Scribd
Upload
155 views43 pages

Reporte de Amenazas-2022-08-18-0101 - 1483

The document reports on malware, botnets, and intrusions detected between July 18, 2022 and August 16, 2022. The top malware detected was HTML/FishForm.311!tr which infected 107.172.134.101 3,387 times. A total of 14 botnets were detected with the most victims being infected by Mirai with over 16,000 unique IPs affected. There were 40 intrusions detected targeting various organizations, with the most severe being rated as critical.

Uploaded by

Edgar Rodriguez Contreras
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
155 views43 pages

Reporte de Amenazas-2022-08-18-0101 - 1483

The document reports on malware, botnets, and intrusions detected between July 18, 2022 and August 16, 2022. The top malware detected was HTML/FishForm.311!tr which infected 107.172.134.101 3,387 times. A total of 14 botnets were detected with the most victims being infected by Mirai with over 16,000 unique IPs affected. There were 40 intrusions detected targeting various organizations, with the most severe being rated as critical.

Uploaded by

Edgar Rodriguez Contreras
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 43

Reporte de amenazas

Report Date: August 18, 2022 01:02


Data Range: 2022-07-18 00:00:00 2022-08-16 23:59:00COT (FAZ local)
Table of Contents

Malware 2
Malware Detected 2
Malware Victims 2
Malware Source 8
Malware Timeline 15

Botnets 16
Botnet Detected 16
Botnet Victims 16
Botnet C&C 38
Botnet C&C Detected by DNS Filtering 38
Botnet Timeline 39

Intrusions 40
Intrusions Detected 40
Intrusion Victims 40
Intrusion Sources 40
Intrusions By Severity 41
Intrusions Blocked 41
Intrusion Timeline 41

Appendix A 42
Devices (1) 42

page 1 of 42
Malware
Malware Detected
# Malware Name Malware Type Counts
1 HTML/FishForm.311!tr Virus 3,387
2 JS/Agent.NDSW!tr Virus 898
3 Riskware/Yandex Spyware 534
4 HTML/Phish.CPA!tr Virus 514
5 MSIL/Kryptik.EOY!tr Virus 424
6 JS/SEARCHVITY.F8EB!tr Virus 360
7 Malware_Generic.P0 Virus 343
8 MSIL/Variadic.A!tr Virus 276
9 MSIL/Kryptik.ADNS!tr Virus 226
10 MSOffice/Agent.FA05!tr Virus 143

Malware Victims
# Victim Name (or IP) Counts
1 107.172.134.101 3,387
2 188.93.233.140 514
3 45.137.22.115 398
4 172.27.78.97 340
5 185.222.58.49 288
6 45.137.22.156 174
7 172.26.33.201 173
8 45.137.22.230 148
9 185.225.73.207 119
10 185.222.58.76 118
11 10.0.12.110 100
12 203.252.1.139 92
13 208.67.105.39 91
14 185.222.58.69 81
15 172.27.124.184 81
16 165.22.231.245 75
17 143.198.40.14 68
18 172.26.140.16 67
19 185.222.58.235 60
20 185.222.57.247 58
21 172.26.20.53 57
22 185.222.58.116 54
23 172.27.79.15 54
24 172.26.133.141 47
25 10.0.36.42 44
26 89.149.205.5 44
27 212.32.251.162 42
28 187.217.245.25 33
29 172.24.59.140 29
30 172.27.124.148 28
31 191.0.150.24 25
32 172.24.21.231 25
33 10.4.75.70 24
34 103.180.134.230 24

page 2 of 42
# Victim Name (or IP) Counts
35 185.222.58.241 24

36 10.4.74.24 24
37 140.228.29.52 22
38 104.232.27.251 20
39 172.24.61.163 20
40 51.81.173.233 18
41 172.24.21.80 18
42 172.22.14.58 18
43 10.0.48.216 17
44 172.26.152.107 17
45 172.30.162.69 16
46 10.4.76.15 16
47 172.30.151.241 16
48 172.22.15.154 15
49 172.27.78.107 14
50 172.24.61.146 14
51 172.22.17.49 14
52 172.22.10.13 13
53 172.26.19.9 13
54 172.24.11.130 13
55 172.30.8.18 13
56 172.22.11.91 13
57 172.22.12.30 13
58 172.22.12.132 12
59 45.137.22.45 12
60 172.22.15.145 12
61 45.137.22.153 12
62 172.22.14.180 12
63 172.25.15.109 11
64 172.30.127.54 11
65 172.24.21.119 10
66 10.2.102.125 10
67 185.222.57.211 10
68 10.1.6.232 10
69 172.22.11.75 10
70 172.26.67.109 10
71 172.24.56.173 10
72 10.0.36.65 9
73 172.26.18.182 9
74 185.222.58.252 9
75 172.24.12.116 9
76 172.31.38.133 9
77 185.222.57.213 8
78 172.25.52.141 8
79 172.30.39.19 8
80 45.137.22.116 8
81 10.0.48.149 8
82 91.103.252.84 8
83 172.24.27.19 8
84 172.24.21.109 8
85 193.233.188.127 8

page 3 of 42
# Victim Name (or IP) Counts

86 10.0.37.23 8
87 172.22.10.116 8
88 172.24.62.48 8

89 45.137.22.67 8
90 172.24.61.25 8
91 185.222.57.201 8
92 10.4.75.31 8
93 172.24.10.183 8
94 172.27.85.55 7
95 172.22.12.146 7
96 10.0.45.124 7
97 172.24.22.221 7
98 172.22.17.203 7
99 172.25.14.54 7
100 172.24.21.101 7
101 10.0.25.154 7
102 172.22.10.212 6
103 185.222.58.85 6
104 10.4.74.21 6
105 10.2.73.10 6
106 172.22.10.193 6
107 45.137.22.49 6
108 10.0.37.220 6
109 172.30.5.24 6
110 172.25.14.98 6
111 172.24.56.229 6
112 172.22.16.215 5
113 172.24.61.46 5
114 172.22.10.181 5
115 172.22.11.19 5
116 172.24.21.96 5
117 172.24.21.118 5
118 172.27.4.112 5
119 172.24.18.231 5
120 172.31.147.37 5
121 172.24.10.220 5
122 172.22.15.150 5
123 172.22.14.219 5
124 10.0.44.144 5
125 45.91.168.6 4
126 185.222.58.234 4
127 202.55.133.137 4
128 172.26.37.28 4
129 185.222.57.91 4
130 172.22.42.29 4
131 172.31.32.25 4
132 172.27.109.148 4
133 172.22.10.104 4
134 172.26.142.71 4
135 162.251.146.103 4

page 4 of 42
# Victim Name (or IP) Counts
136 185.220.204.184 4
137 172.22.10.213 4
138 172.25.52.148 4
139 172.27.42.151 4
140 172.30.46.43 3
141 10.0.45.139 3

142 185.222.57.212 3
143 10.0.83.154 3
144 172.25.3.112 3
145 172.22.60.2 3
146 172.27.58.19 3
147 191.0.200.246 3
148 10.4.64.55 3
149 172.22.10.222 3
150 172.26.32.99 3
151 172.22.14.26 3
152 172.25.8.16 3
153 172.26.70.44 3
154 172.30.168.10 3
155 172.22.7.222 3
156 10.0.88.205 3
157 172.27.90.182 2
158 172.27.1.145 2
159 208.67.105.73 2
160 10.0.52.35 2
161 10.0.88.100 2
162 172.22.14.33 2
163 172.22.10.47 2
164 10.15.3.32 2
165 10.0.29.45 2
166 94.73.160.69 2
167 172.22.60.107 2
168 10.0.5.168 2
169 152.244.79.113 2
170 172.25.2.188 2
171 172.26.20.59 2
172 172.22.54.13 2
173 45.137.22.150 2
174 208.67.105.34 2
175 172.22.53.169 2
176 54.245.125.39 2
177 172.24.61.237 2
178 10.0.44.140 2
179 172.22.14.193 2
180 172.24.31.56 2
181 172.22.14.199 2
182 172.22.11.247 2
183 10.1.15.91 2
184 200.75.19.113 2
185 172.24.21.145 2
186 172.30.125.54 2

page 5 of 42
# Victim Name (or IP) Counts
187 79.110.62.214 2
188 172.22.53.45 2
189 172.24.21.233 2
190 172.20.60.223 2
191 10.0.37.206 2
192 103.125.190.179 2
193 172.20.60.160 2
194 10.1.18.50 2

