threat-intelligence-report

Trends

  • The top attacker country was China with 1762 unique attackers (26%).
  • The top Exploit event was Authentication with 45% of occurrences.
  • The top Trojan C&C server detected was TrickBot with 44 instances detected.


Top Attacker by Country

CountryOccurrencesPercentage
China176225.79%
United States156922.97%
Vietnam3935.75%
Republic of Korea3455.05%
Brazil3425.01%
France3234.73%
India3114.55%
Russian Federation2804.10%
United Kingdom2253.29%
Germany1722.52%
Egypt1692.47%
Canada1552.27%
Taiwan1382.02%
Indonesia1351.98%
Netherlands1311.92%
Thailand1111.62%
Italy981.43%
Poland871.27%
Singapore851.24%


Top Cyber Attackers by Country August 19-25 2019


Threat Geo-location


Cyber Security Threat Geolocations August 19-25 2019


Top Attacking Hosts

HostOccurrences
1.144.111.33886
1.128.106.245585
1.186.45.250582
1.128.107.16341
2.56.11.200336
2.229.40.154284
1.6.160.226268
3.8.75.184215


Top Attacker Hosts August 19-25 2019


Top Network Attackers

Origin ASAnnouncementDescription
AS12211.128.0.0/11Telstra
AS457691.186.45.0/24D-VoiS Broadband Private Limited
AS2098702.56.11.0/24AnyGaming Ltd.


Top Event NIDS and Exploits

Top Event NIDS August 19-25 2019


Top Event Exploits August 19-25 2019



Top Alarms

Type of AlarmOccurrences
Bruteforce Authentication3846
Network Discovery995
Network Anomaly131


Comparison from last week 

Type of AlarmOccurrences
Bruteforce Authentication1941
Network Discovery29
Network Anomaly18


Top Cyber Security Alarms August 19-25 2019


Remote Access Trojan C&C Servers Found

NameNumber DiscoveredLocation
Amadey246.30.40.100, 51.15.202.245
Anubis2185.193.141.40, 46.30.41.186
Azorult185.143.221.153
CryptBot1185.228.233.119
LokiBot3161.117.182.37 , 188.214.30.138 , 195.133.48.243
Megumin1104.18.60.159
PredatorTheThief147.252.9.44
Smokeloader2104.27.186.243 , 213.159.208.51
TrickBot44103.116.84.44, 104.217.8.108, 107.175.33.16, 139.60.163.101, 146.185.219.27 , 158.69.133.71 , 158.69.133.76, 178.157.82.90, 185.117.75.11, 185.117.75.41, 185.141.27.162, 185.172.129.146, 185.183.98.26, 185.251.39.12, 185.82.202.89, 186.46.63.58, 190.151.213.140, 192.3.146.179, 192.3.146.221, 194.36.189.170, 194.87.95.132, 198.12.97.212, 198.23.252.117, 198.46.198.131, 198.8.91.53, 212.109.223.235, 217.106.238.102, 31.184.253.6, 37.228.117.250, 37.46.128.252, 45.15.253.132, 46.30.41.188,
50.3.87.51, 5.253.63.157,
54.36.28.94, 66.70.218.50,
66.70.218.56, 81.177.136.68,
81.177.141.67, 82.118.21.99, 89.105.203.184, 93.189.44.92, 95.181.198.88, 95.215.206.34


Trojan C&C Servers August 19-25 2019


Common Malware


Malware TypeMD5Typical Filename

PUA.Osx.
Trojan.Amcleaner::
sbmt.talos

125ef5dc31
15bda09d2
cef1c5086
9205

helpermcp

Unix.Exploit.
Lotoor::
other.talos

f7145b132e
23e3a55d22
69a00839
5034

8c0b271744b
f654ea3538c6
b92aa7bb9819
de3722640796
234e243efc077
e2b6.bin

W32.7ACF7
1AFA8-95.
SBX.TG

4a50780dd
b3db16eba
b57b0ca42
da0fb

xme64-2141.exe

W32.Agent
WDCR:Gen.
21gn.1201

e2ea315d9
a83e75770
53f52c974f
6a5a		c3e530cc
005583b4
7322b664
9ddc0dab
1b64bcf22
b124a492
606763c5
2fb048f.bin

W32.46B24
1E3D3-95.
SBX.TG

db69eaa
ea4d4970
3f161c81
e6fdd036f

invoice.exe



CVEs For Which Public Exploits Have Been Detected

This is a list of recent vulnerabilities for which exploits are available.


