IP Address: 92.114.82.129Previously Malicious
IP Address: 92.114.82.129Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Scanner |
|
Services Targeted |
SSH |
|
Tags |
Human Successful SSH Login Download Operation Executable File Modification 13 Shell Commands DNS Query Access Suspicious Domain Download File Outgoing Connection Log Tampering HTTP SSH |
|
Associated Attack Servers |
kanren.net speedtest.ideatek.com speedtest-wichita.kanren.net 104.18.37.209 151.101.2.219 164.113.60.33 172.67.153.21 198.241.62.98 |
|
IP Address |
92.114.82.129 |
|
|
Domain |
- |
|
|
ISP |
Orange Romania |
|
|
Country |
Romania |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2020-11-06 |
|
Last seen in Akamai Guardicore Segmentation |
2020-11-17 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
|
A possibly malicious Download Operation was detected |
Download Operation |
|
Process /bin/bash attempted to access suspicious domains: nasapaul.com |
DNS Query Access Suspicious Domain Outgoing Connection |
|
Process /bin/bash generated outgoing network traffic to: 172.67.153.21:443 and 172.67.153.21:80 |
Outgoing Connection |
|
/root/ninfo was downloaded |
Download File |
|
Process /bin/bash attempted to access suspicious domains: nasapaul.com |
DNS Query Access Suspicious Domain Outgoing Connection |
|
Process /bin/bash generated outgoing network traffic to: 104.18.37.209:443 |
Outgoing Connection |
|
/root/v.py was downloaded |
Download File |
|
Process /bin/bash attempted to access domains: www.speedtest.net |
DNS Query |
|
Process /bin/bash generated outgoing network traffic to: 151.101.2.219:443, 151.101.2.219:80, 164.113.60.33:8080 and 198.241.62.98:8080 |
Outgoing Connection |
|
Process /bin/bash attempted to access suspicious domains: kanren.net, speedtest-wichita.kanren.net and speedtest.ideatek.com |
DNS Query Access Suspicious Domain Outgoing Connection |
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password |
Successful SSH Login |
|
Executable file /bin/hostname was modified |
Executable File Modification |
|
Executable file /bin/bzdiff was modified |
Executable File Modification |
|
Executable file /bin/lesspipe was modified |
Executable File Modification |
|
Executable file /bin/uname was modified |
Executable File Modification |
|
Executable file /bin/kill was modified |
Executable File Modification |
|
Executable file /bin/touch was modified |
Executable File Modification |
|
Executable file /bin/networkctl was modified |
Executable File Modification |
|
Executable file /bin/chgrp was modified |
Executable File Modification |
|
Executable file /bin/ln was modified |
Executable File Modification |
|
Executable file /bin/less was modified |
Executable File Modification |
|
Executable file /bin/ls was modified |
Executable File Modification |
|
Executable file /bin/bzcat was modified |
Executable File Modification |
|
Executable file /bin/tailf was modified |
Executable File Modification |
|
Executable file /bin/vdir was modified |
Executable File Modification |
|
Executable file /bin/df was modified |
Executable File Modification |
|
Executable file /bin/dd was modified |
Executable File Modification |
|
Executable file /bin/lesskey was modified |
Executable File Modification |
|
Executable file /bin/cpio was modified |
Executable File Modification |
|
Executable file /bin/systemctl was modified |
Executable File Modification |
|
Executable file /bin/grep was modified |
Executable File Modification |
|
Executable file /bin/bzexe was modified |
Executable File Modification |
|
Executable file /bin/findmnt was modified |
Executable File Modification |
|
Executable file /bin/umount was modified |
Executable File Modification |
|
Executable file /bin/zcmp was modified |
Executable File Modification |
|
Executable file /bin/lessecho was modified |
Executable File Modification |
|
Executable file /bin/sleep was modified |
Executable File Modification |
|
Executable file /bin/dir was modified |
Executable File Modification |
|
Executable file /bin/systemd-inhibit was modified |
Executable File Modification |
|
Executable file /bin/sync was modified |
Executable File Modification |
|
Executable file /bin/zforce was modified |
Executable File Modification |
|
Executable file /bin/mknod was modified |
Executable File Modification |
|
Executable file /bin/systemd-hwdb was modified |
Executable File Modification |
|
Executable file /bin/sed was modified |
Executable File Modification |
|
Executable file /bin/znew was modified |
Executable File Modification |
|
Executable file /bin/mountpoint was modified |
Executable File Modification |
|
Executable file /bin/mktemp was modified |
Executable File Modification |
|
Executable file /bin/kmod was modified |
Executable File Modification |
|
Executable file /bin/fgconsole was modified |
Executable File Modification |
|
Executable file /bin/uncompress was modified |
Executable File Modification |
|
Executable file /bin/loginctl was modified |
Executable File Modification |
|
Executable file /bin/chvt was modified |
Executable File Modification |
|
Executable file /bin/systemd-ask-password was modified |
Executable File Modification |
|
Executable file /bin/run-parts was modified |
Executable File Modification |