195 200.75.19.106 2
196 10.0.79.81 2
197 172.20.60.225 2
198 10.128.0.12 1
199 172.22.19.85 1
200 172.30.80.137 1
201 191.0.203.21 1
202 172.26.118.210 1
203 172.22.12.247 1
204 10.0.79.69 1
205 172.25.14.78 1
206 172.24.61.111 1
207 172.26.32.91 1
208 10.0.5.82 1
209 193.43.147.154 1
210 172.22.31.249 1
211 172.24.36.137 1
212 172.22.15.251 1
213 172.27.15.219 1
214 172.22.15.132 1
215 172.27.5.193 1
216 10.0.60.106 1
217 172.25.10.40 1
218 172.27.59.48 1
219 172.26.20.101 1
220 172.24.36.100 1
221 172.24.61.29 1
222 10.0.29.2 1
223 172.25.28.100 1
224 177.34.85.254 1
225 172.24.61.160 1
226 172.27.15.81 1
227 172.24.61.245 1
228 10.0.29.104 1
229 10.4.75.28 1
230 10.0.32.198 1
231 172.24.61.72 1
232 10.0.56.42 1
233 172.25.14.134 1
234 208.67.105.200 1
235 172.24.36.229 1
236 172.22.16.216 1
237 172.30.172.36 1

page 6 of 42
# Victim Name (or IP) Counts
238 172.24.61.81 1
239 107.172.44.133 1
240 172.22.16.193 1
241 172.24.61.151 1
242 172.26.37.38 1
243 10.0.24.83 1
244 172.30.163.55 1
245 10.0.49.203 1
246 172.26.31.136 1
247 195.154.22.120 1
248 172.24.21.30 1
249 172.24.66.123 1
250 172.22.42.192 1
251 185.222.57.74 1
252 172.24.61.249 1
253 172.22.30.17 1
254 172.20.60.23 1
255 172.20.60.77 1
256 172.22.11.31 1
257 172.20.60.176 1
258 172.22.10.64 1
259 172.24.26.41 1
260 10.0.79.71 1
261 10.0.8.29 1
262 172.26.27.220 1
263 172.24.21.108 1
264 10.0.5.209 1
265 172.26.34.253 1
266 10.0.36.126 1
267 172.27.95.142 1
268 172.24.21.81 1
269 172.24.61.79 1
270 172.24.24.40 1
271 172.27.78.30 1
272 103.114.105.239 1
273 109.206.241.220 1
274 172.24.36.119 1
275 172.24.25.55 1
276 190.54.118.46 1
277 172.22.53.142 1
278 172.24.10.155 1
279 10.2.64.12 1
280 172.26.19.98 1
281 172.24.24.218 1
282 10.0.79.118 1
283 172.20.60.208 1
284 172.24.21.42 1
285 172.24.61.37 1
286 10.0.24.16 1
287 10.0.45.160 1
288 172.22.10.30 1

page 7 of 42
# Victim Name (or IP) Counts
289 191.0.162.6 1
290 172.26.37.32 1
291 10.0.28.226 1
292 172.26.13.193 1

Malware Source
# Malware Source Hostname (or IP) Counts
1 107.172.134.101 192.168.0.7 3,387
2 188.93.233.140 192.168.0.7 514
3 45.137.22.115 192.168.0.7 398
4 66.96.162.144 172.27.78.97 340
5 185.222.58.49 192.168.0.7 288
6 45.137.22.156 192.168.0.7 174
7 200.121.226.98 172.26.33.201 173
8 45.137.22.230 192.168.0.7 148
9 185.225.73.207 192.168.0.7 119
10 185.222.58.76 192.168.0.7 118
11 143.95.228.107 10.0.12.110 100
12 203.252.1.139 192.168.0.7 92
13 208.67.105.39 192.168.0.7 91
14 185.222.58.69 192.168.0.7 81
15 200.121.226.98 172.27.124.184 81
16 165.22.231.245 192.168.0.7 75
17 143.198.40.14 192.168.0.7 68
18 200.121.226.98 172.26.140.16 67
19 185.222.58.235 192.168.0.7 60
20 185.222.57.247 192.168.0.7 58
21 200.121.226.98 172.26.20.53 57
22 185.222.58.116 192.168.0.7 54
23 162.253.35.106 172.27.79.15 54
24 200.121.226.98 172.26.133.141 47
25 89.149.205.5 192.168.0.7 44
26 200.121.226.98 10.0.36.42 44
27 212.32.251.162 192.168.0.7 42
28 187.217.245.25 192.168.0.7 33
29 200.121.226.98 172.24.59.140 29
30 190.239.28.10 172.27.124.148 28
31 103.180.134.230 192.168.0.7 24
32 50.31.174.215 10.4.74.24 24
33 185.222.58.241 192.168.0.7 24
34 50.31.174.215 10.4.75.70 24
35 140.228.29.52 192.168.0.7 22
36 104.232.27.251 192.168.0.7 20
37 190.40.84.186 172.26.152.107 17
38 50.31.174.215 10.4.76.15 16
39 50.31.174.215 172.30.151.241 16
40 104.23.140.12 191.0.150.24 16
41 200.121.226.98 172.30.162.69 16
42 104.23.140.12 172.24.21.231 15
43 104.23.139.12 172.24.61.163 13
44 162.222.225.172 172.30.8.18 13

page 8 of 42
# Malware Source Hostname (or IP) Counts
45 200.121.226.98 172.24.11.130 13

46 45.137.22.45 192.168.0.7 12
47 45.137.22.153 192.168.0.7 12
48 200.121.226.98 172.24.56.173 10
49 104.23.140.12 172.22.14.180 10
50 104.23.140.12 172.22.14.58 10
51 70.124.238.72 10.1.6.232 10
52 104.23.139.12 10.2.102.125 10
53 179.6.174.18 172.26.19.9 10
54 185.222.57.211 192.168.0.7 10
55 51.81.173.233 192.168.0.75 10
56 104.23.139.12 172.24.21.80 10
57 104.23.139.12 172.24.21.231 10
58 104.23.139.12 172.30.127.54 9
59 104.23.140.12 172.22.15.154 9
60 104.23.140.12 172.22.17.49 9
61 104.23.139.12 191.0.150.24 9
62 200.121.226.98 10.0.36.65 9
63 200.121.226.98 172.24.12.116 9
64 185.222.58.252 192.168.0.7 9
65 104.23.139.12 10.0.48.216 9
66 66.96.147.101 172.31.38.133 9
67 45.137.22.116 192.168.0.7 8
68 104.23.139.12 172.22.14.58 8
69 45.137.22.67 192.168.0.7 8
70 104.23.140.12 172.22.11.91 8
71 50.31.174.215 10.4.75.31 8
72 50.31.174.215 172.30.39.19 8
73 104.23.140.12 10.0.48.216 8
74 185.222.57.201 192.168.0.7 8
75 104.23.139.12 172.24.61.146 8
76 200.121.226.98 172.24.27.19 8
77 200.121.226.98 172.24.62.48 8
78 185.222.57.213 192.168.0.7 8
79 104.23.140.12 172.24.21.80 8
80 193.233.188.127 192.168.0.7 8
81 91.103.252.84 192.168.0.7 8
82 79.141.160.87 172.26.18.182 8
83 104.23.139.12 172.25.15.109 8
84 200.121.226.98 10.0.37.23 8
85 208.91.199.115 10.0.25.154 7
86 104.23.140.12 172.24.21.119 7
87 200.121.226.98 172.27.85.55 7
88 104.23.139.12 172.22.12.132 7
89 104.23.140.12 172.26.67.109 7
90 204.11.58.159 10.0.45.124 7
91 104.23.140.12 172.27.78.107 7
92 104.23.140.12 172.22.12.30 7
93 104.23.139.12 172.22.11.75 7
94 104.23.140.12 172.25.52.141 7
95 104.23.140.12 172.24.61.163 7

page 9 of 42
# Malware Source Hostname (or IP) Counts
96 104.23.139.12 172.27.78.107 7
97 104.23.139.12 172.22.10.13 7
98 208.91.198.23 172.30.5.24 6
99 82.223.247.183 172.22.10.193 6
100 185.222.58.85 192.168.0.7 6
101 104.23.140.12 172.24.10.183 6
102 104.23.139.12 172.22.15.145 6
103 104.23.140.12 172.24.61.146 6
104 104.23.139.12 172.22.15.154 6
105 200.121.226.98 10.0.37.220 6
106 104.23.140.12 172.22.10.13 6
107 104.23.140.12 172.22.15.145 6
108 50.31.174.215 10.4.74.21 6
109 45.137.22.49 192.168.0.7 6
110 200.121.226.98 172.24.56.229 6
111 104.23.139.12 172.22.12.30 6
112 104.23.140.12 172.22.12.146 5
113 104.23.139.12 172.25.14.54 5
114 200.121.226.98 172.27.4.112 5
115 200.121.226.98 172.24.21.118 5
116 104.23.139.12 172.24.21.109 5
117 104.23.140.12 172.22.12.132 5
118 104.23.140.12 172.22.10.212 5
119 104.23.140.12 172.24.22.221 5
120 104.23.139.12 172.22.10.116 5
121 209.99.64.33 10.0.44.144 5
122 104.23.139.12 172.22.17.49 5
123 208.91.199.114 172.31.147.37 5
124 104.23.139.12 172.22.11.91 5
125 104.23.139.12 172.24.21.96 5
126 104.23.139.12 172.22.17.203 5
127 45.91.168.6 192.168.0.7 4
128 51.81.173.233 192.168.0.55 4
129 104.23.140.12 172.22.11.19 4
130 104.23.139.12 172.24.61.25 4
131 185.220.204.184 192.168.0.7 4
132 204.11.56.37 172.27.109.148 4
133 104.23.140.12 172.24.61.25 4
134 202.55.133.137 192.168.0.7 4
135 66.96.149.23 172.31.32.25 4
136 162.222.227.230 172.26.142.71 4
137 104.23.139.12 10.0.48.149 4
138 66.96.147.70 172.22.42.29 4
139 104.23.140.12 172.24.61.46 4
140 51.81.173.233 192.168.0.70 4
141 162.251.146.103 192.168.0.7 4
142 104.23.139.12 172.22.14.219 4
143 185.222.58.234 192.168.0.7 4
144 104.23.140.12 172.24.10.220 4
145 208.91.196.105 172.26.37.28 4
146 199.191.50.83 172.27.42.151 4

