Trends
- The top attacker country was China with 2651 unique attackers (29.71%)
- The top Exploit event was Command Execution with 41% of occurrences
Top Attacker by Country
| Country | Occurrences | Percentage |
|---|---|---|
| China | 2651 | 29.71% |
| United States | 1928 | 21.61% |
| France | 569 | 6.38% |
| Brazil | 495 | 5.55% |
| Korea | 423 | 4.74% |
| India | 406 | 4.55% |
| Russia | 341 | 3.82% |
| United Kingdom | 298 | 3.34% |
| Canada | 231 | 2.59% |
| Germany | 212 | 2.38% |
| Italy | 212 | 2.38% |
| Indonesia | 184 | 2.06% |
| Netherlands | 176 | 1.97% |
| Vietnam | 161 | 1.80% |
| Singapore | 152 | 1.70% |
| Taiwan | 141 | 1.58% |
| Australia | 128 | 1.43% |
| Mexico | 110 | 1.23% |
| Hong Kong | 104 | 1.17% |
Threat Geo-location
Top Attacking Hosts
| Host | Occurrences |
|---|---|
| 188.92.77.235 | 59 |
| 210.1.224.92 | 23 |
| 185.176.27.118 | 22 |
Top Network Attackers
| Origin AS | Announcement | Description |
|---|---|---|
| AS43513 | 188.92.72.0/21 | Sia Nano IT |
| AS45785 | 210.1.224.0/24 | SERVICE HOSTING |
| AS204428 | 185.176.27.0/24 | IP Dunaev Yuriy Vyacheslavovich |
Exploit Event Types and Top Event NIDS
Top Alarms
| Type of Alarm | No. of Occurrences |
|---|---|
| Red Piranha HIDS: IDS Event | 1536 |
| OTX Indicators of Compromise - PULSE | 109 |
| Network Discovery - Scan SSH | 71 |
| Database Attack - Stored Procedure Access - Attack | 56 |
| Attack Tool Detected - Attack | 19 |
| System Compromise - Suspicious Behaviour - SSH | 14 |
| Delivery & Attack - WebServer Attack - Attack | 10 |
| Delivery & Attack - Network Discovery - IDS Event | 9 |
| Delivery & Attack - Bruteforce Authentication - SSH | 4 |
| Environmental Awareness - Trojan infection - IDS Event | 2 |
Comparison from last week
| Type of Alarm | No. of Occurrences |
|---|---|
| Network Discovery - SourceIP Observed on Multiple RP Network | 11,186 |
| Network Discovery - IDS Event Drop List | 6,253 |
| Network Discovery - IDS Event Drop List Rule 3 | 1170 |
| Network Discovery - Scan Nmap | 504 |
| OTX Indicators of Compromise - PULSE | 213 |
| Network Discovery - IDS Event | 98 |
| Database Attack - Stored Procedure Access - Attack | 26 |
| Network Discovery - Scan SSH | 26 |
| Attack Tool Detected - Attack | 14 |
| WebServer Attack - Attack | 10 |
| Trojan Infection - IDS Event | 3 |
CVE
This is a list of recent vulnerabilities for which exploits are available.
ID: CVE-2018-1335
Title: Apache Tika-server Command Injection Vulnerability
Vendor: Apache
ID: CVE-2019-0541
Title: Microsoft Windows MSHTML Remote Code Execution Vulnerability
Vendor: Microsoft
ID: CVE-2019-9787
Title: WordPress Remote Code Execution Vulnerability
Vendor: WordPress
ID: CVE-2019-9740
Title: Python CRLF Injection Vulnerability
Vendor: Python
ID: CVE-2019-9741
Title: Golang Go HTTP response-splitting vulnerability
Vendor: Golang
ID: CVE-2019-9020, CVE-2019-9021, CVE-2019-9023, CVE-2019-9024
Title: PHP Information Disclosure and Heap Buffer Overflow Vulnerabilities
Vendor: PHP
ID: CVE-2019-5511, CVE-2019-5512
Title: VMware Workstation Multiple Privilege Escalation Vulnerabilities
Vendor: VMWare
ID: CVE-2019-5418, CVE-2019-5419, CVE-2019-5420
Title: Ruby on Rails Multiple Security Vulnerabilities
Vendor: Ruby on Rails
Vulnerabilities
Oracle Java SE CVE-2019-2426 Information Disclosure Vulnerability
2019-03-22
securityfocus.com/bid/106590
IBM Java SDK CVE-2018-1890 Local Privilege Escalation Vulnerability
2019-03-22
securityfocus.com/bid/107448
QEMU CVE-2019-8934 Local Information Disclosure Vulnerability
2019-03-22
securityfocus.com/bid/107115
PuTTY Multiple Security Vulnerabilities
2019-03-22
securityfocus.com/bid/107484
Cloud Foundry Cloud Controller API CVE-2017-8037 Incomplete Fix Information Disclosure Vulnerability
2019-03-22
securityfocus.com/bid/100448
Opencontainers runc CVE-2019-5736 Local Command Execution Vulnerability
2019-03-22
securityfocus.com/bid/106976
Mozilla Firefox Unspecified Remote Code Execution Vulnerability
2019-03-22
securityfocus.com/bid/107534
Atlassian SourceTree CVE-2018-20234 Arbitrary Code Execution Vulnerability
2019-03-21
securityfocus.com/bid/107414
Red Hat JBoss BPMS CVE-2016-6343 Cross Site Scripting Vulnerability
2019-03-21
securityfocus.com/bid/96987
Mozilla Firefox MFSA2019-01 Multiple Security Vulnerabilities
2019-03-20
securityfocus.com/bid/106773
Gemalto Sentinel UltraPro ICSA-19-073-02 Security Vulnerability
2019-03-20
securityfocus.com/bid/107415
Cisco IP Phone 8800 Series CVE-2019-1764 Cross Site Request Forgery Vulnerability
2019-03-20
securityfocus.com/bid/107502
Cisco IP Phone 8800 Series CVE-2019-1765 Path Traversal Arbitrary File Write Vulnerability
2019-03-20
securityfocus.com/bid/107500
