IP Address: 188.214.208.70Previously Malicious
Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network
IP Address:
188.214.208.70
Previously Malicious
This IP address attempted an attack on a machine protected by Guardicore Centra
IP Address |
188.214.208.70 |
|
Domain |
- |
|
ISP |
Digital Cable Systems S.A. |
|
Country |
Romania |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Guardicore Centra |
2017-06-19 |
Last seen in Guardicore Centra |
2017-06-19 |
What is Guardicore CentraGuardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 4 times |
Successful SSH Login |
The file /root/f was downloaded and granted execution privileges |
|
The file /root/f/a was downloaded and granted execution privileges |
Download and Allow Execution |
The file /root/f/hu was downloaded and granted execution privileges |
Download and Allow Execution |
The file /root/f/mass was downloaded and granted execution privileges |
Download and Allow Execution |
The file /root/f/passfile was downloaded and granted execution privileges |
Download and Allow Execution |
The file /root/f/scan.log was downloaded and granted execution privileges |
Download and Allow Execution |
The file /root/f/sparte.txt was downloaded and granted execution privileges |
Download and Allow Execution |
The file /root/f/vuln was downloaded and granted execution privileges |
Download and Allow Execution |
The file /root/f/brute was downloaded and executed |
Download and Execute |
Process /root/f/brute generated outgoing network traffic to: 45.79.0.25:0, 45.79.0.74:0, 45.79.0.35:0, 45.79.0.78:0, 45.79.0.16:0, 45.79.0.27:0, 45.79.0.88:0, 45.79.0.84:0, 45.79.0.18:0, 45.79.0.50:0, 45.79.0.63:0, 45.79.0.39:0, 45.79.0.96:0, 45.79.0.12:0, 45.79.0.52:0, 45.79.0.10:0, 45.79.0.69:0, 45.79.0.14:0, 45.79.0.75:0, 45.79.0.15:0, 45.79.0.13:0, 45.79.0.43:0, 45.79.0.24:0, 45.79.0.22:0, 45.79.0.17:0, 45.79.0.26:0, 45.79.0.85:0, 45.79.0.92:0, 45.79.0.30:0, 45.79.0.90:0, 45.79.0.41:0, 45.79.0.94:0, 45.79.0.79:0, 45.79.0.19:0, 45.79.0.62:0, 45.79.0.97:0, 45.79.0.51:0, 45.79.0.9:0, 45.79.0.57:0, 45.79.0.70:0, 45.79.0.53:0, 45.79.0.81:0, 45.79.0.72:0, 45.79.0.34:0, 45.79.0.83:0, 45.79.0.76:0, 45.79.0.23:0, 45.79.0.36:0, 45.79.0.87:0, 45.79.0.11:0, 45.79.0.21:0, 45.79.0.68:0, 45.79.0.32:0, 45.79.0.33:0, 45.79.0.1:0, 45.79.0.5:0, 45.79.0.42:0, 45.79.0.44:0, 45.79.0.31:0, 45.79.0.67:0, 45.79.0.40:0, 45.79.0.65:0, 45.79.0.100:0, 45.79.0.61:0, 45.79.0.91:0, 45.79.0.56:0, 45.79.0.29:0, 45.79.0.7:0, 45.79.0.54:0, 45.79.0.95:0, 45.79.0.93:0, 45.79.0.8:0, 45.79.0.98:0, 45.79.0.49:0, 45.79.0.73:0, 45.79.0.82:0, 45.79.0.45:0, 45.79.0.77:0, 45.79.0.71:0, 45.79.0.37:0, 45.79.0.47:0, 45.79.0.86:0, 45.79.0.80:0, 45.79.0.58:0, 45.79.0.3:0, 45.79.0.59:0, 45.79.0.20:0, 45.79.0.2:0, 45.79.0.4:0, 45.79.0.89:0, 45.79.0.6:0, 45.79.0.64:0, 45.79.0.60:0, 45.79.0.66:0, 45.79.0.28:0, 45.79.0.55:0, 45.79.0.48:0, 45.79.0.99:0, 45.79.0.38:0 and 45.79.0.46:0 |
Outgoing Connection |
Process /root/f/brute attempted to access suspicious domains: bunkermedia.com.mx, mcarnoldsdigital.com, voztovoice.eu, purecleansesystem.com, ianglertournament.com, guitarlogic.org, bitdotgames.com, bquick.mx, gensuihi.me, commercity.us, ficklepickles.com and noteletapp.com |
Access Suspicious Domain Outgoing Connection |
Process /usr/bin/wget attempted to access suspicious domains: cybernetik.3x.ro 10 times |
