​​​Trends

  • The top attacker country was China with 656640 unique attackers (36.00%).
  • The top Trojan C&C server detected was TrickBot with 26 instances detected.


Top Attackers By Country

CountryOccurencesPercentage
China65664036.00%
Australia37325220.00%
South Africa1144646.00%
United States1056525.00%
Chile658783.00%
United Kingdom607983.00%
Germany558883.00%
South Korea540842.00%
Russia519792.00%
India503172.00%
Thailand338621.00%
France196251.00%
Brazil180320%
Vietnam162690%
Italy122530%
Taiwan67480%
Romania49130%
Estonia32760%
Dominican Republic29090%
Top Attackers by CountryChinaAustraliaSouth AfricaUnited StatesChileUnited KingdomGermanySouth KoreaRussiaIndiaOther38.5%6.9%6.2%6.7%21.9%
CountryPercentage of Attacks
China656,640
Australia373,252
South Africa114,464
United States105,652
Chile65,878
United Kingdom60,798
Germany55,888
South Korea54,084
Russia51,979
India50,317
Thailand33,862
France19,625
Brazil18,032
Vietnam16,269
Italy12,253
Taiwan6,748
Romania4,913
Estonia3,276
Dominican Republic2,909


Threat Geo-location

2,909656,640


Top Attacking Hosts

HostOccurrences
47.254.21.17218931
203.82.209.21318350
89.248.168.22117945
49.50.69.8517363
79.124.62.7413943
139.99.187.2312741
112.85.42.18712298
114.116.225.2111054
67.218.157.957216
49.88.112.1157016
112.85.42.886762
89.248.162.1366003
120.155.9.1015577
218.92.0.1904934
49.88.112.1104677
49.36.128.294414
210.7.22.743810
88.218.17.153568
Top Attackers47.25…89.24…49.50.…79.12…139.9…112.8…114.11…67.21…49.88.…112.8…89.24…120.1…218.9…49.88.…49.36.…210.7.…88.21…010,00020,000
HostOccurences
47.254.21.17218,931
89.248.168.22117,945
49.50.69.8517,363
79.124.62.7413,943
139.99.187.2312,741
112.85.42.18712,298
114.116.225.2111,054
67.218.157.957,216
49.88.112.1157,016
112.85.42.886,762
89.248.162.1366,003
120.155.9.1015,577
218.92.0.1904,934
49.88.112.1104,677
49.36.128.294,414
210.7.22.743,810
88.218.17.153,568


Top Network Attackers

ASNCountryName
45102United StatesCNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN
202425NetherlandsINT-NETWORK, SC
55470IndiaCYFUTURE-AS-IN Cyfuture India Pvt. Ltd., IN
207812BulgariaDM_AUTO, BG
55990ChinaHWCSNET Huawei Cloud Service data center, CN
25820CanadaIT7NET, CA
55836IndiaRELIANCEJIO-IN Reliance Jio Infocomm Limited, IN
4638FijiIS-FJ-AS Telecom Fiji Limited, FJ
50673NetherlandsSERVERIUS-AS, NL


Remote Access Trojan C&C Servers Found

NameNumber DiscoveredLocation
Heodo1193.80.169.64
LokiBot1148.66.135.80
Pony1162.244.92.35
Taurus3104.18.45.216 , 185.141.62.31 , 185.219.83.222
TrickBot26104.168.125.105 , 107.155.137.3 , 158.69.133.69 , 172.245.159.191 , 185.14.30.22 , 185.14.30.52 , 185.164.32.114 , 185.17.122.167 , 185.90.61.140 , 185.99.2.133 , 185.99.2.238 , 194.36.189.141 , 194.5.250.96 , 194.87.236.66 , 217.12.209.60 , 31.131.20.244 , 5.1.74.116 , 5.1.81.127 , 5.182.211.215 , 82.146.40.192 , 85.204.116.14 , 85.204.116.16 , 93.189.41.252 , 93.189.41.96 , 93.189.43.61 , 94.250.249.38
Trojan C&C Servers DetectedHeodoLokiBotPonyTaurusTrickBot9.4%81.3%
NameNumber Discovered
Heodo1
LokiBot1
Pony1
Taurus3
TrickBot26


Common Malware

MD5VirusTotalFileNameClaimed ProductDetection Name
c6dc7326766f3769575caa3ccab71f63https://www.virustotal.com/gui/file/fb022bbec694d9b38e8a0e80dd0bfdfe0a462ac0d180965d314651a7bc0614f4/detailswupxarch.exeN/AWin.Dropper.Ranumbot::in03.talos
8c80dd97c37525927c1e549cb59bcbf3https://www.virustotal.com/gui/file/85b936960fbe5100c170b777e1647ce9f0f01e3ab9742dfc23f37cb0825b30b5/detailsEternalblue-2.2.0.exeN/AW32.85B936960F.5A5226262.auto.Talos
47b97de62ae8b2b927542aa5d7f3c858https://www.virustotal.com/gui/file/3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3/detailsqmreportupload.exeqmreportuploadWin.Trojan.Generic::in10.talos
e2ea315d9a83e7577053f52c974f6a5ahttps://www.virustotal.com/gui/file/c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f/detailsTempmf582901854.exeN/AW32.AgentWDCR:Gen.21gn.1201
799b30f47060ca05d80ece53866e01cchttps://www.virustotal.com/gui/file/15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b/detailsmf2016341595.exeN/A
0 Comments
Thursday, May 7, 2020 By john