Summary: 2025/04/19 11:33
First reported date: 2016/12/16
Inquiry period : 2025/03/20 11:33 ~ 2025/04/19 11:33 (1 months), 14 search results
전 기간대비 7% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Cryptocurrency Miner Malware Report Cryptocurrency target 입니다.
악성코드 유형 XMRig DYEPACK CoreDN Houdini Mirai 도 새롭게 확인됩니다.
공격자 Anonymous 도 새롭게 확인됩니다.
공격기술 RCE Smishing Hijacking hijack 도 새롭게 확인됩니다.
기관 및 기업 Microsoft Banking Recorded Future United Kingdom Cloudflare Cambodia North Korea Iran 도 새롭게 확인됩니다.
기타 Email Outlaw PostgreSQL Forensics mining 등 신규 키워드도 확인됩니다.
* 최근 뉴스기사 Top3:
ㆍ 2025/04/15 Kubernetes Threat Hunting using API Server Audit Logs
ㆍ 2025/04/11 How Huoine Marketplace Is Reshaping Global Fraud
ㆍ 2025/04/11 Threat actors thrive in chaos
참고로 동일한 그룹의 악성코드 타입은 Cryptocurrency Miner HiddenBee XMRig 등 9개 종이 확인됩니다.
Trend graph by period
Related keyword cloud
Top 100| # | Trend | Count | Comparison |
|---|---|---|---|
| 1 | Cryptocurrency Miner | 14 | ▲ 1 (7%) |
| 2 | Malware | 12 | ▲ 4 (33%) |
| 3 | Campaign | 8 | ▼ -3 (-38%) |
| 4 | Report | 8 | ▲ 5 (63%) |
| 5 | Cryptocurrency | 8 | ▲ 3 (38%) |
| 6 | target | 6 | ▲ 3 (50%) |
| 7 | Update | 6 | ▲ 4 (67%) |
| 8 | Exploit | 6 | ▼ -1 (-17%) |
| 9 | attack | 6 | - 0 (0%) |
| 10 | Victim | 6 | ▲ 1 (17%) |
| 11 | Linux | 5 | ▲ 3 (60%) |
| 12 | Vulnerability | 5 | ▲ 3 (60%) |
| 13 | Criminal | 4 | ▲ 1 (25%) |
| 14 | Phishing | 4 | ▲ 3 (75%) |
| 15 | 4 | ▲ new | |
| 16 | Software | 4 | - 0 (0%) |
| 17 | United States | 4 | ▼ -1 (-25%) |
| 18 | RSA Conference | 3 | ▲ 2 (67%) |
| 19 | Advertising | 3 | ▲ 2 (67%) |
| 20 | Outlaw | 3 | ▲ new |
| 21 | Cisco | 3 | ▼ -1 (-33%) |
| 22 | RCE | 3 | ▲ new |
| 23 | Microsoft | 3 | ▲ new |
| 24 | VirusTotal | 3 | ▼ -1 (-33%) |
| 25 | PostgreSQL | 3 | ▲ new |
| 26 | Botnet | 3 | ▲ 2 (67%) |
| 27 | Anonymous | 2 | ▲ new |
| 28 | hacking | 2 | ▼ -1 (-50%) |
| 29 | Forensics | 2 | ▲ new |
| 30 | Password | 2 | ▲ 1 (50%) |
| 31 | Remote Code Execution | 2 | ▼ -5 (-250%) |
| 32 | Banking | 2 | ▲ new |
| 33 | Spain | 2 | ▲ 1 (50%) |
| 34 | mining | 2 | ▲ new |
| 35 | Wiz | 2 | ▲ new |
| 36 | Social Engineering | 2 | ▲ 1 (50%) |
| 37 | Ransomware | 2 | - 0 (0%) |
| 38 | fileless | 2 | ▲ new |
| 39 | Windows | 2 | ▼ -1 (-50%) |
| 40 | XMRig | 2 | ▲ new |
| 41 | China | 2 | ▼ -2 (-100%) |
| 42 | IoC | 2 | ▲ 1 (50%) |
| 43 | ZeroDay | 2 | ▲ new |
| 44 | such | 1 | ▲ new |
| 45 | SourceForge | 1 | ▲ new |
| 46 | Office | 1 | ▲ new |
| 47 | critical | 1 | ▲ new |
| 48 | Australia | 1 | - 0 (0%) |
| 49 | Recorded Future | 1 | ▲ new |
| 50 | MFA | 1 | ▲ new |
| 51 | Smishing | 1 | ▲ new |
| 52 | Takedown | 1 | - 0 (0%) |
| 53 | emerge | 1 | ▲ new |
| 54 | CISA | 1 | ▼ -1 (-100%) |
| 55 | tar | 1 | ▲ new |
| 56 | Distribution | 1 | ▲ new |
| 57 | Telegram | 1 | - 0 (0%) |
| 58 | United Kingdom | 1 | ▲ new |
| 59 | Exploi | 1 | ▲ new |
| 60 | arrest | 1 | ▲ new |
| 61 | DYEPACK | 1 | ▲ new |
| 62 | Kubernetes | 1 | - 0 (0%) |
| 63 | DNS | 1 | ▲ new |
| 64 | Hijacking | 1 | ▲ new |
| 65 | Cloudflare | 1 | ▲ new |
| 66 | hijack | 1 | ▲ new |
| 67 | Backdoor | 1 | ▼ -3 (-300%) |
| 68 | Red Hat | 1 | ▲ new |
| 69 | CoreDN | 1 | ▲ new |
| 70 | Sandbox | 1 | ▲ new |
| 71 | CVSS | 1 | ▲ new |
| 72 | fraud | 1 | ▲ new |
| 73 | scam | 1 | ▲ new |
| 74 | Huione | 1 | ▲ new |
| 75 | Cambodia | 1 | ▲ new |
| 76 | Operation | 1 | ▲ new |
| 77 | Education | 1 | ▼ -1 (-100%) |
| 78 | Additional | 1 | ▲ new |
| 79 | PHP | 1 | ▲ new |
| 80 | ANY | 1 | ▲ new |
| 81 | p | 1 | ▲ new |
| 82 | powershell | 1 | - 0 (0%) |
| 83 | North Korea | 1 | ▲ new |
| 84 | group | 1 | ▲ new |
| 85 | threat | 1 | ▲ new |
| 86 | crypto | 1 | ▲ new |
| 87 | Taiwan | 1 | ▼ -1 (-100%) |
| 88 | Iran | 1 | ▲ new |
| 89 | Elastic | 1 | ▲ new |
| 90 | Volt Typhoon | 1 | - 0 (0%) |
| 91 | Trojan | 1 | ▼ -3 (-300%) |
| 92 | MimiKatz | 1 | ▲ new |
| 93 | 1 | ▲ new | |
| 94 | MalSpam | 1 | ▲ new |
| 95 | Chrome | 1 | ▲ new |
| 96 | Houdini | 1 | ▲ new |
| 97 | exposed | 1 | ▲ new |
| 98 | Labs | 1 | ▲ new |
| 99 | TI | 1 | ▲ new |
| 100 | Mirai | 1 | ▲ new |
Special keyword group
Top 5
Malware Type
This is the type of malware that is becoming an issue.
