Professional Documents
Culture Documents
Executive Summary AXMDEBPISC20
Executive Summary AXMDEBPISC20
Summary
Created at: 04/25/2022 14:04:31 America/Bogota
Reporting: Past month
Callback Analysis
As shown in the table below, FireEye appliance has recorded the following command and control callback events from your hosts to many locations around the globe. The table below lists the
Top 10 callback events.
Exploit.Log4Shell.CV
172.19.140.51 Minor 432 0 04/24/2022 21:39:15
E-2021-44228
Exploit.Log4Shell.CV
10.145.130.102 Minor 303 0 04/24/2022 21:37:07
E-2021-44228
Exploit.CVE-2018-11 ltptykpten01v.bancol
10.71.31.52 Minor 198 0 04/21/2022 08:26:08
776 ombia.corp
Exploit.Log4Shell.CV
192.168.27.43 Minor 188 0 04/24/2022 22:44:44
E-2021-44228
Exploit.Log4Shell.CV
192.168.27.12 Minor 171 0 04/24/2022 21:43:23
E-2021-44228
Exploit.Log4Shell.CV
172.19.52.83 Minor 154 0 04/24/2022 21:25:51
E-2021-44228
Exploit.Log4Shell.CV
172.19.108.194 Minor 153 0 04/24/2022 21:29:18
E-2021-44228
Exploit.Log4Shell.CV
172.19.50.66 Minor 152 0 04/24/2022 21:26:45
E-2021-44228
Exploit.Log4Shell.CV
172.19.50.162 Minor 152 0 04/24/2022 21:26:43
E-2021-44228
Exploit.Log4Shell.CV
172.19.39.131 Minor 152 0 04/24/2022 21:25:43
E-2021-44228
The callbacks were going to 8 unique destination addresses. When resolved, the destination addresses of the CnC servers pointed to the following major geo-locations areas around the
world.
Exploit.Log4Shell.CVE-2021-44228 12806
Phish.URL 583
Exploit.CVE-2018-11776 206
Exploit.IoT.Gafgyt 74
Exploit.IoT.Mozi 26
Exploit.IoT.HNAP1 19
Exploit.IoT.Netgear 18
Exploit.IoT.GPON 16
Exploit.IoT.Mirai 16
Exploit.IoT.HNAP 10
Trojan.Magecart.DNS 5
FE_Tunneler_Linux_FRP_1 2
Trojan.PDF.Heuristic.FEC3 2
Downloader.DRAWSTRING 1
Exploit.CVE-2019-0708 1
FEC_Webshell_JSP_BEHINDER_2 1
Phishing.PDF.PhishingX.FEC3 1
Tool.CoinMiner 1
Trojan.CryptBot 1
Webshell.JSP.BEHINDER 1
Webshell.JSP.BLUEBEAM 1
Malware Analysis
172.19.140.51
10.145.130.102
10.71.31.52
192.168.27.43
192.168.27.12
172.19.52.83
172.19.108.194
172.19.50.66
172.19.39.131
172.19.50.162
0.0 50.0 100.0 150.0 200.0 250.0 300.0 350.0 400.0 432.0
Top Malware Events
Top 10 malware events shown with number of hosts
# of Events # of Hosts
Exploit.Log4Shell.CVE-2021-44228
Phish.URL
Exploit.CVE-2018-11776
Exploit.IoT.Gafgyt
Exploit.IoT.Mozi
Exploit.IoT.HNAP1
Exploit.IoT.Netgear
Exploit.IoT.GPON
Exploit.IoT.Mirai
Exploit.IoT.HNAP
Callback Analysis
As shown in the table below, FireEye appliance has recorded the following command and control riskware callback events from your hosts to many locations around the globe. The table below
lists the Top 10 callback events.
Infected Host IP Infection Callback Last Malware Last Seen (local time) Host Name
pb0b0826941.bancolomb
10.25.152.167 0 2 Adware.InstallCore 04/04/2022 08:27:43
ia.corp
db0b0829945.bancolomb
10.99.13.29 0 1 Adware.InstallCore 04/08/2022 17:53:43
ia.corp
Top 50 Riskware Found on Your Network
Adware.InstallCore 3
Adware.Android.Appjiagu 1
Riskware Analysis
Adware.InstallCore Adware.Android.Appjiagu
10.25.152.167
10.55.222.195
10.99.13.29
0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.6 1.8 2.0
Top Riskware Events
Top 10 riskware events shown with number of hosts
# of Events # of Hosts
Adware.InstallCore
Adware.Android.Appjiagu