IP Address: 217.61.108.164Previously Malicious
Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network
IP Address:
217.61.108.164
Previously Malicious
This IP address attempted an attack on a machine protected by Guardicore Centra
Role |
Attacker, Scanner |
Services Targeted |
HadoopYARN |
Tags |
HTTP HadoopYARN Malicious File IDS - Web Application Attack Outgoing Connection Download and Allow Execution Download and Execute Download File Inbound HTTP Request |
Associated Attack Servers |
52.173.20.209 46.29.166.186 185.244.25.185 52.168.89.149 13.93.88.147 217.61.4.135 52.173.83.168 40.68.42.232 91.236.239.91 40.114.54.125 40.87.71.177 52.233.143.163 40.121.136.37 40.71.227.128 13.73.167.164 |
IP Address |
217.61.108.164 |
|
Domain |
- |
|
ISP |
Aruba Business S.R.L. |
|
Country |
Germany |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Guardicore Centra |
2018-09-23 |
Last seen in Guardicore Centra |
2018-10-04 |
What is Guardicore CentraGuardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
Process /usr/bin/wget generated outgoing network traffic to: 46.29.166.186:80 4 times |
Outgoing Connection |
The file /tmp/mysql.sock.lock was downloaded and granted execution privileges |
|
The file /tmp/salviaroot.x86 was downloaded and executed 2 times |
Download and Execute |
The file /tmp/salviaroot.x86 was downloaded and granted execution privileges |
Download and Allow Execution |
The file /tmp/salviaroot.x86.1 was downloaded and granted execution privileges |
Download and Allow Execution |
IDS detected Web Application Attack : 401TRG Generic Webshell Request - POST with wget in body |
IDS - Web Application Attack |
The file /tmp/salviaroot.x86.2 was downloaded and granted execution privileges |
Download and Allow Execution |
Connection was closed due to user inactivity |
|
/tmp/salviaroot.x86.1 was identified as malicious by YARA according to rules: 000 Common Rules |
Malicious File |
/tmp/salviaroot.x86.2 was identified as malicious by YARA according to rules: 000 Common Rules |
Malicious File |
/tmp/salviaroot.x86 was identified as malicious by YARA according to rules: 000 Common Rules |
Malicious File |
/tmp/bash |
SHA256: a67084261460132a893e8e26034a510ac169a5ac74f49007c91f939ae19b8ad4 |
137594 bytes |
/tmp/bash |
SHA256: c7276b104e9830d7ed6aa0f589ff40a99bbbcbecedd203f179e6ce5541056611 |
141616 bytes |
/tmp/bash |
SHA256: 41162b34087928b82e00304256793ca0a9ca67d4e7e4c0785a2021d7cfc3df9f |
137594 bytes |
/tmp/bash |
SHA256: 13174007e67bba6d0730519f74758fd56a1181b27a376bd1af3fd63a720d80f4 |
141136 bytes |
/tmp/salviaroot.x86.2 |
SHA256: 731c5d07d73419fdc965d8b2ffd5f8a3f1a4e74441cb8e5e0c65c3c18784ccf0 |
136051 bytes |
/tmp/salviaroot.x86 |
SHA256: 63d85a50f26a4eaea3ecd53a1b75610f8f7ea52c029b7668263b8a3b13c4b2d9 |
99324 bytes |
/tmp/salviaroot.x86 |
SHA256: 287246e59b2862f2fd80bf5ca63e0b8de74b1a283f642bafc8c5d5b77bd3d582 |
17000 bytes |
IP Address: 217.61.108.164Previously Malicious