Executive

Summary
Created at: 04/25/2022 14:04:31 America/Bogota
Reporting: Past month

Threat Landscape Summary

Callback Analysis
As shown in the table below, FireEye appliance has recorded the following command and control callback events from your hosts to many locations around the globe. The table below lists the
Top 10 callback events.

Last Seen (local tim

Infected Host IP Severity Infection Callback Last Malware Host Name
e)

Exploit.Log4Shell.CV
172.19.140.51 Minor 432 0 04/24/2022 21:39:15
E-2021-44228

Exploit.Log4Shell.CV
10.145.130.102 Minor 303 0 04/24/2022 21:37:07
E-2021-44228

Exploit.CVE-2018-11 ltptykpten01v.bancol
10.71.31.52 Minor 198 0 04/21/2022 08:26:08
776 ombia.corp

Exploit.Log4Shell.CV
192.168.27.43 Minor 188 0 04/24/2022 22:44:44
E-2021-44228

Exploit.Log4Shell.CV
192.168.27.12 Minor 171 0 04/24/2022 21:43:23
E-2021-44228

Exploit.Log4Shell.CV
172.19.52.83 Minor 154 0 04/24/2022 21:25:51
E-2021-44228

Exploit.Log4Shell.CV
172.19.108.194 Minor 153 0 04/24/2022 21:29:18
E-2021-44228

Exploit.Log4Shell.CV
172.19.50.66 Minor 152 0 04/24/2022 21:26:45
E-2021-44228

Exploit.Log4Shell.CV
172.19.50.162 Minor 152 0 04/24/2022 21:26:43
E-2021-44228

Exploit.Log4Shell.CV
172.19.39.131 Minor 152 0 04/24/2022 21:25:43
E-2021-44228

The callbacks were going to 8 unique destination addresses. When resolved, the destination addresses of the CnC servers pointed to the following major geo-locations areas around the
world.

Callback Details - Country Code(Count)

DE (1) KR (1) other (6)

Top 50 Malware Found on Your Network

Malware Event Count

Exploit.Log4Shell.CVE-2021-44228 12806

Phish.URL 583

Exploit.CVE-2018-11776 206

Exploit.IoT.Gafgyt 74

Exploit.IoT.Mozi 26

Exploit.IoT.HNAP1 19

Exploit.IoT.Netgear 18

Exploit.IoT.GPON 16

Exploit.IoT.Mirai 16

Exploit.IoT.HNAP 10

Trojan.Magecart.DNS 5

FE_Tunneler_Linux_FRP_1 2

Trojan.PDF.Heuristic.FEC3 2

Downloader.DRAWSTRING 1

Exploit.CVE-2019-0708 1

FEC_Webshell_JSP_BEHINDER_2 1

Phishing.PDF.PhishingX.FEC3 1

Tool.CoinMiner 1

Trojan.CryptBot 1

Webshell.JSP.BEHINDER 1

Webshell.JSP.BLUEBEAM 1
 Malware Analysis

Top Infected Hosts

Top 10 infected hosts shown with top malware events

Exploit.Log4Shell.CVE-2021-44228 Exploit.CVE-2018-11776 Exploit.CVE-2019-0708

172.19.140.51

10.145.130.102

10.71.31.52

192.168.27.43

192.168.27.12

172.19.52.83

172.19.108.194

172.19.50.66

172.19.39.131

172.19.50.162

0.0 50.0 100.0 150.0 200.0 250.0 300.0 350.0 400.0 432.0
Top Malware Events
Top 10 malware events shown with number of hosts

# of Events # of Hosts

Exploit.Log4Shell.CVE-2021-44228

Phish.URL

Exploit.CVE-2018-11776

Exploit.IoT.Gafgyt

Exploit.IoT.Mozi

Exploit.IoT.HNAP1

Exploit.IoT.Netgear

Exploit.IoT.GPON

Exploit.IoT.Mirai

Exploit.IoT.HNAP

0.00 2,000.00 4,000.00 6,000.00 8,000.00 10,000.00 12,806.00

 Riskware Summary

Callback Analysis
As shown in the table below, FireEye appliance has recorded the following command and control riskware callback events from your hosts to many locations around the globe. The table below
lists the Top 10 callback events.

Infected Host IP Infection Callback Last Malware Last Seen (local time) Host Name

pb0b0826941.bancolomb
10.25.152.167 0 2 Adware.InstallCore 04/04/2022 08:27:43
ia.corp

10.55.222.195 0 1 Adware.Android.Appjiagu 04/22/2022 03:57:21

db0b0829945.bancolomb
10.99.13.29 0 1 Adware.InstallCore 04/08/2022 17:53:43
ia.corp
Top 50 Riskware Found on Your Network

Riskware Event Count

Adware.InstallCore 3

Adware.Android.Appjiagu 1
 Riskware Analysis

Top Infected Hosts

Top 10 infected hosts shown with top riskware events

Adware.InstallCore Adware.Android.Appjiagu

10.25.152.167

10.55.222.195

10.99.13.29

0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.6 1.8 2.0
Top Riskware Events
Top 10 riskware events shown with number of hosts

# of Events # of Hosts

Adware.InstallCore

Adware.Android.Appjiagu

0.00 0.50 1.00 1.50 2.00 2.50 3.00