Trends
- The top attacker country was China with 2430 unique attackers (27.05%)
- The top Exploit event was Command Execution with 87% of occurrences
Top Attacker by Country
| Country | No. of Attackers | Percentage |
|---|---|---|
| China | 2430 | 27.05% |
| United States | 1942 | 21.61% |
| France | 559 | 6.22% |
| Brazil | 531 | 5.91% |
| Korea | 433 | 4.82% |
| Russian Federation | 414 | 4.61% |
| India | 399 | 4.44% |
| United Kingdom | 268 | 2.98% |
| Vietnam | 267 | 2.97% |
| Taiwan | 266 | 2.96% |
| Canada | 242 | 2.69% |
| Germany | 234 | 2.60% |
| Italy | 197 | 2.19% |
| Indonesia | 164 | 1.83% |
| Netherlands | 160 | 1.78% |
| Singapore | 150 | 1.67% |
| Australia | 136 | 1.51% |
| Argentina | 98 | 1.09% |
| Thailand | 95 | 1.06% |
Threat Geo-location
Top Attacking Hosts
| Host | Occurrences |
|---|---|
| 185.176.27.110 | 99 |
| 46.35.173.82 | 90 |
| 88.149.158.90 | 84 |
| 185.222.211.158 | 60 |
| 185.176.26.107 | 54 |
| 103.75.182.41 | 52 |
| 185.10.68.202 | 41 |
Top Network Attackers
| Origin AS | Announcement | Description |
|---|---|---|
| AS204428 | 185.176.27.0/24 | IP Dunaev Yuriy Vyacheslavovich |
| AS47771 | 46.35.168.0/21 | Digital Cable Television Ltd |
| AS35612 | 88.149.128.0/17 | EOLO S.p.A |
| AS205092 | 185.222.211.0/24 | OUTSOURCE GRID LIMITED |
| AS57271 | 185.176.26.0/24 | IP Kirichenko Andrey Evgenievich |
| AS38733 | 103.75.182.0/23 | BQT computer technology |
| AS200651 | 185.10.68.0/24 | Flokinet Ltd |
Exploit Event Types and Top Event NIDS
Top Alarms
| Type of Alarm | No. of Occurrences |
|---|---|
| Network Discovery - IDS Event Drop List | 2,428 |
| OTX Indicators of Compromise - PULSE | 117 |
| Database Attack - Stored Procedure Access - Attack | 51 |
| Attack Tool Detected - Attack | 35 |
| WebServer Attack - Attack | 33 |
| Trojan Infection - IDS Event | 13 |
| Bruteforce Authentication - SSH | 2 |
Comparison from Last Week
| Type of Alarm | No. of Occurrences |
|---|---|
| Red Piranha IDS Event | 17414 |
| OTX Indicators of Compromise - PULSE | 88 |
| Network Discovery - IDS Event Drop List | 32 |
| Database Attack - Stored Procedure Access - Attack | 2 |
| Attack Tool Detected - Attack | 2 |
CVE
This is a list of recent vulnerabilities for which exploits are available.
ID: CVE-2018-1999002
Title: Jenkins Arbitrary File Access Vulnerability
Vendor: Jenkins
ID: CVE-2018-19519
Title: Tcpdump Buffer Overflow Vulnerability
Vendor: Tcpdump
ID: CVE-2019-6340
Title: Drupal Remote Code Execution Vulnerability (SA-CORE-2019-003)
Vendor: Drupal
ID: CVE-2018-19107
Title: Exiv2 Denial of Service Vulnerability
Vendor: Exiv2
ID: CVE-2018-20122
Title: Fastweb Fastgate Remote Code Execution Vulnerability
Vendor: Fastweb
ID: CVE-2019-7238
Title: Nexus Repository Manager 3 Remote Code Execution Vulnerability
Vendor: Nexus Repository
ID: CVE-2018-20250
Title: WinRAR Arbitrary Code Execution Vulnerability
Vendor: RARLAB
ID: CVE-2018-20250
Title: Cisco Routers Management Interface Remote Command Execution Vulnerability - (cisco-sa-20190227-rmi-cmd-ex)
Vendor: Cisco
Vulnerabilities
Google Chrome CVE-2019-5786 'FileReader' Use After Free Arbitrary Code Execution Vulnerability
securityfocus.com/bid/107213
Linux kernel CVE-2019-7221 Local Denial of Service Vulnerability
securityfocus.com/bid/107294
Cisco NX-OS Software CVE-2019-1602 Local Insecure File Permissions Vulnerability
securityfocus.com/bid/107332
Cisco NX-OS Software CVE-2019-1603 Local Privilege Escalation Vulnerability
securityfocus.com/bid/107328
Cisco NX-OS Software Extensible Authentication Protocol Denial of Service Vulnerability
securityfocus.com/bid/107325
