IntrusionLabs / threat intelligence

Sign in

← Back to feed

48.214.55.51

TAGGED MALICIOUS how we decide →

Threat Confidence

51%

Location

🇺🇸 US / Boydton

ASN

AS8075 · Microsoft Corporation

Cloud Provider

Microsoft Azure

Total Events

957

Top 5% by volume

Agent Count

1

First / Last Seen

2026-02-25 16:05 — 2026-05-08 08:58

Attack Types

ssh:bruteforce

MITRE ATT&CK Techniques

Reconnaissance

T1595.002

Initial Access

T1078

Execution

T1059.004

Credential Access

T1110 T1110.001 T1552.003

Discovery

T1016 T1082 T1083

Command and Control

T1105

External Corroboration

Not flagged by any external feeds

Campaigns

Not associated with any campaigns

Session Forensics

reconnaissance ×2 malware_dropper ×35 credential_probe ×1 interactive_operator ×1

Sessions

39 (38 with login)

Avg Depth Score

0.96

Commands Executed

650

Files Downloaded

35

Notable Commands

echo "===HOSTNAME==="; hostname 2>/dev/null || echo EMPTY;; echo "===UNAME==="; uname -a 2>/dev/null || echo EMPTY;; echo "===WHOAMI==="; whoami 2>/dev/null || echo EMPTY;; echo "===PWD==="; pwd 2>/dev/null || echo EMPTY;; echo "===LS_ROOT==="; ls -la / 2>/dev/null | head -10 || echo EMPTY;; echo "===PS==="; ps aux 2>/dev/null | head -15 || echo EMPTY;; echo "===NETSTAT==="; netstat -tulpn 2>/dev/null | head -10 || echo EMPTY;; echo "===HISTORY==="; history 2>/dev/null | tail -5 || echo EMPTY;; echo "===SSH_VERSION==="; ssh -V 2>&1 || echo EMPTY;; echo "===UPTIME==="; uptime 2>/dev/null || echo EMPTY;; echo "===MOUNT==="; mount 2>/dev/null | head -5 || echo EMPTY;; echo "===ENV==="; env 2>/dev/null | head -10 || echo EMPTY;; echo "===CPU_CORES==="; nproc 2>/dev/null || grep -c '^processor' /proc/cpuinfo 2>/dev/null || echo 0;; echo "===ARCH==="; uname -m 2>/dev/null || echo unknown;; echo "===CPU_MODEL==="; grep 'model name' /proc/cpuinfo 2>/dev/null | head -1 | cut -d ':' -f2- | sed 's/^ *//' || echo unknown;; echo "===RESOURCES==="; echo MEMKB=$(awk '/MemTotal/{print $2}' /proc/meminfo 2>/dev/null) DISKKB=$(df / 2>/dev/null | awk 'NR==2{print $2}') USERCNT=$(wc -l < /etc/passwd 2>/dev/null) PKGCNT=$(dpkg -l 2>/dev/null | grep -c '^ii' || rpm -qa 2>/dev/null | wc -l || echo 0);; echo "===CONTAINER==="; cat /proc/1/cgroup 2>/dev/null | head -3; test -f /.dockerenv && echo DOCKERENV; test -f /run/.containerenv && echo CONTAINERENV; echo;; echo "===COWRIE==="; ls /opt/cowrie /home/richard /etc/cowrie 2>&1;; echo "===DMESG==="; dmesg 2>/dev/null | head -5 || echo EMPTY;; echo "===PORTS==="; ss -tulpn 2>/dev/null | grep LISTEN | head -20 || netstat -tulpn 2>/dev/null | grep LISTEN | head -20 || echo EMPTY;; echo "===NETCFG==="; ls -la /etc/network/interfaces /etc/sysconfig/network-scripts/ /etc/netplan/ 2>/dev/null | head -3 || echo EMPTY;; echo "===IPADDR==="; ip addr show 2>/dev/null | grep -E '^[0-9]+:' | head -5 || echo EMPTY;; echo "===IPROUTE==="; ip route show 2>/dev/null | head -3 || echo EMPTY;; echo "===WRITE==="; TF=/tmp/t_$$; echo test > $TF 2>&1 && echo WRITEOK && rm -f $TF || echo WRITEFAIL;; echo "===IDCHECK==="; id 2>/dev/null && echo IDOK || echo IDFAIL; whoami 2>/dev/null && echo WHOAMIOK || echo WHOAMIFAIL;; echo "===PKGMGR==="; which apt 2>/dev/null || which yum 2>/dev/null || which pacman 2>/dev/null || which zypper 2>/dev/null || echo NOPKG;; echo "===SERVICES==="; systemctl list-units --type=service --state=running 2>/dev/null | head -10 || echo NOSVC;; echo "===SOCKETS==="; ss -tuln 2>/dev/null | wc -l || echo 0;; echo "===GPU==="; nvidia-smi --query-gpu=name,memory.total,driver_version --format=csv,noheader 2>/dev/null || echo NOGPU;; echo "===MAXDISK==="; df -BG 2>/dev/null | awk 'NR>1{gsub("G","",$2); if($2+0>max) max=$2+0} END{print max+0}' || echo 0;; echo "===END==="
awk /MemTotal/{print $2} /proc/meminfo 2 > /dev/null
df / 2 > /dev/null | awk NR==2{print $2}
wc -l < /etc/passwd 2 > /dev/null
dpkg -l 2 > /dev/null | grep -c ^ii
dpkg -l
rpm -qa 2 > /dev/null | wc -l
rpm -qa
echo 0
sed s/^ *//
history | tail -5
hostname

Fingerprints

HASSH

16443846184eafde36765c9bab2f4397 41436928ad6c56162ccacb243cee8297

SSH Client

SSH-2.0-Go

Evidence Timeline

Malware Dropper c0d8e7985204 w4m_seattle_01 · 2026-05-08 08:58

18 1 1 100%

Loading events...

