Threat_Intelligence_Report

Trends


  • The top attacker country is China with 2114 unique attackers (33.67%)
  • OTX Pulse was the Top Alarm of the week with 227 occurrences
  • The exploit event type on top this week was Command Execution with 85% occurrences.


Top Attacker by Country

CountryNo. of AttackersOccurrences
China211433.67%
United States114118.17%
France3745.96%
Brazil3124.97%
Russian Federation2814.48%
Republic of Korea2644.20%
India2554.06%
United Kingdom2333.71%
Netherlands1522.42%
Canada1502.39%
Germany1462.33%
Taiwan1432.28%
Indonesia1262.01%
Vietnam1191.90%
Italy961.53%
Singapore881.40%
Hong Kong771.23%
Colombia721.15%
Mexico681.08%
Ukraine681.08%


Top Cyber Attackers by Country Jan 6 -13 2019


Threat Geo-location

Cyber Security Threat Geolocations Jan 6 -13 2019


Top Attacking Hosts

HostOccurrences
122.226.181.16652
122.226.181.16729
71.6.146.13014
58.242.83.108



Top Alarms

AlarmNo. of Occurrences
OTX Indicators of Compromise - PULSE227
Bruteforce Authentication - SSH18
Attack Tool Detected - Attack15
WebServer Attack - Attack 8
 

Comparison from Previous Report


AlarmNo. of Occurrences
OTX Indicators of Compromise - PULSE246
Attack Tool Detected - Attack86
WebServer Attack - Attack54
Bruteforce Authentication - SSH19



Top Network Attackers

Origin ASAnnouncementDescription
AS1043971.6.128.0/17CariNet, Inc
AS136190122.226.180.0/23CHINANET-ZJ Taizhou node network
AS483758.242.0.0/15China Unicom AnHui province network


Exploit Event Types and Top Event NIDS

Top Event NIDS and Exploits Jan 6-13 2019



Vulnerability News


Cisco Firepower Management Center CVE-2018-15458 Denial of Service Vulnerability
2019-01-09
securityfocus.com/bid/106516

Cisco IP Phone 8800 Series CVE-2018-0461 Arbitrary Script Injection Vulnerability
2019-01-09
securityfocus.com/bid/106515

Cisco Prime Network Control System CVE-2018-0482 HTML Injection Vulnerability
2019-01-09
securityfocus.com/bid/106514

Cisco Identity Services Engine Cross Site Scripting and HTML-injection Vulnerabilities
2019-01-09
securityfocus.com/bid/106513

Cisco Identity Services Engine CVE-2018-15456 Information Disclosure Vulnerability
2019-01-09
securityfocus.com/bid/106512

Cisco AsyncOS for Email Security Appliance CVE-2018-15453 Remote Denial of Service Vulnerability
2019-01-09
securityfocus.com/bid/106511

Cisco IOS and IOS XE Software CVE-2018-0282 Denial of Service Vulnerability
2019-01-09
securityfocus.com/bid/106510

Cisco Prime Infrastructure CVE-2018-15457 Cross Site Scripting Vulnerability
2019-01-09
securityfocus.com/bid/106509

Cisco TelePresence Management Suite CVE-2018-15467 Cross Site Scripting Vulnerability
2019-01-09
securityfocus.com/bid/106508

Cisco Email Security Appliance CVE-2018-15460 Remote Denial of Service Vulnerability
2019-01-09
securityfocus.com/bid/106507

Top Attacker Hosts Jan 6-13 2019
Details
Category
Threat Intelligence