Our first month since we are in public beta is over, and we’ve already received an impressive amount of feedback and interest from end users and companies. We want to sincerely thank everybody for your help and valuable feedback.
Without further adieu lets dive into some statistics about the first month of data that we have processed and collected so far through our Deepviz Threat Intelligence platform.
The top ten of countries hosting malware command and control servers see the United States in the first position, followed by Ukraine and China:
- United States
- Russian Federation
- Korea, Republic of
We also monitored all domains registered in November and contacted by malware, with the most prevalent here (you can safely click the links, they are linking to our threat intelligence service):
Among the various malware families we’ve identified, we have seen an interesting trend of infostealers, malware able to steal stored browser data by intercepting network traffic and/or sniffing browser’s config files.
Here are some of the MD5s representing the top 5 clusters, it is possible to keep investigating by looking at similar samples on the Threat Intelligence webpage linked by each one of them.
Cluster 1 (Zbot)
Cluster 2 (Kelihos)
Cluster 3 (Dorkbot)
Cluster 4 (Vawtrak)
Cluster 5 (Tinba)
November has been an interesting month not only for Deepvi as a company but also because of the identification and detection of new Cryptowall 4.0 Ransomware, the last build of the Cryptowall family.
Here is a list of interesting IPs contacted by the malware:
While some of those IPs are unique to Cryptowall 4.0, what’s really interesting is that some of them have been used in the past for other malware campaigns spreading:
We will be launching 64bit support for our sandbox very shortly – so stay tuned!