IOC Radar
IPMediumSignal 74/100

45.125.64.200

Location
Hong KongHong Kong
Fanling, North District
ASN
AS133398
Tele Asia Limited
First Seen
Feb 8, 2025
Last Seen
Feb 19, 2026
Feb 8
First Seen
500d ago
Feb 19
Last Seen
124d ago
6
Reports
source reports
74%
Confidence
medium
Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
74%
Signal Score
74 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

39 techniques

Network Information

CountryHKHong Kong
RegionFanling, North District
ASNAS133398
OrganizationTele Asia Limited

Feed Intelligence Summary

6 reports74% confidence
6
Source reports
74%
Confidence score
Category tags
abuseai analysisai assistanceaptbackdoorbotnetbrute forcec2c2 serverclaudecode executioncode injectioncommand and controlcommand executioncredential accesscredential harvestingcredential stuffingctadaggerflydata exfiltrationdistributed attackself malwarefortiguard labshkhong kongindicatoriotiot deviceslateral movementlinuxlunar peeklunar peek campaignmalicious softwaremalwarenetworknetwork appliancenetwork appliancesphishing attackplease payprocess injectionremote accessresearchedreverse engineeringsocial engineeringsoftware exploitationsonnetssh attackssh backdoort1005t1014t1016t1021.004t1027t1036.004t1049t1053.005t1055t1057t1059t1059.004t1068t1070.004t1071.001t1078.004t1082t1083t1102t1105t1110.002t1112t1133t1190t1203t1205t1486t1496t1499.002t1499.003t1543.002t1547.001t1555.004t1565t1566t1566.001t1566.002t1566.003t1574

Activity Timeline

1 total obs
Feb 19Feb 19

Threat Activity Heatmap

· Peak: 2026-02-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
74
SIGNAL
Signal Score
74%
Confidence
6
Reports
First seenFeb 8, 2025
Last seenFeb 19, 2026
GeolocationHK
CountryHong Kong
LocationFanling, North District
ASNAS133398
OrgTele Asia Limited
Coords22.2578, 114.1657

VirusTotal

Not checked

WHOIS

description
Chinese hackers, specifically the DaggerFly espionage group, are targeting Linux devices with a sophisticated SSH backdoor called ELF/Sshdinjector.A!tr. The Lunar Peek campaign, active since mid-November 2024, primarily focuses on network appliances and IoT devices. The attack involves a dropper that deploys malicious binaries, including a modified SSH library and infected versions of common utilities. The core backdoor communicates with a remote C2 server, enabling system information gathering, data exfiltration, and arbitrary command execution. The malware uses a custom communication protocol with hardcoded identifiers and can perform various actions through specific command IDs. Users are advised to keep their AntiVirus definitions up-to-date to mitigate the threat.
raw
inetnum: 45.125.64.0 - 45.125.64.255 netname: TELE-HK descr: Tele Asia country: HK admin-c: TAHH1-AP tech-c: TAHH1-AP abuse-c: AT1031-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-HK-TELEASIA mnt-irt: IRT-TELE-ASIA last-modified: 2024-04-19T20:57:25Z source: APNIC irt: IRT-TELE-ASIA address: Tele Asia Limited address: Unit 211, 2/F, Poly Centre address: 15 Yip Fung Street, On Lok Tseun address: Fanling, NT, Hong Kong e-mail: [email protected] abuse-mailbox: [email protected] admin-c: TAHH1-AP tech-c: TAHH1-AP auth: # Filtered remarks: [email protected] is invalid mnt-by: MAINT-TELE-HK last-modified: 2025-03-05T13:09:20Z source: APNIC role: ABUSE TELEASIA country: ZZ address: Tele Asia Limited address: Unit 211, 2/F, Poly Centre address: 15 Yip Fung Street, On Lok Tseun address: Fanling, NT, Hong Kong phone: +000000000 e-mail: [email protected] admin-c: TAHH1-AP tech-c: TAHH1-AP nic-hdl: AT1031-AP remarks: Generated from irt object IRT-TELE-ASIA remarks: [email protected] is invalid abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-03-05T13:11:05Z source: APNIC role: Tele Asia Host Hong Kong administrator address: Tele Asia Limited, Unit 211, 2/F, Poly Centre, 15 Yip Fung Street, On Lok Tseun,, Fanling New Territ country: HK phone: +85281700749 fax-no: +85281700749 e-mail: [email protected] admin-c: TAHH1-AP tech-c: TAHH1-AP nic-hdl: TAHH1-AP mnt-by: MAINT-TELE-HK last-modified: 2013-02-15T04:02:01Z source: APNIC route: 45.125.64.0/24 origin: AS133398 descr: Tele Asia Limited Tele Asia Limited Unit 211, 2/F, Poly Centre 15 Yip Fung Street, On Lok Tseun, mnt-by: MAINT-HK-TELEASIA last-modified: 2017-09-15T16:39:47Z source: APNIC
references
https://cybersecuritynews.com/chinese-hackers-attacking-linux-devices/, https://www.fortinet.com/blog/threat-research/analyzing-elf-sshdinjector-with-a-human-and-artificial-analyst

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 6 threat reports