Trends

  • The top attacker country was China with 437698 unique attackers (48.00%).
  • The top Trojan C&C server detected was Heodo with 6 instances detected.


Top Attackers By Country

CountryOccurencesPercentage
China43769848.00%
Canada12431013.00%
Australia885089.00%
United_States807128.00%
South_Africa240112.00%
France186452.00%
United_Kingdom178231.00%
Russia141411.00%
Chile137781.00%
India94181.00%
Vietnam82540%
South_Korea81970%
Brazil77680%
Singapore71780%
Netherlands71270%
Indonesia54890%
Argentina29470%
Poland14540%
Estonia14120%


Top Attackers by CountryChinaCanadaAustraliaUnited_StatesSouth_AfricaFranceUnited_KingdomOther49.8%9.9%9.2%10.1%14.1%
CountryPercentage of Attacks
China437,698
Canada124,310
Australia88,508
United_States80,712
South_Africa24,011
France18,645
United_Kingdom17,823
Russia14,141
Chile13,778
India9,418
Vietnam8,254
South_Korea8,197
Brazil7,768
Singapore7,178
Netherlands7,127
Indonesia5,489
Argentina2,947
Poland1,454
Estonia1,412


Threat Geo-location

1,412437,698


Top Attacking Hosts

HostOccurrences
49.88.112.11553174
112.85.42.18649845
112.85.42.18722622
112.85.42.8817632
112.85.42.18817597
137.74.114.14214878
Top Attackers49.88.112.115112.85.42.186112.85.42.187112.85.42.88112.85.42.188137.74.114.142020,00040,00060,000
HostOccurences
49.88.112.11553,174
112.85.42.18649,845
112.85.42.18722,622
112.85.42.8817,632
112.85.42.18817,597
137.74.114.14214,878


Top Network Attackers

ASNCountryName
4134ChinaCHINANET-BACKBONE No.31,Jin-rong Street, CN
4837ChinaCHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN
16276FranceOVH, FR


Remote Access Trojan C&C Servers Found

NameNumber DiscoveredLocation
Heodo6108.48.41.69 , 14.99.112.138 , 190.55.233.156 , 200.55.243.138 , 212.51.142.238 , 219.92.13.25
Oski1194.87.146.229
Trojan C&C Servers DetectedHeodoOski14.3%85.7%
NameNumber Discovered
Heodo6
Oski1


Common Malware

MD5VirusTotalFileNameClaimed ProductDetection Name
8c80dd97c37525927c1e549cb59bcbf3https://www.virustotal.com/gui/file/85b936960fbe5100c170b777e1647ce9f0f01e3ab9742dfc23f37cb0825b30b5/detailsFlashHelperServices.exeFlashHelperServicesWin.Exploit.Shadowbrokers::5A5226262.auto.talos
a10a6d9dfc0328a391a3fdb1a9fb18dbhttps://www.virustotal.com/gui/file/094d4da0ae3ded8b936428bb7393c77aaedd5efb5957116afd4263bd7edc2188/detailsFlashHelperServices.exeFlashHelperServicePUA.Win.Adware.Flashserv::100.sbx.vioc
e2ea315d9a83e7577053f52c974f6a5ahttps://www.virustotal.com/gui/file/c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f/detectionc3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f.binN/AWin.Dropper.Agentwdcr::1201
8193b63313019b614d5be721c538486bhttps://www.virustotal.com/gui/file/e3eeaee0af4b549eae4447fa20cfe205e8d56beecf43cf14a11bf3e86ae6e8bd/detailsSAntivirusService.exeSAServicePUA.Win.Dropper.Segurazo::95.sbx.tg
60ba2a4b8ea5982a3a671a9e84f9268chttps://www.virustotal.com/gui/file/8e03f05ecd08cb78f37ccd92c48cd9d357c438112b85bd154e8261c19e38a56e/detailsDiagnostics.txtN/AWin.Dropper.Shadowbrokers::222044.in02


Top Phishing Campaigns

Phishing TargetCount
Other1593
Facebook86
Google13
Amazon.com7
PayPal6
RuneScape6
Microsoft4
Three4
Visa3
Dropbox3
Adobe2
Virustotal2
LinkedIn2
Caixa2
Steam2
DHL2
Itau1
Yahoo1
WalMart1
Alibaba.com1


CVEs with Recently Discovered Exploits

This is a list of recent vulnerabilities for which exploits are available.

CVE, Title, VendorDescriptionCVSS v3.1 Base ScoreDate CreatedDate Updated

CVE-2020-0022

Google Android Bluetooth Remote Denial Of Service Vulnerability

Google

A remote denial of service vulnerability exists in Google Android. In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed.CVSSv3BaseScore:8.8(AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)02/13/202005/13/2020

CVE-2020-10189

WPA and WPA2 Disassociation Vulnerability ("Kr00k")

Multi-Vendor

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic.CVSSv3BaseScore:9.8(AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)03/06/202003/09/2020

CVE-2020-1170

Microsoft Windows Defender Elevation of Privilege Vulnerability

Microsoft

An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.CVSSv3BaseScore:7.8(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)06/09/202006/12/2020

CVE-2020-1181

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security context of the SharePoint application pool process. To exploit the vulnerability, an authenticated user must create and invoke a specially crafted page on an affected version of Microsoft SharePoint Server.CVSSv3BaseScore:8.8(AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)06/09/202006/12/2020

CVE-2020-12388

Firefox Default Content Process DACL Sandbox Escape Vulnerability

Mozilla

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Firefox ESR. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the logged-on user.CVSSv3BaseScore:10.0(AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)05/26/202005/28/2020

CVE-2020-3347

Cisco Webex Meetings Desktop App for Windows Shared Memory Information Disclosure Vulnerability

Cisco

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens that could aid the attacker in future attacks.CVSSv3BaseScore:5.5AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N06/17/202006/24/2020

CVE-2020-1054

Microsoft Win32k Elevation of Privilege Vulnerability

Microsoft

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.CVSSv3BaseScore:7.0(AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)05/21/202005/27/2020
0 Comments
Tuesday, July 7, 2020 By john