Trends
- The top attacker country was China with 2661 unique attackers (27.10%)
- The top Exploit event was Command Execution with 41% of occurrences
Top Attacker by Country
| Country | No. of Attackers | Percentage |
|---|---|---|
| China | 2661 | 27.10% |
| United States | 2276 | 23.18% |
| France | 612 | 6.23% |
| Brazil | 589 | 6.00% |
| India | 422 | 4.30% |
| Russian Federation | 380 | 3.87% |
| Korea | 376 | 3.83% |
| United Kingdom | 328 | 3.34% |
| Germany | 305 | 3.11% |
| Canada | 252 | 2.57% |
| Australia | 211 | 2.15% |
| Vietnam | 205 | 2.09% |
| Taiwan | 199 | 2.03% |
| Singapore | 192 | 1.96% |
| Netherlands | 188 | 1.91% |
| Indonesia | 185 | 1.88% |
| Italy | 184 | 1.87% |
| Hong Kong | 147 | 1.50% |
| Greece | 108 | 1.10% |
Threat Geo-location
Top Attacking Hosts
| Host | Occurrences |
|---|---|
| 59.167.22.51 | 709 |
| 115.238.245.2 | 590 |
| 185.176.27.110 | 407 |
| 159.65.175.37 | 339 |
| 122.226.181.165 | 315 |
| 163.172.68.20 | 268 |
Top Network Attackers
| Origin AS | Announcement | Description |
|---|---|---|
| AS4739 | 59.167.0.0/16 | iiNet Limited |
| AS4134 | 115.224.0.0/12 | CHINANET Zhejiang province network |
| AS204428 | 185.176.27.0/24 | IP Dunaev Yuriy Vyacheslavovich |
| AS14061 | 159.65.160.0/20 | DigitalOcean, LLC |
| AS136190 | 122.226.180.0/23 | CHINANET-ZJ Taizhou node network |
| AS12876 | 163.172.0.0/16 | ONLINE SAS |
Exploit Event Types and Top Event NIDS
Top Alarms
| Type of Alarm | No. of Occurrences |
|---|---|
| Network Discovery - SourceIP Observed on Multiple RP Network | 11,186 |
| Network Discovery - IDS Event Drop List | 6,253 |
| Network Discovery - IDS Event Drop List Rule 3 | 1170 |
| Network Discovery - Scan Nmap | 504 |
| OTX Indicators of Compromise - PULSE | 213 |
| Network Discovery - IDS Event | 98 |
| Database Attack - Stored Procedure Access - Attack | 26 |
| Network Discovery - Scan SSH | 26 |
| Attack Tool Detected - Attack | 14 |
| WebServer Attack - Attack | 10 |
| Trojan Infection - IDS Event | 3 |
Comparison from Last Week
| Type of Alarm | No. of Occurrences |
|---|---|
| Network Discovery - IDS Event Drop List | 2,428 |
| OTX Indicators of Compromise - PULSE | 117 |
| Database Attack - Stored Procedure Access - Attack | 51 |
| Attack Tool Detected - Attack | 35 |
| WebServer Attack - Attack | 33 |
| Trojan Infection - IDS Event | 13 |
| Bruteforce Authentication - SSH | 2 |
CVE
This is a list of recent vulnerabilities for which exploits are available.
ID: CVE-2019-5786
Title: Google Chrome User After Free Arbitrary Code Execution Vulnerability
Vendor: Microsoft
ID: CVE-2019-0187
Title: Apache JMeter Remote Code Execution Vulnerability
Vendor: Apache
ID: CVE-2019-1596
Title: Cisco NX-OS Software Bash Shell Local Privilege Escalation Vulnerability
Vendor: Cisco
ID: CVE-2019-1707
Title: Cisco DNA Center Access Contract HTML Injection Vulnerability
Vendor: Cisco
ID: CVE-2019-0809
Title: Microsoft Visual Studio Remote Code Execution Vulnerability
Vendor: Microsoft
ID: CVE-2019-0603
Title: Microsoft Windows TFTP Server Remote Code Execution Vulnerability
Vendor: Microsoft
ID: CVE-2019-0808, CVE-2019-0797
Title: Microsoft Windows Win32k Elevation of Privilege Vulnerability
Vendor: Microsoft
ID: CVE-2019-7816
Title: Adobe ColdFusion Arbitrary File-Upload Vulnerability
Vendor: Adobe
Vulnerabilities
Microsoft Windows Win32k CVE-2019-0808 Local Privilege Escalation Vulnerability
securityfocus.com/bid/107331
Oracle Java SE CVE-2019-2449 Remote Security Vulnerability
securityfocus.com/bid/106597
Oracle Java SE CVE-2018-11212 Remote Security Vulnerability
securityfocus.com/bid/106583
Apache Solr CVE-2017-3164 Server Side Request Forgery Security Bypass Vulnerability
securityfocus.com/bid/107026
Lenovo Dynamic Power Reduction Utility CVE-2019-6149 Local Privilege Escalation Vulnerability
securityfocus.com/bid/107438
Cloud Foundry Container Runtime CVE-2019-3780 Privilege Escalation Vulnerability
securityfocus.com/bid/107434
VMware Workstation Multiple Privilege Escalation Vulnerabilities
securityfocus.com/bid/107429
