【図表】
【ブログ】
◆August 2019’s Most Wanted Malware: Echobot Launches Widespread Attack Against IoT Devices (Check point, 2019/09/12)
https://blog.checkpoint.com/2019/09/12/august-2019s-most-wanted-malware-echobot-launches-widespread-attack-against-iot-devices/
【ランキング】
■PC
| 順位 | マルウェア名 | 8月 | 7月 | 6月 | 5月 | 4月 | 3月 | 2月 | 1月 | 12月 | 11月 | 10月 | 9月 | 8月 | 7月 | 6月 | 5月 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | XMRig | 1 | 1 | 1 | 2 | 2 | 3 | 4 | 2 | 2 | 9 | 7 | 8 | 7 | 7 | 7 | 7 |
| 2 | Jsecoin | 2 | 2 | 2 | 3 | 3 | 5 | 5 | 4 | 3 | 6 | 6 | 5 | 5 | 5 | 6 | 4 |
| 3 | Dorkbot | 3 | 3 | 4 | 7 | 5 | 4 | 6 | 7 | 7 | 5 | 3 | 2 | 2 | 3 | 3 | 8 |
| 4 | Trickbot | 4 | 7 | 10 | 8 | 8 | - | - | - | - | - | - | - | - | - | - | - |
| 5 | Agentesla | 5 | 6 | - | 10 | 7 | - | - | - | - | - | - | - | - | - | - | - |
| 6 | Ramnit | 6 | 8 | 6 | 5 | 6 | 7 | 10 | 10 | 8 | - | 8 | 7 | 6 | 10 | 10 | - |
| 7 | Emotet | 7 | 4 | 5 | 4 | 4 | 2 | 3 | 5 | 5 | 7 | - | 10 | - | - | - | - |
| 8 | Cryptoloot | 8 | 10 | 3 | 1 | 1 | 1 | 2 | 3 | 4 | 2 | 2 | 3 | 4 | 2 | 2 | 2 |
| 9 | Formbook | 9 | 9 | 9 | - | - | - | - | - | - | - | - | - | - | - | - | - |
| 10 | Lokibot | 10 | - | - | 6 | 10 | 9 | - | 8 | - | - | - | - | - | - | - | - |
| - | Nanocore | - | 5 | 8 | - | - | - | - | - | - | - | - | - | - | - | - | - |
| - | Hawkeye | - | - | 7 | - | - | - | - | - | - | - | - | - | - | - | - | - |
| - | Nivdort | - | - | - | 9 | - | 8 | 7 | 6 | 6 | 10 | - | - | 10 | - | 8 | - |
| - | Sality | - | - | - | - | 9 | - | - | - | - | - | - | - | - | - | - | - |
| - | Coinhive | - | - | - | - | - | 6 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 |
| - | Mirai | - | - | - | - | - | 10 | - | - | - | - | - | - | - | - | - | - |
| - | Gandcrab | - | - | - | - | - | - | 8 | 9 | - | - | - | - | - | - | - | - |
| - | Smokeloader | - | - | - | - | - | - | - | - | 9 | - | - | - | - | - | - | - |
| - | Authedmine | - | - | - | - | - | - | 9 | - | 10 | - | - | - | - | - | - | - |
| - | Andromeda | - | - | - | - | - | - | - | - | - | 3 | 5 | 4 | 3 | 4 | 4 | 5 |
| - | Roughted | - | - | - | - | - | - | - | - | - | 4 | 4 | 6 | 8 | 6 | 5 | 3 |
| - | Conficker | - | - | - | - | - | - | - | - | - | 8 | 9 | 9 | 9 | 8 | - | 10 |
| - | FlawedAmmyy RAT | - | - | - | - | - | - | - | - | - | - | 10 | - | - | - | - | - |
| - | Fireball | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | 6 |
| - | Necurs | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | 9 |
■モバイル
| 順位 | マルウェア名 | 8月 | 7月 | 6月 | 5月 | 4月 |
|---|---|---|---|---|---|---|
| 1 | Lotoor | 1 | 1 | 1 | 1 | 2 |
| 2 | AndroidBauts | 2 | 2 | - | - | - |
| 3 | Triada | 3 | - | 2 | 3 | 1 |
| - | Piom | - | 3 | - | - | - |
| - | Ztorg | - | - | 3 | - | - |
| - | Hiddad | - | - | - | 2 | 3 |
■脆弱性
| 順位 | 脆弱性 | 8月 | 7月 | 6月 | 5月 | 4月 |
|---|---|---|---|---|---|---|
| 1 | SQL Injection (several techniques) | 1 | 1 | 1 | 1 | - |
| 2 | OpenSSL TLS DTLS Heartbeat Information Disclosure | 2 | 2 | 2 | 3 | 1 |
| 3 | MVPower DVR Remote Code Execution | 3 | 3 | - | - | - |
| 4 | Command Injection Over HTTP | 4 | - | 7 | - | - |
| 5 | WordPress portable-phpMyAdmin Plugin Authentication Bypass | 5 | 7 | 6 | 10 | - |
| 6 | Joomla Object Injection Remote Command Execution) | 6 | 5 | 3 | 4 | - |
| 7 | PHP DIESCAN information disclosure | 7 | 6 | 5 | 7 | - |
| 8 | Web Server Exposed Git Repository Information Disclosure | 8 | 4 | 4 | 2 | - |
| 9 | Hikvision IP Cameras Information Disclosure | 9 | - | - | - | - |
| 10 | D-Link DSL-2750B Remote Command Execution | 10 | 9 | 9 | 8 | - |
| - | OpenDreamBox WebAdmin Plugin Remote Code Execution | - | 8 | - | - | - |
| - | Apache Struts2 Content-Type Remote Code Execution (CVE-2017-5638) | - | - | 8 | 6 | 3 |
| - | Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow (CVE-2017-7269) | - | - | 10 | 5 | 2 |
