Trends

  • The top attacker country was China with 535153 unique attackers (37.00%).
  • The top Trojan C&C server detected was TrickBot with 12 instances detected.


Top Attackers By Country

CountryOccurencesPercentage
China53515337.00%
Australia32665422.00%
South Africa1050177.00%
United States697704.00%
Chile651364.00%
Germany544333.00%
United Kingdom540973.00%
South Korea514443.00%
Thailand338622.00%
Russia299552.00%
Brazil171591.00%
France170671.00%
Vietnam152151.00%
India137810%
Italy102960%
Taiwan67480%
Dominican Republic29090%
Estonia28690%
Romania14220%


Threat Geo-location

 


Top Attacking Hosts

HostOccurrences
181.43.59.17312186
49.88.112.11611206
112.85.42.18710399
49.231.247.367781
45.141.84.254662
112.85.42.883800
86.148.107.2223762
120.155.9.1013629
49.196.149.483059
49.196.167.1662470
218.92.0.1902034
86.131.23.361996
124.219.109.451945
112.85.42.1891677
222.186.175.1821411
82.132.229.831382
36.111.164.371271


Top Network Attackers

ASNCountryName
24154TaiwanAPBT-AS-TW Asia Pacific Broadband Fixed Lines Co., Ltd., TW
35228United KingdomO2BROADBAND, GB
58519ChinaCHINATELECOM-CTCLOUD Cloud Computing Corporation, CN


Remote Access Trojan C&C Servers Found

NameNumber DiscoveredLocation
Kpot163.250.39.193
TrickBot12107.155.137.25 , 107.155.137.28 , 107.175.87.128 , 185.14.31.87 , 185.14.31.97 , 185.164.32.115 , 194.5.250.80 , 195.54.32.40 , 45.67.231.62 , 45.83.192.152 , 5.188.168.87 , 85.204.116.58


 

Common Malware

MD5VirusTotalFileNameClaimed ProductDetection Name
5d34464531ddbdc7b0a4dba5b4c1cfeahttps://www.virustotal.com/gui/file/a545df34334b39522b9cc8cc0c11a1591e016539b209ca1d4ab8626d70a54776/detailsFlashHelperServices.exeFlashHelperServicePUA.Win.Adware.Flashserv::in03.talos
c6dc7326766f3769575caa3ccab71f63https://www.virustotal.com/gui/file/fb022bbec694d9b38e8a0e80dd0bfdfe0a462ac0d180965d314651a7bc0614f4/detailswupxarch.exeN/AWin.Dropper.Ranumbot::in03.talos
4202e589899ec68bc2d4fa6fb1218e2fhttps://www.virustotal.com/gui/file/9cc2b845bdee4774e45143e00dc82c673bf940c764b687c976f8d27d9f48b704/detailsapp171.exeN/AWin.Dropper.Ranumbot::sbmt.talos
8c80dd97c37525927c1e549cb59bcbf3https://www.virustotal.com/gui/file/85b936960fbe5100c170b777e1647ce9f0f01e3ab9742dfc23f37cb0825b30b5/detailsEternalblue-2.2.0.exeN/AW32.85B936960F.5A5226262.auto.Talos
e2ea315d9a83e7577053f52c974f6a5ahttps://www.virustotal.com/gui/file/c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f/detailsTempmf582901854.exeN/AW32.AgentWDCR:Gen.21gn.1201
0 Comments
Thursday, April 30, 2020 By john