IP Address: 209.141.33.169Previously Malicious

Weekly Summary

Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network

Top Threats

Cyber Threat Intelligence

Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed

IP Address:
209.141.33.169​
Previously Malicious

This IP address attempted an attack on a machine protected by Guardicore Centra

Threat Information

Role

Attacker, Scanner

Services Targeted

HadoopYARN

Tags

HTTP HadoopYARN Malicious File IDS - Web Application Attack Outgoing Connection Download and Allow Execution Download and Execute Download File Inbound HTTP Request

Associated Attack Servers

52.174.53.10 13.90.97.22 40.68.97.216 13.82.25.160 40.71.214.242 40.117.44.182 52.174.17.41 13.93.93.21 52.168.38.28 52.179.125.15 52.170.222.140 13.92.238.45 40.71.229.210 13.69.86.194 52.168.150.12 13.90.100.161 191.237.42.69 13.81.60.184 40.71.178.15 40.87.60.178 52.232.126.80 52.166.59.19 23.101.137.184 159.65.227.17 104.45.159.91 13.73.160.230 104.46.40.157 13.82.52.118 52.170.211.178 13.73.160.135

Basic Information

IP Address

209.141.33.169

Domain

-

ISP

FranTech Solutions

Country

United States

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Guardicore Centra

2018-09-30

Last seen in Guardicore Centra

2018-10-18

What is Guardicore Centra
Guardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

Process /usr/bin/wget generated outgoing network traffic to: 159.65.227.17:80 13 times

Outgoing Connection

The file /tmp/flex was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/Lucy.mips was downloaded and granted execution privileges

Download and Allow Execution

/tmp/Lucy.mips was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

IDS detected Web Application Attack : 401TRG Generic Webshell Request - POST with wget in body

IDS - Web Application Attack

The file /tmp/Lucy.mpsl was downloaded and granted execution privileges

Download and Allow Execution

/tmp/Lucy.mpsl was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

Process /bin/bash generated outgoing network traffic to: 159.65.227.17:80 2 times

Outgoing Connection

The file /tmp/Lucy.sh4 was downloaded and granted execution privileges

Download and Allow Execution

/tmp/Lucy.sh4 was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/Lucy.x86 was downloaded and executed 2 times

Download and Execute

The file /tmp/Lucy.arm6 was downloaded and granted execution privileges

Download and Allow Execution

/tmp/Lucy.arm6 was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/Lucy.i686 was downloaded and executed 2 times

Download and Execute

The file /tmp/Lucy.ppc was downloaded and granted execution privileges

Download and Allow Execution

/tmp/Lucy.ppc was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

Process /tmp/Lucy.i586 generated outgoing network traffic to: 159.65.227.17:64

Outgoing Connection

The file /tmp/Lucy.i586 was downloaded and executed 3 times

Download and Execute

The file /tmp/Lucy.m68k was downloaded and granted execution privileges

Download and Allow Execution

/tmp/Lucy.m68k was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/Lucy.sparc was downloaded and granted execution privileges

Download and Allow Execution

/tmp/Lucy.sparc was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/Lucy.arm4 was downloaded and granted execution privileges

Download and Allow Execution

/tmp/Lucy.arm4 was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/Lucy.arm5 was downloaded and granted execution privileges

Download and Allow Execution

/tmp/Lucy.arm5 was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/Lucy.arm7 was downloaded and granted execution privileges

Download and Allow Execution

/tmp/Lucy.arm7 was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

/tmp/Lucy.i586 was identified as malicious by YARA according to rules: Maldoc Somerules and 000 Common Rules

Malicious File

Connection was closed due to timeout

/tmp/Lucy.x86 was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

/tmp/Lucy.i686 was identified as malicious by YARA according to rules: Maldoc Somerules and 000 Common Rules

