|
Domain |
- |
|
ISP |
Zwiebelfreunde e.V. |
|
Country |
Germany |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Guardicore Centra |
2018-05-21 |
Last seen in Guardicore Centra |
2020-10-13 |
What is Guardicore CentraGuardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A possibly malicious Networking Operation was detected 2 times |
Networking Operation Protect File |
The file /tmp/pinger was downloaded and executed 8 times |
Download and Execute |
/tmp/pinger was identified as malicious by YARA according to rules: 000 Common Rules |
Malicious File |
/root/.system/ls was downloaded |
Download File |
/root/.system/lsof was downloaded |
Download File |
/root/.system/netstat was downloaded |
Download File |
/root/.system/ps was downloaded |
Download File |
/root/.system/pstree was downloaded |
Download File |
/root/.system/ss was downloaded |
Download File |
/root/.system/top was downloaded |
Download File |
/usr/bin/.yam was downloaded |
Download File |
A possibly malicious Protect File was detected 2 times |
Networking Operation Protect File |
The file /usr/bin/.main was downloaded and executed 6 times |
Download and Execute |
The file /usr/bin/.xmrig was downloaded and executed 8 times |
Download and Execute |
Process /usr/bin/.xmrig generated outgoing network traffic to: 185.206.146.35:4444 |
Outgoing Connection |
Connection was closed due to timeout |
|
/root/.system/top was identified as malicious by YARA according to rules: Javascript Exploit And Obfuscation and 000 Common Rules |
Malicious File |
/usr/bin/.xmrig was identified as malicious by YARA according to rules: Malw Xmrig Miner, Crypto Signatures and 000 Common Rules |
Malicious File |
/usr/bin/.main was identified as malicious by YARA according to rules: Malw Xmrig Miner and 000 Common Rules |
Malicious File |
/root/.system/netstat was identified as malicious by YARA according to rules: Javascript Exploit And Obfuscation and 000 Common Rules |
Malicious File |
/root/.system/lsof was identified as malicious by YARA according to rules: Javascript Exploit And Obfuscation and 000 Common Rules |
Malicious File |
/root/.system/ss was identified as malicious by YARA according to rules: Javascript Exploit And Obfuscation and 000 Common Rules |
Malicious File |
/root/.system/ls was identified as malicious by YARA according to rules: Javascript Exploit And Obfuscation and 000 Common Rules |
Malicious File |
/root/.system/ps was identified as malicious by YARA according to rules: Javascript Exploit And Obfuscation and 000 Common Rules |
Malicious File |
/root/.system/pstree was identified as malicious by YARA according to rules: Javascript Exploit And Obfuscation and 000 Common Rules |
Malicious File |
/bin/zz3b3fqk3ucgnmny2v6t0ry3k4 |
SHA256: e374a7ad447d2cf791ecae122894a51ba723901ea132e7fa16cd47c44e4a1769 |
512 bytes |
/bin/dhpcd |
SHA256: c0f64dede8861cb842434ca972bc0764d7c98d76ceeef8798e5344e149f549da |
379416 bytes |
/bin/dhpcd |
SHA256: eb808932714c9533962e129e61d84c29536497e62b2a7d89dce3376d882c6965 |
1514000 bytes |
/tmp/pinger |
SHA256: bc56a689943679c7018b38b0349fb4bd9f9c957328949aed0d5a370dc12620c7 |
2146144 bytes |
/root/.system/top |
SHA256: a518beea171accec8553b02414e1ffba0b49b0592d58f406efc24ccf79cab873 |
1321504 bytes |
/usr/bin/.xmrig |
SHA256: 021cc0fbd05cbfb39dc6908978a5bcf3ab78877ef92a7a37d9fb67fddcb4a69b |
1951160 bytes |
/usr/bin/.xmrig |
SHA256: bd14bc3cfd9528e4a7583ab39aecc876250333e1e0faab83781584bb7f65e3eb |
1844640 bytes |
/usr/bin/.main |
SHA256: 9f8361f6f0baeca8504d88eac23575ad8aaac3639f692e5df6d5dbf6af31d811 |
1458912 bytes |
/bin/dhpcd |
SHA256: 0adad2183f16932e6b0d8db6b2a4cab22d5882788381942c91ae5e525c783fc2 |
1362248 bytes |
IP Address: 185.220.101.34Malicious