ID:        CVE-2019-15107
Title:    Pulse Connect Secure Multiple Security Vulnerabilities (SA44101)
Vendor:    PulseSecure
Description: Pulse Connect Secure provides secure, authenticated access for remote and mobile users from any web-enabled device to corporate resources anytime, anywhere. Pulse Connect Secure is the most widely deployed SSL VPN for organizations of any size, across every major industry. Successful exploitation of this vulnerability can lead to to remote code execution, arbitrary local file modification, session hijacking, SAML authentication leak, command injection, stack buffer overflow, Cross-site Scripting etc.
CVSS v2 Base Score:    6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)


ID:        CVE-2019-8045
Title:    Adobe Security Update for Adobe Acrobat and Reader (APSB19-41)
Vendor:    Adobe
Description: Adobe Acrobat and Reader versions have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution. An attacker could exploit this vulnerability to compromise Confidentiality, Integrity and/or Availability.
CVSS v2 Base Score:    10 (AV:N/AC:L/Au:N/C:C/I:C/A:C)


ID:        CVE-2018-13379
Title:    Fortinet FortiOS Credentials Disclosure Vulnerability
Vendor:    Fortinet
Description: Fortinet FortiOS is exposed to a directory traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory to obtain sensitive information and allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
CVSS v2 Base Score:    5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)


ID:        CVE-2019-14430
Title:    YouPHPTube SQL Injection Vulnerability
Vendor:    YouPHPTube
Description: The parameters "User" as well as "pass" of the user registration function in YouPHPTube are vulnerable to SQL injection vulnerabilities. By submitting an HTTP POST request to the URL "/objects/userCreate.json.php" an attacker can access the database and read the hashed credentials of an administrator. Successful exploitation allows an unauthenticated, remote attacker to manipulate SQL queries by injecting arbitrary SQL code or further exploit latent vulnerabilities in the underlying database.
CVSS v2 Base Score:    6.8 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

ID:        CVE-2019-9512,CVE-2019-9514
Title:    Kubernetes Denial of Service Vulnerability
Vendor:    Kubernetes
Description: A security issue has been found in the net/http library of the Go language that affects all versions and all components of Kubernetes. The vulnerabilities can result in a DoS against any process with an HTTP or HTTPS listener. These vulnerabilities allow untrusted clients to allocate an unlimited amount of memory, until the server crashes leading to Denial of Service.
CVSS v2 Base Score:    7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)


ID:        CVE-2019-15107
Title:    Webmin Remote Code Execution Vulnerability
Vendor:    Multi-Vendor
Description: Webmin is a web-based interface for system administration for Unix,although recent versions can also be installed and run on Windows. Webmin contains a vulnerability that allows remote command execution.The parameter "old" in password_change.cgi contains a command injection vulnerability. Webmin versions are only vulnerable if changing of expired passwords is enabled. Successful exploitation may allow remote attacker to execute arbitrary commands on target system.
CVSS v2 Base Score:    6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)


Recent CVEs

KDE KAuth CVE-2017-8422 Local Privilege Escalation Vulnerability
2019-07-25
securityfocus.com/bid/98412

FreeBSD CVE-2019-5604 Out of Bounds Read Denial of Service Vulnerability
2019-07-25
securityfocus.com/bid/109369

Exim CVE-2019-13917 Privilege Escalation Vulnerability
2019-07-24
securityfocus.com/bid/109338

Libdwarf CVE-2019-14249 Remote Denial Of Service Vulnerability
2019-07-24
securityfocus.com/bid/109380

McAfee Data Loss Prevention Endpoint for Windows Multiple Local Security Vulnerabilities
2019-07-24
securityfocus.com/bid/109377

Drupal SA-CONTRIB-2019-059 Access Bypass Vulnerability
2019-07-24
securityfocus.com/bid/109372

Drupal Existing Values Autocomplete Widget Module Access Bypass Vulnerability
2019-07-24
securityfocus.com/bid/109371

GNU GDB CVE-2019-1010180 Remote Buffer Overflow Vulnerability
2019-07-24
securityfocus.com/bid/109367

FreeBSD CVE-2019-5607 Local Privilege Escalation Vulnerabiity
2019-07-24
securityfocus.com/bid/109366

Micro Focus ArcSight Logger CVE-2019-3485 HTML Injection Vulnerability
2019-07-24
securityfocus.com/bid/109363

