- The top attacker country was China with 2323 unique attackers (35%).
- The top Exploit event was Authentication with 39% of occurrences.
- The top Trojan C&C server detected was TrickBot with 30 instances detected.
Top Attacker by Country
|Republic of Korea||340||5.18%|
Top Attacking Hosts
Top Network Attackers
|AS48096||126.96.36.199/24||Enterprise Cloud Ltd.|
Top Events NIDS and Exploits
|Type of Alarm||Occurences|
Comparison from last week
|Type of Alarm||Occurences|
|Automated Actionable Intelligence HIDS||193|
|Multiple XSS (Cross Site Scripting) attempts from same source IP||2|
Remote Access Trojan C&C Servers Found
|Heodo||16||188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199,
188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168,
22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206,
|3||220.127.116.11, 18.104.22.168, 22.214.171.124|
|TrickBot||30||126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124,
126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11,
18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52,
184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124
|Malware Type||MD5||Typical Filename|
CVEs For Which Public Exploits Have Been Detected
Title: WordPress Core Stored Cross-Site Scripting (XSS) vulnerability
Description: A stored Cross-Site Scripting vulnerability within the WordPress Customizer that allows authenticated users to make changes to the WordPress theme to directly customize the interface. This vulnerability could allow unauthenticated users to view private or draft posts, which otherwise would not be viewable.
CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Title: Apache Httpd mod_rewrite Open Redirects Vulnerability
Description: In Apache HTTP server, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
CVSS v2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Title: Apache Httpd mod_proxy - Error Page Cross-Site Scripting Vulnerability
Description: In Apache HTTP Server, a limited cross site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Title: Cisco Prime Infrastructure Health Monitor HA TarArchive - Directory Traversal / Remote Code Execution
Description: A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root level privileges on the underlying operating system.
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Title: Microsoft Windows 'COMahawk' Local Privilege Escalation Vulnerability
Description: An elevation of privilege vulnerability exists when Windows improperly handles authentication requests. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340.
CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Title: nipper-ng Remote Stack Buffer Overflow Vulnerability
Vendor: nipper-ng project
Description: A stack based buffer overflow in the processPrivilage() function in IOS/process-general.c in allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file.
CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)