Threat_Intelligence_Report

Trends



  • China is on top of the list with 1397 unique attackers (23.84%)
  • Bruteforce Authentication was the Top Alarm of the week with 239 of occurrences



Top Attacker by Country


CountryNo. of AttackersPercentage
China139723.84%
United States113719.40%
France4497.66%
Brazil4006.83%
Russian Federation3405.80%
Germany2484.23%
India2404.10%
United Kingdom2013.43%
Republic of Korea1823.11%
Netherlands1773.02%
Canada1532.61%
Vietnam1372.34%
Taiwan1302.22%
Italy1272.17%
Indonesia1232.10%
Ukraine1061.81%
Singapore911.55%
Poland781.33%
Australia751.28%
Argentina691.18%


Top Cyber Attackers by Country November 26 - December 2 2018



Threat Geo-location


Cyber Security Threat Geolocations November 26 - December 2 2018



Top Attacking Hosts


HostOccurrences
16.31.116.11288
116.31.116.1786
71.6.135.13112
93.174.95.10610




Top Alarms


AlarmNo. of Occurrences
Bruteforce Authentication - SSH239
OTX Indicators of Compromise - PULSE107
Attack Tool Detected - Attack8
WebServer Attack - Attack3


Comparison from Previous Report


AlarmNo. of Occurrences
Bruteforce Authentication - SSH201
OTX Indicators of Compromise - PULSE88
Database Attack - Stored Procedure - Attack14
Attack Tool Detected - Attack12
WebServer Attack - Attack5
Bruteforce Authentication - Windows Login2




Exploit Event Types and Top Event NIDS


Top Event NIDS and Exploits November 26 - December 2 2018



Red Piranha - Open Threat Exchange


Pulses SubscribedIndicatorsLast UpdatedNumber of AlarmsNumber of Events
6,095892,1672018-12-02 23:05:266,5987,827




Events from the most active OTX


Events from the most active OTX November 26 - December 2 2018Events from the most active OTX 2 November 26 - December 2 2018



CVE


CVE-2018-19787


An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.


nvd.nist.gov/vuln/detail/CVE-2018-19787




Vulnerabilities


Top Attacker Hosts November 26 - December 2 2018
Details