Trends

  • The top attacker country was China with 250648 unique attackers (63%).
  • The top Trojan C&C server detected was Heodo with 13 instances detected.

Top Attackers By Country

Country Occurences Percentage
China 250648 63.00%
Australia 41030 10.00%
United States 20198 5.00%
United Kingdom 12892 3.00%
Russia 10373 2.00%
South Africa 7033 1.00%
France 6141 1.00%
Netherlands 5569 1.00%
Vietnam 5212 1.00%
India 4710 1.00%
Germany 3124 0%
Mexico 2518 0%
Italy 2238 0%
Chile 2190 0%
Colombia 1094 0%
Spain 1055 0%
Fiji 940 0%
Pakistan 473 0%
Malta 396 0%

 


Threat Geo-location


Top Attacking Hosts

Host Occurrences
222.186.15.33 54007
112.85.42.187 36839
202.161.116.141 16122
14.200.151.138 15993
49.88.112.116 13356
49.88.112.117 11250
86.161.125.172 10615
49.88.112.112 7072


Top Network Attackers

ASN Country Name
23650 China CHINANET-JS-AS-AP AS Number for CHINANET jiangsu province backbone, CN
4837 China CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN
7545 Australia TPG-INTERNET-AP TPG Telecom Limited, AU
4134 China CHINANET-BACKBONE No.31,Jin-rong Street, CN
2856 United Kingdom BT-UK-AS BTnet UK Regional network, GB


Remote Access Trojan C&C Servers Found

Name Number Discovered Location
Azorult 2 147.78.65.121 , 45.143.138.52
Heodo 13 105.209.235.113 , 110.170.65.146 , 110.2.118.164 , 112.186.195.176 , 114.179.127.48 , 144.139.91.187 , 160.119.153.20 , 181.53.29.136 , 182.187.137.199 , 190.219.149.236 , 200.45.187.90 , 62.15.36.103 , 79.7.158.208
Loader 1 147.78.65.121
PredatorTheThief 2 151.248.116.102 , 46.29.160.148
PsixBot 1 45.143.138.52
TrickBot 9 172.245.153.186 , 185.172.129.101 , 185.246.67.49 , 185.99.2.209 , 192.99.255.32 , 194.32.79.187 , 198.23.252.138 , 37.230.115.111 , 5.2.73.126


​​​​​​​


Common Malware

MD5 VirusTotal FileName Claimed Product Detection Name
47b97d
e62ae8
b2b927
542aa5
d7f3c8
58
https://www.virustotal.com/
gui/file/3f6e3d8741da950
451668c8333a4958330e
96245be1d592fcaa485f4
ee4eadb3/details
qmreportupload.exe qmreportupload Win.Trojan.Generic::in10.talos
c2406f
c0fce6
7ae79e
625013
325e2a
68
https://www.virustotal.com/
gui/file/1c3ed460a7f78a4
3bab0ae575056d00c62
9f35cf7e72443b4e874e
de0f305871/details
SegurazoIC.exe Digital
CommunicationsInc.
PUA.Win.Adware.Ursu::95.sbx.tg
e2ea31
5d9a83
e75770
53f52c
974f6a
5a
https://www.virustotal.com/
gui/file/c3e530cc005583
b47322b6649ddc0dab1b
64bcf22b124a49260676
3c52fb048f/details
c3e530cc005
583b47322b6
649ddc0dab1
b64bcf22b124
a492606763c
52fb048f.bin
N/A W32.AgentWDCR:Gen.21gn.1201
799b30
f47060
ca05d8
0ece53
866e01
cc
https://www.virustotal.com/
gui/file/15716598f456637
a3be3d6c5ac9126614226
6a9910f6f3f85cfd193ec1
d6ed8b/details
mf2016341595.exe N/A W32.Generic:Gen.22fz.1201
baadce7
c152b24
bd48cc1
f2f4a0b
088d
https://www.virustotal.com/
gui/file/b32093d726609c
88a06f71b8fe74e9e5a04
c2dfe81fc39743bdd970b
f4dea017/details
xme64-530.exe N/A W32.B32093D726-100.SBX.TG
0 Comments
Wednesday, January 8, 2020 By john