Trends

  • The top attacker country was China with 217584 unique attackers (56.00%).
  • The top Trojan C&C server detected was Heodo with 14 instances detected.
  • The top phishing campaign detected was against Facebook accounts with 56 instances detected.


Top Attackers By Country

CountryOccurencesPercentage
China21758456.00%
United States5213913.00%
Australia273777.00%
United Kingdom109122.00%
Indonesia104312.00%
India79762.00%
Germany51431.00%
Russia49401.00%
France44851.00%
Canada39631.00%
Chile39411.00%
Brazil31650%
Vietnam23570%
Estonia21790%
Seychelles21050%
Hong Kong17080%
Poland10760%
Hungary7120%
Ghana5620%


Top Attackers by CountryChinaUnited StatesAustraliaUnited KingdomIndonesiaIndiaOther10%7.5%14.4%60%
CountryPercentage of Attacks
China217,584
United States52,139
Australia27,377
United Kingdom10,912
Indonesia10,431
India7,976
Germany5,143
Russia4,940
France4,485
Canada3,963
Chile3,941
Brazil3,165
Vietnam2,357
Estonia2,179
Seychelles2,105
Hong Kong1,708
Poland1,076
Hungary712
Ghana562


Threat Geo-location

562217,584


Top Attacking Hosts

HostOccurrences
218.92.0.21047670
112.85.42.18722754
112.85.42.8814160
218.92.0.19013724
43.252.145.427863
116.153.32.2113715
120.194.195.923218
49.232.170.1552488
37.49.225.1312179
222.186.169.1941800
222.186.180.1471753
154.220.96.1301729
120.240.95.1571702
222.186.175.1671696
Top Attackers218.9…112.8…112.8…218.9…43.25…116.1…120.1…49.23…37.49.…222.1…222.1…154.2…120.2…222.1…020,00040,00060,000
HostOccurences
218.92.0.21047,670
112.85.42.18722,754
112.85.42.8814,160
218.92.0.19013,724
43.252.145.427,863
116.153.32.2113,715
120.194.195.923,218
49.232.170.1552,488
37.49.225.1312,179
222.186.169.1941,800
222.186.180.1471,753
154.220.96.1301,729
120.240.95.1571,702
222.186.175.1671,696


Top Network Attackers

ASNCountryName
4134ChinaCHINANET-BACKBONE No.31,Jin-rong Street, CN
4837ChinaCHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN
56233IndonesiaATSINDO-AS-ID PT Asia Teknologi Solusi, ID
24445ChinaCMNET-V4HENAN-AS-AP Henan Mobile Communications Co.,Ltd, CN
45090ChinaCNNIC-TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN
213371NetherlandsSQUITTER-NETWORKS, NL
23650ChinaCHINANET-JIANGSU-PROVINCE-IDC AS Number for CHINANET jiangsu province backbone, CN
133201Hong Kong SAR ChinaCOMING-AS ABCDE GROUP COMPANY LIMITED, HK
56040ChinaCMNET-GUANGDONG-AP China Mobile communications corporation, CN


Remote Access Trojan C&C Servers Found

NameNumber DiscoveredLocation
AZORult2104.28.24.76 , 68.66.200.213
Heodo14101.50.232.218 , 149.202.5.139 , 153.92.4.96 , 175.139.144.229 , 179.191.239.255 , 190.225.150.234 , 222.159.240.58 , 223.17.215.76 , 50.121.220.50 , 51.75.163.68 , 51.75.33.122 , 54.37.42.48 , 68.69.155.181 , 73.84.105.76
TrickBot10185.234.72.114 , 194.5.249.214 , 194.5.249.215 , 194.5.249.225 , 194.87.94.14 , 195.123.240.93 , 195.123.242.119 , 5.182.211.138 , 51.89.215.186 , 91.200.100.71


Trojan C&C Servers DetectedAZORultHeodoTrickBot7.7%38.5%53.8%
NameNumber Discovered
AZORult2
Heodo14
TrickBot10


Common Malware

MD5VirusTotalFileNameClaimed ProductDetection Name
e2ea315d9a83e7577053f52c974f6a5ahttps://www.virustotal.com/gui/file/c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f/detailsTempmf582901854.exeN/AWin.Dropper.Agentwdcr::1201
8193b63313019b614d5be721c538486bhttps://www.virustotal.com/gui/file/e3eeaee0af4b549eae4447fa20cfe205e8d56beecf43cf14a11bf3e86ae6e8bd/detailsSAService.exeSAServicePUA.Win.Dropper.Segurazo::95.sbx.tg
799b30f47060ca05d80ece53866e01cchttps://www.virustotal.com/gui/file/15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b/detailsmf2016341595.exeN/AWin.Downloader.Generic::1201
adad179db8c67696ac24e9e11da2d075https://www.virustotal.com/gui/file/7f9446709fbd77a21a806d17cf163ba00ce1a70f8b6af197990aa9924356fd36/detailsFlashHelperServices.exeFlashHelperServiceW32.7F9446709F-100.SBX.VIOC
47b97de62ae8b2b927542aa5d7f3c858https://www.virustotal.com/gui/file/3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3/detailsqmreportupload.exeqmreportuploadWin.Trojan.Generic::in10.talos


Top Phishing Campaigns

Phishing TargetCount
Other1416
Facebook56
Amazon.com14
Microsoft7
Apple5
Yahoo3
EE3
Caixa3
Google2
Twitter2
RuneScape2
Vodafone2
Adobe1
Halifax1
DocuSign1
Virustotal1


CVEs with Recently Discovered Exploits

This is a list of recent vulnerabilities for which exploits are available.

CVE, Title, VendorDescriptionCVSS v3.1 Base ScoreDate CreatedDate Updated

CVE-2020-1147

Pulse Connect Secure Arbitrary Code Injection Vulnerability

Pulse Secure

A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.CVSSv3BaseScore:7.2(AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)07/14/202008/20/2020

CVE-2020-8913

Google Android Play Core Library Arbitrary Code Execution Vulnerability

Google

A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library. A malicious attacker could create an app which targets a specific application, and if a victim were to install this app, the attacker could perform a directory traversal, execute code as the targeted application and access the targeted application's data on the Android device.CVSSv3BaseScore:8.8(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)08/12/202008/31/2020

CVE-2020-2674

Oracle VM VirtualBox Arbitrary Code Execution Vulnerability

Oracle

Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.CVSSv3BaseScore:8.2(AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)01/15/202002/07/2020

CVE-2020-4589

IBM WebSphere Application Server Remote Code Execution Vulnerability

IBM

IBM WebSphere Application Server could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects from untrusted sources.CVSSv3BaseScore:9.8(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)08/13/202008/21/2020

CVE-2020-3398

Cisco NX-OS Software Border Gateway Protocol Multicast VPN Session Denial of Service Vulnerability

Cisco

A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service condition due to the BGP session being down. The vulnerability is due to incorrect parsing of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause the BGP peer connections to reset, which could lead to BGP route instability and impact traffic.CVSSv3BaseScore:8.6(AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)08/27/202009/03/2020
0 Comments
Monday, September 7, 2020 By john