Trends

  • The top attacker country was China with 105789 unique attackers (45.00%).
  • The top Trojan C&C server detected was Heodo with 35 instances detected.
  • The top phishing campaign detected was against Facebook accounts with 198 instances detected.


Top Attackers By Country

CountryOccurencesPercentage
China10578945.00%
United States3541515.00%
Australia205078.00%
India124525.00%
Vietnam89253.00%
Canada76973.00%
Brazil61952.00%
Indonesia58962.00%
France38061.00%
United Kingdom35471.00%
Netherlands25091.00%
Germany23541.00%
Chile20870%
Russia20320%
Mexico11880%
Romania6700%
Thailand5730%
Croatia5160%
Ireland3790%


Top Attackers by CountryChinaUnited StatesAustraliaIndiaVietnamCanadaBrazilIndonesiaOther47.5%8.8%5.6%9.2%15.9%
CountryPercentage of Attacks
China105,789
United States35,415
Australia20,507
India12,452
Vietnam8,925
Canada7,697
Brazil6,195
Indonesia5,896
France3,806
United Kingdom3,547
Netherlands2,509
Germany2,354
Chile2,087
Russia2,032
Mexico1,188
Romania670
Thailand573
Croatia516
Ireland379



Threat Geo-location

379105,789


Top Attacking Hosts

HostOccurrences
47.92.64.1859864
112.85.42.888730
103.214.171.148157
103.141.177.1757916
49.88.112.1157232
116.153.32.2125294
47.92.69.1554792
43.252.145.423934
61.153.191.661738
112.85.42.1871731
222.186.175.1481140
223.99.14.181078
Top Attackers47.92.…112.8…103.2…103.1…49.88.…116.1…47.92.…43.25…61.15…112.8…222.1…223.9…05,00010,000
HostOccurences
47.92.64.1859,864
112.85.42.888,730
103.214.171.148,157
103.141.177.1757,916
49.88.112.1157,232
116.153.32.2125,294
47.92.69.1554,792
43.252.145.423,934
61.153.191.661,738
112.85.42.1871,731
222.186.175.1481,140
223.99.14.181,078


Top Network Attackers

ASNCountryName
37963ChinaCNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN
4837ChinaCHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN
137443Hong Kong SAR ChinaANCHGLOBAL-AS-AP Anchnet Asia Limited, HK
63731VietnamTPTECO-AS-VN TIEN PHAT TECHNOLOGY CORPORATION, VN
4134ChinaCHINANET-BACKBONE No.31,Jin-rong Street, CN
56233IndonesiaATSINDO-AS-ID PT Asia Teknologi Solusi, ID
58461ChinaCT-HANGZHOU-IDC No.288,Fu-chun Road, CN
23650ChinaCHINANET-JIANGSU-PROVINCE-IDC AS Number for CHINANET jiangsu province backbone, CN
24444ChinaCMNET-V4SHANDONG-AS-AP Shandong Mobile Communication Company Limited, CN


Remote Access Trojan C&C Servers Found

NameNumber DiscoveredLocation
Heodo35107.5.122.110 , 110.142.219.51 , 118.101.24.148 , 120.150.60.189 , 134.209.193.138 , 1.54.67.22 , 162.144.42.60 , 162.241.242.173 , 172.91.208.86 , 173.81.218.65 , 174.45.13.118 , 181.122.154.240 , 189.39.32.161 , 190.136.179.102 , 190.96.15.50 , 194.187.133.160 , 197.232.36.108 , 206.15.68.237 , 2.144.244.204 , 216.208.76.186 , 24.26.151.3 , 37.52.87.0 , 45.16.226.117 , 45.182.161.17 , 45.55.219.163 , 45.55.36.51 , 50.81.3.113 , 62.30.7.67 , 68.183.233.80 , 82.239.200.118 , 91.121.54.71 , 91.75.75.46 , 94.102.209.63 , 94.200.114.161 , 97.107.135.148
StealthWorker191.240.118.79
TrickBot29104.161.32.108 , 107.155.137.18 , 129.232.133.39 , 139.60.163.45 , 176.31.28.85 , 185.172.129.100 , 185.180.198.58 , 185.234.72.240 , 185.99.2.106 , 194.5.249.221 , 194.87.236.171 , 195.123.240.52 , 195.123.241.175 , 195.123.241.224 , 195.123.241.229 , 195.123.241.68 , 37.220.6.122 , 37.220.6.126 , 45.138.158.33 , 45.138.158.41 , 5.182.211.124 , 51.83.196.234 , 51.89.204.242 , 82.146.37.128 , 85.143.221.85 , 85.204.116.117 , 91.200.100.85 , 93.189.42.225 , 95.171.15.71
Trojan C&C Servers DetectedHeodoTrickBotOther44.6%53.8%
NameNumber Discovered
Heodo35
StealthWorker1
TrickBot29


