IP Address: 41.76.169.8Malicious
IP Address: 41.76.169.8Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SMB |
Tags |
Outgoing Connection Successful SMB Login Service Creation CMD Service Start MSRPC Service Deletion SMB Access Suspicious Domain SMB Null Session Login |
Associated Attack Servers |
acelerate.net brasiltelecom.net.br gvt.net.br internetlocal.com.ar ttnet.com.tr tus.net.id zephyr.com.pk 14.191.110.243 14.247.107.27 39.109.88.38 41.228.22.107 45.157.71.156 58.22.218.108 58.217.104.137 78.101.174.51 85.100.112.188 88.247.185.24 103.207.8.105 105.113.51.226 111.47.22.111 111.92.63.8 111.121.204.80 112.109.141.64 112.124.44.17 121.46.232.138 122.115.44.91 123.21.151.162 146.190.121.55 159.89.31.59 168.196.169.171 170.64.177.69 177.43.239.115 185.175.231.36 186.121.253.149 190.110.178.187 193.151.240.33 |
IP Address |
41.76.169.8 |
|
Domain |
- |
|
ISP |
ICTA |
|
Country |
Kenya |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2023-04-06 |
Last seen in Akamai Guardicore Segmentation |
2024-04-15 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SMB with the following username: administrator - Authentication policy: Reached Max Attempts |
Successful SMB Login |
A user logged in using SMB with the following username: administrator - Authentication policy: Previously Approved User |
Successful SMB Login |
c:\windows\system32\services.exe installed and started mshta.exe as a service named AC02 under service group None |
Service Start Service Creation |
Service MSIServer was started |
Service Start |
A user logged in using SMB with the following username: administrator - Authentication policy: Previously Approved User |
Successful SMB Login |
c:\windows\system32\services.exe installed and started mshta.exe as a service named AC09 under service group None |
Service Start Service Creation |
Process c:\windows\system32\msiexec.exe generated outgoing network traffic to: 203.161.24.140:13269, 41.76.169.8:17493 and 58.22.218.108:10310 |
Outgoing Connection |
Process c:\windows\system32\msiexec.exe attempted to access suspicious domains: tus.net.id |
Outgoing Connection Access Suspicious Domain |
Connection was closed due to user inactivity |
|