Threat Intel Banner

   
   Trends

  • The top attacker country was Russia with 767593 unique attackers (77.30%).
  • The top Phishing Campaign was against Facebook users with 64 instances detected.


   Top Attackers By Country

CountryOccurencesPercentage
Russia76759377.30%
China11548211.60%
India457714.60%
Canada168941.00%
Indonesia84850%
Brazil64360%
South Korea57910%
Thailand56930%
Germany51710%
Isle of Man28860%
Czech Republic24730%
Philippines23360%
Saudi Arabia20500%
Cambodia20380%
South Africa18360%
Kazakhstan15140%

Top Attackers by CountryRussiaChinaIndiaOther6.4%11.6%77.3%
CountryPercentage of Attacks
Russia767,593
China115,482
India45,771
Canada16,894
Indonesia8,485
Brazil6,436
South Korea5,791
Thailand5,693
Germany5,171
Isle of Man2,886
Czech Republic2,473
Philippines2,336
Saudi Arabia2,050
Cambodia2,038
South Africa1,836
Kazakhstan1,514

   
   Threat Geo-location

1,514767,593

   
   Top Attacking Hosts

HostOccurrences
185.156.73.17640163
185.156.73.1533544
185.156.73.6020645
218.92.0.19120162
61.177.173.1619527
176.111.174.5612935
120.220.14.24912739
5.178.86.7711834
92.63.196.2497847
45.155.205.935932
185.156.73.1165453
45.141.84.104790
103.145.13.1204687
88.214.24.1243940
185.153.196.2303770


   Top Network Attackers

ASNCountryName
44446NetherlandsSIBIRINVEST, NL
4134ChinaCHINANET-BACKBONE No.31,Jin-rong Street, CN
49671RussiaSAYDA-AS, RU
24444ChinaCMNET-V4SHANDONG-AS-AP Shandong Mobile Communication Company Limited, CN
49505RussiaSELECTEL, RU
61432NetherlandsVAIZ-AS ITBks892, RU
206728RussiaMEDIALAND-AS, RU
213371NetherlandsSQUITTER-NETWORKS, NL
43350NetherlandsNFORCE, NL
49877MoldovaRMINJINERING, RU

    
   Common Malware

MD5VirusTotalFileNameClaimed ProductDetection Name
9a4b7b0849a274f6f7ac13c7577daad8virustotal.com/gui/file/c1d5a585fce188423d31df3ea806272f3daa5eb989e18e9ecf3d94b97b965f8e/detailsww31.exeN/AW32.GenericKD:Attribute.24ch.1201
6be10a13c17391218704dc24b34cf736virustotal.com/gui/file/9a74640ca638b274bc8e81f4561b4c48b0c5fbcb78f6350801746003ded565eb/detailssmbscanlocal0906.exeN/AWin.Dropper.Ranumbot::in03.talos
8193b63313019b614d5be721c538486bvirustotal.com/gui/file/e3eeaee0af4b549eae4447fa20cfe205e8d56beecf43cf14a11bf3e86ae6e8bd/detailsSAService.exeSAServicePUA.Win.Dropper.Segurazo::95.sbx.tg
34560233e751b7e95f155b6f61e7419avirustotal.com/gui/file/8b4216a7c50599b11241876ada8ae6f07b48f1abe6590c2440004ea4db5becc9/detailsSAntivirusService.exeA n t i v i r u s S e r v i c ePUA.Win.Dropper.Segurazo::tpd
1c573e6d61b111dedd8ad2e936710cefvirustotal.com/gui/file/5807b6aed9040d1a605be638604177226d9eaed0cb260c45cef23abe6ed03fdf/detailsflashhelperservice.exeFlash Helper ServiceW32.Auto:5807b6aed9.in03.Talos


   Top Phishing Campaigns

Phishing TargetCount
Other1497
Amazon.com11
Facebook64
Special3
Orange1
Instagram1
Visa7
AOL2
PayPal4
Microsoft3
Vodafone2
Rakuten6
Steam10
Caixa1


    CVEs with Recently Discovered Exploits

        This is a list of recent vulnerabilities for which exploits are available.

CVE, Title, VendorDescriptionCVSS v3.1 Base Score
CVE-2021-34527
Windows Print Spooler Remote Code Execution Vulnerability
Microsoft Windows		The vulnerability allows remote code execution by a standard Microsoft Active Domain user by exploiting vulnerabilities in the print spooler process used by all Microsoft operating systems. Several public exploits have been detected which have been shown to allow an attacker to utilise hashed credentials to gain directory transversal and file overwrite and execution as NT_SYSTEM allowing for complete comrpomise of a system.8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVE-2021-26078
XSS Vulnerability in Jira
Atlassian		The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVE-2020-3580
XSS Vulnerability in Cisco Adaptive Security Appliance Software
Cisco		Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVE-2009-2265
Unauthorized Directory Traversal Vulnerability in FCKeditor
FCKEditor		Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.N/A NVD score not yet provided
Details
Date Published
July 13, 2021
Category
Threat Intelligence