Threat_Intelligence_Report

Trends



  • United States is on top of the list with 1622 unique attackers (25.3%)
  • OTX Pulse was the Top Alarm of the week with 159 occurrences
  • The exploit event type on top this week was Command Execution with 77% occurrences.



Top Attacker by Country


CountryNo. of AttackersOccurrences
United States162225.3%
China139921.8%
France3575.6%
Russian Federation 3355.2%
Brazil3215.0%
United Kingdom2604.1%
India2283.6%
Vietnam2083.2%
Netherlands1983.1%
Korea1963.1%
Germany1923.0%
Australia1762.7%
Taiwan1652.6%
Canada1492.3%
Singapore1322.1%
Indonesia1121.7%
Ukraine971.5%
Hong Kong851.3%
Unknown751.2%


Top Cyber Attackers by Country Dec 10-16 2018



Threat Geo-location


Cyber Security Threat Geolocations Dec 10-16 2018

Top Attacking Hosts


HostOccurrences
13.107.4.5019
185.10.68.15317
185.244.25.16516
185.244.25.16716
185.244.25.22816
117.18.237.2916
37.48.76.5115
159.203.169.1615



Top Alarms


AlarmNo. of Occurrences
OTX Indicators of Compromise - PULSE159
Attack Tool Detected - Attack15
Bruteforce Authentication - SSH5


Comparison from Previous Report


AlarmNo. of Occurrences
OTX Indicators of Compromise - PULSE90
Bruteforce Authentication - SSH32
Attack Tool Detected - Attack1



Exploit Event Types and Top Event NIDS


Top Event NIDS and Exploits Dec 10-16 2018




CVE


CVE-2018-20029
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
nvd.nist.gov/vuln/detail/CVE-2018-20029

CVE-2018-1279
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster.
nvd.nist.gov/vuln/detail/CVE-2018-1279

CVE-2018-15800
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.
nvd.nist.gov/vuln/detail/CVE-2018-15800

CVE-2018-15805
Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption).
nvd.nist.gov/vuln/detail/CVE-2018-15805

CVE-2018-16635
Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.
nvd.nist.gov/vuln/detail/CVE-2018-16635

CVE-2018-16636
Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter.
nvd.nist.gov/vuln/detail/CVE-2018-16636

Details