IP Address: 68.183.49.107Previously Malicious

Weekly Summary

Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network

Top Threats

Cyber Threat Intelligence

Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed

IP Address:
68.183.49.107​
Previously Malicious

This IP address attempted an attack on a machine protected by Guardicore Centra

Threat Information

Role

Attacker, Scanner

Services Targeted

HadoopYARN

Tags

HTTP HadoopYARN Malicious File IDS - Web Application Attack Outgoing Connection Download and Allow Execution Download and Execute Download File Inbound HTTP Request

Associated Attack Servers

52.178.115.28 13.81.63.87 40.68.37.80 40.76.78.149 13.93.46.82 40.68.97.216 13.90.251.147 52.168.89.181 104.46.40.157 13.73.160.135 23.101.132.197 52.170.209.64 159.65.248.217 52.179.23.37 52.186.127.89 52.174.33.6 40.87.61.100 40.121.136.37 40.71.84.60 13.81.60.238 52.170.221.93 40.68.244.223 13.93.88.147 13.81.60.184 23.96.109.233 40.87.71.177 137.116.207.112 52.179.16.86 13.92.132.27 52.174.52.111

Basic Information

IP Address

68.183.49.107

Domain

-

ISP

Digital Ocean

Country

United States

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Guardicore Centra

2018-11-11

Last seen in Guardicore Centra

2018-12-16

What is Guardicore Centra
Guardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

Process /usr/bin/wget generated outgoing network traffic to: 159.65.248.217:80 14 times

Outgoing Connection

The file /tmp/bins.sh was downloaded and granted execution privileges

Download and Allow Execution

The file /tmp/mysql.sock.lock was downloaded and granted execution privileges

The file /tmp/hakai.mips was downloaded and granted execution privileges

Download and Allow Execution

/tmp/hakai.mips was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/hakai.mpsl was downloaded and granted execution privileges

Download and Allow Execution

/tmp/hakai.mpsl was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

IDS detected Web Application Attack : 401TRG Generic Webshell Request - POST with wget in body

IDS - Web Application Attack

The file /tmp/hakai.sh4 was downloaded and granted execution privileges

Download and Allow Execution

/tmp/hakai.sh4 was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/hakai.x86 was downloaded and granted execution privileges

Download and Allow Execution

/tmp/hakai.x86 was identified as malicious by YARA according to rules: Maldoc Somerules and 000 Common Rules

Malicious File

The file /tmp/hakai.arm6 was downloaded and granted execution privileges

Download and Allow Execution

/tmp/hakai.arm6 was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/hakai.x86_64 was downloaded and executed 6 times

Download and Execute

Process /tmp/hakai.x86_64 generated outgoing network traffic to: 159.65.248.217:1991

Outgoing Connection

The file /tmp/hakai.ppc was downloaded and granted execution privileges

Download and Allow Execution

/tmp/hakai.ppc was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/hakai.m68k was downloaded and granted execution privileges

Download and Allow Execution

/tmp/hakai.m68k was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/hakai.arm4 was downloaded and granted execution privileges

Download and Allow Execution

/tmp/hakai.arm4 was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/hakai.arm5 was downloaded and granted execution privileges

Download and Allow Execution

/tmp/hakai.arm5 was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/hakai.arm7 was downloaded and granted execution privileges

Download and Allow Execution

/tmp/hakai.arm7 was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

The file /tmp/hakai.dbg was downloaded and executed 9 times

Download and Execute

Process /tmp/hakai.dbg generated outgoing network traffic to: 159.65.248.217:1991

Outgoing Connection

Connection was closed due to timeout

/tmp/hakai.dbg was identified as malicious by YARA according to rules: Malw Miscelanea Linux, Suspicious Strings and 000 Common Rules

Malicious File

/tmp/hakai.x86_64 was identified as malicious by YARA according to rules: 000 Common Rules