page 10 of 42
# Malware Source Hostname (or IP) Counts
147 185.222.57.91 192.168.0.7 4
148 104.23.140.12 172.22.15.150 4
149 104.23.140.12 172.25.14.98 4
150 104.23.140.12 10.0.48.149 4
151 104.23.139.12 172.22.10.213 4
152 104.23.140.12 172.24.21.101 4
153 104.23.139.12 172.22.10.104 3
154 35.162.126.170 10.0.45.139 3
155 200.121.226.98 172.26.70.44 3
156 31.22.4.229 172.26.19.9 3
157 104.23.140.12 172.25.52.148 3
158 104.23.139.12 172.26.67.109 3
159 104.23.139.12 172.22.16.215 3
160 162.222.225.163 10.0.88.205 3
161 104.23.139.12 172.22.10.181 3
162 104.23.139.12 172.24.18.231 3
163 200.121.226.98 172.27.58.19 3
164 75.2.120.224 172.30.46.43 3
165 216.198.212.97 172.22.7.222 3
166 104.23.140.12 10.2.73.10 3
167 200.121.226.98 172.26.32.99 3
168 200.121.226.98 172.25.3.112 3
169 104.23.139.12 10.2.73.10 3
170 204.11.56.37 10.0.83.154 3
171 104.23.140.12 172.24.21.109 3
172 104.23.140.12 172.22.10.116 3
173 104.23.140.12 172.22.11.75 3
174 104.23.140.12 172.25.15.109 3
175 216.198.212.97 191.0.200.246 3
176 104.23.139.12 172.24.21.101 3
177 185.222.57.212 192.168.0.7 3
178 179.6.174.19 172.30.168.10 3
179 104.23.139.12 172.24.21.119 3
180 162.241.85.205 172.25.8.16 3
181 200.121.226.98 172.26.20.59 2
182 18.64.171.8 10.15.3.32 2
183 179.6.174.18 172.22.60.2 2
184 179.6.174.19 10.4.64.55 2
185 45.137.22.150 192.168.0.7 2
186 200.121.226.98 172.27.90.182 2
187 104.23.139.12 172.25.14.98 2
188 216.10.240.19 172.22.53.169 2
189 200.75.19.113 192.168.0.7 2
190 104.247.82.50 172.20.60.225 2
191 104.23.140.12 172.30.127.54 2
192 104.23.140.12 172.22.10.47 2
193 208.67.105.73 192.168.0.11 2
194 104.23.139.12 172.22.14.180 2
195 172.217.192.132 172.20.60.223 2
196 104.23.139.12 172.22.11.247 2
197 104.23.140.12 172.22.10.181 2

page 11 of 42
# Malware Source Hostname (or IP) Counts
198 152.244.79.113 192.168.0.70 2
199 104.23.139.12 172.24.10.183 2
200 52.73.84.74 172.22.54.13 2
201 64.233.190.121 172.22.60.107 2
202 208.67.105.34 192.168.0.7 2
203 104.23.140.12 172.24.18.231 2

204 94.73.160.69 192.168.0.7 2


205 104.23.140.12 172.22.14.199 2
206 104.247.82.50 172.20.60.160 2
207 104.23.139.12 172.22.12.146 2
208 108.179.246.67 172.24.31.56 2
209 50.116.10.192 172.27.1.145 2
210 200.121.226.98 172.22.53.45 2
211 66.96.149.32 10.0.44.140 2
212 200.121.226.98 10.0.37.206 2
213 104.23.140.12 172.22.16.215 2
214 104.23.140.12 172.22.17.203 2
215 104.23.139.12 172.22.10.222 2
216 104.23.139.12 10.0.79.81 2
217 104.23.140.12 172.24.61.237 2
218 64.37.52.52 172.30.125.54 2
219 104.23.140.12 172.22.14.33 2
220 200.75.19.106 192.168.0.7 2
221 204.11.58.159 10.0.52.35 2
222 104.23.140.12 172.24.21.145 2
223 200.25.46.81 10.1.15.91 2
224 52.73.84.74 172.25.2.188 2
225 162.222.225.163 10.0.29.45 2
226 54.245.125.39 192.168.0.7 2
227 104.23.140.12 172.25.14.54 2
228 162.241.217.69 10.0.88.100 2
229 104.23.140.12 172.22.14.26 2
230 103.125.190.179 192.168.0.7 2
231 104.23.139.12 172.24.22.221 2
232 104.23.140.12 172.24.21.233 2
233 104.247.82.54 10.1.18.50 2
234 104.23.140.12 10.0.5.168 1
235 104.247.82.50 172.20.60.77 1
236 104.23.139.12 172.22.11.31 1
237 142.251.0.132 172.26.13.193 1
238 104.23.140.12 172.22.10.30 1
239 104.23.140.12 172.24.61.37 1
240 104.23.139.12 172.24.36.119 1
241 207.174.213.126 10.0.28.226 1
242 104.23.139.12 172.24.61.29 1
243 104.23.139.12 172.22.15.150 1
244 35.236.159.79 172.22.42.192 1
245 104.23.140.12 172.22.10.64 1
246 34.206.5.153 10.0.56.42 1
247 200.121.226.98 172.26.20.101 1
248 104.23.140.12 10.0.29.2 1

page 12 of 42
# Malware Source Hostname (or IP) Counts
249 199.34.228.53 10.0.24.16 1
250 190.54.118.46 192.168.0.7 1
251 172.217.192.132 172.25.14.134 1
252 64.233.190.121 10.128.0.12 1
253 104.247.82.50 172.20.60.23 1
254 104.23.139.12 172.24.21.42 1
255 200.121.226.98 172.22.30.17 1
256 104.247.82.50 172.20.60.208 1

257 199.79.63.251 191.0.162.6 1


258 79.110.62.214 192.168.0.11 1
259 172.217.192.132 10.0.32.198 1
260 195.154.22.120 192.168.0.7 1
261 104.23.139.12 172.25.14.78 1
262 104.23.140.12 172.22.10.104 1
263 104.23.140.12 172.22.12.247 1
264 104.247.82.50 10.0.49.203 1
265 121.42.97.1 172.26.34.253 1
266 200.121.226.98 172.26.37.38 1
267 138.128.181.29 172.25.10.40 1
268 52.216.160.243 10.0.5.209 1
269 172.217.192.132 172.30.172.36 1
270 209.45.91.19 172.24.66.123 1
271 200.121.226.98 172.24.26.41 1
272 209.99.64.51 10.0.79.118 1
273 200.121.226.98 172.27.15.81 1
274 200.121.226.98 172.26.27.220 1
275 104.23.139.12 172.25.52.148 1
276 179.6.174.19 10.0.36.126 1
277 104.23.139.12 172.25.52.141 1
278 142.251.0.132 10.0.8.29 1
279 104.23.140.12 172.24.21.108 1
280 31.22.4.229 172.22.60.2 1
281 104.247.82.50 172.20.60.176 1
282 104.23.139.12 172.22.14.26 1
283 104.23.139.12 172.24.10.155 1
284 79.110.62.214 192.168.0.220 1
285 104.23.140.12 172.24.61.151 1
286 162.222.227.230 10.0.24.83 1
287 104.23.140.12 172.22.10.222 1
288 50.31.174.215 172.27.5.193 1
289 104.23.140.12 172.24.21.81 1
290 104.23.140.12 172.24.36.100 1
291 104.23.140.12 172.22.14.193 1
292 172.217.192.132 172.22.53.142 1
293 109.206.241.220 192.168.0.7 1
294 43.225.55.205 172.27.15.219 1
295 104.23.139.12 172.22.14.193 1
296 104.23.139.12 10.0.5.168 1
297 104.23.140.12 10.0.79.71 1
298 200.121.226.98 172.24.25.55 1
299 104.23.140.12 172.24.36.229 1

page 13 of 42
# Malware Source Hostname (or IP) Counts
300 104.23.139.12 172.24.24.40 1
301 79.141.160.71 172.26.18.182 1
302 208.91.198.220 10.0.60.106 1
303 162.222.225.172 10.0.45.160 1
304 200.121.226.98 172.27.78.30 1
305 104.23.140.12 172.24.36.137 1
306 104.23.139.12 172.22.11.19 1
307 200.121.226.98 172.26.32.91 1
308 31.22.4.229 10.4.64.55 1
309 104.23.139.12 172.22.15.132 1