Common Malware

MD5VirusTotalFileNameClaimed ProductDetection Name
8c80dd97c37525927c1e549cb59bcbf3https://www.virustotal.com/gui/file/85b936960fbe5100c170b777e1647ce9f0f01e3ab9742dfc23f37cb0825b30b5/detailsEter.exeN/AWin.Exploit.Shadowbrokers::5A5226262.auto.talos
e2ea315d9a83e7577053f52c974f6a5ahttps://www.virustotal.com/gui/file/c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f/detailsTempmf582901854.exeN/AWin.Dropper.Agentwdcr::1201
adad179db8c67696ac24e9e11da2d075https://www.virustotal.com/gui/file/7f9446709fbd77a21a806d17cf163ba00ce1a70f8b6af197990aa9924356fd36/detailsFlashHelperServices.exeFlashHelperServiceW32.7F9446709F-100.SBX.VIOC
799b30f47060ca05d80ece53866e01cchttps://www.virustotal.com/gui/file/15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b/detailsmf2016341595.exeN/AWin.Downloader.Generic::1201
47b97de62ae8b2b927542aa5d7f3c858https://www.virustotal.com/gui/file/3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3/detailsqmreportupload.exeqmreportuploadWin.Trojan.Generic::in10.talos


Top Phishing Campaigns

Phishing TargetCount
Other1579
Facebook198
PayPal20
Amazon.com33
Virustotal54
Allegro5
Microsoft9
Scotiabank1
Steam5
RuneScape9
Americanas.com1
Netflix5
Alibaba.com1
Adobe8
Twitter1
Google3
Orange1
Blockchain1
Yahoo1
LinkedIn2


CVEs with Recently Discovered Exploits

This is a list of recent vulnerabilities for which exploits are available.

CVE, Title, VendorDescriptionCVSS v3.1 Base ScoreDate CreatedDate Updated

CVE-2020-1147

Microsoft Sharepoint Server Remote Code Execution Vulnerability

Microsoft

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content.CVSSv3BaseScore:7.8(AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)07/14/202008/20/2020

CVE-2020-6519

Google Chrome Arbitrary Code Execution Vulnerability

Google

Policy bypass in CSP in Google Chrome allowed a remote attacker to bypass content security policy via a crafted HTML page. It could allow attackers to bypass the Content Security Policy (CSP) on websites, in order to steal data and execute rogue code.CVSSv3BaseScore:6.5(AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)07/22/202008/09/2020

CVE-2020-3506

Cisco IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities

Cisco

Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera.CVSSv3BaseScore:8.8(V:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)08/26/202008/26/2020

CVE-2020-15858

Cinterion Java Modules Vulnerability

Cinterion

This security vulnerability could potentially allow attackers with physical access to the device to compromise certain assets stored in the Cinterion modules' flash file system such as: Customer Java MIDlet byte code, TLS credentials or OTAP configuration dataCVSSv3BaseScore:6.2(AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L)08/21/202008/24/2020

CVE-2020-3398

Cisco NX-OS Software Border Gateway Protocol Multicast VPN Session Denial of Service Vulnerability

Cisco

A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service condition due to the BGP session being down. The vulnerability is due to incorrect parsing of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause the BGP peer connections to reset, which could lead to BGP route instability and impact traffic.CVSSv3BaseScore:8.6(AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)08/27/202008/27/2020
0 Comments
Monday, August 31, 2020 By john