Malware Dropper 899844583d6b w4m_seattle_01 · 2026-05-08 08:52

18 1 1 100%

Loading events...

Malware Dropper 27345c332deb w4m_seattle_01 · 2026-05-08 08:46

18 1 1 100%

Loading events...

Malware Dropper 333381dcfe1e w4m_seattle_01 · 2026-05-08 08:40

18 1 1 100%

Loading events...

Malware Dropper bc6a4fb1f7ad w4m_seattle_01 · 2026-05-08 08:34

18 1 1 100%

Loading events...

Malware Dropper 614321144991 w4m_seattle_01 · 2026-05-08 08:29

18 1 1 100%

Loading events...

Malware Dropper abc4af45a608 w4m_seattle_01 · 2026-05-08 08:24

18 1 1 100%

Loading events...

Malware Dropper 8e1f9642f40f w4m_seattle_01 · 2026-05-08 08:19

18 1 1 100%

Loading events...

Malware Dropper 8355fa92d3ca w4m_seattle_01 · 2026-05-08 08:13

18 1 1 100%

Loading events...

Malware Dropper fae5536946e1 w4m_seattle_01 · 2026-05-08 08:08

18 1 1 100%

Loading events...

Malware Dropper 93862e0b7e41 w4m_seattle_01 · 2026-05-08 08:04

18 1 1 100%

Loading events...

Malware Dropper 324558caa514 w4m_seattle_01 · 2026-05-08 07:58

18 1 1 100%

Loading events...

Malware Dropper e5b9bf657099 w4m_seattle_01 · 2026-05-08 07:53

18 1 1 100%

Loading events...

Malware Dropper 8ca440db4ae7 w4m_seattle_01 · 2026-05-08 07:43

18 1 1 100%

Loading events...

Malware Dropper dbad021cbc77 w4m_seattle_01 · 2026-05-08 07:39

18 1 1 100%

Loading events...

Malware Dropper e9ac206f0e2a w4m_seattle_01 · 2026-05-08 07:33

18 1 1 100%

Loading events...

Malware Dropper cf6365b23248 w4m_seattle_01 · 2026-05-08 07:29

18 1 1 100%

Loading events...

Malware Dropper 65c5e63ccb9f w4m_seattle_01 · 2026-05-08 07:24

18 1 1 100%

Loading events...

Malware Dropper 72ff38ecadb5 w4m_seattle_01 · 2026-05-08 07:19

18 1 1 100%

Loading events...

Malware Dropper e42d6e2456c9 w4m_seattle_01 · 2026-05-08 07:15

18 1 1 100%

Loading events...

Malware Dropper dd7aac373927 w4m_seattle_01 · 2026-05-08 07:09

18 1 1 100%

Loading events...

Malware Dropper cf1167c3836e w4m_seattle_01 · 2026-05-08 07:05

18 1 1 100%

Loading events...

Malware Dropper ce780658b033 w4m_seattle_01 · 2026-05-08 07:00

18 1 1 100%

Loading events...

Malware Dropper 5c5e3616da1c w4m_seattle_01 · 2026-05-08 06:55

18 1 1 100%

Loading events...

Malware Dropper 0bbf1701367e w4m_seattle_01 · 2026-05-08 06:51

18 1 1 100%

Loading events...

Malware Dropper 9299df2d3d63 w4m_seattle_01 · 2026-05-08 06:46

18 1 1 100%

Loading events...

Malware Dropper e2780fee8f5c w4m_seattle_01 · 2026-05-08 06:41

18 1 1 100%

Loading events...

Malware Dropper cdd045087c9e w4m_seattle_01 · 2026-05-08 06:36

18 1 1 100%

Loading events...

Malware Dropper d46de1e0dd76 w4m_seattle_01 · 2026-05-08 06:32

18 1 1 100%

Loading events...

Malware Dropper 0dc6f9af1552 w4m_seattle_01 · 2026-05-08 06:22

18 1 1 100%

Loading events...

Malware Dropper 047096481ca2 w4m_seattle_01 · 2026-05-08 06:18

18 1 1 100%

Loading events...

Malware Dropper d83469c933eb w4m_seattle_01 · 2026-05-08 06:13

18 1 1 100%

Loading events...

Malware Dropper d342fffff54f w4m_seattle_01 · 2026-05-08 06:08

18 1 1 100%

Loading events...

Malware Dropper 1bbfc8bfd01b w4m_seattle_01 · 2026-05-08 06:05

18 1 1 100%

Loading events...

Interactive Operator a53e0994f5ae w4m_seattle_01 · 2026-05-08 06:00

18 1 90%

Loading events...

Malware Dropper 50aef9ade6bd w4m_seattle_01 · 2026-05-08 05:54

18 1 1 100%

Loading events...

Credential Probe 994347582ecd w4m_seattle_01 · 2026-05-08 05:43

1 20%

Loading events...

Reconnaissance 08909b9646ea w4m_seattle_01 · 2026-02-25 17:13

1 1 60%

Loading events...

Reconnaissance 613140a879a2 w4m_seattle_01 · 2026-02-25 16:05

1 1 60%

Loading events...