310 50.116.10.192 172.30.163.55 1


311 104.23.140.12 172.24.61.245 1
312 162.222.226.74 10.0.5.82 1
313 172.217.192.132 10.2.64.12 1
314 185.222.57.74 192.168.0.7 1
315 104.23.140.12 172.24.61.81 1
316 199.191.50.82 10.0.29.104 1
317 177.34.85.254 192.168.0.70 1
318 104.23.139.12 172.24.61.46 1
319 104.23.139.12 172.24.10.220 1
320 208.67.105.200 192.168.0.7 1
321 50.31.174.215 10.4.75.28 1
322 65.254.238.140 172.24.61.79 1
323 104.23.139.12 172.24.61.72 1
324 199.191.50.83 172.24.24.218 1
325 104.23.139.12 172.24.21.30 1
326 208.91.196.152 172.27.59.48 1
327 172.217.192.132 172.26.37.32 1
328 107.172.44.133 192.168.0.7 1
329 104.23.139.12 172.24.61.249 1
330 104.23.139.12 172.24.61.160 1
331 104.23.139.12 172.22.15.251 1
332 104.23.140.12 172.22.14.219 1
333 142.251.0.132 172.26.31.136 1
334 158.106.132.127 172.26.118.210 1
335 104.23.140.12 172.22.19.85 1
336 31.22.4.229 172.26.19.98 1
337 103.114.105.239 192.168.0.7 1
338 198.57.247.152 191.0.203.21 1
339 208.91.198.2 172.27.95.142 1
340 104.23.139.12 172.22.10.212 1
341 104.23.139.12 10.0.79.69 1
342 104.23.140.12 172.22.16.216 1
343 193.43.147.154 192.168.0.7 1
344 104.23.140.12 172.22.16.193 1
345 104.23.140.12 172.24.61.111 1
346 104.23.140.12 172.25.28.100 1
347 200.121.226.98 172.22.31.249 1
348 179.6.174.19 172.30.80.137 1

page 14 of 42
20
22

200
400
600
800

0
1K
1200
1400
2 0 -0 7
2 2 -1 7
2 0 -0 7
2 2 -1 8
2 0 -0 7
2 2 -1 9
2 0 -0 7
2 2 -2 0
Malware Timeline

2 0 -0 7
2 2 -2 1
2 0 -0 7
2 2 -2 2
2 0 -0 7
2 2 -2 3
2 0 -0 7
2 2 -2 4
2 0 -0 7
2 2 -2 5
2 0 -0 7
2 2 -2 6
2 0 -0 7
2 2 -2 7
2 0 -0 7
2 2 -2 8
2 0 -0 7
2 2 -2 9
2 0 -0 7
2 2 -3 0
2 0 -0 7
2 2 -3 1
2 0 -0 8
2 2 -0 1
2 0 -0 8
2 2 -0 2
2 0 -0 8
2 2 -0 3
2 0 -0 8
2 2 -0 4
2 0 -0 8
2 2 -0 5
2 0 -0 8
2 2 -0 6
2 0 -0 8
2 2 -0 7
2 0 -0 8
2 2 -0 8
2 0 -0 8
2 2 -0 9
2 0 -0 8
2 2 -1 0
2 0 -0 8
2 2 -1 1
2 0 -0 8
2 2 -1 2
2 0 -0 8
2 2 -1 3
2 0 -0 8
2 2 -1 4
2 0 -0 8
2 2 -1 5
2 0 -0 8
2 2 -1 6
-0
8-
17

page 15 of 42
Botnets
Botnet Detected
# Botnet Name Counts
1 Andromeda.Botnet 31,786
2 Amadey.Botnet 2,103
3 Mirai.Botnet 1,762
4 Torpig.Mebroot.Botnet 915
5 Formbook.Botnet 855
6 Conficker.Botnet 278
7 Bladabindi.Botnet 75
8 Gh0st.Rat.Botnet 38
9 RotaJakiro.botnet 26
10 Mariposa.Botnet 25
11 Pushdo.Botnet 5
12 RedXOR.Botnet 4
13 Raspberry.Robin.Worm 2
14 Mazben.Botnet 2
15 RedLine.Stealer.Botnet 1
16 Suivante.Botnet 1

Botnet Victims
# Victim Name (or IP) Counts
1 172.30.202.16 31,728
2 172.22.7.5 2,103
3 lucy.aponte 915
4 172.27.78.97 855
5 172.26.55.171 277
6 172.25.43.46 28
7 172.26.141.46 26
8 172.20.0.52 25
9 114.55.247.147 20
10 208.138.25.30 16
11 47.117.115.239 16
12 120.48.54.32 13
13 78.10.234.44 11
14 110.11.51.149 11
15 198.179.113.169 11
16 58.251.94.27 10
17 112.27.89.152 10
18 113.160.245.58 10
19 120.198.75.234 10
20 160.19.153.202 10
21 185.49.58.9 10
22 45.79.183.238 9
23 61.81.88.83 9
24 203.122.46.42 9
25 118.31.245.105 9
26 103.235.178.78 8
27 176.74.85.229 8
28 118.69.60.229 8

page 16 of 42
# Victim Name (or IP) Counts
29 45.170.253.241 8

30 185.43.16.97 8
31 27.17.34.18 8
32 139.198.127.41 8
33 66.240.205.34 8
34 183.82.106.236 7
35 202.89.76.147 7
36 38.89.149.80 7
37 38.125.205.43 7
38 81.165.139.58 6
39 47.104.105.255 6
40 187.255.231.21 6
41 85.90.246.193 6
42 110.77.137.89 6
43 212.103.61.71 6
44 194.233.170.25 6
45 38.125.205.44 6
46 38.89.149.84 6
47 154.27.23.218 6
48 139.162.242.23 6
49 125.75.11.3 6
50 8.133.181.71 5
51 187.170.121.208 5
52 69.169.5.220 5
53 69.169.4.51 5
54 69.169.4.50 5
55 181.193.105.58 5
56 101.34.45.199 5
57 203.243.57.175 5
58 197.246.132.19 5
59 173.245.207.31 5
60 43.255.166.37 5
61 106.75.157.75 5
62 38.89.156.70 5
63 154.27.16.186 5
64 114.34.225.181 5
65 112.133.231.115 5
66 45.164.20.155 5
67 106.75.178.244 4
68 62.28.98.51 4
69 198.8.77.109 4
70 87.237.233.39 4
71 38.89.156.71 4
72 154.27.24.28 4
73 5.199.143.110 4
74 49.248.75.10 4
75 117.84.65.113 4
76 39.173.181.46 4
77 115.96.137.73 4
78 103.108.51.55 4
79 72.181.14.159 4

page 17 of 42
# Victim Name (or IP) Counts

80 154.27.19.244 4
81 162.62.62.213 4
82 45.164.20.162 4

83 69.169.0.162 4
84 139.162.217.50 4
85 103.114.201.37 4
86 106.75.178.169 4
87 101.91.144.109 4
88 45.164.20.148 4
89 14.160.24.140 4
90 172.30.200.16 4
91 43.155.98.251 4
92 157.119.205.57 4
93 120.48.36.13 4
94 222.112.250.57 4
95 152.67.99.127 4
96 106.75.130.83 4
97 197.232.60.107 4
98 197.158.86.177 4
99 181.214.206.161 4
100 201.205.108.66 4
101 203.122.46.146 4
102 38.125.204.149 4
103 154.27.24.51 4
104 147.185.155.239 3
105 103.133.127.89 3
106 103.143.42.26 3
107 106.75.176.113 3
108 113.125.166.97 3
109 120.59.127.107 3
110 120.79.113.89 3
111 189.181.200.184 3
112 170.187.182.62 3
113 170.187.230.164 3
114 113.193.117.99 3
115 172.104.151.45 3
116 172.105.252.42 3
117 103.106.241.67 3
118 190.99.93.109 3
119 192.53.113.62 3
120 194.195.243.75 3
121 31.208.14.105 3
122 36.32.107.138 3
123 173.255.240.11 3
124 173.255.250.188 3
125 38.105.252.185 3
126 38.105.252.189 3
127 117.222.178.213 3
128 38.125.205.38 3
129 38.89.156.78 3

page 18 of 42
# Victim Name (or IP) Counts
130 39.105.54.139 3
131 41.169.136.209 3
132 41.39.10.245 3
133 42.117.11.30 3
134 1.20.161.206 3
135 176.36.125.149 3

