IP Address: 202.70.66.227Previously Malicious
IP Address: 202.70.66.227Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
MSSQL SMB |
Tags |
Service Creation Access Suspicious Domain Inbound HTTP Request File Operation By CMD SMB CMD Service Start Download File SMB Null Session Login IDS - Potential Corporate Privacy Violation DNS Query SMB Share Connect PowerShell Service Deletion Listening MSSQL System File Modification Service Stop Download and Execute Scheduled Task Creation |
Associated Attack Servers |
- |
IP Address |
202.70.66.227 |
|
Domain |
- |
|
ISP |
Nepal Telecom |
|
Country |
Nepal |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2017-01-07 |
Last seen in Akamai Guardicore Segmentation |
2021-10-05 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
The file C:\Windows\fuugEofJ.exe was downloaded and executed |
Download and Execute |
c:\windows\system32\services.exe installed and started %systemroot%\fuugeofj.exe as a service named DZuP under service group None |
Service Start Service Creation |
IDS detected Potential Corporate Privacy Violation : Cryptocurrency Miner Checkin M2 |
IDS - Potential Corporate Privacy Violation |
The file C:\Windows\WGbxyRZg.exe was downloaded and executed |
Download and Execute |
c:\windows\system32\services.exe installed and started %systemroot%\wgbxyrzg.exe as a service named CPNM under service group None |
Service Start Service Creation |
C:\Windows\temp\tmp.vbs was downloaded |
Download File |
Service CPNM was stopped |
Service Stop |
Process netsvcs Service Group started listening on ports: 65529 |
Listening |
Process c:\windows\syswow64\windowspowershell\v1.0\powershell.exe attempted to access suspicious domains: t.amynx.com 2 times |
DNS Query Access Suspicious Domain |
The command line C:\Windows\Hpgf.exe was scheduled to run by modifying C:\Windows\System32\Tasks\Hpgf |
|
The command line c:\windows\tHFKuMxz.exe was scheduled to run by modifying C:\Windows\System32\Tasks\CfuPDuC |
|
The file C:\Windows\vaaKBLZd.exe was downloaded and executed |
Download and Execute |
c:\windows\system32\services.exe installed and started %systemroot%\vaakblzd.exe as a service named zTRc under service group None |
Service Start Service Creation |
System file C:\Windows\AppCompat\Programs\Amcache.hve was modified |
System File Modification |
The file C:\Windows\vSwPcBQk.exe was downloaded and executed |
Download and Execute |
c:\windows\system32\services.exe installed and started %systemroot%\vswpcbqk.exe as a service named PzqA under service group None |
Service Start Service Creation |
Service PzqA was stopped |
Service Stop |
Process NetworkService Service Group attempted to access suspicious domains: t.amynx.com |
DNS Query Access Suspicious Domain |
The command line c:\windows\tHFKuMxz.exe was scheduled to run by modifying C:\Windows\System32\Tasks\iTwd |
|
C:\Windows\wQWDhLbt.exe was downloaded |
Download File |
C:\Windows\nuKWtgBO.exe was downloaded |
Download File |
Connection was closed due to timeout |
|