Akamai Guardicore Segmentation CTI

Threat Information

Role	Attacker, Scanner
Services Targeted	SMB
Tags	SMB IDS - A Network Trojan was detected MS08-067 IDS - Attempted Administrator Privilege Gain Cookie Hijacking Outgoing Connection Turn Off DEP SMB Null Session Login Access Suspicious Domain Known Malware NetBIOS Download File HTTP
Associated Attack Servers	sbcglobal.net 172.0.0.9

Basic Information

IP Address	36.129.58.140
Domain	-
ISP	-
Country	China
WHOIS	Created Date	-
	Updated Date	-
	Organization	-

First seen in Akamai Guardicore Segmentation	2023-11-03
Last seen in Akamai Guardicore Segmentation	2023-12-08

What is Akamai Guardicore Segmentation
Akamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

The machine was exploited using the ms08-067 vulnerability
x. was downloaded	Download File
Process netsvcs Service Group generated outgoing network traffic to: 172.0.0.9:3373	Outgoing Connection
Process netsvcs Service Group attempted to access suspicious domains: sbcglobal.net	Access Suspicious Domain Outgoing Connection
IDS detected Attempted Administrator Privilege Gain : Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (15)	IDS - Attempted Administrator Privilege Gain
IDS detected Attempted Administrator Privilege Gain : Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (25)	IDS - Attempted Administrator Privilege Gain
IDS detected A Network Trojan was detected : Conficker.b Shellcode	IDS - A Network Trojan was detected
Connection was closed due to user inactivity

Cyber Threat Intelligence

Discover malicious IPs and domains with Akamai Guardicore Segmentation

Threat Information

Basic Information

Attack Flow