136 197.246.134.123 3
137 176.74.109.79 3
138 45.164.20.160 3
139 45.182.59.189 3
140 45.33.91.92 3
141 113.61.199.193 3
142 45.79.183.159 3
143 177.15.69.194 3
144 114.142.165.31 3
145 20.187.116.218 3
146 178.135.120.108 3
147 118.195.144.244 3
148 118.195.159.145 3
149 129.151.159.82 3
150 20.222.201.163 3
151 130.61.239.252 3
152 20.24.74.36 3
153 20.247.123.72 3
154 178.79.146.48 3
155 178.85.81.129 3
156 104.237.144.96 3
157 136.169.125.98 3
158 201.148.238.167 3
159 137.184.69.219 3
160 61.178.183.152 3
161 139.162.170.189 3
162 61.82.9.62 3
163 139.162.217.207 3
164 62.4.18.66 3
165 66.175.223.33 3
166 77.242.23.32 3
167 139.59.179.152 3
168 181.115.47.228 3
169 79.116.50.99 3
170 110.42.215.214 3
171 212.71.237.65 3
172 81.213.157.241 3
173 213.14.194.232 3
174 213.219.36.183 3
175 213.219.36.203 3
176 104.237.151.200 3
177 140.238.196.235 3
178 85.118.109.188 3
179 101.51.138.69 3
180 218.76.150.126 3

page 19 of 42
# Victim Name (or IP) Counts
181 147.182.170.4 3
182 88.83.203.7 3
183 147.185.154.11 3
184 120.209.86.85 3
185 116.138.133.193 3
186 89.218.61.118 3
187 91.80.141.6 3
188 103.39.9.72 3

189 221.207.180.190 3
190 183.90.187.27 3
191 222.100.34.1 3
192 93.170.230.30 3
193 157.245.194.16 3
194 157.245.74.42 3
195 93.66.232.254 3
196 96.126.98.158 3
197 98.128.240.204 3
198 61.241.170.203 2
199 202.91.87.200 2
200 103.251.220.89 2
201 42.193.180.167 2
202 103.187.198.245 2
203 42.117.11.29 2
204 150.136.41.236 2
205 116.58.244.186 2
206 62.210.144.241 2
207 42.115.71.3 2
208 93.170.231.82 2
209 203.198.145.113 2
210 189.243.189.175 2
211 42.114.87.156 2
212 42.114.179.9 2
213 203.99.175.52 2
214 41.227.35.125 2
215 175.208.200.154 2
216 69.169.0.40 2
217 69.169.0.47 2
218 103.187.198.150 2
219 117.223.239.192 2
220 123.214.135.117 2
221 205.207.120.179 2
222 196.189.111.189 2
223 123.173.123.202 2
224 206.108.132.16 2
225 117.201.69.253 2
226 39.170.119.209 2
227 39.164.178.177 2
228 209.140.5.17 2
229 118.69.74.2 2
230 210.183.38.118 2
231 189.181.192.214 2

page 20 of 42
# Victim Name (or IP) Counts
232 77.52.211.73 2
233 39.103.172.54 2
234 115.160.79.107 2
235 189.146.14.196 2
236 103.51.20.170 2
237 183.171.211.44 2
238 154.27.19.28 2
239 174.70.15.213 2
240 211.57.150.210 2
241 79.77.39.11 2
242 174.210.227.77 2
243 193.122.150.67 2
244 103.47.16.28 2
245 172.26.28.50 2
246 91.143.146.178 2
247 81.170.246.36 2
248 168.195.100.6 2
249 212.93.121.200 2
250 190.199.171.61 2
251 113.187.149.52 2
252 117.156.145.130 2
253 159.75.104.171 2
254 187.140.18.116 2
255 82.79.96.230 2
256 83.69.8.12 2
257 213.45.221.49 2
258 84.232.241.112 2
259 84.95.211.198 2
260 24.90.110.90 2
261 120.24.45.44 2
262 218.145.61.20 2
263 140.240.97.187 2
264 106.75.179.48 2
265 104.62.134.164 2
266 118.172.201.211 2
267 125.110.83.104 2
268 187.232.50.221 2
269 20.200.213.19 2
270 47.100.211.170 2
271 46.232.151.187 2
272 46.200.236.153 2
273 47.157.137.221 2
274 218.19.254.120 2
275 110.172.161.136 2
276 190.105.214.204 2
277 49.235.228.221 2
278 112.172.136.145 2
279 49.64.220.198 2
280 124.221.9.39 2
281 110.77.206.199 2
282 178.135.246.175 2

page 21 of 42
# Victim Name (or IP) Counts
283 5.154.1.126 2
284 177.106.121.12 2
285 129.151.155.76 2
286 110.88.37.241 2
287 5.32.130.100 2
288 119.42.74.217 2
289 130.61.118.131 2
290 93.138.88.43 2
291 45.169.201.27 2
292 183.90.187.28 2
293 120.48.143.84 2
294 45.164.20.161 2
295 58.152.194.191 2
296 45.164.20.159 2
297 176.86.162.214 2
298 103.251.220.121 2
299 45.164.20.137 2
300 118.40.241.226 2
301 176.74.90.127 2
302 182.69.73.16 2
303 88.83.53.172 2
304 188.122.250.175 2
305 134.236.96.246 2
306 201.110.199.198 2
307 220.116.27.190 2
308 158.140.166.165 2
309 201.192.152.139 2
310 45.124.143.43 2
311 201.202.246.178 2
312 124.220.34.80 2
313 201.208.41.241 2
314 179.70.242.26 2
315 119.42.77.254 2
316 202.62.89.52 2
317 196.191.194.116 2
318 105.96.25.193 2
319 14.55.47.175 1
320 142.188.209.46 1
321 142.189.211.113 1
322 142.189.246.131 1
323 143.255.119.32 1
324 146.56.200.70 1
325 148.74.16.117 1
326 149.12.223.164 1
327 149.3.110.19 1
328 152.231.25.242 1
329 152.252.76.112 1
330 154.58.3.205 1
331 159.192.136.59 1
332 159.192.226.128 1
333 159.192.241.95 1

page 22 of 42
# Victim Name (or IP) Counts
334 159.192.56.154 1
335 159.192.57.182 1
336 159.65.238.20 1
337 162.14.108.246 1
338 162.245.213.14 1
339 163.125.138.56 1
340 163.125.180.73 1
341 163.125.211.117 1
342 163.125.211.251 1
343 163.142.102.231 1
344 163.204.219.183 1
345 163.204.220.214 1
346 163.204.43.218 1

347 163.204.80.244 1
348 168.181.139.14 1
349 168.70.61.200 1
350 170.82.9.9 1
351 171.118.112.104 1
352 171.119.151.199 1
353 171.229.160.46 1
354 171.250.98.167 1
355 172.22.43.129 1
356 172.25.27.83 1
357 172.27.7.103 1
358 175.107.12.22 1
359 175.137.10.131 1
360 175.137.53.40 1
361 175.173.86.165 1
362 175.183.55.29 1
363 175.195.73.128 1
364 175.201.125.24 1
365 175.215.191.239 1
366 175.5.119.32 1
367 175.5.91.175 1
368 176.192.70.122 1
369 176.74.108.9 1
370 176.74.109.36 1
371 177.124.217.132 1
372 177.141.237.185 1
373 177.143.133.138 1
374 177.154.77.92 1
375 177.173.101.140 1
376 177.182.221.173 1
377 177.183.105.122 1
378 178.135.120.6 1
379 178.135.241.119 1
380 178.135.242.253 1
381 178.135.245.80 1
382 178.141.6.213 1
383 178.206.224.189 1
384 178.72.68.217 1

page 23 of 42
# Victim Name (or IP) Counts
385 178.72.68.236 1
386 178.72.71.26 1
387 178.72.75.31 1
388 178.72.76.166 1
389 178.72.76.249 1
390 178.72.76.9 1
391 178.72.77.203 1
392 178.72.77.250 1
393 179.176.118.201 1
394 179.179.15.132 1
395 179.60.224.68 1
396 179.67.56.45 1
397 180.115.196.70 1
398 180.163.89.29 1
399 180.164.218.165 1

400 180.180.217.199 1
401 180.188.224.235 1
402 180.188.243.121 1
403 180.188.243.132 1
404 180.188.249.244 1
405 181.1.196.78 1
406 181.193.14.54 1
407 182.120.71.112 1
408 182.121.247.114 1
409 182.122.255.210 1
410 182.151.17.250 1
411 182.176.161.124 1
412 182.176.170.39 1
413 182.180.101.122 1
414 182.184.78.161 1
415 182.191.79.180 1
416 182.240.198.78 1
417 182.56.2.70 1
418 183.155.211.241 1
419 183.157.168.175 1
420 183.157.169.148 1
421 183.157.169.159 1
422 183.157.169.163 1
423 183.157.170.255 1
424 183.157.171.132 1
425 183.157.172.93 1
426 183.157.174.10 1
427 183.157.174.92 1
428 183.167.251.50 1
429 183.214.244.129 1
430 183.223.107.5 1
431 183.246.186.206 1
432 183.248.215.16 1
433 183.250.153.109 1
434 184.162.209.67 1
435 185.106.156.37 1

page 24 of 42
# Victim Name (or IP) Counts
436 185.138.68.8 1
437 185.67.105.191 1
438 186.210.205.112 1
439 186.237.137.34 1
440 186.88.181.37 1
441 186.93.230.155 1
442 186.93.87.89 1
443 187.104.125.61 1
444 187.122.14.134 1
445 187.140.52.60 1
446 187.200.117.48 1
447 187.200.9.222 1
448 187.217.237.130 1
449 188.112.166.202 1
450 188.122.229.72 1
451 188.122.246.177 1
452 188.16.151.147 1

