IP Address: 192.42.116.18Malicious
Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network
IP Address:
192.42.116.18
Malicious
This IP address attempted an attack on a machine protected by Guardicore Centra
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
|
Associated Attack Servers |
your-server.de ip-51-81-245.us ip-37-59-45.eu ip-147-135-37.us ip-139-99-62.net ip-37-59-44.eu ip-158-69-25.net ip-37-59-55.eu ip-139-99-120.net ip-37-59-43.eu 37.59.45.174 176.9.53.68 158.69.25.77 88.99.193.240 94.130.165.87 37.59.44.93 51.81.245.40 139.99.120.50 139.99.62.196 158.69.25.62 94.130.165.85 147.135.37.31 37.59.55.60 37.59.43.136 158.69.25.71 |
IP Address |
192.42.116.18 |
|
Domain |
- |
|
ISP |
SURFnet |
|
Country |
Netherlands |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Guardicore Centra |
2018-06-10 |
Last seen in Guardicore Centra |
2021-02-22 |
What is Guardicore CentraGuardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
History File Tampering detected from /bin/bash |
Log Tampering |
A possibly malicious Networking Operation was detected 2 times |
Protect File Networking Operation |
/root/.system/ls was downloaded |
Download File |
/root/.system/lsof was downloaded |
Download File |
/root/.system/netstat was downloaded |
Download File |
/root/.system/ps was downloaded |
Download File |
/root/.system/pstree was downloaded |
Download File |
/root/.system/ss was downloaded |
Download File |
/root/.system/top was downloaded |
Download File |
/usr/bin/.yam was downloaded |
Download File |
A possibly malicious Protect File was detected 2 times |
Protect File Networking Operation |
The file /usr/bin/.main was downloaded and executed 6 times |
Download and Execute |
The file /usr/bin/.xmrig was downloaded and executed 5 times |
Download and Execute |
Process /usr/bin/.xmrig generated outgoing network traffic to: 185.206.146.35:4444 |
Outgoing Connection |
Connection was closed due to timeout |
|
/root/.system/lsof was identified as malicious by YARA according to rules: Javascript Exploit And Obfuscation and 000 Common Rules |
Malicious File |
/usr/bin/.main was identified as malicious by YARA according to rules: 000 Common Rules |
Malicious File |
/root/.system/top was identified as malicious by YARA according to rules: Javascript Exploit And Obfuscation and 000 Common Rules |
Malicious File |
/usr/bin/.xmrig was identified as malicious by YARA according to rules: Malw Xmrig Miner, Crypto Signatures and 000 Common Rules |
Malicious File |
/root/.system/netstat was identified as malicious by YARA according to rules: Javascript Exploit And Obfuscation and 000 Common Rules |
Malicious File |
/root/.system/ss was identified as malicious by YARA according to rules: Javascript Exploit And Obfuscation and 000 Common Rules |
Malicious File |
/root/.system/ls was identified as malicious by YARA according to rules: Javascript Exploit And Obfuscation and 000 Common Rules |
Malicious File |
/root/.system/ps was identified as malicious by YARA according to rules: Javascript Exploit And Obfuscation and 000 Common Rules |
Malicious File |
/root/.system/pstree was identified as malicious by YARA according to rules: Javascript Exploit And Obfuscation and 000 Common Rules |
Malicious File |
/bin/zz3b3fqk3ucgnmny2v6t0ry3k4 |
SHA256: e374a7ad447d2cf791ecae122894a51ba723901ea132e7fa16cd47c44e4a1769 |
512 bytes |
/bin/dhpcd |
SHA256: c0f64dede8861cb842434ca972bc0764d7c98d76ceeef8798e5344e149f549da |
379416 bytes |
/bin/dhpcd |
SHA256: d4ab6af784689fb3e0f4a82a5d4c67af6791708d7f3a139db1bdb665aa3f8e88 |
1514000 bytes |
IP Address: 192.42.116.18Malicious