IntrusionLabs / threat intelligence

Sign in

← Back to feed

5.231.208.117

TAGGED SUSPICIOUS how we decide →

Threat Confidence

33%

Location

🇩🇪 DE

ASN

AS12586 · GHOSTnet GmbH

Cloud Provider

—

Total Events

23

Average by volume

Agent Count

1

First / Last Seen

2026-04-19 09:17 — 2026-04-19 10:14

Attack Types

ssh:bruteforce

MITRE ATT&CK Techniques

Reconnaissance

T1595.002

Initial Access

T1078

Credential Access

T1110 T1110.001

Discovery

T1016 T1082

External Corroboration

Not flagged by any external feeds

Campaigns

HASSH 16443846184e… — SSH-2.0-Go (97 IPs, 18 countries) HASSH Active high 🇮🇷 IR

97 IPs 76525 events

mysql:bruteforcessh:bruteforce

2026-02-22 — ongoing · 97 IPs are running an identical SSH client (HASSH fingerprint 16443846184e…). Top network: Limited Network LTD (AS213790). Geographic …

Session Forensics

reconnaissance ×1 credential_probe ×1 opportunistic_bruter ×2

Sessions

4 (3 with login)

Avg Depth Score

0.45

Commands Executed

1

Files Downloaded

0

Notable Commands

hostname

Fingerprints

HASSH

16443846184eafde36765c9bab2f4397

SSH Client

SSH-2.0-Go

Evidence Timeline

Opportunistic Bruter 373c75acca77 w4m_singapore_01 · 2026-04-19 10:14

1 50%

Loading events...

Opportunistic Bruter ae3af1f88728 w4m_singapore_01 · 2026-04-19 09:53

1 50%

Loading events...

Reconnaissance 3bd149d48088 w4m_singapore_01 · 2026-04-19 09:33

1 1 60%

Loading events...

Credential Probe 80ef164b9a1f w4m_singapore_01 · 2026-04-19 09:17

1 20%

Loading events...