Red Piranha Threat Intelligence Report - November 26 - December 2 2018


Trends


  • China is on top of the list with 1397 unique attackers (23.84%)
  • Bruteforce Authentication was the Top Alarm of the week with 239 of occurrences


Top Attacker by Country


Country No. of Attackers Percentage
China 1397 23.84%
United States 1137 19.40%
France 449 7.66%
Brazil 400 6.83%
Russian Federation 340 5.80%
Germany 248 4.23%
India 240 4.10%
United Kingdom 201 3.43%
Republic of Korea 182 3.11%
Netherlands 177 3.02%
Canada 153 2.61%
Vietnam 137 2.34%
Taiwan 130 2.22%
Italy 127 2.17%
Indonesia 123 2.10%
Ukraine 106 1.81%
Singapore 91 1.55%
Poland 78 1.33%
Australia 75 1.28%
Argentina 69 1.18%

Top Cyber Attackers by Country November 26 - December 2 2018


Threat Geo-location


Cyber Security Threat Geolocations November 26 - December 2 2018


Top Attacking Hosts


Host Occurrences
16.31.116.11 288
116.31.116.17 86
71.6.135.131 12
93.174.95.106 10

Top Attacker Hosts November 26 - December 2 2018


Top Alarms


Alarm No. of Occurrences
Bruteforce Authentication - SSH 239
OTX Indicators of Compromise - PULSE 107
Attack Tool Detected - Attack 8
WebServer Attack - Attack 3

Comparison from Previous Report

Alarm No. of Occurrences
Bruteforce Authentication - SSH 201
OTX Indicators of Compromise - PULSE 88
Database Attack - Stored Procedure - Attack 14
Attack Tool Detected - Attack 12
WebServer Attack - Attack 5
Bruteforce Authentication - Windows Login 2


Exploit Event Types and Top Event NIDS


Top Event NIDS and Exploits November 26 - December 2 2018


Red Piranha - Open Threat Exchange


Pulses Subscribed Indicators Last Updated Number of Alarms Number of Events
6,095 892,167 2018-12-02 23:05:26 6,598 7,827

Country IP's November 26 - December 2 2018


Events from the most active OTX


Events from the most active OTX November 26 - December 2 2018Events from the most active OTX 2 November 26 - December 2 2018


CVE


CVE-2018-19787


An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.


https://nvd.nist.gov/vuln/detail/CVE-2018-19787


Vulnerabilities


Vuln: QEMU CVE-2018-19665 Integer Overflow Vulnerability
https://www.securityfocus.com/bid/106050

0 Comments
Monday, December 3, 2018 By rayah.medina