Malware Trends, April - June 2022
Contributed by Dave Piscitello, Interisle Consulting Group
Mozi malware remains the most frequently identified IoT malware.
Reports increased for Mirai, Sora and Hajime malware.
Hosting networks having the most IPv4 addresses reported for IoT Malware
AS 4837 CHINA169-BACKBONE CHINA UNICOM China169 Backbone
AS 4134 CHINANET-BACKBONE No.31
AS 9829 BSNL-NIB National Internet Backbone
AS 17816 CHINA169-GZ China Unicom IP network China169 Guangdong province
Infostealers were the most reported Endpoint Malware.
Quakbot and Flubot were most frequently reported Infostealers.
More than 75% of Quakbot malware was hosted at autonomous networks in the United States. One-third of these were hosted at Unified Layer.
The IP address allocation 36.248.0.0/14 in CHINA UNICOM Industrial Internet Backbone had the most reports of Endpoint Malware. Over 80% of the malware were hosted at zol.com.cn.
The malware trends reported here complement the malware activity reported for Top-level Domains, domain registrars, and hosting networks during the January 1, 2022 - March 31, 2022 period.
If you have a novel use for Cybercrime Information Center Data and are interested in sharing with
our community, contact us at
criminaldomainabuse@interisle.net
Vulnerability scanners accounted for more than 50% of the 450,000 Malicious IP Addresses reported as origins of attackware traffic.
SSH and Brute-force scanners accounted for 25% of the remaining attackware reported.
Forum spammers accounted for more than 40% of the 338,000 Malicious IP addresses reported as traffic injectors. PHP forum spammes accounted for nearly 20% of the remaining reported traffic injectors.
Our quarterly Malware Activity pages report where we observe malware by Top-level Domains, Domain Registrars, and Hosting Networks. Here, we share some closer looks at the malware landscape.
57% of the reported malware in the (new) Malicious IP Addresses sub-family were identified as attack ware. The remaining 43% were classified as traffic injectors.