​​​Trends

  • The top attacker country was China with 656640 unique attackers (36.00%).
  • The top Trojan C&C server detected was TrickBot with 26 instances detected.

Top Attackers By Country

Country Occurences Percentage
China 656640 36.00%
Australia 373252 20.00%
South Africa 114464 6.00%
United States 105652 5.00%
Chile 65878 3.00%
United Kingdom 60798 3.00%
Germany 55888 3.00%
South Korea 54084 2.00%
Russia 51979 2.00%
India 50317 2.00%
Thailand 33862 1.00%
France 19625 1.00%
Brazil 18032 0%
Vietnam 16269 0%
Italy 12253 0%
Taiwan 6748 0%
Romania 4913 0%
Estonia 3276 0%
Dominican Republic 2909 0%
Top Attackers by CountryChinaAustraliaSouth AfricaUnited StatesChileUnited KingdomGermanySouth KoreaRussiaIndiaOther38.5%6.9%6.2%6.7%21.9%
Country Percentage of Attacks
China 656,640
Australia 373,252
South Africa 114,464
United States 105,652
Chile 65,878
United Kingdom 60,798
Germany 55,888
South Korea 54,084
Russia 51,979
India 50,317
Thailand 33,862
France 19,625
Brazil 18,032
Vietnam 16,269
Italy 12,253
Taiwan 6,748
Romania 4,913
Estonia 3,276
Dominican Republic 2,909

Threat Geo-location

2,909656,640

Top Attacking Hosts

Host Occurrences
47.254.21.172 18931
89.248.168.221 17945
49.50.69.85 17363
79.124.62.74 13943
139.99.187.23 12741
112.85.42.187 12298
114.116.225.21 11054
67.218.157.95 7216
49.88.112.115 7016
112.85.42.88 6762
89.248.162.136 6003
120.155.9.101 5577
218.92.0.190 4934
49.88.112.110 4677
49.36.128.29 4414
210.7.22.74 3810
88.218.17.15 3568
Top Attackers47.25…89.24…49.50.…79.12…139.9…112.8…114.11…67.21…49.88.…112.8…89.24…120.1…218.9…49.88.…49.36.…210.7.…88.21…010,00020,000
Host Occurences
47.254.21.172 18,931
89.248.168.221 17,945
49.50.69.85 17,363
79.124.62.74 13,943
139.99.187.23 12,741
112.85.42.187 12,298
114.116.225.21 11,054
67.218.157.95 7,216
49.88.112.115 7,016
112.85.42.88 6,762
89.248.162.136 6,003
120.155.9.101 5,577
218.92.0.190 4,934
49.88.112.110 4,677
49.36.128.29 4,414
210.7.22.74 3,810
88.218.17.15 3,568

Top Network Attackers

ASN Country Name
45102 United States CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN
202425 Netherlands INT-NETWORK, SC
55470 India CYFUTURE-AS-IN Cyfuture India Pvt. Ltd., IN
207812 Bulgaria DM_AUTO, BG
55990 China HWCSNET Huawei Cloud Service data center, CN
25820 Canada IT7NET, CA
55836 India RELIANCEJIO-IN Reliance Jio Infocomm Limited, IN
4638 Fiji IS-FJ-AS Telecom Fiji Limited, FJ
50673 Netherlands SERVERIUS-AS, NL

Remote Access Trojan C&C Servers Found

Name Number Discovered Location
Heodo 1 193.80.169.64
LokiBot 1 148.66.135.80
Pony 1 162.244.92.35
Taurus 3 104.18.45.216 , 185.141.62.31 , 185.219.83.222
TrickBot 26 104.168.125.105 , 107.155.137.3 , 158.69.133.69 , 172.245.159.191 , 185.14.30.22 , 185.14.30.52 , 185.164.32.114 , 185.17.122.167 , 185.90.61.140 , 185.99.2.133 , 185.99.2.238 , 194.36.189.141 , 194.5.250.96 , 194.87.236.66 , 217.12.209.60 , 31.131.20.244 , 5.1.74.116 , 5.1.81.127 , 5.182.211.215 , 82.146.40.192 , 85.204.116.14 , 85.204.116.16 , 93.189.41.252 , 93.189.41.96 , 93.189.43.61 , 94.250.249.38
Trojan C&C Servers DetectedHeodoLokiBotPonyTaurusTrickBot9.4%81.3%
Name Number Discovered
Heodo 1
LokiBot 1
Pony 1
Taurus 3
TrickBot 26

Common Malware

MD5 VirusTotal FileName Claimed Product Detection Name
c6dc7326766f3769575caa3ccab71f63 https://www.virustotal.com/gui/file/fb022bbec694d9b38e8a0e80dd0bfdfe0a462ac0d180965d314651a7bc0614f4/details wupxarch.exe N/A Win.Dropper.Ranumbot::in03.talos
8c80dd97c37525927c1e549cb59bcbf3 https://www.virustotal.com/gui/file/85b936960fbe5100c170b777e1647ce9f0f01e3ab9742dfc23f37cb0825b30b5/details Eternalblue-2.2.0.exe N/A W32.85B936960F.5A5226262.auto.Talos
47b97de62ae8b2b927542aa5d7f3c858 https://www.virustotal.com/gui/file/3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3/details qmreportupload.exe qmreportupload Win.Trojan.Generic::in10.talos
e2ea315d9a83e7577053f52c974f6a5a https://www.virustotal.com/gui/file/c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f/details Tempmf582901854.exe N/A W32.AgentWDCR:Gen.21gn.1201
799b30f47060ca05d80ece53866e01cc https://www.virustotal.com/gui/file/15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b/details mf2016341595.exe N/A
0 Comments
Thursday, May 7, 2020 By john