Malicious File

Associated Files

/tmp/flex

SHA256: b5c2bcc106efd616449f785c9eafcc3b568e855025c888986c1e8ce481a5190c

2064 bytes

/tmp/Lucy.mips

SHA256: c983131e6954e202ec2a0aad92d67bf73c0d055bddafbca255375d7adaed69c0

108770 bytes

/tmp/Lucy.mpsl

SHA256: 4ae3741900427d9d5bcec47f3bbb5349f0305dcbff3b121612f4bc737ac6f39a

108770 bytes

/tmp/Lucy.sh4

SHA256: efbb556598b0514a26734831f1fdd51d0075f1d771d4444f8178345d36f8fcf1

76131 bytes

/tmp/Lucy.x86

SHA256: a24651c96eb87767c0da6217550a8b2b93b9adc2f9b2742849cb3e0da7b67ad8

82753 bytes

/tmp/Lucy.arm6

SHA256: 0116dc48509f9effbb3544d2a4addacb314380cc33a6ea51da68643e2903c562

107995 bytes

/tmp/Lucy.i686

SHA256: 073215c75cda9c886d07e4b40c78afd131a855f215a6259c3ea88d5211a54542

72366 bytes

/tmp/Lucy.ppc

SHA256: 7dc33debc5233149815457493b95a8d7f21da12d083b6d51c47720df2c61a56c

81463 bytes

/tmp/Lucy.i586

SHA256: 72a08e9ec5deba46115de0ba955ba70705d022dc53473a0802db13b634226d05

72366 bytes

/tmp/Lucy.m68k

SHA256: 125747daf5c553574031939cc41f6516cfbd3be6f73a3eabe8fb56f48921a855

88465 bytes

/tmp/Lucy.sparc

SHA256: dfee788b5d3656786fba0b3f11af4ef8dda7cb3f9b30e9e321974c462243d1de

92253 bytes

/tmp/Lucy.arm4

SHA256: 914fbd18cb184d82275c0645ef9ce944e4d6a8aba5ff616372f6da8f9baafff0

95549 bytes

/tmp/Lucy.arm5

SHA256: 9f3bce2855f80a6a04b5bfec3a9151bd17c1d4a70a78ac1591704fbca856e7d6

88003 bytes

/tmp/Lucy.arm7

SHA256: 62038ef18528c1adfa46ebe9e903a243b5f6d7ea2d9fb059dc8b0ca949b87336

146876 bytes

/tmp/Demon.sh4

SHA256: 8c15b17354fb03b1b4990a6d4e931bb742ed19d01d4ebe7be75727db73c7dad0

48862 bytes

/tmp/flex

SHA256: 4c764c86b48547fb5db3d8c01526451e572ef6f196d8aa68844b63e70709b322

2176 bytes

/tmp/flex

SHA256: b2a21531c2ec548e1e72721533b3b48e21143b6430c5a3158f40bf6bdb957f56

2008 bytes

/tmp/Lucy.i586

SHA256: 679ba9a0cc7930a577ac76425fc95ad14610669f3f8b067cb3862ad900bbd741

46205 bytes

/tmp/lucy

SHA256: 41802f7947961c028551208440362fa2c9b48cc67eae9b3fbe5c4f2b59181728

2008 bytes

/tmp/Lucy.mips

SHA256: 84079439e4bfa0ab6756e10f6531ec50cb145cd9f4785108755c3c5b83c7cb2f

108770 bytes

/tmp/Lucy.mpsl

SHA256: b2cd1cc068edf88846015011c6f8fc0f1fa00f222b0067b646df7d8feb3fa95c

108770 bytes

/tmp/Lucy.sh4

SHA256: 36b23a1cc38d887572e35f38e06022d11c4b729bb58e34182f7a5f7de428f195

76131 bytes

/tmp/Lucy.x86

SHA256: fa5cc5d23ea48a59bf1a477d72521b0a415b285a6b4f17d5eb519c41bbb0fc37

82753 bytes

/tmp/Lucy.arm6

SHA256: ff8a42d1dcc6d5ef8d34501aea5b00926568487cd67b4aa0c21579b4bd1df959

107995 bytes

/tmp/Lucy.i686

SHA256: 24c872c34339d0d3c8b1e249ef6633038b063a476c6b04322db98563b51452ee

72366 bytes

/tmp/Lucy.ppc

SHA256: 9bb52b8a78440d7185d465b8fa3d95dea9ffa02bbf0f555ba1a7987094e6a584

81463 bytes

/tmp/Lucy.i586

SHA256: ee147e069ec937a2a4f07bd0d6f1a8c131f1760a19efceac119e1ad587dec662

72366 bytes

/tmp/Lucy.m68k

SHA256: 78c771ff303f6d252dddd2a59e6477517ad8121ac102b1acbc4ed142becb8e17

88465 bytes

/tmp/Lucy.sparc

SHA256: 3d5523919c08557705d8bd4c5b36160b019c7f0698674f476c32b0f733e45044

92253 bytes

/tmp/Lucy.arm4

SHA256: d82e74d24924bb3eab26fd1863cb20673b4e3ac489ccc8b3509948777d4a0e24

95549 bytes

/tmp/Lucy.arm5

SHA256: bae11487d7973b703c05d3de4334ac4fc729348d85cdabe5d068beff6d5bfc73

88003 bytes

/tmp/Lucy.arm7

SHA256: 4b0d0807e973d98362a37747480439e30114116fc8ef35e25ac855d1452bc925

146876 bytes

/tmp/Lucy.mips

SHA256: e0cb18c961f307f30aa2c0a9948d2401198e4e41ca40fa7978665c506c9113ed

30268 bytes

/tmp/Lucy.mips

SHA256: 8775f24d8b3dcce79f92ecccb5295870877c6b87711d650ed815e2257bc8a718

26284 bytes

/tmp/Lucy.sh4