|
Executable file /bin/systemd-tmpfiles was modified |
Executable File Modification |
|
Executable file /bin/gzexe was modified |
Executable File Modification |
|
Executable file /bin/udevadm was modified |
Executable File Modification |
|
Executable file /bin/netstat was modified |
Executable File Modification |
|
Executable file /bin/ping6 was modified |
Executable File Modification |
|
Executable file /bin/journalctl was modified |
Executable File Modification |
|
Executable file /bin/bzmore was modified |
Executable File Modification |
|
Executable file /bin/zmore was modified |
Executable File Modification |
|
Executable file /bin/zdiff was modified |
Executable File Modification |
|
Executable file /bin/systemd-escape was modified |
Executable File Modification |
|
Executable file /bin/tempfile was modified |
Executable File Modification |
|
Executable file /bin/zegrep was modified |
Executable File Modification |
|
Executable file /bin/login was modified |
Executable File Modification |
|
Executable file /bin/whiptail was modified |
Executable File Modification |
|
Executable file /bin/lsblk was modified |
Executable File Modification |
|
Executable file /bin/chmod was modified |
Executable File Modification |
|
Executable file /bin/echo was modified |
Executable File Modification |
|
Executable file /bin/wdctl was modified |
Executable File Modification |
|
Executable file /bin/cp was modified |
Executable File Modification |
|
Executable file /bin/bzgrep was modified |
Executable File Modification |
|
Executable file /bin/kbd_mode was modified |
Executable File Modification |
|
Executable file /bin/mkdir was modified |
Executable File Modification |
|
Executable file /bin/mt-gnu was modified |
Executable File Modification |
|
Executable file /bin/fuser was modified |
Executable File Modification |
|
Executable file /bin/rmdir was modified |
Executable File Modification |
|
Executable file /bin/zless was modified |
Executable File Modification |
|
Executable file /bin/more was modified |
Executable File Modification |
|
Executable file /bin/openvt was modified |
Executable File Modification |
|
Executable file /bin/setupcon was modified |
Executable File Modification |
|
Executable file /bin/bunzip2 was modified |
Executable File Modification |
|
Executable file /bin/pwd was modified |
Executable File Modification |
|
Executable file /bin/true was modified |
Executable File Modification |
|
Executable file /bin/systemd-tty-ask-password-agent was modified |
Executable File Modification |
|
Executable file /bin/nc.openbsd was modified |
Executable File Modification |
|
Executable file /bin/zcat was modified |
Executable File Modification |
|
Executable file /bin/stty was modified |
Executable File Modification |
|
Executable file /bin/mount was modified |
Executable File Modification |
|
Executable file /bin/cat was modified |
Executable File Modification |
|
Executable file /bin/mv was modified |
Executable File Modification |
|
Executable file /bin/bzip2recover was modified |
Executable File Modification |
|
Executable file /bin/false was modified |
Executable File Modification |
|
Executable file /bin/tar was modified |
Executable File Modification |
|
Executable file /bin/ip was modified |
Executable File Modification |
|
Executable file /bin/ps was modified |
Executable File Modification |
|
Executable file /bin/dash was modified |
Executable File Modification |
|
Executable file /bin/setfont was modified |
Executable File Modification |
|
Executable file /bin/systemd-machine-id-setup was modified |
Executable File Modification |
|
Executable file /bin/bzip2 was modified |
Executable File Modification |
|
Executable file /bin/egrep was modified |
Executable File Modification |
|
Executable file /bin/dumpkeys was modified |
Executable File Modification |
|
Executable file /bin/ping was modified |
Executable File Modification |
|
Executable file /bin/zfgrep was modified |
Executable File Modification |
|
Executable file /bin/systemd-notify was modified |
Executable File Modification |
|
Executable file /bin/fgrep was modified |
Executable File Modification |
|
Executable file /bin/which was modified |
Executable File Modification |
|
Executable file /bin/readlink was modified |
Executable File Modification |
|
Executable file /bin/date was modified |
Executable File Modification |
|
Executable file /bin/gunzip was modified |
Executable File Modification |
|
Executable file /bin/loadkeys was modified |
Executable File Modification |
|
Executable file /bin/dmesg was modified |
Executable File Modification |
|
Executable file /bin/ss was modified |
Executable File Modification |
|
Executable file /bin/su was modified |
Executable File Modification |
|
Executable file /bin/zgrep was modified |
Executable File Modification |
|
Executable file /bin/chown was modified |
Executable File Modification |
|
Executable file /bin/unicode_start was modified |
Executable File Modification |
|
Executable file /bin/gzip was modified |
Executable File Modification |
|
History File Tampering detected from /usr/sbin/sshd on the following logs: /root/.bash_history |
Log Tampering |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies