Comprehensive post-access host reconnaissance over SSH focused on system fingerprinting and GPU capability validation. The activity enumerates OS and kernel details, CPU model and core count, uptime, interactive users, routing information, and performs conditional GPU detection via lspci or nvidia-smi. It also validates binary availability (e.g., kill) and performs external IP organization lookups. This pattern is consistent with operators assessing compute capacity (including GPU suitability), system stability, and execution environment before payload deployment such as cryptomining, AI workload abuse, or resource-intensive tooling.

Identifies SSH sessions where the actor executes uname -s -v -n -r -m to retrieve detailed kernel, hostname, architecture, and OS version information for environment profiling and post-access decision making.