IP Address: 197.231.221.211Previously Malicious
Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network
IP Address:
197.231.221.211
Previously Malicious
This IP address attempted an attack on a machine protected by Guardicore Centra
IP Address |
197.231.221.211 |
|
Domain |
- |
|
ISP |
Cyberdyne |
|
Country |
Liberia |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Guardicore Centra |
2017-04-23 |
Last seen in Guardicore Centra |
2019-06-06 |
What is Guardicore CentraGuardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
History File Tampering detected from /bin/bash |
Log Tampering |
A possibly malicious Networking Operation was detected 2 times |
Networking Operation Protect File |
The file /tmp/pinger was downloaded and executed 5 times |
Download and Execute |
/tmp/pinger was identified as malicious by YARA according to rules: 000 Common Rules |
Malicious File |
/root/.system/ls was downloaded |
Download File |
/root/.system/lsof was downloaded |
Download File |
/root/.system/netstat was downloaded |
Download File |
/root/.system/ps was downloaded |
Download File |
/root/.system/pstree was downloaded |
Download File |
/root/.system/ss was downloaded |
Download File |
/root/.system/top was downloaded |
Download File |
/usr/bin/.yam was downloaded |
Download File |
A possibly malicious Protect File was detected 2 times |
Networking Operation Protect File |
The file /usr/bin/.main was downloaded and executed 5 times |
Download and Execute |
The file /usr/bin/.xmrig was downloaded and executed 7 times |
Download and Execute |
Process /usr/bin/.xmrig generated outgoing network traffic to: 185.206.146.35:4444 |
Outgoing Connection |
Connection was closed due to timeout |
|
/root/.system/lsof was identified as malicious by YARA according to rules: Javascript Exploit And Obfuscation and 000 Common Rules |
Malicious File |
/usr/bin/.main was identified as malicious by YARA according to rules: 000 Common Rules |
Malicious File |
/root/.system/top was identified as malicious by YARA according to rules: Javascript Exploit And Obfuscation and 000 Common Rules |
Malicious File |
/usr/bin/.xmrig was identified as malicious by YARA according to rules: Malw Xmrig Miner, Crypto Signatures and 000 Common Rules |
Malicious File |
/root/.system/netstat was identified as malicious by YARA according to rules: Javascript Exploit And Obfuscation and 000 Common Rules |
Malicious File |
/root/.system/ss was identified as malicious by YARA according to rules: Javascript Exploit And Obfuscation and 000 Common Rules |
Malicious File |
/root/.system/ls was identified as malicious by YARA according to rules: Javascript Exploit And Obfuscation and 000 Common Rules |
Malicious File |
/root/.system/ps was identified as malicious by YARA according to rules: Javascript Exploit And Obfuscation and 000 Common Rules |
Malicious File |
/root/.system/pstree was identified as malicious by YARA according to rules: Javascript Exploit And Obfuscation and 000 Common Rules |
Malicious File |
/bin/zz3b3fqk3ucgnmny2v6t0ry3k4 |
SHA256: e374a7ad447d2cf791ecae122894a51ba723901ea132e7fa16cd47c44e4a1769 |
512 bytes |
/bin/dhpcd |
SHA256: c0f64dede8861cb842434ca972bc0764d7c98d76ceeef8798e5344e149f549da |
379416 bytes |
/bin/dhpcd |
SHA256: eb808932714c9533962e129e61d84c29536497e62b2a7d89dce3376d882c6965 |
1514000 bytes |
/bin/dhpcd |
SHA256: 0bc7085f2c24577389c8605b778a6ba9f2eefbb7bf7d1c017a8ce42ec6c92f0e |
1514000 bytes |
/tmp/pinger |
SHA256: bc56a689943679c7018b38b0349fb4bd9f9c957328949aed0d5a370dc12620c7 |
2146144 bytes |
/root/.system/top |
SHA256: a518beea171accec8553b02414e1ffba0b49b0592d58f406efc24ccf79cab873 |
1321504 bytes |
/bin/dhpcd |
SHA256: b18a947b334cece251507f07ab9cb4f36805788fb8c80a169af0a9ccd9bd1aa7 |
379416 bytes |
/bin/dhpcd |
SHA256: 66075f2bce413321d558e8febf4a1c22dfec0f6579f18b1be3b46d7853759388 |
1514000 bytes |
/usr/bin/.xmrig |
SHA256: 021cc0fbd05cbfb39dc6908978a5bcf3ab78877ef92a7a37d9fb67fddcb4a69b |
1951160 bytes |
/usr/bin/.main |
SHA256: a48c36ee9ee8011c29124fc4810f9054501f23f86f65e2dc914c94de529ef416 |
1434816 bytes |
/usr/bin/.xmrig |
SHA256: bd14bc3cfd9528e4a7583ab39aecc876250333e1e0faab83781584bb7f65e3eb |
1844640 bytes |
/usr/bin/.main |
SHA256: 9f8361f6f0baeca8504d88eac23575ad8aaac3639f692e5df6d5dbf6af31d811 |
1458912 bytes |
/tmp/5VPWXnWXNhvdM |
SHA256: 1ce286ec04f79007ae9841fbf1c078cd2d935496137e32aa8190a2bf9b278d5e |
4633216 bytes |
/usr/bin/.yam |
SHA256: 3e73b0e7646dcd4d0f335a229eebd99509124e5539eeb20c0427e18c89754bd7 |
4494072 bytes |
/usr/bin/.xmrig |
SHA256: 964fbc60adaa6d5e4ddd0857a3744f8189f46ce74e4c7362a23e24cf44fee79f |
488200 bytes |
/tmp/3H60TZX9 |
SHA256: c04cf76066fa0829b41835ba4e27602eb5cb7a30a906aed90b3c2bf6f1d8394a |
4390176 bytes |
/tmp/hOotmiqox1Dg4E0 |
SHA256: 96c27eb77097b768ab406e673c8a059d9891be0f8418ab194094c3e8ecab8dcd |
4390176 bytes |
/tmp/tGCMZuUP5P |
SHA256: d8eaaa9d27bea2edcfe06e1f6616e7f8ef66f59f46f387dfbb638303ce05afd4 |
4633216 bytes |
/tmp/jHWfGDzo3wZddC |
SHA256: 5f2baf348e9774e544f67d17f9cd62f0f5232dcb5e5fd6e299c3fc508f7dd16f |
4633216 bytes |
/tmp/DsSw1dOYkoWnP |
SHA256: 7a4a98d419ded30c9d77c71e9f7de020763a2810cc434d46f03627feae500dbf |
4633216 bytes |
/tmp/T5QK3zI8dx9UEx |
SHA256: dc6d8f227f6dd7b4203345b63d2e431413b514031d11973e59c789f4b335b240 |
4633216 bytes |
/tmp/stcp |
SHA256: 364f91b7edc0d2c120ce3bffb4992b3f0c3f3473432ef9dc2cbb9b5d09ab428c |
4406080 bytes |
/tmp/tcp |
SHA256: b1834cb9847ce03f6b087249dccab32cd58022dc9424a6de58c0196dd9c0a49e |
6263064 bytes |
IP Address: 197.231.221.211Previously Malicious