TOP 10 ATTACKER (BY COUNTRY)
CHINA is our current top Attacker
Detailed Report on Suspicious hosts
Behavior: Scanning hosts
Activity: Continuously using different username password combination existing and non-existing usernames.
We have found following different types of events:
SSHD authentication failed.
Multiple SSHD authentication failures.
Multiple failed logins in a small period of time.
SSH insecure connection attempt (scan).
Failed Password
Invalid User
Input userauth request invalid user
Type of attack: Bruteforce
Source IP Addresses:
221.194.47.242, 203.249.22.182, 103.79.143.32
121.18.238.28, 103.79.143.141, 103.79.143.34
103.79.141.150, 74.208.144.30, 103.79.143.108
TOP OTX Activity
THREAT GEOLOCATION
SIEM EVENTS
AV/IPS Rules: Locky Malware Phishing Campaign Rule