IP Address: 211.55.111.197Previously Malicious
IP Address: 211.55.111.197Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Scanner |
|
Services Targeted |
SSH |
|
Tags |
Download and Allow Execution Successful SSH Login 1 Shell Commands Download Operation Port 80 Scan Listening Service Creation Download and Execute Access Suspicious Domain Download File Service Start Outgoing Connection HTTP SSH |
|
Associated Attack Servers |
|
IP Address |
211.55.111.197 |
|
|
Domain |
- |
|
|
ISP |
Korea Telecom |
|
|
Country |
Korea, Republic of |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2020-09-13 |
|
Last seen in Akamai Guardicore Segmentation |
2020-09-13 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
|
A possibly malicious Download Operation was detected 2 times |
Download Operation |
|
The file /tmp/storm was downloaded and executed 21 times |
Download and Execute |
|
Service storm was created and started |
Service Start Service Creation |
|
The file /usr/bin/storm was downloaded and executed 31 times |
Download and Execute |
|
The file /usr/bin/getconf was downloaded and executed |
Download and Execute |
|
Process /usr/bin/storm started listening on ports: 33049 |
Listening |
|
Process /usr/bin/storm generated outgoing network traffic to: 104.131.131.82:4001, 104.24.122.146:80, 104.24.123.146:80, 136.144.56.255:443, 146.112.255.205:80, 147.75.47.199:443, 172.67.189.102:80, 176.58.123.25:80, 18.209.184.162:80, 18.235.80.73:80, 184.73.125.183:80, 193.200.132.187:80, 204.237.142.122:80, 204.237.142.152:80, 216.239.32.21:443, 216.239.34.21:443, 216.239.36.21:443, 216.239.38.21:443, 216.58.192.211:80, 23.21.47.155:80, 3.224.112.167:80, 3.226.27.10:80, 34.193.114.5:80, 34.205.208.47:80 and 8.8.8.8:53 |
Outgoing Connection |
|
Process /usr/bin/storm attempted to access suspicious domains: dns.google, icanhazip-dfw-1 and icanhazip-iad-1 |
Access Suspicious Domain Outgoing Connection |
|
Process /usr/bin/storm scanned port 80 on 17 IP Addresses |
Port 80 Scan |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies