IntrusionLabs IntrusionLabs
← Back to feed

20.80.7.225

Threat Confidence
47%
Location
🇺🇸 US / Chicago
ASN
AS8075 · Microsoft Corporation
Cloud Provider
Microsoft Azure
Total Events
323
Top 10% by volume
Agent Count
1
First / Last Seen
2026-04-07 18:11 — 2026-04-07 18:56
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Initial Access
T1078
Defense Evasion
T1070.004
Credential Access
T1110 T1110.001
Command and Control
T1105
External Corroboration
Not flagged by any external feeds
Campaigns
Not associated with any campaigns
Session Forensics
malware_dropper ×11 credential_harvester ×25 opportunistic_bruter ×11
Sessions
47 (22 with login)
Avg Depth Score
0.54
Commands Executed
33
Files Downloaded
11
Notable Commands
  • cd ~; chattr -ia .ssh; lockr -ia .ssh
  • lockr -ia .ssh
  • cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Fingerprints
HASSH
03a80b21afa810682a776a7d42e5e6fb
SSH Client
SSH-2.0-libssh_0.11.1
Evidence Timeline
Credential Harvester 38ec6b0d5e97 w4m_seattle_01 · 2026-04-07 18:56
1 35%
Loading events...
Opportunistic Bruter 3820e3e16c59 w4m_seattle_01 · 2026-04-07 18:54
1 50%
Loading events...
Malware Dropper 596860af7ae1 w4m_seattle_01 · 2026-04-07 18:54
3 1 1 100%
Loading events...
Credential Harvester eee655594cac w4m_seattle_01 · 2026-04-07 18:54
1 35%
Loading events...
Credential Harvester 6abf797233b8 w4m_seattle_01 · 2026-04-07 18:52
1 35%
Loading events...
Credential Harvester e327d706cbee w4m_seattle_01 · 2026-04-07 18:50
1 35%
Loading events...
Malware Dropper 8177b1461242 w4m_seattle_01 · 2026-04-07 18:49
3 1 1 100%
Loading events...
Opportunistic Bruter 724b46a20063 w4m_seattle_01 · 2026-04-07 18:49
1 50%
Loading events...
Credential Harvester c0f55ca12e04 w4m_seattle_01 · 2026-04-07 18:49
1 35%
Loading events...
Malware Dropper dd07c1f91e3a w4m_seattle_01 · 2026-04-07 18:47
3 1 1 100%
Loading events...
Opportunistic Bruter bd90bf8e3d35 w4m_seattle_01 · 2026-04-07 18:47
1 50%
Loading events...
Credential Harvester 7069575aaf97 w4m_seattle_01 · 2026-04-07 18:47
1 35%
Loading events...
Credential Harvester 1e6807bd94ed w4m_seattle_01 · 2026-04-07 18:45
1 35%
Loading events...
Opportunistic Bruter 27804c2b4981 w4m_seattle_01 · 2026-04-07 18:43
1 50%
Loading events...
Malware Dropper 532029890129 w4m_seattle_01 · 2026-04-07 18:43
3 1 1 100%
Loading events...
Credential Harvester c631979f449d w4m_seattle_01 · 2026-04-07 18:43
1 35%
Loading events...
Opportunistic Bruter a1a13764f78b w4m_seattle_01 · 2026-04-07 18:42
1 50%
Loading events...
Malware Dropper 7f97e1f529ff w4m_seattle_01 · 2026-04-07 18:42
3 1 1 100%
Loading events...
Credential Harvester 0a07688f386b w4m_seattle_01 · 2026-04-07 18:42
1 35%
Loading events...
Credential Harvester e7d28d97a42d w4m_seattle_01 · 2026-04-07 18:40
1 35%
Loading events...
Opportunistic Bruter 44d7419ea0cf w4m_seattle_01 · 2026-04-07 18:38
1 50%
Loading events...
Malware Dropper 444b58cf5647 w4m_seattle_01 · 2026-04-07 18:38
3 1 1 100%
Loading events...
Credential Harvester 138eaa4238f6 w4m_seattle_01 · 2026-04-07 18:38
1 35%
Loading events...
Opportunistic Bruter d97acdc96fd3 w4m_seattle_01 · 2026-04-07 18:36
1 50%
Loading events...
Malware Dropper b1611cd8ea39 w4m_seattle_01 · 2026-04-07 18:36
3 1 1 100%
Loading events...
Credential Harvester 4a24cb73bb63 w4m_seattle_01 · 2026-04-07 18:36
1 35%
Loading events...
Credential Harvester 441558f9b99a w4m_seattle_01 · 2026-04-07 18:34
1 35%
Loading events...
Malware Dropper eac0879b0523 w4m_seattle_01 · 2026-04-07 18:33
3 1 1 100%
Loading events...
Opportunistic Bruter 5ec019d41508 w4m_seattle_01 · 2026-04-07 18:33
1 50%
Loading events...
Credential Harvester 098407ec7a3c w4m_seattle_01 · 2026-04-07 18:33
1 35%
Loading events...
Opportunistic Bruter 36de55dded72 w4m_seattle_01 · 2026-04-07 18:31
1 50%
Loading events...
Malware Dropper 05fbf9863921 w4m_seattle_01 · 2026-04-07 18:31
3 1 1 100%
Loading events...
Credential Harvester a183626977f8 w4m_seattle_01 · 2026-04-07 18:31
1 35%
Loading events...
Malware Dropper dd1ef25f0495 w4m_seattle_01 · 2026-04-07 18:29
3 1 1 100%
Loading events...
Opportunistic Bruter 48642265e806 w4m_seattle_01 · 2026-04-07 18:29
1 50%
Loading events...
Credential Harvester 48fac951ed22 w4m_seattle_01 · 2026-04-07 18:29
1 35%
Loading events...
Credential Harvester 6af9aa8bbdd4 w4m_seattle_01 · 2026-04-07 18:27
1 35%
Loading events...
Credential Harvester 554bb157bdd8 w4m_seattle_01 · 2026-04-07 18:26
1 35%
Loading events...
Credential Harvester e8177e6ffb68 w4m_seattle_01 · 2026-04-07 18:24
1 35%
Loading events...
Credential Harvester 9a3dbf4da6ea w4m_seattle_01 · 2026-04-07 18:22
1 35%
Loading events...
Credential Harvester 36720d6f2662 w4m_seattle_01 · 2026-04-07 18:20
1 35%
Loading events...
Credential Harvester ec0c731cf966 w4m_seattle_01 · 2026-04-07 18:19
1 35%
Loading events...
Credential Harvester df2ca62f48cb w4m_seattle_01 · 2026-04-07 18:17
1 35%
Loading events...
Malware Dropper c70fcf45120d w4m_seattle_01 · 2026-04-07 18:15
3 1 1 100%
Loading events...
Opportunistic Bruter dc4cfc464d26 w4m_seattle_01 · 2026-04-07 18:15
1 50%
Loading events...
Credential Harvester d95fe737c120 w4m_seattle_01 · 2026-04-07 18:15
1 35%
Loading events...
Credential Harvester 38abb96c7683 w4m_seattle_01 · 2026-04-07 18:11
1 35%
Loading events...