Trends

  • The top attacker country was China with 587581 unique attackers (44.00%).
  • The top Trojan C&C server detected was TrickBot with 34 instances detected.


Top Attackers By Country

CountryOccurencesPercentage
China58758144.00%
Australia31063423.00%
South Africa16751312.00%
United Kingdom484873.00%
United States436483.00%
Chile254871.00%
India182711.00%
Canada160571.00%
France136211.00%
Hong Kong128440%
South Korea121460%
Vietnam120160%
Russia116100%
Netherlands81250%
Italy60470%
Romania32840%
Bulgaria18660%
Pakistan14650%



Threat Geo-location 


Top Attacking Hosts

HostOccurrences
49.88.112.11741144
103.70.234.530560
112.85.42.18721533
116.2.222.23019271
181.43.68.9115696
218.255.252.20110170
49.88.112.1167975
121.218.239.1386218
112.85.42.1895981
218.92.0.1905234
74.108.128.1834102
222.186.173.2263492
222.186.173.2383448
45.141.86.1283434

 


Top Network Attackers

ASNCountryName
9381Hong Kong SAR ChinaHKBNES-AS-AP HKBN Enterprise Solutions HK Limited, HK
1221AustraliaASN-TELSTRA Telstra Corporation Ltd, AU
701United StatesUUNET, US


Remote Access Trojan C&C Servers Found

NameNumber DiscoveredLocation
Heodo3170.81.48.2 , 46.30.175.11 , 70.48.238.90
TrickBot34103.5.231.188 , 107.155.137.23 , 110.232.76.39 , 110.93.15.98 , 122.50.6.122 , 176.119.159.147 , 178.156.202.251 , 185.141.61.101 , 185.14.30.45 , 185.99.2.142 , 185.99.2.152 , 185.99.2.68 , 188.119.113.114 , 190.136.178.52 , 194.5.250.46 , 194.5.250.47 , 194.5.250.69 , 200.171.101.169 , 217.12.209.170 , 217.12.209.244 , 31.131.26.31 , 36.91.45.10 , 45.153.185.187 , 45.6.16.68 , 5.1.74.124 , 51.89.115.121 , 5.196.247.14 , 79.137.101.2 , 85.204.116.191 , 85.204.116.195 , 85.204.116.57 , 91.200.100.84 , 93.189.42.81 , 96.9.77.56


 

Common Malware

MD5VirusTotalFileNameClaimed ProductDetection Name
5d34464531ddbdc7b0a4dba5b4c1cfeahttps://www.virustotal.com/gui/file/a545df34334b39522b9cc8cc0c11a1591e016539b209ca1d4ab8626d70a54776/detailsFlashHelperServices.exeFlashHelperServicePUA.Win.Adware.Flashserv::in03.talos
bf1d79fad6471fcf50e38a9ea1f646a5https://www.virustotal.com/gui/file/589d9977a5b0420d29acc0c1968a2ff48102ac3ddc0a1f3188be79d0a4949c82/detailswupxarch.exeN/AW32.Auto:589d99.in03.Talos
8c80dd97c37525927c1e549cb59bcbf3https://www.virustotal.com/gui/file/85b936960fbe5100c170b777e1647ce9f0f01e3ab9742dfc23f37cb0825b30b5/detailsEternalblue-2.2.0.exeN/AW32.85B936960F.5A5226262.auto.Talos
9b47b9f19455bf56138ddb81c93b6c0chttps://www.virustotal.com/gui/file/518a8844dae953d7f2510d38ba916f1c4ccc01cfba58f69290938b6ddde8b472/detailsupdateprofile.exeN/AWin.Dropper.Generic::tpd
c2406fc0fce67ae79e625013325e2a68https://www.virustotal.com/gui/file/1c3ed460a7f78a43bab0ae575056d00c629f35cf7e72443b4e874ede0f305871/detailsSegurazoIC.exeSegurazoICPUA.Win.Adware.Ursu::95.sbx.tg


CVEs with Recently Discovered Exploits

This is a list of recent vulnerabilities for which exploits are available.

CVE, Title, VendorDescriptionCVSS v2 Base ScoreDate CreatedDate Updated

CVE-2020-0760

Microsoft Office Remote Code Execution Vulnerability

Microsoft

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries. An attacker could then install programsview,change,ordeletedata04/15/202004/17/2020

CVE-2020-1027

Microsoft Windows Kernel Elevation of Privilege Vulnerability

Microsoft

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.CVSSv3BaseScore:8.8(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)04/15/202004/15/2020

CVE-2020-1020

Microsoft Adobe Font Manager Library Remote Code Execution Vulnerability

Microsoft

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.CVSSv3BaseScore:8.8(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)04/15/202004/15/2020

CVE-2020-0687

Microsoft Graphics Remote Code Execution Vulnerability

Microsoft

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system.CVSSv3BaseScore:8.8(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)04/15/202004/17/2020

CVE-2019-1381

Microsoft Windows Information Disclosure Vulnerability

Microsoft

An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations. An attacker who successfully exploited the vulnerability could potentially access unauthorized files.CVSSv3BaseScore:9.9(AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)11/12/201911/14/2019

CVE-2020-0968

Microsoft Scripting Engine Memory Corruption Vulnerability

Microsoft

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.CVSSv3BaseScore:7.5(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)04/15/202004/17/2020

CVE-2020-0939

Microsoft Media Foundation Information Disclosure Vulnerability

Microsoft

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.CVSSv3BaseScore:8.8(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)04/15/202004/15/2020
0 Comments
Tuesday, April 21, 2020 By john