【図表】
【ブログ】
◆August 2019’s Most Wanted Malware: Echobot Launches Widespread Attack Against IoT Devices (Check point, 2019/09/12)
https://blog.checkpoint.com/2019/09/12/august-2019s-most-wanted-malware-echobot-launches-widespread-attack-against-iot-devices/
【ランキング】
■PC
順位 | マルウェア名 | 8月 | 7月 | 6月 | 5月 | 4月 | 3月 | 2月 | 1月 | 12月 | 11月 | 10月 | 9月 | 8月 | 7月 | 6月 | 5月 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | XMRig | 1 | 1 | 1 | 2 | 2 | 3 | 4 | 2 | 2 | 9 | 7 | 8 | 7 | 7 | 7 | 7 |
2 | Jsecoin | 2 | 2 | 2 | 3 | 3 | 5 | 5 | 4 | 3 | 6 | 6 | 5 | 5 | 5 | 6 | 4 |
3 | Dorkbot | 3 | 3 | 4 | 7 | 5 | 4 | 6 | 7 | 7 | 5 | 3 | 2 | 2 | 3 | 3 | 8 |
4 | Trickbot | 4 | 7 | 10 | 8 | 8 | - | - | - | - | - | - | - | - | - | - | - |
5 | Agentesla | 5 | 6 | - | 10 | 7 | - | - | - | - | - | - | - | - | - | - | - |
6 | Ramnit | 6 | 8 | 6 | 5 | 6 | 7 | 10 | 10 | 8 | - | 8 | 7 | 6 | 10 | 10 | - |
7 | Emotet | 7 | 4 | 5 | 4 | 4 | 2 | 3 | 5 | 5 | 7 | - | 10 | - | - | - | - |
8 | Cryptoloot | 8 | 10 | 3 | 1 | 1 | 1 | 2 | 3 | 4 | 2 | 2 | 3 | 4 | 2 | 2 | 2 |
9 | Formbook | 9 | 9 | 9 | - | - | - | - | - | - | - | - | - | - | - | - | - |
10 | Lokibot | 10 | - | - | 6 | 10 | 9 | - | 8 | - | - | - | - | - | - | - | - |
- | Nanocore | - | 5 | 8 | - | - | - | - | - | - | - | - | - | - | - | - | - |
- | Hawkeye | - | - | 7 | - | - | - | - | - | - | - | - | - | - | - | - | - |
- | Nivdort | - | - | - | 9 | - | 8 | 7 | 6 | 6 | 10 | - | - | 10 | - | 8 | - |
- | Sality | - | - | - | - | 9 | - | - | - | - | - | - | - | - | - | - | - |
- | Coinhive | - | - | - | - | - | 6 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 |
- | Mirai | - | - | - | - | - | 10 | - | - | - | - | - | - | - | - | - | - |
- | Gandcrab | - | - | - | - | - | - | 8 | 9 | - | - | - | - | - | - | - | - |
- | Smokeloader | - | - | - | - | - | - | - | - | 9 | - | - | - | - | - | - | - |
- | Authedmine | - | - | - | - | - | - | 9 | - | 10 | - | - | - | - | - | - | - |
- | Andromeda | - | - | - | - | - | - | - | - | - | 3 | 5 | 4 | 3 | 4 | 4 | 5 |
- | Roughted | - | - | - | - | - | - | - | - | - | 4 | 4 | 6 | 8 | 6 | 5 | 3 |
- | Conficker | - | - | - | - | - | - | - | - | - | 8 | 9 | 9 | 9 | 8 | - | 10 |
- | FlawedAmmyy RAT | - | - | - | - | - | - | - | - | - | - | 10 | - | - | - | - | - |
- | Fireball | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | 6 |
- | Necurs | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | 9 |
■モバイル
順位 | マルウェア名 | 8月 | 7月 | 6月 | 5月 | 4月 |
---|---|---|---|---|---|---|
1 | Lotoor | 1 | 1 | 1 | 1 | 2 |
2 | AndroidBauts | 2 | 2 | - | - | - |
3 | Triada | 3 | - | 2 | 3 | 1 |
- | Piom | - | 3 | - | - | - |
- | Ztorg | - | - | 3 | - | - |
- | Hiddad | - | - | - | 2 | 3 |
■脆弱性
順位 | 脆弱性 | 8月 | 7月 | 6月 | 5月 | 4月 |
---|---|---|---|---|---|---|
1 | SQL Injection (several techniques) | 1 | 1 | 1 | 1 | - |
2 | OpenSSL TLS DTLS Heartbeat Information Disclosure | 2 | 2 | 2 | 3 | 1 |
3 | MVPower DVR Remote Code Execution | 3 | 3 | - | - | - |
4 | Command Injection Over HTTP | 4 | - | 7 | - | - |
5 | WordPress portable-phpMyAdmin Plugin Authentication Bypass | 5 | 7 | 6 | 10 | - |
6 | Joomla Object Injection Remote Command Execution) | 6 | 5 | 3 | 4 | - |
7 | PHP DIESCAN information disclosure | 7 | 6 | 5 | 7 | - |
8 | Web Server Exposed Git Repository Information Disclosure | 8 | 4 | 4 | 2 | - |
9 | Hikvision IP Cameras Information Disclosure | 9 | - | - | - | - |
10 | D-Link DSL-2750B Remote Command Execution | 10 | 9 | 9 | 8 | - |
- | OpenDreamBox WebAdmin Plugin Remote Code Execution | - | 8 | - | - | - |
- | Apache Struts2 Content-Type Remote Code Execution (CVE-2017-5638) | - | - | 8 | 6 | 3 |
- | Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow (CVE-2017-7269) | - | - | 10 | 5 | 2 |