Trends
- The top attacker country was China with 127189 unique attackers (57.00%).
- The top Trojan C&C server detected was Heodo with 44 instances detected.
Top Attackers By Country
Country | Occurences | Percentage |
---|---|---|
China | 127189 | 57.00% |
Australia | 52974 | 23.00% |
South Africa | 17686 | 7.00% |
India | 4671 | 2.00% |
Hong Kong | 3561 | 1.00% |
Russia | 2248 | 1.00% |
Brazil | 1578 | 0% |
Vietnam | 1547 | 0% |
France | 1255 | 0% |
South Korea | 950 | 0% |
Chile | 800 | 0% |
Bulgaria | 520 | 0% |
Hungary | 504 | 0% |
Indonesia | 486 | 0% |
Italy | 481 | 0% |
Mexico | 395 | 0% |
Canada | 367 | 0% |
Armenia | 298 | 0% |
Pakistan | 224 | 0% |
Threat Geo-location
Top Attacking Hosts
Host | Occurrences |
---|---|
112.85.42.187 | 22477 |
49.88.112.116 | 10676 |
218.92.0.190 | 8617 |
27.115.13.245 | 8075 |
49.88.112.76 | 7517 |
112.85.42.229 | 6297 |
112.85.42.189 | 6273 |
Top Network Attackers
ASN | Country | Name |
---|---|---|
4837 | China | CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN |
4134 | China | CHINANET-BACKBONE No.31,Jin-rong Street, CN |
17621 | China | CNCGROUP-SH China Unicom Shanghai network, CN |
Remote Access Trojan C&C Servers Found
Name | Number Discovered | Location |
---|---|---|
AgentTesla | 1 | 95.163.212.79 |
Azorult | 3 | 176.32.33.157 , 209.127.19.34 , 45.143.138.14 |
CryptBot | 2 | 176.32.33.157 , 45.143.138.14 |
Heodo | 44 | 101.100.137.135 , 104.131.41.185 , 104.236.161.64 , 104.236.28.47 , 105.27.155.182 , 108.190.109.107 , 110.44.113.2 , 113.52.123.226 , 125.207.127.86 , 136.243.205.112 , 146.255.96.214 , 154.70.158.97 , 162.154.175.215 , 174.83.116.77 , 175.139.209.3 , 177.188.121.26 , 178.62.75.204 , 181.60.244.48 , 184.162.115.11 , 184.172.27.82 , 186.10.92.114 , 186.6.245.26 , 190.70.1.69 , 198.211.121.27 , 200.69.224.73 , 207.177.72.129 , 210.213.85.43 , 218.255.173.106 , 23.243.215.4 , 31.16.195.72 , 45.55.179.121 , 5.34.158.102 , 60.151.66.216 , 65.184.222.119 , 68.183.18.169 , 70.127.155.33 , 70.60.238.62 , 74.208.45.104 , 74.50.51.115 , 85.96.49.152 , 89.19.20.202 , 91.72.179.214 , 94.76.247.61 , 95.66.182.136 |
Legion | 2 | 35.228.215.155 , 47.241.1.210 |
LokiBot | 5 | 103.116.16.173 , 103.74.123.3 , 108.163.221.2 , 209.127.19.34 , 78.128.76.165 |
TrickBot | 15 | 104.193.252.168 , 185.66.12.59 , 194.99.21.137 , 195.123.240.197 , 198.8.91.25 , 212.109.195.100 , 212.109.195.175 , 212.109.220.222 , 212.80.217.162 , 83.220.168.254 , 85.143.220.73 , 85.217.170.137 , 92.38.171.11 , 93.189.41.185 , 95.181.198.236 |
Unknown | 4 | 163.172.20.152 , 5.188.60.21 , 5.188.60.58 , 5.188.60.59 |
Common Malware
MD5 | VirusTotal | FileName | Claimed Product | Detection Name |
---|---|---|---|---|
8c80dd97c37525927c1e549cb59bcbf3 | https://www.virustotal.com/gui/file/85b936960fbe5100c170b777e1647ce9f0f01e3ab9742dfc23f37cb0825b30b5/details | eternalblue-2.2.0.exe | N/A | W32.85B936960F.5A5226262.auto.Talos |
47b97de62ae8b2b927542aa5d7f3c858 | https://www.virustotal.com/gui/file/3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3/details | qmreportupload.exe | qmreportupload | Win.Trojan.Generic::in10.talos |
7c38a43d2ed9af80932749f6e80fea6f | https://www.virustotal.com/gui/file/c0cdd2a671195915d9ffb5c9533337db935e0cc2f4d7563864ea75c21ead3f94/details | xme64-520.exe | N/A | PUA.Win.File.Coinminer::1201 |
e2ea315d9a83e7577053f52c974f6a5a | https://www.virustotal.com/gui/file/c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f/details | c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f | N/A | |
a917d39a8ef125300f2f38ff1d1ab0db | https://www.virustotal.com/gui/file/d91abcd024d4172fadc5aa82750a18796a549207b76f624b8a9d165459379258/details | FFChromeSetters | N/A | PUA.Osx.Adware.Macsearch::agent.tht.talos |
Details
Date Published
February 06, 2020
Category