threat-intelligence-report

Trends

The top attacker country was China with 127189 unique attackers (57.00%).
The top Trojan C&C server detected was Heodo with 44 instances detected.

Top Attackers By Country

Country	Occurences	Percentage
China	127189	57.00%
Australia	52974	23.00%
South Africa	17686	7.00%
India	4671	2.00%
Hong Kong	3561	1.00%
Russia	2248	1.00%
Brazil	1578	0%
Vietnam	1547	0%
France	1255	0%
South Korea	950	0%
Chile	800	0%
Bulgaria	520	0%
Hungary	504	0%
Indonesia	486	0%
Italy	481	0%
Mexico	395	0%
Canada	367	0%
Armenia	298	0%
Pakistan	224	0%

Threat Geo-location

Top Attacking Hosts

Host	Occurrences
112.85.42.187	22477
49.88.112.116	10676
218.92.0.190	8617
27.115.13.245	8075
49.88.112.76	7517
112.85.42.229	6297
112.85.42.189	6273

Top Network Attackers

ASN	Country	Name
4837	China	CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN
4134	China	CHINANET-BACKBONE No.31,Jin-rong Street, CN
17621	China	CNCGROUP-SH China Unicom Shanghai network, CN

Remote Access Trojan C&C Servers Found

Name	Number Discovered	Location
AgentTesla	1	95.163.212.79
Azorult	3	176.32.33.157 , 209.127.19.34 , 45.143.138.14
CryptBot	2	176.32.33.157 , 45.143.138.14
Heodo	44	101.100.137.135 , 104.131.41.185 , 104.236.161.64 , 104.236.28.47 , 105.27.155.182 , 108.190.109.107 , 110.44.113.2 , 113.52.123.226 , 125.207.127.86 , 136.243.205.112 , 146.255.96.214 , 154.70.158.97 , 162.154.175.215 , 174.83.116.77 , 175.139.209.3 , 177.188.121.26 , 178.62.75.204 , 181.60.244.48 , 184.162.115.11 , 184.172.27.82 , 186.10.92.114 , 186.6.245.26 , 190.70.1.69 , 198.211.121.27 , 200.69.224.73 , 207.177.72.129 , 210.213.85.43 , 218.255.173.106 , 23.243.215.4 , 31.16.195.72 , 45.55.179.121 , 5.34.158.102 , 60.151.66.216 , 65.184.222.119 , 68.183.18.169 , 70.127.155.33 , 70.60.238.62 , 74.208.45.104 , 74.50.51.115 , 85.96.49.152 , 89.19.20.202 , 91.72.179.214 , 94.76.247.61 , 95.66.182.136
Legion	2	35.228.215.155 , 47.241.1.210
LokiBot	5	103.116.16.173 , 103.74.123.3 , 108.163.221.2 , 209.127.19.34 , 78.128.76.165
TrickBot	15	104.193.252.168 , 185.66.12.59 , 194.99.21.137 , 195.123.240.197 , 198.8.91.25 , 212.109.195.100 , 212.109.195.175 , 212.109.220.222 , 212.80.217.162 , 83.220.168.254 , 85.143.220.73 , 85.217.170.137 , 92.38.171.11 , 93.189.41.185 , 95.181.198.236
Unknown	4	163.172.20.152 , 5.188.60.21 , 5.188.60.58 , 5.188.60.59

Common Malware

MD5	VirusTotal	FileName	Claimed Product	Detection Name
8c80dd97c37525927c1e549cb59bcbf3	https://www.virustotal.com/gui/file/85b936960fbe5100c170b777e1647ce9f0f01e3ab9742dfc23f37cb0825b30b5/details	eternalblue-2.2.0.exe	N/A	W32.85B936960F.5A5226262.auto.Talos
47b97de62ae8b2b927542aa5d7f3c858	https://www.virustotal.com/gui/file/3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3/details	qmreportupload.exe	qmreportupload	Win.Trojan.Generic::in10.talos
7c38a43d2ed9af80932749f6e80fea6f	https://www.virustotal.com/gui/file/c0cdd2a671195915d9ffb5c9533337db935e0cc2f4d7563864ea75c21ead3f94/details	xme64-520.exe	N/A	PUA.Win.File.Coinminer::1201
e2ea315d9a83e7577053f52c974f6a5a	https://www.virustotal.com/gui/file/c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f/details	c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f		N/A
a917d39a8ef125300f2f38ff1d1ab0db	https://www.virustotal.com/gui/file/d91abcd024d4172fadc5aa82750a18796a549207b76f624b8a9d165459379258/details	FFChromeSetters	N/A	PUA.Osx.Adware.Macsearch::agent.tht.talos

Details

Date Published

February 06, 2020

Category

Threat Intelligence