Trends

  • The top attacker country was China with 311117 unique attackers (52.00%).
  • The top Malware detected was W32.Auto.


Top Attackers By Country

CountryOccurencesPercentage
China31111752.00%
United States9962116.00%
Australia399816.00%
Chile210913.00%
Russia195913.00%
Netherlands178543.00%
France121822.00%
Canada116911.00%
Germany88041.00%
South Korea85691.00%
Hong Kong49980%
Indonesia32710%
Bulgaria31320%
India30030%
United Kingdom26740%
Singapore23740%
Vietnam22960%
Romania9550%
Thailand7230%
Saudi Arabia6790%


Top Attackers by CountryChinaUnited StatesAustraliaChileRussiaNetherlandsFranceCanadaOther7.2%7%17.3%54.1%
CountryPercentage of Attacks
China311,117
United States99,621
Australia39,981
Chile21,091
Russia19,591
Netherlands17,854
France12,182
Canada11,691
Germany8,804
South Korea8,569
Hong Kong4,998
Indonesia3,271
Bulgaria3,132
India3,003
United Kingdom2,674
Singapore2,374
Vietnam2,296
Romania955
Thailand723
Saudi Arabia679


Threat Geo-location

679311,117


Top Attacking Hosts

HostOccurrences
112.85.42.18737223
49.88.112.11530487
49.88.112.11029038
181.43.63.13817729
49.88.112.1188519
218.92.0.1908296
112.85.42.1896828
222.186.190.176623
112.85.42.1885343
222.186.31.1274982
Top Attackers112.85.42.18749.88.112.11549.88.112.110181.43.63.13849.88.112.118218.92.0.190112.85.42.189222.186.190.17112.85.42.188222.186.31.127020,00040,000
HostOccurences
112.85.42.18737,223
49.88.112.11530,487
49.88.112.11029,038
181.43.63.13817,729
49.88.112.1188,519
218.92.0.1908,296
112.85.42.1896,828
222.186.190.176,623
112.85.42.1885,343
222.186.31.1274,982


Top Network Attackers

ASNCountryName
4837ChinaCHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN
4134ChinaCHINANET-BACKBONE No.31,Jin-rong Street, CN
6471ChileENTEL CHILE S.A., CL
23650ChinaCHINANET-JIANGSU-PROVINCE-IDC AS Number for CHINANET jiangsu province backbone, CN


Common Malware

MD5VirusTotalFileNameClaimed ProductDetection Name
f0fdc17674950a4eaa4bbaafce5007f6https://www.virustotal.com/gui/file/e66d6d13096ec9a62f5c5489d73c0d1dd113ea4668502021075303495fd9ff82/detailsFlashHelperServices.exeFlashHelperServiceW32.Auto:e66d6d1309.in03.Talos
34560233e751b7e95f155b6f61e7419ahttps://www.virustotal.com/gui/file/8b4216a7c50599b11241876ada8ae6f07b48f1abe6590c2440004ea4db5becc9/detailsSAService.exeSAServicePUA.Win.Dropper.Segurazo::tpd
8193b63313019b614d5be721c538486bhttps://www.virustotal.com/gui/file/e3eeaee0af4b549eae4447fa20cfe205e8d56beecf43cf14a11bf3e86ae6e8bd/detailsSAntivirusService.exeSAServicePUA.Win.Dropper.Segurazo::95.sbx.tg
47b97de62ae8b2b927542aa5d7f3c858https://www.virustotal.com/gui/file/3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3/detailsqmreportupload.exeqmreportuploadWin.Trojan.Generic::in10.talos
e2ea315d9a83e7577053f52c974f6a5ahttps://www.virustotal.com/gui/file/c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f/detailsc3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f.binN/AWin.Dropper.Agentwdcr::1201


Top Phishing Campaigns

Phishing TargetCount


CVEs with Recently Discovered Exploits

This is a list of recent vulnerabilities for which exploits are available.

CVE, Title, VendorDescriptionCVSS v3.1 Base ScoreDate CreatedDate Updated

CVE-2020-3187

Cisco ASA Software and FTD Software Web Services Path Traversal Vulnerability

Cisco

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences.CVSSv3BaseScore:9.1(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)05/06/202007/29/2020

CVE-2020-3452

Cisco ASA Software and FTD Software Web Services Read-Only Path Traversal Vulnerability

Cisco

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device.CVSSv3BaseScore:7.5(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)07/22/202007/29/2020

CVE-2020-8163

Ruby On Rails Remote Code Execution Vulnerability

Ruby On Rails

The is a code injection vulnerability that would allow an attacker who controlled the "locals" argument of a "render" call to perform a remote code execution vulnerability.CVSSv3BaseScore:8.8(AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)07/02/202007/27/2020

CVE-2020-5902

F5 BIG-IP Remote Code Execution Vulnerability

F5

F5 BIG-IP is exposed to remote code execution vulnerability. The vulnerability that has been actively exploited in the wild allows attackers to read files, execute code or take complete control over vulnerable systems having network access.CVSSv3BaseScore:9.8(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)07/01/202007/27/2020

CVE-2020-1350

Microsoft Windows DNS Server Remote Code Execution Vulnerability

Microsoft

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.CVSSv3BaseScore:10.0(AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)07/14/202007/23/2020

CVE-2020-3140

Cisco Prime License Manager Privilege Escalation Vulnerability

Cisco

A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of user input on the web management interface. An attacker could exploit this vulnerability by submitting a malicious request to an affected system. An exploit could allow the attacker to gain administrative-level privileges on the system.CVSSv3BaseScore:9.8(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)07/16/202007/23/2020

CVE-2020-2021

Palo Alto Networks PAN-OS Authentication Bypass in SAML Authentication Vulnerability

Palo Alto Networks

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability.CVSSv3BaseScore:10.0(AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)06/29/202007/06/2020
0 Comments
Thursday, August 6, 2020 By john