Ansible CVE-2019-10206 Remote Information Disclosure Vulnerability
2019-07-24
securityfocus.com/bid/109361

GNU Binutils 'libiberty' CVE-2019-14250 Integer Overflow Vulnerability
2019-07-24
securityfocus.com/bid/109354

Scapy '_RADIUSAttrPacketListField' Class Remote Denial of Service Vulnerability
2019-07-23
securityfocus.com/bid/106674

FFmpeg CVE-2019-12730 Security Bypass Vulnerability
2019-07-23
securityfocus.com/bid/109317

McAfee Data Loss Prevention Endpoint for Windows Multiple Local Security Vulnerabilities
2019-07-23
securityfocus.com/bid/109370

HAProxy CVE-2019-14241 Remote Denial of Service Vulnerability
2019-07-23
securityfocus.com/bid/109352

D-Link DSL-2750U Multiple Authentication Bypass Vulnerabilities
2019-07-23
securityfocus.com/bid/109351

Mitsubishi Electric FR Configurator2 ICSA-19-204-01 Multiple Security Vulnerabilities
2019-07-23
securityfocus.com/bid/109350

National Renewable Energy Laboratory EnergyPlus Local Stack Based Buffer Overflow Vulnerability
2019-07-23
securityfocus.com/bid/109349

Poppler CVE-2019-9959 Integer Overflow Vulnerability
2019-07-23
securityfocus.com/bid/109342

FortiOS IPS engine CVE-2019-5592 Man in the Middle Information Disclosure Vulnerability
2019-07-23
securityfocus.com/bid/109337

Linux Kernel CVE-2019-11811 Local Arbitrary Code Execution Vulnerability
2019-07-22
securityfocus.com/bid/108410

Apple iOS and watchOS Multiple Security Vulnerabilities
2019-07-22
securityfocus.com/bid/109343

Apple watchOS Multiple Security Vulnerabilities
2019-07-22
securityfocus.com/bid/109340

Microsoft Windows 'OleCreateFontIndirectExt' Out of Bounds Read Information Disclosure Vulnerability
2019-07-22
securityfocus.com/bid/109335

Apple iOS and tvOS CVE-2019-8698 Security Bypass Vulnerability
2019-07-22
securityfocus.com/bid/109334

Apple macOS/watchOS/iOS/tvOS Multiple Security Vulnerabilities
2019-07-22
securityfocus.com/bid/109332

Apple iOS/watchOS/tvOS CVE-2019-8647 Use After Free Remote Code Execution Vulnerability
2019-07-22
securityfocus.com/bid/109330

WebKit Multiple Security Vulnerabilities
2019-07-22
securityfocus.com/bid/109329

WebKit Cross Site Scripting and Multiple Memory Corruption Vulnerabilities
2019-07-22
securityfocus.com/bid/109328

Apple Safari and macOS CVE-2019-8670 Address Bar Spoofing Vulnerability
2019-07-22
securityfocus.com/bid/109327

Apple iOS CVE-2019-8699 Security Bypass Vulnerability
2019-07-22
securityfocus.com/bid/109325

Apple macOS and iOS CVE-2019-8663 Information Disclosure Vulnerability
2019-07-22
securityfocus.com/bid/109324

Apple macOS Multiple Security Vulnerabilities
2019-07-22
securityfocus.com/bid/109322

GNOME gvfs CVE-2019-12795 Local Authorization Bypass Vulnerability
2019-07-19
securityfocus.com/bid/108741

Mozilla Firefox Multiple Security Vulnerabilities
2019-07-19
securityfocus.com/bid/109085

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2019-07-19
securityfocus.com/bid/109086

Squid CVE-2019-13345 Multiple Cross Site Scripting Vulnerabilities
2019-07-19
securityfocus.com/bid/109095

Foxit PhantomPDF CVE-2019-14213 Denial of Service Vulnerability
2019-07-19
securityfocus.com/bid/109368

Foxit PhantomPDF CVE-2019-14211 Denial of Service Vulnerability
2019-07-19
securityfocus.com/bid/109358

Foxit PhantomPDF CVE-2019-14207 Denial of Service Vulnerability
2019-07-19
securityfocus.com/bid/109314

Foxit PhantomPDF CVE-2019-14212 Denial of Service Vulnerability
2019-07-19
securityfocus.com/bid/109313

Details
Category
Threat Intelligence