Threat Intelligence Report - March 18-24, 2019

Trends

The top attacker country was China with 2651 unique attackers (29.71%)
The top Exploit event was Command Execution with 41% of occurrences

Top Attacker by Country

Country	Occurrences	Percentage
China	2651	29.71%
United States	1928	21.61%
France	569	6.38%
Brazil	495	5.55%
Korea	423	4.74%
India	406	4.55%
Russia	341	3.82%
United Kingdom	298	3.34%
Canada	231	2.59%
Germany	212	2.38%
Italy	212	2.38%
Indonesia	184	2.06%
Netherlands	176	1.97%
Vietnam	161	1.80%
Singapore	152	1.70%
Taiwan	141	1.58%
Australia	128	1.43%
Mexico	110	1.23%
Hong Kong	104	1.17%

Top Cyber Attackers by Country March 18-24 2019

Threat Geo-location

Top Attacking Hosts

Host	Occurrences
188.92.77.235	59
210.1.224.92	23
185.176.27.118	22

Top Network Attackers

Origin AS	Announcement	Description
AS43513	188.92.72.0/21	Sia Nano IT
AS45785	210.1.224.0/24	SERVICE HOSTING
AS204428	185.176.27.0/24	IP Dunaev Yuriy Vyacheslavovich

Exploit Event Types and Top Event NIDS

Top Event NIDS and Exploits March 18-24 2019

Top Alarms

Type of Alarm	No. of Occurrences
Red Piranha HIDS: IDS Event	1536
OTX Indicators of Compromise - PULSE	109
Network Discovery - Scan SSH	71
Database Attack - Stored Procedure Access - Attack	56
Attack Tool Detected - Attack	19
System Compromise - Suspicious Behaviour - SSH	14
Delivery & Attack - WebServer Attack - Attack	10
Delivery & Attack - Network Discovery - IDS Event	9
Delivery & Attack - Bruteforce Authentication - SSH	4
Environmental Awareness - Trojan infection - IDS Event	2

Comparison from last week

Type of Alarm	No. of Occurrences
Network Discovery - SourceIP Observed on Multiple RP Network	11,186
Network Discovery - IDS Event Drop List	6,253
Network Discovery - IDS Event Drop List Rule 3	1170
Network Discovery - Scan Nmap	504
OTX Indicators of Compromise - PULSE	213
Network Discovery - IDS Event	98
Database Attack - Stored Procedure Access - Attack	26
Network Discovery - Scan SSH	26
Attack Tool Detected - Attack	14
WebServer Attack - Attack	10
Trojan Infection - IDS Event	3

CVE

This is a list of recent vulnerabilities for which exploits are available.

ID: CVE-2018-1335
Title: Apache Tika-server Command Injection Vulnerability
Vendor: Apache

ID: CVE-2019-0541
Title: Microsoft Windows MSHTML Remote Code Execution Vulnerability
Vendor: Microsoft

ID: CVE-2019-9787
Title: WordPress Remote Code Execution Vulnerability
Vendor: WordPress

ID: CVE-2019-9740
Title: Python CRLF Injection Vulnerability
Vendor: Python

ID: CVE-2019-9741
Title: Golang Go HTTP response-splitting vulnerability
Vendor: Golang

ID: CVE-2019-9020, CVE-2019-9021, CVE-2019-9023, CVE-2019-9024
Title: PHP Information Disclosure and Heap Buffer Overflow Vulnerabilities
Vendor: PHP

ID: CVE-2019-5511, CVE-2019-5512
Title: VMware Workstation Multiple Privilege Escalation Vulnerabilities
Vendor: VMWare

ID: CVE-2019-5418, CVE-2019-5419, CVE-2019-5420
Title: Ruby on Rails Multiple Security Vulnerabilities
Vendor: Ruby on Rails

Vulnerabilities

Oracle Java SE CVE-2019-2426 Information Disclosure Vulnerability
2019-03-22
securityfocus.com/bid/106590

IBM Java SDK CVE-2018-1890 Local Privilege Escalation Vulnerability
2019-03-22
securityfocus.com/bid/107448

QEMU CVE-2019-8934 Local Information Disclosure Vulnerability
2019-03-22
securityfocus.com/bid/107115

PuTTY Multiple Security Vulnerabilities
2019-03-22
securityfocus.com/bid/107484

Cloud Foundry Cloud Controller API CVE-2017-8037 Incomplete Fix Information Disclosure Vulnerability
2019-03-22
securityfocus.com/bid/100448

Opencontainers runc CVE-2019-5736 Local Command Execution Vulnerability
2019-03-22
securityfocus.com/bid/106976

Mozilla Firefox Unspecified Remote Code Execution Vulnerability
2019-03-22
securityfocus.com/bid/107534

Atlassian SourceTree CVE-2018-20234 Arbitrary Code Execution Vulnerability
2019-03-21
securityfocus.com/bid/107414

Red Hat JBoss BPMS CVE-2016-6343 Cross Site Scripting Vulnerability
2019-03-21
securityfocus.com/bid/96987

Mozilla Firefox MFSA2019-01 Multiple Security Vulnerabilities
2019-03-20
securityfocus.com/bid/106773

Gemalto Sentinel UltraPro ICSA-19-073-02 Security Vulnerability
2019-03-20
securityfocus.com/bid/107415

Cisco IP Phone 8800 Series CVE-2019-1764 Cross Site Request Forgery Vulnerability
2019-03-20
securityfocus.com/bid/107502

Cisco IP Phone 8800 Series CVE-2019-1765 Path Traversal Arbitrary File Write Vulnerability
2019-03-20
securityfocus.com/bid/107500

Details

Threat Intelligence Report - March 18-24, 2019

Trends

Top Attacker by Country

Threat Geo-location

Top Attacking Hosts

Top Network Attackers

Exploit Event Types and Top Event NIDS

Top Alarms

CVE

Vulnerabilities

Search

Categories

Questions?
Get in Touch

Subscribe to our weekly
Threat Intelligence Report

Subscribe to our
Newsletter

Trends

Top Attacker by Country

Threat Geo-location

Top Attacking Hosts

Top Network Attackers

Exploit Event Types and Top Event NIDS

Top Alarms

CVE

Vulnerabilities

Categories

Questions?​​​​​​​Get in Touch

Subscribe to our weekly Threat Intelligence Report

Subscribe to our Newsletter

Questions?
Get in Touch

Subscribe to our weekly
Threat Intelligence Report

Subscribe to our
Newsletter