Trends

  • The top attacker country was China with 2985404 unique attackers (50.00%).
  • The top Trojan C&C server detected was TrickBot with 8 instances detected.


Top Attackers By Country

CountryOccurencesPercentage
China298540450.00%
Australia117836419.00%
United States3529535.00%
South Africa2687024.00%
India1820923.00%
Russia1751692.00%
France1308482.00%
South Korea1169651.00%
United Kingdom1132111.00%
Chile1113461.00%
Brazil716721.00%
Germany683401.00%
Vietnam482610%
Thailand425070%
Italy333060%
Estonia153500%
Romania133990%
Taiwan100840%
Dominican Republic33020%


Top Attackers by CountryChinaAustraliaUnited StatesSouth AfricaIndiaRussiaFranceOther10.9%6%19.9%50.4%
CountryPercentage of Attacks
China2,985,404
Australia1,178,364
United States352,953
South Africa268,702
India182,092
Russia175,169
France130,848
South Korea116,965
United Kingdom113,211
Chile111,346
Brazil71,672
Germany68,340
Vietnam48,261
Thailand42,507
Italy33,306
Estonia15,350
Romania13,399
Taiwan10,084
Dominican Republic3,302


Threat Geo-location

3,3022,985,404


Top Attacking Hosts

HostOccurrences
112.85.42.18634615
49.88.112.11514515
218.92.0.19010620
112.85.42.8810133
61.183.54.1748102
122.115.230.1832789
Top Attackers112.85.42.18649.88.112.115218.92.0.190112.85.42.8861.183.54.174122.115.230.183020,00040,000
HostOccurences
112.85.42.18634,615
49.88.112.11514,515
218.92.0.19010,620
112.85.42.8810,133
61.183.54.1748,102
122.115.230.1832,789

Top Network Attackers

ASNCountryName
4837ChinaCHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN
4134ChinaCHINANET-BACKBONE No.31, Jin-rong Street, CN
23724ChinaCHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN


Remote Access Trojan C&C Servers Found

NameNumber DiscoveredLocation
AmadeusStealer195.142.44.113
Anubis68.208.91.252 , 8.209.104.170 , 8.209.99.235 , 84.38.180.55 , 84.38.183.96 , 91.210.104.212
AzorUlt1193.42.96.108
FlexNet347.241.116.41 , 81.177.139.80 , 8.209.112.8
Heodo2190.163.1.31 , 190.19.169.69
KPOT284.38.183.155 , freelacerinc.ru
Lokibot184.38.181.216
Oski145.143.92.129
TrickBot8109.234.34.135 , 185.142.99.223 , 185.198.57.113 , 185.244.39.190 , 192.210.226.12 , 192.3.247.124 , 195.123.239.126 , 78.88.188.42
Vidar1185.99.133.182
Trojan C&C Servers DetectedAmadeusStealerAnubisAzorUltFlexNetHeodoKPOTLokibotOskiAmadeusStealerTrickBotVidar22.2%11.1%7.4%29.6%7.4%
NameNumber Discovered
AmadeusStealer1
Anubis6
AzorUlt1
FlexNet3
Heodo2
KPOT2
Lokibot1
Oski1
AmadeusStealer1
TrickBot8
Vidar1


Common Malware

MD5VirusTotalFileNameClaimed ProductDetection Name
a10a6d9dfc0328a391a3fdb1a9fb18dbhttps://www.virustotal.com/gui/file/85b936960fbe5100c170b777e1647ce9f0f01e3ab9742dfc23f37cb0825b30b5/detailsFlashHelperServices.exeFlashHelperServicePUA.Win.Adware.Flashserv::100.sbx.vioc
8c80dd97c37525927c1e549cb59bcbf3https://www.virustotal.com/gui/file/094d4da0ae3ded8b936428bb7393c77aaedd5efb5957116afd4263bd7edc2188/detailsFlashHelperServices.exeFlashHelperServicesWin.Exploit.Shadowbrokers::5A5226262.auto.talos
47b97de62ae8b2b927542aa5d7f3c858https://www.virustotal.com/gui/file/3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3/detailsqmreportupload.exeqmreportuploadWin.Trojan.Generic::in10.talos
e2ea315d9a83e7577053f52c974f6a5ahttps://www.virustotal.com/gui/file/c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f/detectionc3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f.binN/AWin.Dropper.Agentwdcr::1201
799b30f47060ca05d80ece53866e01cchttps://www.virustotal.com/gui/file/15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b/detectionmf2016341595.exeN/AWin.Downloader.Generic::1201
0 Comments
Thursday, June 11, 2020 By john