Threat Intelligence Report - 9th August to 15th August 2021
Trends
- The top attacker country was United States with 85530 unique attackers (38.04%).
- The top Trojan C&C server detected was Collector with 4 instances detected.
- The top phishing campaign detected was against Facebook with 58 instances detected.
|
Top Attackers By Country
| United States |
85530 |
38.04% |
| China |
53568 |
23.82% |
| India |
24167 |
10.75% |
| United Kingdom |
15955 |
7.10% |
| Russia |
9365 |
4.16% |
| Vietnam |
8541 |
3.80% |
| Indonesia |
6893 |
3.07% |
| Lithuania |
2931 |
1.30% |
| Egypt |
2811 |
1.25% |
| Thailand |
2602 |
1.16% |
| Bangladesh |
2254 |
1.00% |
| Mauritius |
2190 |
0.97% |
| France |
2152 |
0.96% |
| Ghana |
1958 |
0.87% |
| Saudi Arabia |
1737 |
0.77% |
| Estonia |
782 |
0.35% |
| Philippines |
750 |
0.33% |
| Ethiopia |
685 |
0.30% |
| Country |
Percentage of Attacks |
| United States |
85,530 |
| China |
53,568 |
| India |
24,167 |
| United Kingdom |
15,955 |
| Russia |
9,365 |
| Vietnam |
8,541 |
| Indonesia |
6,893 |
| Lithuania |
2,931 |
| Egypt |
2,811 |
| Thailand |
2,602 |
| Bangladesh |
2,254 |
| Mauritius |
2,190 |
| France |
2,152 |
| Ghana |
1,958 |
| Saudi Arabia |
1,737 |
| Estonia |
782 |
| Philippines |
750 |
| Ethiopia |
685 |
Other
|
Top Attacking Hosts
| 61.177.173.16 |
20682 |
| 94.3.233.253 |
13412 |
| 183.195.209.45 |
7248 |
| 149.167.60.155 |
7128 |
| 103.145.13.25 |
6685 |
| 103.145.13.80 |
6636 |
| 69.162.124.234 |
5842 |
| 183.61.19.75 |
3812 |
| 58.96.16.44 |
3177 |
| 117.50.11.52 |
3134 |
| 61.177.173.17 |
3103 |
| 106.68.171.215 |
2913 |
| 223.223.191.13 |
2604 |
| 5.20.131.203 |
2349 |
| 154.180.208.66 |
2348 |
| 14.160.32.28 |
2346 |
| 183.83.52.240 |
2307 |
| 122.173.29.127 |
2302 |
| 216.245.221.84 |
2296 |
| 125.165.104.166 |
2042 |
| 202.5.46.241 |
2040 |
|
Top Network Attackers
| 4134 |
China |
CHINANET-BACKBONE No.31,Jin-rong Street, CN |
| 5607 |
United Kingdom |
BSKYB-BROADBAND-AS, GB |
| 24400 |
China |
CMNET-V4SHANGHAI-AS-AP Shanghai Mobile Communications Co.,Ltd., CN |
| 135887 |
Australia |
TELSTRA-BELONG-AP Belong Telstra Corporation, AU |
| 213371 |
Netherlands |
SQUITTER-NETWORKS, NL |
| 46475 |
United States |
LIMESTONENETWORKS, US |
| 10143 |
Australia |
EXETEL-AS-AP Exetel Pty Ltd, AU |
| 4808 23724 |
China |
CHINA169-BJ China Unicom Beijing Province Network, CN CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN |
| 7545 |
Australia |
TPG-INTERNET-AP TPG Telecom Limited, AU |
| 4847 |
China |
CNIX-AP China Networks Inter-Exchange, CN |
| 21412 |
Lithuania |
CGATES-AS, LT |
| 8452 |
Egypt |
TE-AS TE-AS, EG |
| 45899 |
Vietnam |
VNPT-AS-VN VNPT Corp, VN |
| 24309 |
India |
CABLELITE-AS-AP Atria Convergence Technologies Pvt. Ltd. Broadband Internet Service Provider INDIA, IN |
| 24560 |
India |
AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services, IN |
| 7713 |
Indonesia |
TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID |
| 45326 |
Bangladesh |
BBTS-AS-AP Broad Band Telecom Services Ltd, BD |
|
Remote Access Trojan C&C Servers Found
| AgentTesla |
1 |
185.239.243.112 |
| BlackNet |
1 |
31.31.198.61 |
| Channel |
1 |
186.2.171.3 |
| Colibri |
1 |
94.103.80.169 |
| Collector |
4 |
141.8.192.151 , 141.8.192.58 , 141.8.193.236 , 141.8.197.42 |
| Cypress |
2 |
23.235.221.165 , 54.36.13.47 |
| Lokibot |
3 |
104.21.62.89 , 104.21.92.233 , 192.185.115.217 |
| Oski |
2 |
142.4.7.91 , 92.249.45.116 |
| Seth |
1 |
79.124.59.22 |
| StealthWorker |
1 |
185.191.34.170 |
| Name |
Number Discovered |
| AgentTesla |
1 |
| BlackNet |
1 |
| Channel |
1 |
| Colibri |
1 |
| Collector |
4 |
| Cypress |
2 |
| Lokibot |
3 |
| Oski |
2 |
| Seth |
1 |
| Seth |
1 |
Seth
Common Malware
| 9a4b7b0849a274f6f7ac13c7577daad8 |
https://www.virustotal.com/gui/file/c1d5a585fce188423d31df3ea806272f3daa5eb989e18e9ecf3d94b97b965f8e/details |
ww31.exe |
N/A |
W32.GenericKD:Attribute.24ch.1201 |
| 6be10a13c17391218704dc24b34cf736 |
https://www.virustotal.com/gui/file/9a74640ca638b274bc8e81f4561b4c48b0c5fbcb78f6350801746003ded565eb/details |
smbscanlocal0906.exe |
N/A |
Win.Dropper.Ranumbot::in03.talos |
| 84452e3633c40030e72c9375c8a3cacb |
https://www.virustotal.com/gui/file/f0a5b257f16c4ccff520365ebc143f09ccf233e642bf540b5b90a2bbdb43d5b4/details |
sqhost.exe |
N/A |
W32.Auto:f0a5b257f1.in03.Talos |
| 34560233e751b7e95f155b6f61e7419a |
https://www.virustotal.com/gui/file/8b4216a7c50599b11241876ada8ae6f07b48f1abe6590c2440004ea4db5becc9/details |
SAntivirusService.exe |
A n t i v i r u s S e r v i c e |
PUA.Win.Dropper.Segurazo::tpd |
| 39e14b83d48ab362c9a5e03f885f5669 |
https://www.virustotal.com/gui/file/302f58da597128551858e8d53229340941457cad6729af0d306ebfa18a683769/details |
SqlServerWorks.Runner.exe |
SqlServerWorks.Runner |
W32.302F58DA59-95.SBX.TG |
| 8193b63313019b614d5be721c538486b |
https://www.virustotal.com/gui/file/e3eeaee0af4b549eae4447fa20cfe205e8d56beecf43cf14a11bf3e86ae6e8bd/details |
SAService.exe |
SAService |
PUA.Win.Dropper.Segurazo::95.sbx.tg |
| 4891c7b054453b3e1b0950bb8e645b9c |
https://www.virustotal.com/gui/file/7820c5e3fbad356d9a8333ff731b04a4a3dd6e41cfc37be90b4e638fa1a6551e/details |
FlashHelperService.exe |
Flash Helper Service |
PUA:2144FlashPlayer-tpd |
Top Phishing Campaigns
| Other |
1336 |
| Amazon.com |
11 |
| Caixa |
1 |
| Facebook |
58 |
| Special |
1 |
| Allegro |
6 |
| Microsoft |
2 |
| Apple |
5 |
| Netflix |
1 |
| Google |
1 |
| Vodafone |
4 |
| Steam |
39 |
| Adobe |
1 |
| PayPal |
4 |
| WalMart |
1 |
| Hotmail |
1 |
| Hermes |
3 |
| Visa |
2 |
| Yahoo |
1 |
| Optus |
1 |
| Rakuten |
1 |
|
|
|
