Akamai Guardicore Segmentation CTI

Threat Information

Role	Attacker, Scanner
Services Targeted	SMB
Tags	Known Malware MS08-067 IDS - Attempted Administrator Privilege Gain NetBIOS Cookie Hijacking Download File HTTP Outgoing Connection SMB Access Suspicious Domain SMB Null Session Login Turn Off DEP IDS - A Network Trojan was detected
Associated Attack Servers	attdns.com 130.1.3.1

Basic Information

IP Address	217.64.98.105
Domain	-
ISP	-
Country	Mali
WHOIS	Created Date	-
	Updated Date	-
	Organization	-

First seen in Akamai Guardicore Segmentation	2023-11-21
Last seen in Akamai Guardicore Segmentation	2023-11-21

What is Akamai Guardicore Segmentation
Akamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

x. was downloaded 7 times	Download File
Process netsvcs Service Group generated outgoing network traffic to: 130.1.3.1:2560	Outgoing Connection
Process netsvcs Service Group attempted to access suspicious domains: attdns.com	Access Suspicious Domain Outgoing Connection
IDS detected Attempted Administrator Privilege Gain : Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (15)	IDS - Attempted Administrator Privilege Gain
IDS detected Attempted Administrator Privilege Gain : Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (25)	IDS - Attempted Administrator Privilege Gain
IDS detected A Network Trojan was detected : Conficker.b Shellcode	IDS - A Network Trojan was detected
The machine was exploited using the ms08-067 vulnerability
Connection was closed due to user inactivity

Cyber Threat Intelligence

Discover malicious IPs and domains with Akamai Guardicore Segmentation

Threat Information

Basic Information

Attack Flow