Trends
- The top attacker country was China with 2337 unique attackers (29.82%)
- The top Exploit event was Shellcode with 50% of occurrences
Top Attacker by Country
| Country | Occurrences | Percentage |
|---|---|---|
| China | 1721 | 29.21% |
| United States | 1252 | 21.25% |
| France | 409 | 6.94% |
| Brazil | 308 | 5.23% |
| Russian Federation | 240 | 4.07% |
| India | 233 | 3.95% |
| United Kingdom | 218 | 3.70% |
| Canada | 217 | 3.68% |
| Republic of Korea | 212 | 3.60% |
| Germany | 159 | 2.70% |
| Vietnam | 135 | 2.29% |
| Netherlands | 123 | 2.09% |
| Singapore | 121 | 2.05% |
| Indonesia | 112 | 1.90% |
| Taiwan | 103 | 1.75% |
| Italy | 94 | 1.60% |
| Greece | 91 | 1.54% |
| Australia | 79 | 1.34% |
| Mexico | 65 | 1.10% |
Threat Geo-location
Top Attacking Hosts
| Host | Occurrences |
|---|---|
| 193.36.117.238 | 56 |
| 71.6.146.185 | 21 |
| 74.82.47.5 | 12 |
| 95.58.194.148 | 8 |
| 58.242.83.39 | 7 |
Top Network Attackers
| Country | Origin AS | Announcement | Description |
|---|---|---|---|
 |
AS206804 | 193.36.117.0/24 | ESTNOC-GLOBAL |
 |
AS10439 | 71.6.128.0/17 | CariNet, INC |
|
AS6939 | 74.82.0.0/18 | Hurricane Electric LLC |
 |
AS9198 | 95.56.0.0/14 | JSC Kazakhtelecom |
 |
AS4837 | 58.242.0.0/15 | China Unicom AnHui province network |
Top Event NIDS and Exploits
Top Alarms
| Type of Alarm | Occurrences |
|---|---|
| OTX Indicators of Compromise - PULSE | 210 |
| Attack Tool Detected - Attack | 44 |
| Bruteforce Authentication - SSH | 35 |
| WebServer Attack - Attack | 34 |
| Trojan Infection - IDS Event | 21 |
| Database Attack - Stored Procedure Access - Attack | 9 |
| Network Discovery - IDS Event | 7 |
Comparison from last week
| Type of Alarm | Occurrences |
|---|---|
| OTX Indicators of Compromise - PULSE | 183 |
| Attack Tool Detected - Attack | 40 |
| Database Attack - Stored Procedure Access - Attack | 28 |
| Network Discovery - Scan SSH | 27 |
| Trojan Infection - IDS Event | 21 |
| WebServer Attack - Attack | 8 |
| Bruteforce Authentication - SSH | 7 |
CVE
This is a list of recent vulnerabilities for which exploits are available.
ID: CVE-2019-3799
Title: Spring Cloud Config Directory Traversal Vulnerability
Vendor: Spring
ID: CVE-2019-11387
Title: OWASP ModSecurity Core Rule Set (CRS) Remote Denial of Service Vulnerability
Vendor: OWASP
ID: CVE-2019-1777
Title: Cisco Registered Envelope Service HTML Injection Vulnerability
Vendor: Cisco
ID: CVE-2019-1792
Title: Cisco Umbrella Cross Site Scripting Vulnerability
Vendor: Cisco
ID: CVE-2019-4012
Title: Multiple IBM Products SQL Injection Vulnerability
Vendor: IBM
ID: CVE-2019-10691
Title: Dovecot Denial of Service Vulnerability
Vendor: Dovecot
ID: CVE-2019-10893
Title: CentOS Web Panel HTML Injection Vulnerability
Vendor: CentOS
ID: CVE-2019-0859
Title: Microsoft Windows Win32k Local Privilege Escalation Vulnerability
Vendor: Microsoft
ID: CVE-2019-9208, CVE-2019-9209, CVE-2019-9214
Title: Wireshark Multiple Denial of Service Vulnerabilities
Vendor: Wireshark
ID: CVE-2019-11035, CVE-2019-11034
Title: PHP Multiple Heap Buffer Overflow Vulnerabilities
Vendor: PHP
Vulnerabilities
Ghostscript 'shading_param' Remote Code Execution Vulnerability
2019-04-26
Atlassian Confluence Server and Confluence Data Center Directory Traversal Vulnerability
2019-04-26
Linux Kernel CVE-2019-3900 Denial of Service Vulnerability
2019-04-25
Oracle WebLogic Server Deserialization Remote Command Execution Vulnerability
2019-04-25
Linux Kernel 'perf_event_open()' Function Local Information Disclosure Vulnerability
2019-04-24
ISC BIND CVE-2018-5743 Remote Denial of Service Vulnerability
2019-04-24
Pulse Connect Secure and Pulse Policy Secure Multiple Security Vulnerabilities
2019-04-24
ISC BIND CVE-2019-6467 Remote Denial of Service Vulnerability
2019-04-24
ISC BIND CVE-2019-6468 Remote Denial of Service Vulnerability
2019-04-24
GraphicsMagick CVE-2019-11505 Heap Buffer Overflow Vulnerability
2019-04-24
GraphicsMagick 'coders/xwd.c' Multiple Denial of Service Vulnerabilities
2019-04-24
Palo Alto Networks Global Protect Client CVE-2019-1573 Local Information Disclosure Vulnerability
2019-04-23
Redhat KeyCloak CVE-2019-3868 Session Hijacking Vulnerability
2019-04-23
Linux Kernel CVE-2019-11487 Multiple Denial of Service Vulnerabilities
2019-04-23
Fujifilm FCR Capsula X/Carbon X Denial of Service and Access Bypass Vulnerabilities
2019-04-23
Apache Zeppelin CVE-2017-12619 Session Fixation Vulnerability
2019-04-23
Rockwell Automation MicroLogix 1400 and CompactLogix 5370 Controllers Open Redirection Vulnerability
2019-04-23
