Threat_Intelligence_Report

Trends


  • The top attacker country is China with 2064 unique attackers (29.36%)
  • OTX Pulse was the Top Alarm of the week with 246 occurrences
  • The exploit event type on top this week was Command Execution with 60% occurrences.


Top Attacker by Country

CountryNo. of AttackersOccurrences
China206429.36%
United States158822.59%
France3995.68%
Brazil3514.99%
Russian Federation3294.68%
India2814.00%
Korea2473.51%
United Kingdom2463.50%
Netherlands1962.79%
Germany1662.36%
Canada1602.28%
Vietnam1452.06%
Indonesia1371.95%
Australia1231.75%
Italy1171.66%
Taiwan1131.61%
Singapore1071.52%
Mexico951.35%
Hong Kong861.22%
Thailand791.12%


Top Cyber Attackers by Country Dec 31 2018 - Jan 6 2019


Threat Geo-location

Cyber Security Threat Geolocations Dec 31 2018 - Jan 6 2019


Top Attacking Hosts

HostOccurrences
109.153.28.11579
128.90.157.22846
115.238.245.240
122.226.181.16621
122.226.181.16721
122.226.181.16519
122.226.181.16417



Top Alarms

AlarmNo. of Occurrences
OTX Indicators of Compromise - PULSE246
Attack Tool Detected - Attack86
WebServer Attack - Attack54
Bruteforce Authentication - SSH19


Comparison from Previous Report


AlarmNo. of Occurrences
Attack Tool Detected - Attack350
WebServer Attack - Attack309
OTX Indicators of Compromise - Pulse192
Bruteforce Authentication - SSH16



Top Network Attackers

Origin ASAnnouncementDescription
AS2856109.144.0.0/12British Telecommunications PLC
AS22363128.90.157.0/24Unus, Inc. 
AS4134115.224.0.0/12CHINANET Zhejiang province network
AS136190122.226.180.0/23CHINANET-ZJ Taizhou node network


Exploit Event Types and Top Event NIDS

Top Event NIDS and Exploits Dec 31 2018 - Jan 6 2019



Vulnerability News

Yokogawa Vnet/IP Open Communication Driver CVE-2018-16196 Denial of Service Vulnerability
2019-12-21
securityfocus.com/bid/106442

OpenAFS CVE-2018-16949 Multiple Denial of Service Vulnerabilities
2019-09-11
securityfocus.com/bid/106375

RETIRED: Adobe Acrobat and Reader CVE-2018-19725 Security Bypass Vulnerability
2019-01-04
securityfocus.com/bid/106438

Adobe Acrobat and Reader APSB18-41 Multiple Unspecified Security Bypass Vulnerabilities
2019-01-04
securityfocus.com/bid/106165

Adobe Acrobat and Reader APSB18-41 Multiple Arbitrary Code Execution Vulnerabilities
2019-01-04
securityfocus.com/bid/106164

Adobe Acrobat and Reader CVE-2018-16018 Security Bypass Vulnerability
2019-01-03
securityfocus.com/bid/106449

Hetronic Nova-M CVE-2018-19023 Authentication Bypass Vulnerability
2019-01-03
securityfocus.com/bid/106448

Adobe Acrobat and Reader CVE-2018-16011 Arbitrary Code Execution Vulnerability
2019-01-03
securityfocus.com/bid/106447

Schneider Electric Pro-face GP-Pro CVE-2018-7832 Arbitrary Code Execution Vulnerability
2019-01-03
securityfocus.com/bid/106441

OpenSSL CVE-2018-0734 Side Channel Attack Information Disclosure Vulnerability
2019-01-02
securityfocus.com/bid/105758

OpenSSL CVE-2018-5407 Side Channel Attack Information Disclosure Vulnerability
2019-01-02
securityfocus.com/bid/105897

Xen 'vmx.c' Denial of Service Vulnerability
2019-01-02
securityfocus.com/bid/105817

Artifex Ghostscript CVE-2018-19478 Denial of Service Vulnerability
2019-01-02
securityfocus.com/bid/106445

GNU Binutils CVE-2018-20657 Denial of Service Vulnerability
2019-01-02
securityfocus.com/bid/106444

IBM Quality Manager CVE-2017-1609 Cross Site Scripting Vulnerability
2019-01-02
securityfocus.com/bid/106384

F5 BIG-IP APM CVE-2018-15334 Cross Site Request Forgery Vulnerability
2019-01-01
securityfocus.com/bid/106364

Node.js Multiple Denial of Service Vulnerabilities
2019-01-01
securityfocus.com/bid/106363

GNU Binutils CVE-2018-20651 Denial of Service Vulnerability
2019-01-01
securityfocus.com/bid/106440

HP UCMDB Configuration Manager CVE-2018-18593 Multiple Security Vulnerabilities
2018-12-31
securityfocus.com/bid/106374

JasPer 'base/jas_malloc.c' Memory Leak Information Disclosure Vulnerability
2018-12-31
securityfocus.com/bid/106373

Top Attacker Hosts Dec 31 2018 - Jan 6 2019
Details
Category
Threat Intelligence