Unknown user hitting serversMalware & Forensics

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Home Forums Malware & Forensics Unknown user hitting servers

This topic contains 2 replies, has 3 voices, and was last updated by  Lucien 1 year, 7 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #106212

    BIGGUNS
    Participant

    I wanted to ask a question in regards to a strange activity that we are noticing within our Domain Controllers and one of our servers, our SIEM is alerting in regards to an unknown user account with the name 1B9E3760. We have checked all of our servers for any local service accounts or scripts. We haven’t found where this activity is coming from, the source IP and Destination IP are the same the port is 0.

    We decided to look online to see if there was anything out there in regards to this username, we found this user id attached to a Chinese IP address. We found this user id on the following website http://bei.kr/?idx=463353000

    This has us scratching our heads since we aren’t sure where this is coming from any help would be great.

    #114834

    jamesgreene
    Participant

    Did you ever figure out what this was?

    That chinese site is just mapping a hex number to an IP.

    #115066

    Lucien
    Participant

    BIGGUNS, is 1B9E3760 a Windows, or an application user ? (which app). If Windows, is it a local, or a domain account. What is your SIEM tool’s name, and its message ? Thanks

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel