Threat Intel Banner

   
   Trends

  • The top attacker country was Russia with 43845 unique attackers (18.00%).
  • The top Trojan C&C server detected was Cryptbot with 38 instances detected.
  • The top phishing campaign detected was against Facebook with 36 instances detected.


   Top Attackers By Country

]
CountryOccurencesPercentage
Russia4384518.00%
India3749615.00%
China3623214.00%
United States2497710.00%
Vietnam53982.00%
Brazil38051.00%
Hong Kong25831.00%
Indonesia23410%
Bulgaria21490%
Canada20380%
Singapore20150%
France12250%
Colombia7070%
Mexico5260%
Netherlands4780%
Ireland3620%
Ecuador3460%


   Top Attackers By Country

   
   Threat Geo-location


   Top Attacking Hosts

HostOccurrences
92.63.196.1327636
86.27.113.918703
61.177.173.287514
45.146.164.1986477
117.6.198.133904
103.70.144.2463176
103.4.237.533168
103.70.61.1102503
103.70.147.2182331
79.124.62.861353
218.92.0.2001302
103.70.39.691283
103.70.147.671218
103.70.146.2291204
103.70.147.2341196
103.70.146.1461194
103.70.146.2261183
103.70.145.2371143


Top Attackers


   Top Network Attackers

ASNCountryName
47981NetherlandsFOPSERVER, UA
5089United KingdomNTL, GB
4134ChinaCHINANET-BACKBONE No.31,Jin-rong Street, CN
49505RussiaSELECTEL, RU
7552VietnamVIETEL-AS-AP Viettel Group, VN
133647IndiaELXIREDATA-AS-IN ELXIRE DATA SERVICES PVT. LTD., IN
131476AustraliaFUSIONBB-AU 10/50 Market St, AU
132215IndiaPOWERGRID-IN Power Grid Corporation of India Limited, IN
207812BulgariaDM_AUTO, BG
137653IndiaDSTECH-AS-IN Dstech Cyberspace Pvt Ltd, IN


   Remote Access Trojan C&C Servers Found

NameNumber DiscoveredLocation
Amadey2185.215.113.49 , 185.215.113.67
Azorult2164.68.96.136 , 27.122.57.229
BlackNet4145.14.145.167 , 145.14.145.90 , 185.239.243.112 , 62.221.252.239
Bloody1178.208.83.35
CobaltStrike35101.32.209.205 , 106.75.249.46 , 111.229.81.74 , 13.49.66.227 , 138.68.131.250 , 139.196.153.6 , 144.48.220.43 , 147.135.78.119 , 149.28.14.175 , 149.91.89.121 , 155.138.227.139 , 180.215.220.187 , 185.10.68.203 , 185.14.29.184 , 185.14.29.41 , 186.202.57.168 , 192.99.178.145 , 195.123.209.221 , 195.123.233.206 , 212.114.52.170 , 23.98.34.144 , 3.233.224.182 , 34.92.195.182 , 37.120.222.71 , 37.120.222.73 , 42.192.85.158 , 43.242.201.130 , 45.138.172.57 , 45.76.194.237 , 45.76.202.203 , 46.161.27.203 , 47.243.44.143 , 54.167.46.196 , 5.61.50.106 , 58.87.90.151
Cryptbot3834.118.72.185 , 34.65.214.4 , 8.209.67.151 , axload01.top , dybvl36.top , dycxj34.top , dydvs24.top , dyfma74.top , dyfzw22.top , dygip25.top , dyhhz23.top , dyhsf63.top , dyklb27.top , dylyl31.top , dynbh37.top , dypbg21.top , dyrvy77.top , dyvck35.top , dyxlx33.top , dyzcd32.top , esjes042.top , esqvc02.top , esrhf04.top , essoa10.top , esvje022.top , frttload01.top , margye02.top , marjkc03.top , marlqj05.top , maroiv05.top , maropi06.top , morfhtr02.top , motdtrs03.top , needioern17.top , porkte05.top , sdaurr02.top , serfrload03.top , serfrload08.top
Cypress2104.21.11.22 , 178.208.83.35
DiamondFox5109.235.70.186 , 185.193.88.150 , 34.77.68.192 , 8.209.113.52 , 92.63.97.22
KeitaroTDS4185.220.32.94 , 188.119.112.9 , 193.38.54.145 , 87.236.16.241
Kpot1162.0.219.161
LiteHTTP1217.28.222.80
Lokibot15104.168.140.79 , 172.67.209.115 , 194.5.178.163 , 203.159.80.29 , 2.57.89.36 , 31.210.20.71 , 34.65.83.88 , 34.75.102.212 , 35.195.167.237 , 45.144.29.218 , 5.180.186.227 , 5.2.75.32 , 74.119.195.169 , 8.209.69.174 , b2bseller.ga
Oski7104.168.138.96 , 162.241.244.25 , 203.28.246.111 , 45.85.90.220 , 45.85.90.86 , 92.53.124.88 , f0xnet.tk
Redirected1176.111.174.61
Redline8109.234.35.198 , 178.157.91.38 , 193.124.112.206 , 213.183.41.60 , 3.81.114.252 , 45.142.214.163 , 94.103.86.26 , heniav.xyz


Trojan C&C Servers Detected


    Common Malware

MD5VirusTotalFileNameClaimed ProductDetection Name
8193b63313019b614d5be721c538486bhttps://www.virustotal.com/gui/file/e3eeaee0af4b549eae4447fa20cfe205e8d56beecf43cf14a11bf3e86ae6e8bd/detailsSAService.exeSAServicePUA.Win.Dropper.Segurazo::95.sbx.tg
9a4b7b0849a274f6f7ac13c7577daad8https://www.virustotal.com/gui/file/c1d5a585fce188423d31df3ea806272f3daa5eb989e18e9ecf3d94b97b965f8e/detailsww31.exeN/AW32.GenericKD:Attribute.24ch.1201
96f8e4e2d643568cf242ff40d537cd85https://www.virustotal.com/gui/file/17c4a85cdc339f525196d7f5da3a02e43c97513ff50b6bc17db4470ae3b182e2/detailsSAService.exeSAServicePUA.Win.File.Segurazo::95.sbx.tg
34560233e751b7e95f155b6f61e7419ahref="https://www.virustotal.com/gui/file/8b4216a7c50599b11241876ada8ae6f07b48f1abe6590c2440004ea4db5becc9/details"SAntivirusService.exeA n t i v i r u s S e r v i c ePUA.Win.Dropper.Segurazo::tpd
8c80dd97c37525927c1e549cb59bcbf3https://www.virustotal.com/gui/file/85b936960fbe5100c170b777e1647ce9f0f01e3ab9742dfc23f37cb0825b30b5/detectionEternalblue-2.2.0.exeN/AWin.Exploit.Shadowbrokers::5A5226262.auto.talos


   Top Phishing Campaigns

Phishing TargetCount
Other919
Facebook36
Microsoft9
VKontakte1
PayPal9
WeTransfer2
Special1
Vodafone3
Netflix1
Amazon.com16
Rakuten4
Bradesco1
RuneScape5
DHL1
TSB1
LinkedIn1
Blockchain1
Yahoo1
Caixa2
Halifax1
Apple2
MyEtherWallet1


    CVEs with Recently Discovered Exploits

        This is a list of recent vulnerabilities for which exploits are available.

CVE, Title, VendorDescriptionCVSS v3.1 Base ScoreDate CreatedDate Updated

CVE-2021-30177

SQL Injection Vulnerability in PHPNuke

PHPNuke

There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE.9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)04/07/202104/13/2021

CVE-2021-28925

SQL Injection Vulnerability in Nagios

Nagios

SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/.9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)04/08/202104/13/2021

CVE-2021-24175

Authentication Bypass Vulnerability in Posimyth WP Plugin

Posimyth

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as create accounts with arbitrary roles, such as admin. These issues can be exploited even if registration is disabled, and the Login widget is not active.9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)04/05/202104/09/2021

CVE-2021-1871

Remote Code Execution Vulnerability in MacOS Big Sur

Apple

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)04/02/202104/12/2021

CVE-2020-17523

Authentication Bypass Vulnerability in Apache Shiro

Apache

Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)02/03/202104/12/2021

CVE-2021-22986

Remote Code Execution Vulnerability in F5 Big IP system

F5

This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management interface and self IP addresses, to execute arbitrary system commands, create or delete files, and disable services. This vulnerability can only be exploited through the control plane and cannot be exploited through the data plane. Exploitation can lead to complete system compromise. The BIG-IP system in Appliance mode is also vulnerable.9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)03/31/202104/05/2021

CVE-2021-21983

Privilege Escalation Vulnerability in VMware vRealize

VMware

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.6.5 (AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H)03/31/202104/05/2021