IP Address: 192.160.102.168Previously Malicious
Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network
IP Address:
192.160.102.168
Previously Malicious
This IP address attempted an attack on a machine protected by Guardicore Centra
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Log Tampering SCP Scheduled Task Creation Download and Execute Download File SSH Successful SSH Login Networking Operation Protect File Outgoing Connection 24 Shell Commands |
Associated Attack Servers |
ip-37-187-154.eu ip-37-59-45.eu ip-139-99-120.net ip-158-69-25.net gmpsfqrlquaokfl5.onion.to your-server.de w4gfzjunvynjhpj6.onion.link 139.99.120.50 192.36.27.5 103.198.0.2 37.59.45.174 185.206.146.35 185.100.85.150 37.187.154.79 176.9.53.68 93.184.216.34 88.99.242.92 158.69.25.71 |
IP Address |
192.160.102.168 |
|
Domain |
- |
|
ISP |
Hextet Systems |
|
Country |
Canada |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Guardicore Centra |
2017-06-20 |
Last seen in Guardicore Centra |
2020-04-01 |
What is Guardicore CentraGuardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
History File Tampering detected from /bin/bash |
Log Tampering |
A possibly malicious Networking Operation was detected 2 times |
Networking Operation Protect File |
The file /tmp/pinger was downloaded and executed 6 times |
Download and Execute |
/root/.system/ls was downloaded |
Download File |
/root/.system/lsof was downloaded |
Download File |
/root/.system/netstat was downloaded |
Download File |
/root/.system/ps was downloaded |
Download File |
/root/.system/pstree was downloaded |
Download File |
/root/.system/ss was downloaded |
Download File |
/root/.system/top was downloaded |
Download File |
/usr/bin/.yam was downloaded |
Download File |
A possibly malicious Protect File was detected 2 times |
Networking Operation Protect File |
The file /usr/bin/.main was downloaded and executed 6 times |
Download and Execute |
The file /usr/bin/.xmrig was downloaded and executed 9 times |
Download and Execute |
Process /usr/bin/.xmrig generated outgoing network traffic to: 185.206.146.35:4444 |
Outgoing Connection |
Connection was closed due to timeout |
|
/bin/zz3b3fqk3ucgnmny2v6t0ry3k4 |
SHA256: e374a7ad447d2cf791ecae122894a51ba723901ea132e7fa16cd47c44e4a1769 |
512 bytes |
/bin/dhpcd |
SHA256: c0f64dede8861cb842434ca972bc0764d7c98d76ceeef8798e5344e149f549da |
379416 bytes |
/tmp/pinger |
SHA256: bc56a689943679c7018b38b0349fb4bd9f9c957328949aed0d5a370dc12620c7 |
2146144 bytes |
/root/.system/top |
SHA256: a518beea171accec8553b02414e1ffba0b49b0592d58f406efc24ccf79cab873 |
1321504 bytes |
/bin/dhpcd |
SHA256: 66075f2bce413321d558e8febf4a1c22dfec0f6579f18b1be3b46d7853759388 |
1514000 bytes |
/usr/bin/.xmrig |
SHA256: 021cc0fbd05cbfb39dc6908978a5bcf3ab78877ef92a7a37d9fb67fddcb4a69b |
1951160 bytes |
/usr/bin/.main |
SHA256: a48c36ee9ee8011c29124fc4810f9054501f23f86f65e2dc914c94de529ef416 |
1434816 bytes |
/tmp/3OjDwN9995 |
SHA256: e83e31dc4668df3f5579d0378f7dce17f6fae85a261b05912803348f5cbf0dfe |
4390176 bytes |
/tmp/VnmKYuu2VqMrL |
SHA256: 5a8fdd61593c064737130296ec0985a115201dd8dfff12dada88f16025ba53bb |
4394272 bytes |
/tmp/udAOHuaZAs0 |
SHA256: fe30c359b1cba0d134b052b3985b3670c15bd36807ff4381ff5d5d112fb1a02e |
4390176 bytes |
IP Address: 192.160.102.168Previously Malicious