Trends
- The top attacker country was China with 250648 unique attackers (63%).
- The top Trojan C&C server detected was Heodo with 13 instances detected.
Top Attackers By Country
| Country | Occurences | Percentage |
|---|---|---|
| China | 250648 | 63.00% |
| Australia | 41030 | 10.00% |
| United States | 20198 | 5.00% |
| United Kingdom | 12892 | 3.00% |
| Russia | 10373 | 2.00% |
| South Africa | 7033 | 1.00% |
| France | 6141 | 1.00% |
| Netherlands | 5569 | 1.00% |
| Vietnam | 5212 | 1.00% |
| India | 4710 | 1.00% |
| Germany | 3124 | 0% |
| Mexico | 2518 | 0% |
| Italy | 2238 | 0% |
| Chile | 2190 | 0% |
| Colombia | 1094 | 0% |
| Spain | 1055 | 0% |
| Fiji | 940 | 0% |
| Pakistan | 473 | 0% |
| Malta | 396 | 0% |
Threat Geo-location
Top Attacking Hosts
| Host | Occurrences |
|---|---|
| 222.186.15.33 | 54007 |
| 112.85.42.187 | 36839 |
| 202.161.116.141 | 16122 |
| 14.200.151.138 | 15993 |
| 49.88.112.116 | 13356 |
| 49.88.112.117 | 11250 |
| 86.161.125.172 | 10615 |
| 49.88.112.112 | 7072 |
Top Network Attackers
| ASN | Country | Name |
|---|---|---|
| 23650 | China | CHINANET-JS-AS-AP AS Number for CHINANET jiangsu province backbone, CN |
| 4837 | China | CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN |
| 7545 | Australia | TPG-INTERNET-AP TPG Telecom Limited, AU |
| 4134 | China | CHINANET-BACKBONE No.31,Jin-rong Street, CN |
| 2856 | United Kingdom | BT-UK-AS BTnet UK Regional network, GB |
Remote Access Trojan C&C Servers Found
| Name | Number Discovered | Location |
|---|---|---|
| Azorult | 2 | 147.78.65.121 , 45.143.138.52 |
| Heodo | 13 | 105.209.235.113 , 110.170.65.146 , 110.2.118.164 , 112.186.195.176 , 114.179.127.48 , 144.139.91.187 , 160.119.153.20 , 181.53.29.136 , 182.187.137.199 , 190.219.149.236 , 200.45.187.90 , 62.15.36.103 , 79.7.158.208 |
| Loader | 1 | 147.78.65.121 |
| PredatorTheThief | 2 | 151.248.116.102 , 46.29.160.148 |
| PsixBot | 1 | 45.143.138.52 |
| TrickBot | 9 | 172.245.153.186 , 185.172.129.101 , 185.246.67.49 , 185.99.2.209 , 192.99.255.32 , 194.32.79.187 , 198.23.252.138 , 37.230.115.111 , 5.2.73.126 |
Common Malware
| MD5 | VirusTotal | FileName | Claimed Product | Detection Name |
|---|---|---|---|---|
| 47b97d e62ae8 b2b927 542aa5 d7f3c8 58 |
https://www.virustotal.com/ gui/file/3f6e3d8741da950 451668c8333a4958330e 96245be1d592fcaa485f4 ee4eadb3/details |
qmreportupload.exe | qmreportupload | Win.Trojan.Generic::in10.talos |
| c2406f c0fce6 7ae79e 625013 325e2a 68 |
https://www.virustotal.com/ gui/file/1c3ed460a7f78a4 3bab0ae575056d00c62 9f35cf7e72443b4e874e de0f305871/details |
SegurazoIC.exe | Digital CommunicationsInc. |
PUA.Win.Adware.Ursu::95.sbx.tg |
| e2ea31 5d9a83 e75770 53f52c 974f6a 5a |
https://www.virustotal.com/ gui/file/c3e530cc005583 b47322b6649ddc0dab1b 64bcf22b124a49260676 3c52fb048f/details |
c3e530cc005 583b47322b6 649ddc0dab1 b64bcf22b124 a492606763c 52fb048f.bin |
N/A | W32.AgentWDCR:Gen.21gn.1201 |
| 799b30 f47060 ca05d8 0ece53 866e01 cc |
https://www.virustotal.com/ gui/file/15716598f456637 a3be3d6c5ac9126614226 6a9910f6f3f85cfd193ec1 d6ed8b/details |
mf2016341595.exe | N/A | W32.Generic:Gen.22fz.1201 |
| baadce7 c152b24 bd48cc1 f2f4a0b 088d |
https://www.virustotal.com/ gui/file/b32093d726609c 88a06f71b8fe74e9e5a04 c2dfe81fc39743bdd970b f4dea017/details |
xme64-530.exe | N/A | W32.B32093D726-100.SBX.TG |
Details
Date Published
January 08, 2020
Category