Cyber Threat Intelligence

Discover malicious IPs and domains with Akamai Guardicore Segmentation

IP Address: 5.166.180.106Previously Malicious

IP Address: 5.166.180.106Previously Malicious

This IP address attempted an attack on a machine in our threat sensors network

Threat Information

Role

Attacker, Scanner

Services Targeted

SSH

Tags

Successful SSH Login Download Operation Access Suspicious Domain Outgoing Connection DNS Query Package Install SSH 2 Shell Commands

Associated Attack Servers

185.125.190.39 188.93.233.39

Basic Information

IP Address

5.166.180.106

Domain

-

ISP

JSC ER-Telecom Holding

Country

Russian Federation

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Akamai Guardicore Segmentation

2022-04-17

Last seen in Akamai Guardicore Segmentation

2022-04-17

What is Akamai Guardicore Segmentation
Akamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List

Successful SSH Login

A possibly malicious Package Install was detected

Download Operation Package Install

A possibly malicious Download Operation was detected

Download Operation Package Install

A possibly malicious Package Install was detected

Download Operation Package Install

A possibly malicious Download Operation was detected

Download Operation Package Install

Process /usr/lib/apt/methods/http attempted to access domains: _http._tcp.security.ubuntu.com and security.ubuntu.com

DNS Query

Process /usr/lib/apt/methods/http attempted to access domains: _http._tcp.archive.ubuntu.com and archive.ubuntu.com

DNS Query

Process /usr/lib/apt/methods/http generated outgoing network traffic to: 185.125.190.39:80 2 times

Outgoing Connection

Process /usr/bin/wget attempted to access suspicious domains: necessary-security-updates and repo.ark-event.net

DNS Query Access Suspicious Domain Outgoing Connection

Process /usr/bin/wget generated outgoing network traffic to: 188.93.233.39:80

Outgoing Connection

Connection was closed due to timeout