SHA256: 4b367da1accd4744670e2602478c9ec1ccc5a67675175b3f99fb1095f5cfdd58

11677 bytes

/tmp/Lucy.m68k

SHA256: efe0d4cf978cc8d14a62b142e2d13b594fd12e01b9dcb7fac8840f25891f360a

38237 bytes

/tmp/Lucy.arm6

SHA256: b9a684ab55d292b512d90c185b813e50499326dad26ee1ae8c79b48b6e4e35a0

11676 bytes

/tmp/Lucy.arm4

SHA256: 829766f3540168d94769b8de2c2eb9cc7dcaae9b140639d6994bae89256a5da3

39565 bytes

/tmp/Lucy.mips

SHA256: cbb53a4df50412c8496dcd6a0c22cdd66f1831eeb0f5a53d34d7f03d6e2fa715

46204 bytes

/tmp/Lucy.i586

SHA256: bbe72ff656a926aa653ddd2c36cc93cfbddf8867939c65bd0d081a121d9dba84

48861 bytes

/tmp/Lucy.mpsl

SHA256: c42b57bc499efdcd76436da5b3465f153718c0e53867d3313643d6752df9f73a

26284 bytes

/tmp/Lucy.sh4

SHA256: 219855b6f5432a6882e20e9a802b7f5ffc150e2e8895bb89404e993a41ac6048

56829 bytes

/tmp/Lanisha.mips

SHA256: ad43117a9d8b7fc9b2839adca09c389c8fea10ccf51cf528869538dfceb692c4

165658 bytes

/tmp/Lanisha.mpsl

SHA256: 1683dff2230d7193843274388fad8f09edc4bda12fd4a8e31836ad91e03906db

165658 bytes

/tmp/Lanisha.sh4

SHA256: 844d49b4f083bcceab84c3c316df5dbec7235fb50a018de230f5e161fc458704

123572 bytes

/tmp/lucy

SHA256: e8cbdee35838679f82dac7aa4c50ba25c66187bd2d86a00e4338a7bd63e6719d

2176 bytes

/tmp/Lanisha.x86

SHA256: baec4a44feee89c3438a53326ae8917d3771df80f649ff13578c225740fdf08f

137464 bytes

/tmp/Lanisha.mips

SHA256: 69412f374491c5007b8d0087bb4049ec5a9b3dad563f58c120031f0c184eaba6

96668 bytes

/tmp/nisha.mips

SHA256: cb2fb04227b91e4f011c1a2e95ac6209fd8582ad821ea1c79e7701252805fcaa

108770 bytes

/tmp/nisha.mpsl

SHA256: f3553c72aa3881c2722dd9f1863bc3b19e7eb56984d6ab9772423ee44e36a873

108770 bytes

/tmp/nisha.sh4

SHA256: c0a74acd137dca07940d84066ec69ae3fc19b8e42449e9cdbf000a7d220a7c18

76131 bytes

/tmp/nisha.arm6

SHA256: f7c024038f7ced6fdb34e7ccb132d5abe5303ab71ee230d40fdb5815bbdced93

107995 bytes

/tmp/nisha.ppc

SHA256: aa10c33b58cfa56c065b0fe394a369cb4f34bf2ff688842b01762b3e6af939a5

81463 bytes

/tmp/nisha.m68k

SHA256: 3700bae4365c76ae24571b23ed808dc653c3a7892cb9a13b67f6549654f40fe9

88465 bytes

/tmp/nisha.sparc

SHA256: ff09b87a42407cbf838533ccfae92cb772da71ac57352bae9435ccaf5c11f5ab

92253 bytes

/tmp/nisha.arm4

SHA256: 10689aafbfd729dcf8c7422d816b77982d8a8663146862c623a36083f49bb719

95549 bytes

/tmp/nisha.arm5

SHA256: 2a40ab744b381c91a99505530dde090658796b7b0a811e08f1b241a59f39cafa

88003 bytes

/tmp/nisha.arm7

SHA256: 7f30b0d75cc812ac3d68b357242c9418d98472d49a3eba48646125c9dfd60c2b

146876 bytes

/tmp/nisha.i586

SHA256: 65ae788b905092bafd8726fa8ea8a52799469d5aa3b4cedb6b12da7f48bfaae6

72366 bytes

/tmp/lucy

SHA256: 4d734c82e5009d06d851a09db9a251ed61521644334fc8d6a5c4a091586ee397

2064 bytes

/tmp/nisha.mpsl

SHA256: ff70b3bc37e2ddd3df9e47871404dc3f891373b72b49ce6aedac602dc26422a1

94012 bytes

/tmp/nisha.mips

SHA256: 0306698dbda82e304af8dec57570531f4a6808a5506b4842c56318eb3a60c41f

74092 bytes

/tmp/nisha.x86

SHA256: 10ebb12732c271651a889b4329060261d2a887392056160d913c80be998f16f8

82753 bytes

/tmp/nisha.i686

SHA256: c6c9d590c070dd5c69dd24dd43780b02fdfd69b5acfc5ab7449c6b047bc8fdd0

11677 bytes

/tmp/nisha.mips

SHA256: 1807a528251ac86ed4738d8875c958c976fce41a64764347634944bb21a1e2f6

27612 bytes

/tmp/nisha.mips

SHA256: d6fd19938edc24ed63c5b41e20b89236118515bb754a1be6481c0e501aa6285c

103308 bytes

/tmp/nisha.i686

SHA256: 853016573fef68d654bdc60866fdcbad296169098636ea9e54cf15c87650e40c

72366 bytes

Oops! - Do you see your IP here? Contact us at labs@guardicore.com to remove it from the Threat Intelligence data.

IP Address: 209.141.33.169​Previously Malicious