IntrusionLabs IntrusionLabs
← Back to feed

152.32.130.144

Threat Confidence
47%
Location
🇭🇰 HK / Hong Kong
ASN
AS135377 · UCLOUD INFORMATION TECHNOLOGY HK LIMITED
Cloud Provider
Total Events
323
Top 10% by volume
Agent Count
1
First / Last Seen
2026-04-07 18:13 — 2026-04-07 18:54
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Initial Access
T1078
Defense Evasion
T1070.004
Credential Access
T1110 T1110.001
Command and Control
T1105
External Corroboration
Not flagged by any external feeds
Campaigns
AS135377 UCLOUD INFORMATION TECHNOLOGY HK LIMITED ASN Active medium 🇭🇰 HK
36 IPs 13569 events
ftp:bruteforcehttp:scanssh:bruteforce
2026-02-18 — ongoing · 36 IPs from the same network (UCLOUD INFORMATION TECHNOLOGY HK LIMITED, AS135377) were active during overlapping time periods. …
Session Forensics
malware_dropper ×11 credential_harvester ×25 opportunistic_bruter ×11
Sessions
47 (22 with login)
Avg Depth Score
0.54
Commands Executed
33
Files Downloaded
11
Notable Commands
  • cd ~; chattr -ia .ssh; lockr -ia .ssh
  • lockr -ia .ssh
  • cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Fingerprints
HASSH
03a80b21afa810682a776a7d42e5e6fb
SSH Client
SSH-2.0-libssh_0.11.1
Evidence Timeline
Credential Harvester 309296032f21 w4m_seattle_01 · 2026-04-07 18:54
1 35%
Loading events...
Credential Harvester fb8b02dc02d4 w4m_seattle_01 · 2026-04-07 18:53
1 35%
Loading events...
Opportunistic Bruter 809a8db04a4b w4m_seattle_01 · 2026-04-07 18:51
1 50%
Loading events...
Malware Dropper e6108014d84e w4m_seattle_01 · 2026-04-07 18:51
3 1 1 100%
Loading events...
Credential Harvester 69eab9f012e5 w4m_seattle_01 · 2026-04-07 18:51
1 35%
Loading events...
Credential Harvester dffdfc1725c1 w4m_seattle_01 · 2026-04-07 18:49
1 35%
Loading events...
Malware Dropper 85e165a9a7f6 w4m_seattle_01 · 2026-04-07 18:48
3 1 1 100%
Loading events...
Opportunistic Bruter f382203d06a4 w4m_seattle_01 · 2026-04-07 18:48
1 50%
Loading events...
Credential Harvester 92f1d40824e8 w4m_seattle_01 · 2026-04-07 18:48
1 35%
Loading events...
Opportunistic Bruter 25f1bacdbb24 w4m_seattle_01 · 2026-04-07 18:46
1 50%
Loading events...
Malware Dropper ed3a77d5320f w4m_seattle_01 · 2026-04-07 18:46
3 1 1 100%
Loading events...
Credential Harvester 63002ae1017d w4m_seattle_01 · 2026-04-07 18:46
1 35%
Loading events...
Malware Dropper 9d5a052f19a8 w4m_seattle_01 · 2026-04-07 18:44
3 1 1 100%
Loading events...
Opportunistic Bruter 99ef113ec1e4 w4m_seattle_01 · 2026-04-07 18:44
1 50%
Loading events...
Credential Harvester 36e925fc44ea w4m_seattle_01 · 2026-04-07 18:44
1 35%
Loading events...
Credential Harvester 1503a24a00c9 w4m_seattle_01 · 2026-04-07 18:43
1 35%
Loading events...
Opportunistic Bruter 498943ca471c w4m_seattle_01 · 2026-04-07 18:41
1 50%
Loading events...
Malware Dropper 6a9668e78216 w4m_seattle_01 · 2026-04-07 18:41
3 1 1 100%
Loading events...
Credential Harvester d3e422aece01 w4m_seattle_01 · 2026-04-07 18:41
1 35%
Loading events...
Credential Harvester 7014c5f3f778 w4m_seattle_01 · 2026-04-07 18:39
1 35%
Loading events...
Credential Harvester c1e6b95ae9aa w4m_seattle_01 · 2026-04-07 18:38
1 35%
Loading events...
Opportunistic Bruter d0833e3aecff w4m_seattle_01 · 2026-04-07 18:36
1 50%
Loading events...
Malware Dropper 6c1394f1d252 w4m_seattle_01 · 2026-04-07 18:36
3 1 1 100%
Loading events...
Credential Harvester 311e4ad07940 w4m_seattle_01 · 2026-04-07 18:36
1 35%
Loading events...
Credential Harvester f35d1ac458a8 w4m_seattle_01 · 2026-04-07 18:34
1 35%
Loading events...
Credential Harvester c3305797f317 w4m_seattle_01 · 2026-04-07 18:33
1 35%
Loading events...
Credential Harvester 632c0a8ff9e0 w4m_seattle_01 · 2026-04-07 18:31
1 35%
Loading events...
Credential Harvester 3746148a8972 w4m_seattle_01 · 2026-04-07 18:29
1 35%
Loading events...
Opportunistic Bruter 9dc5217a3b9d w4m_seattle_01 · 2026-04-07 18:28
1 50%
Loading events...
Malware Dropper 9f3b65acfb57 w4m_seattle_01 · 2026-04-07 18:27
3 1 1 100%
Loading events...
Credential Harvester c42af5b22ebe w4m_seattle_01 · 2026-04-07 18:27
1 35%
Loading events...
Opportunistic Bruter 5e25a4f6b678 w4m_seattle_01 · 2026-04-07 18:26
1 50%
Loading events...
Malware Dropper 80f5fab8a9f3 w4m_seattle_01 · 2026-04-07 18:26
3 1 1 100%
Loading events...
Credential Harvester d1ddd7720d79 w4m_seattle_01 · 2026-04-07 18:26
1 35%
Loading events...
Malware Dropper 36bda80a6f58 w4m_seattle_01 · 2026-04-07 18:24
3 1 1 100%
Loading events...
Opportunistic Bruter 93e993356cc9 w4m_seattle_01 · 2026-04-07 18:24
1 50%
Loading events...
Credential Harvester b541a7fb6097 w4m_seattle_01 · 2026-04-07 18:24
1 35%
Loading events...
Credential Harvester 6b899ed06a3e w4m_seattle_01 · 2026-04-07 18:23
1 35%
Loading events...
Credential Harvester bd33edd34c5d w4m_seattle_01 · 2026-04-07 18:21
1 35%
Loading events...
Opportunistic Bruter 8e32c1040ed2 w4m_seattle_01 · 2026-04-07 18:20
1 50%
Loading events...
Malware Dropper a3b74ac6e835 w4m_seattle_01 · 2026-04-07 18:19
3 1 1 100%
Loading events...
Credential Harvester a9d47ce392f3 w4m_seattle_01 · 2026-04-07 18:19
1 35%
Loading events...
Credential Harvester b5166dcac89a w4m_seattle_01 · 2026-04-07 18:18
1 35%
Loading events...
Opportunistic Bruter 2bd834713c1f w4m_seattle_01 · 2026-04-07 18:16
1 50%
Loading events...
Malware Dropper cb829d6e28a4 w4m_seattle_01 · 2026-04-07 18:16
3 1 1 100%
Loading events...
Credential Harvester 8a9644286f9d w4m_seattle_01 · 2026-04-07 18:16
1 35%
Loading events...
Credential Harvester 381fa1aeab73 w4m_seattle_01 · 2026-04-07 18:13
1 35%
Loading events...