Malicious File

Associated Files

/tmp/Demon.x86

SHA256: 967dab4ef2e823ba7048f287afa6a15036d392a35dfe7be2842d581173ade87f

82753 bytes

/tmp/bash

SHA256: 943b153f91ed89eb9c030132fc0796d9ed54ffcfa09c663ce843c9788c7b6a04

82753 bytes

/tmp/bins.sh

SHA256: 46177b02fa444885e9f9ca29666d7a8291223b0b2a598784475a4d136b6f40ca

1918 bytes

/tmp/hakai.mips

SHA256: 187b7d7c43f998ab939bcedf6d7fcd27ca648d28389e300b018f4991a61d59e8

75704 bytes

/tmp/hakai.mpsl

SHA256: b53e2e6ea09ac8d1bf0a21751320a2480eaf2703ab27358447d8cf9cfcf1b503

76072 bytes

/tmp/hakai.sh4

SHA256: 66c8676eb8c7c11dad14a45ea8a7b70aece9a1ebd7252888dd07fd8192989814

60696 bytes

/tmp/hakai.x86

SHA256: f35bee6545e9afe4be8c0bc1076c728e977881e03e08d74c5b04c137eee14c1e

56924 bytes

/tmp/hakai.arm6

SHA256: 181484a7800111412181deccf0d71d758d7ea176d5e6824ddeb5943cc551eca5

60860 bytes

/tmp/hakai.x86_64

SHA256: 34f0f32609b7a8d877defd278fea25e255a5ed8394452afdbb1d10b8a43fb297

151403 bytes

/tmp/hakai.ppc

SHA256: 51124c5b5dba00c5508b5684751e619ce3dc53099bcecc08d318ce465d751e5d

58748 bytes

/tmp/hakai.m68k

SHA256: fe47630f6217cb40e750740e0c1501f30359e6e2b7181e3ddc36fc0a8a173114

56212 bytes

/tmp/hakai.arm4

SHA256: b6e31cabb88e4eabcc8168e32438963698dc56d1f26acc018a22b70806ee0db0

62892 bytes

/tmp/hakai.arm5

SHA256: 9d7d967c30a88eabb0af97ac3a477ab281c656cf91ce9b1a8d14233b7355a830

62952 bytes

/tmp/hakai.arm7

SHA256: 32cc7661ba3a440d3668f8cd498296e9d06acbb8c713559fda9e40a3047c105a

60860 bytes

/tmp/hakai.dbg

SHA256: 2a26648922948b3048af91e3d2c508e91775a94185a60cc5f3b6a5f2f8e3ded2

1019921 bytes

/tmp/hakai.ppc

SHA256: d0f46fc4d2265cd96a249e292027a8096efe17cd600f3c439046943d4820f2f0

34255 bytes

/tmp/hakai.arm5

SHA256: 68f7562a29d81aada8dc14a451a67b8a0126a34f257b896b80729376f6aa9b70

31599 bytes

/tmp/hakai.x86

SHA256: 320212c7c0b026582469873dbe51c8d16dc431bb9529b26f3a5b29f7a7ae412f

34255 bytes

/tmp/hakai.dbg

SHA256: e23f5db2810ba87b373e62ac912ef3ec23dd009842500ccd37432e3139233d93

36908 bytes

/tmp/hakai.sh4

SHA256: bbcbf87d1147488566c9a26768e9eea00186ab81bcd82b5e91c17dd16e725964

48863 bytes

/tmp/hakai.m68k

SHA256: fdee827aba52fd2e921dc06ef28b145804909cd8c88c6c5255760c50d1f1c144

27615 bytes

/tmp/hakai.arm6

SHA256: d3416a999efb4b6122a2dfd1b4b1017ae2d46231366bd85e3e5f7562f32ee906

39567 bytes

/tmp/hakai.dbg

SHA256: 86ddb754dd16c126968688d231092e341a62ab2098413e2564d82d0f6477fece

390156 bytes

/tmp/hakai.mips

SHA256: 377a7d5d7c2b359aab644d0ff14197d8db2abdd82047744a51fafc23cae64c21

11678 bytes

/tmp/hakai.mips

SHA256: 747f021314ea502ea050f17b4f9bb0c98f80d7169fd8bdcb06711ed1074febbb

70110 bytes

/tmp/hakai.dbg

SHA256: 6ed9570eecaa907f13acd210612c85ac177f667cac577e5768d76c5de5167109

346332 bytes

/tmp/hakai.mpsl

SHA256: ba7d12ae1164a9cbc05083ee325de50f9ee66e680418c4b871bec58fd8c37243

71438 bytes

/tmp/hakai.sh4

SHA256: b9e62792f9d20d84a6ed36d707ff63165187f98628c21045afeb34a8bba9f627

1055 bytes

Oops! - Do you see your IP here? Contact us at labs@guardicore.com to remove it from the Threat Intelligence data.

IP Address: 68.183.49.107​Previously Malicious