453 188.16.151.152 1
454 188.16.151.18 1
455 188.234.162.21 1
456 188.240.195.40 1
457 188.59.36.66 1
458 188.66.213.26 1
459 189.113.228.65 1
460 189.190.137.20 1
461 189.41.210.247 1
462 189.41.213.118 1
463 189.41.213.59 1
464 189.51.145.201 1
465 189.85.127.46 1
466 190.109.234.62 1
467 190.109.49.228 1
468 190.111.142.101 1
469 190.112.41.30 1
470 190.15.46.37 1
471 190.180.154.63 1
472 190.180.154.81 1
473 190.183.47.179 1
474 190.198.32.191 1
475 190.2.102.62 1
476 190.233.164.167 1
477 190.39.162.180 1
478 190.39.225.114 1
479 190.75.73.185 1
480 190.75.92.88 1
481 190.79.184.171 1
482 191.183.117.52 1
483 194.247.21.121 1
484 194.62.200.6 1
485 195.3.135.229 1
486 195.93.149.10 1

page 25 of 42
# Victim Name (or IP) Counts
487 196.188.142.4 1
488 196.188.51.244 1
489 196.188.76.192 1
490 196.189.0.23 1
491 196.189.199.6 1
492 196.189.9.128 1
493 196.190.64.49 1
494 196.190.64.79 1
495 196.190.69.13 1
496 196.191.132.150 1
497 196.191.132.254 1
498 196.191.162.108 1
499 196.191.194.102 1
500 196.191.194.114 1
501 197.1.92.0 1
502 197.246.134.177 1
503 197.246.173.63 1
504 197.246.247.25 1
505 197.63.134.194 1

506 20.1.151.232 1
507 20.102.48.31 1
508 20.104.106.228 1
509 20.106.98.237 1
510 20.116.167.226 1
511 20.123.14.219 1
512 20.124.50.153 1
513 20.125.76.101 1
514 20.163.66.253 1
515 20.203.163.10 1
516 20.203.200.64 1
517 20.204.68.105 1
518 20.206.228.216 1
519 20.210.97.235 1
520 20.216.43.186 1
521 20.219.220.129 1
522 20.219.73.214 1
523 20.231.193.223 1
524 20.234.31.146 1
525 20.239.60.248 1
526 20.254.142.247 1
527 20.254.152.96 1
528 20.29.87.1 1
529 20.74.94.171 1
530 20.87.40.248 1
531 20.87.76.195 1
532 200.110.56.29 1
533 200.82.168.191 1
534 200.84.204.217 1
535 200.90.107.72 1
536 201.131.239.246 1
537 201.193.128.142 1

page 26 of 42
# Victim Name (or IP) Counts
538 201.211.52.87 1
539 201.242.85.21 1
540 203.115.85.228 1
541 203.153.35.202 1
542 204.225.221.53 1
543 206.0.225.39 1
544 208.67.106.33 1
545 210.117.143.38 1
546 210.202.58.68 1
547 210.209.133.10 1
548 210.89.63.128 1
549 211.224.223.208 1
550 211.225.121.9 1
551 211.246.196.113 1
552 212.21.26.249 1
553 213.113.58.15 1
554 213.238.243.69 1
555 216.170.240.98 1
556 218.146.132.129 1
557 218.152.39.154 1
558 218.157.255.41 1
559 218.201.149.86 1
560 218.201.149.87 1
561 218.72.206.208 1
562 218.86.93.144 1
563 219.157.14.169 1
564 219.78.2.80 1
565 220.125.73.34 1
566 220.174.70.184 1
567 220.179.249.61 1
568 220.198.206.14 1
569 220.198.206.143 1
570 220.198.206.186 1
571 220.198.206.208 1
572 220.198.207.232 1
573 220.198.240.232 1
574 220.198.240.49 1
575 220.198.241.197 1
576 220.240.106.197 1
577 220.74.34.18 1
578 221.121.192.113 1
579 221.127.58.71 1
580 221.13.150.179 1
581 221.15.251.88 1
582 221.217.161.1 1
583 221.9.73.193 1
584 222.121.142.8 1
585 222.121.69.45 1
586 222.133.85.137 1
587 222.137.121.94 1
588 222.164.39.250 1

page 27 of 42
# Victim Name (or IP) Counts
589 222.219.100.151 1
590 222.247.15.38 1
591 222.248.221.139 1
592 223.13.85.15 1
593 223.130.30.128 1
594 223.130.30.149 1
595 223.130.30.169 1
596 223.149.180.145 1
597 223.149.23.152 1
598 223.149.23.62 1
599 223.149.240.200 1
600 223.149.243.98 1
601 223.149.249.1 1
602 223.149.249.107 1
603 223.149.39.148 1
604 223.152.184.211 1
605 223.155.165.234 1
606 223.16.81.74 1
607 223.198.197.105 1
608 223.199.19.20 1
609 223.199.21.8 1
610 223.73.210.172 1
611 223.8.0.36 1
612 223.84.191.189 1
613 223.99.4.83 1
614 27.100.25.116 1
615 27.200.127.225 1
616 27.215.208.64 1
617 27.38.211.111 1
618 27.38.211.230 1
619 27.41.16.155 1
620 27.43.180.66 1
621 27.43.204.15 1
622 27.43.204.204 1
623 27.43.205.215 1
624 27.43.205.233 1
625 27.43.206.145 1
626 27.44.181.114 1
627 27.44.182.158 1
628 27.45.11.108 1
629 27.45.15.31 1
630 27.45.34.110 1
631 27.45.57.182 1
632 27.45.58.232 1
633 27.45.82.186 1
634 27.45.89.149 1
635 27.45.9.3 1
636 27.45.90.135 1
637 27.47.1.16 1
638 27.47.1.220 1
639 27.47.3.182 1

page 28 of 42
# Victim Name (or IP) Counts
640 27.47.38.94 1
641 27.47.40.222 1
642 27.47.41.145 1
643 27.73.184.203 1
644 27.79.134.88 1
645 27.79.230.107 1
646 27.79.245.35 1
647 31.156.251.208 1
648 31.163.139.90 1
649 31.163.147.211 1
650 31.163.182.169 1
651 37.115.219.159 1
652 37.182.124.109 1
653 37.237.134.158 1
654 37.54.209.192 1
655 38.125.204.208 1
656 38.89.156.92 1
657 39.174.84.242 1
658 39.40.234.14 1
659 39.65.71.62 1
660 39.89.247.191 1
661 40.115.195.124 1
662 40.127.152.41 1
663 41.226.34.162 1

664 41.59.201.157 1
665 42.118.139.43 1
666 42.176.246.21 1
667 42.176.250.93 1
668 42.192.143.25 1
669 42.2.45.228 1
670 42.202.103.35 1
671 42.237.25.177 1
672 42.238.240.127 1
673 42.3.122.102 1
674 42.4.229.241 1
675 42.98.71.62 1
676 43.138.193.5 1
677 45.121.110.82 1
678 45.124.144.224 1
679 45.164.20.158 1
680 45.229.174.149 1
681 45.235.48.145 1
682 45.58.217.249 1
683 45.66.249.181 1
684 45.67.118.104 1
685 45.67.118.66 1
686 46.118.139.202 1
687 46.13.21.76 1
688 46.21.241.254 1
689 46.33.237.73 1
690 46.36.153.225 1

page 29 of 42
# Victim Name (or IP) Counts
691 46.70.129.183 1
692 46.70.79.207 1
693 47.53.24.180 1
694 47.94.23.154 1
695 49.119.212.207 1
696 49.69.233.12 1
697 49.72.82.61 1
698 5.143.183.238 1
699 5.200.138.66 1
700 5.234.40.72 1
701 51.132.35.11 1
702 51.142.169.150 1
703 51.39.230.12 1
704 52.146.34.171 1
705 52.155.175.102 1
706 52.188.172.128 1
707 52.253.102.118 1
708 58.219.209.86 1
709 58.252.175.167 1
710 1.160.56.109 1
711 58.252.181.76 1
712 58.252.183.87 1
713 58.252.197.60 1
714 58.253.4.157 1
715 58.253.8.189 1
716 58.44.250.34 1

