threat_intel_report

Trends

  • The top attacker country was China with 2985404 unique attackers (50.00%).
  • The top Trojan C&C server detected was TrickBot with 8 instances detected.

Top Attackers By Country

Country Occurences Percentage
China 2985404 50.00%
Australia 1178364 19.00%
United States 352953 5.00%
South Africa 268702 4.00%
India 182092 3.00%
Russia 175169 2.00%
France 130848 2.00%
South Korea 116965 1.00%
United Kingdom 113211 1.00%
Chile 111346 1.00%
Brazil 71672 1.00%
Germany 68340 1.00%
Vietnam 48261 0%
Thailand 42507 0%
Italy 33306 0%
Estonia 15350 0%
Romania 13399 0%
Taiwan 10084 0%
Dominican Republic 3302 0%

Top Attackers by CountryChinaAustraliaUnited StatesSouth AfricaIndiaRussiaFranceOther10.9%6%19.9%50.4%
Country Percentage of Attacks
China 2,985,404
Australia 1,178,364
United States 352,953
South Africa 268,702
India 182,092
Russia 175,169
France 130,848
South Korea 116,965
United Kingdom 113,211
Chile 111,346
Brazil 71,672
Germany 68,340
Vietnam 48,261
Thailand 42,507
Italy 33,306
Estonia 15,350
Romania 13,399
Taiwan 10,084
Dominican Republic 3,302

Threat Geo-location

3,3022,985,404

Top Attacking Hosts

Host Occurrences
112.85.42.186 34615
49.88.112.115 14515
218.92.0.190 10620
112.85.42.88 10133
61.183.54.174 8102
122.115.230.183 2789
Top Attackers112.85.42.18649.88.112.115218.92.0.190112.85.42.8861.183.54.174122.115.230.183020,00040,000
Host Occurences
112.85.42.186 34,615
49.88.112.115 14,515
218.92.0.190 10,620
112.85.42.88 10,133
61.183.54.174 8,102
122.115.230.183 2,789

Top Network Attackers

ASN Country Name
4837 China CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN
4134 China CHINANET-BACKBONE No.31, Jin-rong Street, CN
23724 China CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN

Remote Access Trojan C&C Servers Found

Name Number Discovered Location
AmadeusStealer 1 95.142.44.113
Anubis 6 8.208.91.252 , 8.209.104.170 , 8.209.99.235 , 84.38.180.55 , 84.38.183.96 , 91.210.104.212
AzorUlt 1 193.42.96.108
FlexNet 3 47.241.116.41 , 81.177.139.80 , 8.209.112.8
Heodo 2 190.163.1.31 , 190.19.169.69
KPOT 2 84.38.183.155 , freelacerinc.ru
Lokibot 1 84.38.181.216
Oski 1 45.143.92.129
TrickBot 8 109.234.34.135 , 185.142.99.223 , 185.198.57.113 , 185.244.39.190 , 192.210.226.12 , 192.3.247.124 , 195.123.239.126 , 78.88.188.42
Vidar 1 185.99.133.182
Trojan C&C Servers DetectedAmadeusStealerAnubisAzorUltFlexNetHeodoKPOTLokibotOskiAmadeusStealerTrickBotVidar22.2%11.1%7.4%29.6%7.4%
Name Number Discovered
AmadeusStealer 1
Anubis 6
AzorUlt 1
FlexNet 3
Heodo 2
KPOT 2
Lokibot 1
Oski 1
AmadeusStealer 1
TrickBot 8
Vidar 1

Common Malware

MD5 VirusTotal FileName Claimed Product Detection Name
a10a6d9dfc0328a391a3fdb1a9fb18db https://www.virustotal.com/gui/file/85b936960fbe5100c170b777e1647ce9f0f01e3ab9742dfc23f37cb0825b30b5/details FlashHelperServices.exe FlashHelperService PUA.Win.Adware.Flashserv::100.sbx.vioc
8c80dd97c37525927c1e549cb59bcbf3 https://www.virustotal.com/gui/file/094d4da0ae3ded8b936428bb7393c77aaedd5efb5957116afd4263bd7edc2188/details FlashHelperServices.exe FlashHelperServices Win.Exploit.Shadowbrokers::5A5226262.auto.talos
47b97de62ae8b2b927542aa5d7f3c858 https://www.virustotal.com/gui/file/3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3/details qmreportupload.exe qmreportupload Win.Trojan.Generic::in10.talos
e2ea315d9a83e7577053f52c974f6a5a https://www.virustotal.com/gui/file/c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f/detection c3e530cc005583b47322b6649ddc0dab1b64bcf22b124a492606763c52fb048f.bin N/A Win.Dropper.Agentwdcr::1201
799b30f47060ca05d80ece53866e01cc https://www.virustotal.com/gui/file/15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b/detection mf2016341595.exe N/A Win.Downloader.Generic::1201
Details
Category
Threat Intelligence