TRENDS 

The top attacker country was China with 2339 unique attackers (31%). 

The top Exploit event was Miscellaneous with 66% of occurrences. 
The top Trojan C&C server detected was Formbook with 8551 instances detected. 


TOP ATTACKER COUNTRIES 


COUNTRY 

OCCURRENCES 

PERCENTAGE% 

China 

2339 

31% 

United States 

1350 

18% 

India 

458 

6% 

Brazil 

394 

5% 

Republic of Korea 

355 

5% 

Vietnam 

336 

5% 

Russian 

307 

4% 

France 

295 

4% 

United Kingdom 

269 

4% 

Taiwan 

217 

3% 

Canada 

157 

2% 

Italy 

152 

2% 

Germany 

152 

2% 

Indonesia 

147 

2% 

Mexico 

137 

2% 

Thailand 

99 

1% 

Turkey 

97 

1% 

Singapore 

91 

1% 

Hong Kong 

90 

1% 


 


 


TOP ATTACKER HOSTS 


HOST 

OCCURRENCES 

110.249.212.46 

15 

37.49.227.202 

14 

216.158.228.158 

13 

209.141.61.79 

13 

172.104.67.101 

13 

37.49.255.166 

13 

104.37.187.18 

13 

69.10.61.250 

13 

185.43.209.194 

12 


 


TOP NETWORK ATTACKERS 


ORIGIN AS                     

COUNTRY   

NAME: 

AS4837 

China 

China Unicom Hebei province network 

AS208666 

Netherlands 

XEMU 

AS237 

United States 

Merit Network Inc 

AS63949 

United States 

Linode 

AS19318 

United States 

Interserver, Inc 

AS199883 

United Kingdom 

ArubaCloud Limited 


TOP EVENTS NIDS AND EXPLOITS 


 

REMOTE ACCESS TROJAN C&C SERVERS FOUND 


 


MALWARE 

Last week 

This Week 

FORMBOOK 

8428 

8551 

EMOTET 

4621 

4658 

LOKIBOT 

2939 

2994 

AZORULT 

1504 

1519 

NANOCORE 

1415 

1435 

DANABOT 

1343 

1347 

URSNIF 

1078 

1102 

PONY 

969 

973 

NJRAT 

731 

743 

REMCOS 

584 

594 

AGENT TESLA 

553 

575 

ADWIND 

463 

465 

NETWIRE 

443 

443 

PREDATOR THE THIEF 

411 

416 

SMOKE LOADER 

407 

411 

TRICKBOT 

302 

304 

AVEMARIA 

276 

282 

GANDCRAB 

266 

266 

VIDAR 

226 

227 

HAWKEYE 

216 

217 

REVENGE 

190 

193 

QUASART RAT 

185 

185 

HANCITOR 

145 

145 

GLUPTEBA 

94 

99 


Comparing to last week: 

 
 


COMMON MALWARE 


MD5 

Typical Filename 

Claimed Product 

Detection Name 

 7c38a43d2ed9af80932749f6e80fea6f 

wup.exe 

N/A 

PUA.Win.File.Coinminer::1201 

 88cbadec77cf90357f46a3629b6737e6 

FlashHelperServices.exe 

Flash Helper Services 

PUA.Win.File.2144flashplayer::tpd 

8c80dd97c37525927c1e549cb59bcbf3 

 eternalblue-2.2.0.exe 

N/A 

W32.85B936960F.5A5226262.auto.Talos 

e2ea315d9a83e7577053f52c974f6a5a 

c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f.bin 

N/A 

W32.AgentWDCR:Gen.21gn.1201 

799b30f47060ca05d80ece53866e01cc 

mf2016341595.exe 

N/A 

W32.Generic:Gen.22fz.1201 


CVES FOR WHICH PUBLIC EXPLOITS HAVE BEEN DETECTED 

CVE 

Description 

CVSS  Score 

CVE-2020-2136 

Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability. 

V3.1: 5.4 MEDIUM 
    V2: 3.5 LOW 

Published: March 09, 2020; 12:15:12 PM -04:00 

CVE-2020-2148 

A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. 

V3.1: 7.4 HIGH 
V2: 5.8 MEDIUM 

Published: March 09, 2020; 12:15:13 PM -04:00 

CVE-2020-2147 

A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. 

V3.1: 4.3 MEDIUM 
 V2: 4.3 MEDIUM 

Published: March 09, 2020; 12:15:13 PM -04:00 

CVE-2020-2139 

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system. 

V3.1: 6.5 MEDIUM 
V2: 8.5 HIGH 

Published: March 09, 2020; 12:15:13 PM -04:00 

CVE-2020-9531 

An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetApps(com.xiaomi.mipicks), the parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming... read CVE-2020-9531 

V3.1: 7.3 HIGH 
 V2: 4.3 MEDIUM 

Published: March 06, 2020; 12:15:12 PM -05:00 



0 Comments
Tuesday, March 10, 2020 By john