Threat Intel Banner

   
   Trends

  • The top attacker country was United States with 85530 unique attackers (38.04%).
  • The top Trojan C&C server detected was Collector with 4 instances detected.
  • The top phishing campaign detected was against Facebook with 58 instances detected.


   Top Attackers By Country

Country Occurences Percentage
United States 85530 38.04%
China 53568 23.82%
India 24167 10.75%
United Kingdom 15955 7.10%
Russia 9365 4.16%
Vietnam 8541 3.80%
Indonesia 6893 3.07%
Lithuania 2931 1.30%
Egypt 2811 1.25%
Thailand 2602 1.16%
Bangladesh 2254 1.00%
Mauritius 2190 0.97%
France 2152 0.96%
Ghana 1958 0.87%
Saudi Arabia 1737 0.77%
Estonia 782 0.35%
Philippines 750 0.33%
Ethiopia 685 0.30%
Top Attackers by CountryUnited StatesChinaIndiaUnited KingdomRussiaVietnamIndonesiaOther38%9.3%7.1%10.7%23.8%
Country Percentage of Attacks
United States 85,530
China 53,568
India 24,167
United Kingdom 15,955
Russia 9,365
Vietnam 8,541
Indonesia 6,893
Lithuania 2,931
Egypt 2,811
Thailand 2,602
Bangladesh 2,254
Mauritius 2,190
France 2,152
Ghana 1,958
Saudi Arabia 1,737
Estonia 782
Philippines 750
Ethiopia 685

   
   Threat Geo-location

68585,530

   
   Top Attacking Hosts

Host Occurrences
61.177.173.16 20682
94.3.233.253 13412
183.195.209.45 7248
149.167.60.155 7128
103.145.13.25 6685
103.145.13.80 6636
69.162.124.234 5842
183.61.19.75 3812
58.96.16.44 3177
117.50.11.52 3134
61.177.173.17 3103
106.68.171.215 2913
223.223.191.13 2604
5.20.131.203 2349
154.180.208.66 2348
14.160.32.28 2346
183.83.52.240 2307
122.173.29.127 2302
216.245.221.84 2296
125.165.104.166 2042
202.5.46.241 2040


   Top Network Attackers

ASN Country Name
4134 China CHINANET-BACKBONE No.31,Jin-rong Street, CN
5607 United Kingdom BSKYB-BROADBAND-AS, GB
24400 China CMNET-V4SHANGHAI-AS-AP Shanghai Mobile Communications Co.,Ltd., CN
135887 Australia TELSTRA-BELONG-AP Belong Telstra Corporation, AU
213371 Netherlands SQUITTER-NETWORKS, NL
46475 United States LIMESTONENETWORKS, US
10143 Australia EXETEL-AS-AP Exetel Pty Ltd, AU
4808 23724 China CHINA169-BJ China Unicom Beijing Province Network, CN CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN
7545 Australia TPG-INTERNET-AP TPG Telecom Limited, AU
4847 China CNIX-AP China Networks Inter-Exchange, CN
21412 Lithuania CGATES-AS, LT
8452 Egypt TE-AS TE-AS, EG
45899 Vietnam VNPT-AS-VN VNPT Corp, VN
24309 India CABLELITE-AS-AP Atria Convergence Technologies Pvt. Ltd. Broadband Internet Service Provider INDIA, IN
24560 India AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services, IN
7713 Indonesia TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID
45326 Bangladesh BBTS-AS-AP Broad Band Telecom Services Ltd, BD


   Remote Access Trojan C&C Servers Found

Name Number Discovered Location
AgentTesla 1 185.239.243.112
BlackNet 1 31.31.198.61
Channel 1 186.2.171.3
Colibri 1 94.103.80.169
Collector 4 141.8.192.151 , 141.8.192.58 , 141.8.193.236 , 141.8.197.42
Cypress 2 23.235.221.165 , 54.36.13.47
Lokibot 3 104.21.62.89 , 104.21.92.233 , 192.185.115.217
Oski 2 142.4.7.91 , 92.249.45.116
Seth 1 79.124.59.22
StealthWorker 1 185.191.34.170
Trojan C&C Servers DetectedAgentTeslaBlackNetChannelColibriCollectorCypressLokibotOskiSethSeth5.9%5.9%5.9%5.9%23.5%5.9%5.9%11.8%17.6%11.8%
Name Number Discovered
AgentTesla 1
BlackNet 1
Channel 1
Colibri 1
Collector 4
Cypress 2
Lokibot 3
Oski 2
Seth 1
Seth 1

    
   Common Malware

MD5 VirusTotal FileName Claimed Product Detection Name
9a4b7b0849a274f6f7ac13c7577daad8 https://www.virustotal.com/gui/file/c1d5a585fce188423d31df3ea806272f3daa5eb989e18e9ecf3d94b97b965f8e/details ww31.exe N/A W32.GenericKD:Attribute.24ch.1201
6be10a13c17391218704dc24b34cf736 https://www.virustotal.com/gui/file/9a74640ca638b274bc8e81f4561b4c48b0c5fbcb78f6350801746003ded565eb/details smbscanlocal0906.exe N/A Win.Dropper.Ranumbot::in03.talos
84452e3633c40030e72c9375c8a3cacb https://www.virustotal.com/gui/file/f0a5b257f16c4ccff520365ebc143f09ccf233e642bf540b5b90a2bbdb43d5b4/details sqhost.exe N/A W32.Auto:f0a5b257f1.in03.Talos
34560233e751b7e95f155b6f61e7419a https://www.virustotal.com/gui/file/8b4216a7c50599b11241876ada8ae6f07b48f1abe6590c2440004ea4db5becc9/details SAntivirusService.exe A n t i v i r u s S e r v i c e PUA.Win.Dropper.Segurazo::tpd
39e14b83d48ab362c9a5e03f885f5669 https://www.virustotal.com/gui/file/302f58da597128551858e8d53229340941457cad6729af0d306ebfa18a683769/details SqlServerWorks.Runner.exe SqlServerWorks.Runner W32.302F58DA59-95.SBX.TG
8193b63313019b614d5be721c538486b https://www.virustotal.com/gui/file/e3eeaee0af4b549eae4447fa20cfe205e8d56beecf43cf14a11bf3e86ae6e8bd/details SAService.exe SAService PUA.Win.Dropper.Segurazo::95.sbx.tg
4891c7b054453b3e1b0950bb8e645b9c https://www.virustotal.com/gui/file/7820c5e3fbad356d9a8333ff731b04a4a3dd6e41cfc37be90b4e638fa1a6551e/details FlashHelperService.exe Flash Helper Service PUA:2144FlashPlayer-tpd


   Top Phishing Campaigns

Phishing Target Count
Other 1336
Amazon.com 11
Caixa 1
Facebook 58
Special 1
Allegro 6
Microsoft 2
Apple 5
Netflix 1
Google 1
Vodafone 4
Steam 39
Adobe 1
PayPal 4
WalMart 1
Hotmail 1
Hermes 3
Visa 2
Yahoo 1
Optus 1
Rakuten 1
Details
Date Published
August 18, 2021
Category
Threat Intelligence