Access Suspicious Domain DNS Query |
The file /root/h4epack was downloaded and granted execution privileges |
Download and Allow Execution |
The file /root/cybernetik.3x.ro/1 was downloaded and granted execution privileges |
Download and Allow Execution |
The file /root/cybernetik.3x.ro/go was downloaded and granted execution privileges |
Download and Allow Execution |
The file /root/cybernetik.3x.ro/h4e was downloaded and granted execution privileges |
Download and Allow Execution |
The file /root/cybernetik.3x.ro/petarda was downloaded and granted execution privileges |
Download and Allow Execution |
The file /root/cybernetik.3x.ro/pscan2.cfi was downloaded and granted execution privileges |
Download and Allow Execution |
The file /root/cybernetik.3x.ro/screen was downloaded and granted execution privileges |
Download and Allow Execution |
The file /root/cybernetik.3x.ro/speedtestvps.py was downloaded and granted execution privileges |
Download and Allow Execution |
The file /root/cybernetik.3x.ro/port was downloaded and granted execution privileges |
Download and Allow Execution |
The file /root/cybernetik.3x.ro/pscan2 was downloaded and executed 2 times |
Download and Execute |
The file /root/cybernetik.3x.ro/sshd was downloaded and executed |
Download and Execute |
Process /usr/bin/python2.7 attempted to access domains: stosat-rstn-01.sys.comcast.net, www.speedtest.net, stosat-malt-01.sys.comcast.net and edinburg.speedtest.shentel.net |
DNS Query |
Process /usr/bin/python2.7 attempted to access suspicious domains: sp1.winchesterwireless.net and bigdaddy.wave2net.com |
Access Suspicious Domain DNS Query |
/root/f/passfile was identified as malicious by YARA according to rules: Apt Apt1 |
Malicious File |
/root/cybernetik.3x.ro/pscan2.cfi was identified as malicious by YARA according to rules: Toolkit Thor Hacktools |
Malicious File |
/root/cybernetik.3x.ro/screen was identified as malicious by YARA according to rules: Maldoc Somerules and Toolkit Thor Hacktools |
Malicious File |
/root/f/brute was identified as malicious by YARA according to rules: Malw Pe Sections |
Malicious File |
/root/cybernetik.3x.ro/pscan2 was identified as malicious by YARA according to rules: Malw Miscelanea Linux and Toolkit Thor Hacktools |
Malicious File |
/root/cybernetik.3x.ro/sshd was identified as malicious by YARA according to rules: Malw Miscelanea Linux, Maldoc Somerules and Crypto Signatures |
Malicious File |
/var/tmp/scan/pscan2 |
SHA256: 2ede344e0415193d41b90d3cdfbf8558c307d8b8182464dfe15655ea1f88eab0 |
888972 bytes |
/var/tmp/zone/screen.filepart |
SHA256: 2413af510a75ada34716165992a425b35f62ba1478f63746502afd8a8a156b80 |
249980 bytes |
/var/tmp/sshd.filepart |
SHA256: 3c00611b670b128c1ca6d3c6f0e9522eea385e0670e74a9b2b26325b4e13c864 |
1485768 bytes |
/var/tmp/scan/pscan2.cfi |
SHA256: 1a286986ebbe66abbedcc76ae4e2fd23c2668b076cd9dc79bf53c24961041ab8 |
6027 bytes |
/var/tmp/zone/speedtestvps.py |
SHA256: 02cd63a2e9d2cd538ca5230380ad3668b967955f193ec1090b275baa55315680 |
25312 bytes |
/var/tmp/zone/h4e |
SHA256: e51130d43fa755eb78fed311783b9f82df7f11020af33078e79911f2ef4b78bb |
1524 bytes |
/var/tmp/f/a |
SHA256: e533fddcdfcb02761be082319836c4f24813c6017f3b755d22bbde141deba53e |
53 bytes |
/var/tmp/zone/go |
SHA256: eb2e188412b35c12cc9d809d026ce000faef827d49d751950976c1ffeb20a898 |
1672 bytes |
IP Address: 188.214.208.70Previously Malicious