717 59.103.60.185 1
718 59.20.246.158 1
719 59.40.187.199 1
720 59.89.47.113 1
721 59.93.19.212 1
722 59.95.121.205 1
723 59.99.131.244 1
724 59.99.197.197 1
725 60.162.220.19 1
726 60.27.118.112 1
727 61.148.56.198 1
728 61.152.154.95 1
729 61.246.38.185 1
730 61.7.170.252 1
731 61.7.178.45 1
732 61.7.178.6 1
733 61.84.247.241 1
734 62.84.44.27 1
735 67.243.170.78 1
736 68.114.151.154 1
737 68.117.130.217 1
738 71.26.169.205 1
739 76.82.98.110 1
740 77.122.155.57 1
741 77.42.233.4 1

page 30 of 42
# Victim Name (or IP) Counts
742 77.42.238.224 1
743 77.42.239.217 1
744 77.43.132.249 1
745 77.43.208.20 1
746 77.43.210.221 1
747 78.186.57.212 1
748 78.188.230.198 1
749 78.189.219.249 1
750 79.127.104.77 1
751 79.141.113.232 1
752 79.56.105.244 1
753 80.217.11.127 1
754 81.161.22.30 1
755 81.17.93.198 1
756 81.33.155.145 1
757 81.69.193.167 1
758 81.70.222.147 1
759 82.114.225.218 1
760 82.114.251.70 1
761 82.76.164.68 1
762 84.229.182.77 1
763 85.105.204.126 1
764 85.21.220.199 1
765 85.230.40.203 1
766 85.99.249.125 1
767 86.100.241.25 1
768 87.110.108.84 1
769 87.126.123.215 1

770 87.18.16.251 1
771 88.11.98.241 1
772 88.206.111.227 1
773 88.206.49.147 1
774 88.83.53.166 1
775 88.86.36.187 1
776 88.89.150.81 1
777 88.9.234.159 1
778 88.9.235.163 1
779 88.9.244.153 1
780 89.191.117.230 1
781 89.214.45.179 1
782 89.218.174.118 1
783 90.138.116.252 1
784 90.138.84.92 1
785 90.150.204.242 1
786 90.150.206.206 1
787 90.63.165.204 1
788 91.126.174.144 1
789 91.153.109.45 1
790 91.222.161.63 1
791 91.234.63.254 1
792 92.118.79.81 1

page 31 of 42
# Victim Name (or IP) Counts
793 92.26.84.52 1
794 92.33.206.147 1
795 92.49.182.188 1
796 93.141.215.111 1
797 93.170.228.81 1
798 93.170.229.33 1
799 93.170.231.123 1
800 93.184.148.28 1
801 93.56.206.208 1
802 94.187.43.124 1
803 94.254.23.231 1
804 95.134.110.178 1
805 96.22.149.101 1
806 99.250.233.28 1
807 58.252.181.144 1
808 1.193.115.115 1
809 1.246.223.2 1
810 1.246.223.83 1
811 1.52.149.142 1
812 1.53.201.224 1
813 1.54.69.65 1
814 1.64.66.248 1
815 1.81.200.219 1
816 1.81.205.66 1
817 1.82.196.24 1
818 10.1.23.41 1
819 100.11.85.52 1
820 101.0.41.144 1
821 101.108.138.56 1
822 101.35.46.92 1

823 101.91.151.247 1
824 103.113.68.170 1
825 103.118.119.13 1
826 103.121.174.141 1
827 103.156.212.16 1
828 103.156.231.18 1
829 103.156.231.28 1
830 103.161.232.180 1
831 103.181.57.131 1
832 103.181.57.17 1
833 103.181.57.172 1
834 103.181.57.32 1
835 103.181.57.33 1
836 103.181.57.36 1
837 103.181.57.86 1
838 103.184.16.165 1
839 103.187.199.101 1
840 103.187.75.184 1
841 103.19.141.203 1
842 103.19.141.246 1
843 103.19.142.74 1

page 32 of 42
# Victim Name (or IP) Counts
844 103.195.16.162 1
845 103.197.132.244 1
846 103.198.137.175 1
847 103.202.222.78 1
848 103.205.133.58 1
849 103.212.141.136 1
850 103.221.80.156 1
851 103.251.220.104 1
852 103.251.220.66 1
853 103.39.236.71 1
854 103.40.196.63 1
855 103.41.24.152 1
856 103.41.36.114 1
857 103.41.36.152 1
858 103.51.20.73 1
859 103.51.20.98 1
860 103.60.197.177 1
861 103.68.54.13 1
862 103.69.224.117 1
863 103.84.238.13 1
864 104.200.67.205 1
865 105.154.187.178 1
866 106.105.240.79 1
867 106.53.71.128 1
868 106.75.129.215 1
869 106.75.171.152 1
870 106.75.173.138 1
871 106.75.178.196 1
872 106.75.179.120 1
873 109.100.119.21 1
874 109.162.45.228 1
875 109.197.80.175 1
876 109.226.78.25 1
877 109.228.130.113 1
878 109.229.177.219 1
879 109.65.223.39 1
880 110.182.171.24 1
881 110.228.84.48 1
882 110.38.151.71 1
883 110.77.206.130 1
884 110.77.206.131 1
885 110.77.206.140 1
886 110.77.213.46 1
887 110.77.238.128 1
888 110.77.240.45 1
889 110.77.245.153 1
890 110.78.140.165 1
891 110.78.140.226 1
892 110.78.148.241 1
893 110.78.172.137 1
894 110.78.174.182 1

page 33 of 42
# Victim Name (or IP) Counts
895 110.78.174.44 1
896 111.17.209.155 1
897 111.43.114.50 1
898 111.43.114.53 1
899 112.118.250.221 1
900 112.118.81.27 1
901 112.119.125.29 1
902 112.119.171.165 1
903 112.123.61.203 1
904 112.160.61.208 1
905 112.160.61.209 1
906 112.161.53.161 1
907 112.172.85.192 1
908 112.193.99.91 1
909 112.6.120.122 1
910 112.66.106.174 1
911 112.66.55.11 1
912 112.94.96.191 1
913 112.94.96.207 1
914 112.94.96.33 1
915 112.94.96.42 1
916 112.94.96.95 1
917 112.94.97.188 1
918 112.94.97.216 1
919 112.94.98.130 1
920 112.94.98.14 1
921 112.94.98.170 1
922 112.94.99.132 1
923 112.94.99.174 1
924 112.94.99.225 1
925 112.94.99.73 1
926 113.110.196.212 1
927 113.187.251.174 1
928 113.193.86.210 1
929 113.193.86.211 1
930 113.193.86.66 1
931 113.193.86.74 1
932 113.193.86.85 1
933 113.193.88.201 1
934 113.193.88.215 1
935 113.193.89.70 1
936 113.220.112.89 1
937 113.220.118.147 1
938 113.220.19.242 1
939 113.246.25.39 1
940 113.25.209.204 1
941 113.85.96.52 1
942 114.225.91.20 1
943 114.246.35.153 1
944 114.255.249.162 1
945 114.33.233.30 1

page 34 of 42
# Victim Name (or IP) Counts
946 114.35.217.195 1
947 114.55.75.99 1
948 115.196.44.32 1
949 115.198.59.24 1
950 115.216.3.63 1
951 115.45.67.4 1
952 115.48.148.134 1
953 115.96.198.153 1
954 116.111.41.129 1
955 116.111.43.192 1
956 116.16.138.226 1
957 116.27.216.181 1
958 116.30.197.91 1
959 116.48.13.30 1
960 116.58.224.191 1
961 116.58.230.101 1
962 116.58.239.251 1
963 116.62.105.55 1
964 116.74.96.2 1
965 117.198.250.184 1
966 117.208.102.213 1
967 117.208.97.42 1
968 117.210.145.117 1
969 117.214.240.80 1
970 117.214.253.222 1
971 117.217.250.70 1
972 117.220.131.34 1
973 117.220.68.133 1
974 117.222.180.187 1
975 117.222.187.109 1
976 117.247.165.217 1
977 117.248.52.198 1
978 117.60.131.49 1
979 117.60.255.23 1
980 117.81.13.3 1

981 117.9.136.194 1
982 117.95.77.117 1
983 117.95.81.253 1
984 118.168.197.212 1
985 118.182.118.17 1
986 118.195.159.254 1
987 118.210.122.31 1
988 118.239.7.228 1
989 118.254.123.161 1
990 118.68.4.178 1
991 118.68.6.246 1
992 118.75.242.155 1
993 118.77.120.100 1
994 118.79.99.189 1
995 119.116.228.221 1
996 119.156.90.30 1

page 35 of 42
# Victim Name (or IP) Counts
997 119.205.10.101 1
998 119.206.27.171 1
999 119.23.147.226 1
1000 119.42.78.20 1
1001 119.42.79.55 1
1002 119.42.94.125 1
1003 119.8.104.67 1
1004 12.153.200.12 1
1005 120.209.86.84 1
1006 120.210.88.135 1
1007 120.34.165.135 1
1008 120.48.124.90 1
1009 120.48.21.42 1
1010 120.48.28.228 1
1011 120.48.42.125 1
1012 120.57.210.67 1
1013 120.84.117.136 1
1014 120.84.117.159 1
1015 120.84.218.89 1
1016 120.84.228.148 1
1017 120.85.112.107 1
1018 120.85.112.145 1
1019 120.85.112.146 1
1020 120.85.112.152 1
1021 120.85.112.204 1
1022 120.85.112.28 1
1023 120.85.113.131 1
1024 120.85.113.16 1
1025 120.85.113.161 1
1026 120.85.113.43 1
1027 120.85.114.125 1
1028 120.85.114.138 1
1029 120.85.114.232 1
1030 120.85.114.60 1
1031 120.85.114.89 1
1032 120.85.115.150 1
1033 120.85.115.209 1

