Cyber Threat Intelligence

Discover malicious IPs and domains with Akamai Guardicore Segmentation

IP Address: 35.199.115.127Previously Malicious

IP Address: 35.199.115.127Previously Malicious

This IP address attempted an attack on a machine in our threat sensors network

Threat Information

Role

Attacker, Scanner

Services Targeted

SMB

Tags

HTTP CMD System File Modification IDS - A Network Trojan was detected DNS Query SMB Access Suspicious Domain Service Configuration Download File Outgoing Connection Download and Execute

Associated Attack Servers

baidu.honker.info

122.192.189.64

Basic Information

IP Address

35.199.115.127

Domain

-

ISP

Google Cloud

Country

United States

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Akamai Guardicore Segmentation

2020-10-19

Last seen in Akamai Guardicore Segmentation

2020-10-22

What is Akamai Guardicore Segmentation
Akamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

IDS detected A Network Trojan was detected : Possible DOUBLEPULSAR Beacon Response

IDS - A Network Trojan was detected

IDS detected A Network Trojan was detected : variant process injection command

IDS - A Network Trojan was detected

Process c:\windows\system32\lsass.exe attempted to access suspicious domains: baidu.honker.info

DNS Query Access Suspicious Domain Outgoing Connection

Process c:\windows\system32\lsass.exe generated outgoing network traffic to: 122.192.189.64:8

Outgoing Connection

The file C:\WINDOWS\A6L.exe was downloaded and executed 3 times

Download and Execute

IDS detected A Network Trojan was detected : Possible ETERNALBLUE MS17-010 Echo Response

IDS - A Network Trojan was detected

c:\Windows\iexplore.exe was downloaded 3 times

Download File

c:\Windows\A6.exe was downloaded

Download File

System file c:\Windows\iexplore.exe was modified 4 times

System File Modification

IDS detected A Network Trojan was detected : Possible ETERNALROMANCE MS17-010

IDS - A Network Trojan was detected

System file c:\Windows\A6.exe was modified 4 times

System File Modification

Connection was closed due to user inactivity