1034 120.85.115.3 1
1035 120.85.115.32 1
1036 120.85.115.89 1
1037 120.85.115.92 1
1038 120.85.116.254 1
1039 120.85.117.151 1
1040 120.85.118.102 1
1041 120.85.118.106 1
1042 120.85.119.193 1
1043 120.85.119.206 1
1044 120.85.182.209 1
1045 120.85.182.73 1
1046 120.85.182.96 1
1047 120.85.183.25 1

page 36 of 42
# Victim Name (or IP) Counts
1048 120.85.91.252 1
1049 120.85.91.49 1
1050 120.85.92.173 1
1051 120.85.92.3 1
1052 120.85.93.185 1
1053 120.85.93.86 1
1054 120.85.94.168 1
1055 120.85.94.177 1
1056 120.85.94.51 1
1057 120.85.99.18 1
1058 120.86.236.166 1
1059 120.86.236.190 1
1060 120.86.237.131 1
1061 120.86.238.212 1
1062 120.86.238.52 1
1063 120.86.252.114 1
1064 120.86.252.168 1
1065 120.86.253.17 1
1066 120.86.253.55 1
1067 120.86.253.89 1
1068 120.86.253.96 1
1069 120.86.254.251 1
1070 120.86.255.129 1
1071 120.86.255.151 1
1072 120.86.255.27 1
1073 120.87.58.210 1
1074 121.143.78.146 1
1075 121.15.231.194 1
1076 121.178.137.36 1
1077 121.180.14.137 1
1078 121.185.82.10 1
1079 121.186.187.244 1
1080 121.190.134.163 1
1081 121.199.162.245 1
1082 121.206.164.35 1
1083 121.226.165.216 1
1084 121.29.111.211 1
1085 121.29.112.215 1
1086 121.29.133.195 1

1087 121.36.33.28 1
1088 122.116.120.1 1
1089 122.116.148.218 1
1090 122.158.20.160 1
1091 122.169.85.156 1
1092 122.170.233.191 1
1093 122.236.94.163 1
1094 123.110.176.246 1
1095 123.133.143.152 1
1096 123.195.114.31 1
1097 123.234.45.120 1
1098 123.241.117.183 1

page 37 of 42
# Victim Name (or IP) Counts
1099 123.255.249.3 1
1100 123.60.99.132 1
1101 124.123.97.158 1
1102 124.152.107.199 1
1103 124.167.173.100 1
1104 124.222.107.31 1
1105 124.222.158.32 1
1106 124.253.159.236 1
1107 124.91.228.15 1
1108 124.94.137.195 1
1109 125.230.94.59 1
1110 125.24.170.202 1
1111 125.78.216.118 1
1112 131.196.97.151 1
1113 134.236.10.117 1
1114 134.236.104.215 1
1115 134.236.11.18 1
1116 134.236.140.211 1
1117 134.236.157.28 1
1118 134.236.164.151 1
1119 134.236.59.128 1
1120 136.232.37.230 1
1121 139.212.97.2 1
1122 14.105.115.107 1
1123 14.111.218.221 1
1124 14.50.137.245 1

Botnet C&C
# C&C IP Hostname Counts
1 72.26.218.82 disorderstatus[dot]ru 3,595
2 63.251.126.11 differentia[dot]ru 3,591
3 72.26.218.82 3,584
4 107.6.74.81 disorderstatus[dot]ru 3,558
5 72.26.218.82 differentia[dot]ru 3,507
6 107.6.74.81 3,477
7 107.6.74.81 differentia[dot]ru 3,469
8 63.251.126.11 3,462
9 63.251.126.11 disorderstatus[dot]ru 3,458
10 193.106.191.201 193[dot]106[dot]191[dot]201 2,103

Botnet C&C Detected by DNS Filtering

No matching log data for this report

page 38 of 42
20
22

500

0
1K
2K

1500
2500
2 0 -0 7
2 2 -1 7
2 0 -0 7
2 2 -1 8
2 0 -0 7
2 2 -1 9
Botnet Timeline

2 0 -0 7
2 2 -2 0
2 0 -0 7
2 2 -2 1
2 0 -0 7
2 2 -2 2
2 0 -0 7
2 2 -2 3
2 0 -0 7
2 2 -2 4
2 0 -0 7
2 2 -2 5
2 0 -0 7
2 2 -2 6
2 0 -0 7
2 2 -2 7
2 0 -0 7
2 2 -2 8
2 0 -0 7
2 2 -2 9
2 0 -0 7
2 2 -3 0
2 0 -0 7
2 2 -3 1
2 0 -0 8
2 2 -0 1
2 0 -0 8
2 2 -0 2
2 0 -0 8
2 2 -0 3
2 0 -0 8
2 2 -0 4
2 0 -0 8
2 2 -0 5
2 0 -0 8
2 2 -0 6
2 0 -0 8
2 2 -0 7
2 0 -0 8
2 2 -0 8
2 0 -0 8
2 2 -0 9
2 0 -0 8
2 2 -1 0
2 0 -0 8
2 2 -1 1
2 0 -0 8
2 2 -1 2
2 0 -0 8
2 2 -1 3
2 0 -0 8
2 2 -1 4
2 0 -0 8
2 2 -1 5
2 0 -0 8
2 2 -1 6
-0
8-
17

page 39 of 42
Intrusions
Intrusions Detected
# Attack Name Severity CVE-ID Counts
1 Andromeda.Botnet Critical 31,786
2 PHPUnit.Eval-stdin.PHP.Re Critical CVE-2017-9841 5,525
mote.Code.Execution
3 Amadey.Botnet Critical 2,103
4 ThinkPHP.Controller.Param Critical CVE-2019-9082,CVE-2018 1,980
eter.Remote.Code.Execution -20062
5 D-Link.Devices.HNAP.SOAP Critical CVE-2015-2051,CVE-2019 1,055
Action-Header.Command.Exec -10891
ution
6 Torpig.Mebroot.Botnet Critical 915
7 NETGEAR.DGN1000.CGI.Un Critical 516
authenticated.Remote.Code.Ex
ecution
8 Dasan.GPON.Remote.Code. Critical CVE-2018-10561,CVE-201 513
Execution 8-10562
9 Apache.Log4j.Error.Log.Re Critical CVE-2021-4104,CVE-2021 393
mote.Code.Execution -44228,CVE-2021-45046
10 Conficker.Botnet Critical 278

Intrusion Victims
# Attack Victim Counts
1 172.30.202.16 31,728
2 192.168.0.70 7,732
3 192.168.0.11 7,106
4 192.168.0.55 2,573
5 172.20.0.157 2,439
6 192.168.0.44 2,128
7 193.106.191.201 2,103
8 10.0.1.107 2,060
9 192.168.0.75 1,303
10 10.0.0.142 1,177

Intrusion Sources
# Attack Source Counts
1 172.30.202.16 31,728
2 185.7.214.104 9,683
3 20.119.50.81 2,993
4 185.7.214.117 2,744
5 103.164.62.93 2,145
6 172.22.7.5 2,103
7 10.0.28.203 1,792
8 PAD_USUARIO05 1,324
9 208.67.104.254 975
10 179.6.206.24 953

page 40 of 42
Intrusions By Severity

50.95% Critical (47251)


16.71% High (15493)
15.07% Medium (13973)
15.01% Low (13920)
2.27% Info (2107)

Intrusions Blocked
# Attack Name Counts
1 Andromeda.Botnet 31,786
2 WordPress.xmlrpc.php.system.multicall.Amplificati 9,109
on.Attack
3 ZGrab.Scanner 7,946
4 PHPUnit.Eval-stdin.PHP.Remote.Code.Execution 5,525
5 HTTP.URI.SQL.Injection 4,539
6 Censys.io.Scanner 2,433
7 malicious-url 2,242
8 SSL.Anonymous.Ciphers.Negotiation 2,107
9 Amadey.Botnet 2,103
10 Generic.XXE.Detection 1,982

Intrusion Timeline
Counts

6K
5K
4K
3K
2K
1K
0
19

21

23

25

27

29

31

01

03

05

07

09

11

13

15
7-

7-

7-

7-

7-

7-

7-

8-

8-

8-

8-

8-

8-

8-

8-
-0

-0

-0

-0

-0

-0

-0

-0

-0

-0

-0

-0

-0

-0

-0
22

22

22

22

22

22

22

22

22

22

22

22

22

22

22
20

20

20

20

20

20

20

20

20

20

20

20

20

20

20

page 41 of 42
Appendix A
Devices (1)

FGT2200E[root]

page 42 of 42

You might also like