| Keyword | Average | Label |
|---|---|---|
| Cryptocurrency Miner |
|
14 (51.9%) |
| Botnet |
|
3 (11.1%) |
| Ransomware |
|
2 (7.4%) |
| XMRig |
|
2 (7.4%) |
| DYEPACK |
|
1 (3.7%) |
Attacker & Actors
The status of the attacker or attack group being issued.
| Keyword | Average | Label |
|---|---|---|
| Anonymous |
|
2 (66.7%) |
| Volt Typhoon |
|
1 (33.3%) |
Country & Company
This is a country or company that is an issue.
| Keyword | Average | Label |
|---|---|---|
| United States |
|
4 (13.3%) |
| Cisco |
|
3 (10%) |
| Microsoft |
|
3 (10%) |
| VirusTotal |
|
3 (10%) |
| Banking |
|
2 (6.7%) |
Malware Family
Top 5
A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.
Threat info
Last 5SNS
(Total : 3)Cryptocurrency Miner PostgreSQL Report Linux Campaign attack Cryptocurrency Exploit Password XMRig Victim Malware hacking CoinMiner
News
(Total : 11)Cryptocurrency Miner Malware Cryptocurrency Campaign Update Report target Vulnerability Exploit attack Victim Phishing Email Linux Criminal Software United States Botnet RCE Cisco Advertising Microsoft VirusTotal RSA Conference Banking Spain Remote Code Execution Social Engineering Anonymous Ransomware Forensics ZeroDay Windows IoC Attacker China United Kingdom Smishing hijack MFA Cloudflare Education Backdoor Hijacking DNS Kubernetes Australia DYEPACK Takedown Telegram arrest Operation Cambodia Recorded Future Distribution Red Hat CVSS CISA CoreDN PostgreSQL Russia MimiKatz Volt Typhoon Iran Taiwan North Korea powershell ChatGPT Kaspersky Wshrat XMRig Houdini hacking Stealer Password SHODAN intelligence Ubuntu Mirai ...
| No | Title | Date |
|---|---|---|
| 1 | Kubernetes Threat Hunting using API Server Audit Logs - Malware.News | 2025.04.15 |
| 2 | How Huoine Marketplace Is Reshaping Global Fraud - Malware.News | 2025.04.11 |
| 3 | Threat actors thrive in chaos - Malware.News | 2025.04.11 |
| 4 | Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings - The Hacker News | 2025.04.09 |
| 5 | Additional details on Outlaw Linux cryptomining botnet emerge - Malware.News | 2025.04.03 |
Additional information
| No | Title | Date |
|---|---|---|
| 1 | Tesla to Delay Production of Cheaper EVs, Reuters Reports - Bloomberg Technology | 2025.04.19 |
| 2 | When Vulnerability Information Flows are Vulnerable Themselves - Malware.News | 2025.04.19 |
| 3 | CISA warns threat hunting staff of end to Google, Censys contracts as agency cuts set in - Malware.News | 2025.04.19 |
| 4 | Radiology practice reportedly working with FBI after ‘data security incident’ - Malware.News | 2025.04.19 |
| 5 | Text scams grow to steal hundreds of millions of dollars - Malware.News | 2025.04.19 |
| View only the last 5 | ||
| No | Title | Date |
|---|---|---|
| 1 | Kubernetes Threat Hunting using API Server Audit Logs - Malware.News | 2025.04.15 |
| 2 | Kubernetes Threat Hunting using API Server Audit Logs - Malware.News | 2025.04.15 |
| 3 | How Huoine Marketplace Is Reshaping Global Fraud - Malware.News | 2025.04.11 |
| 4 | How Huoine Marketplace Is Reshaping Global Fraud - Malware.News | 2025.04.11 |
| 5 | Threat actors thrive in chaos - Malware.News | 2025.04.11 |
| View only the last 5 | ||
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| watch | A process attempted to delay the analysis task. |
| watch | Attempts to create or modify system certificates |
| watch | Communicates with host for which no DNS query was performed |
| watch | Connects to an IRC server |
| watch | Installs itself for autorun at Windows startup |
| watch | Looks for the Windows Idle Time to determine the uptime |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Creates hidden or system file |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | Terminates another process |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The executable uses a known packer |
| info | Uses Windows APIs to generate a cryptographic key |
| Network | ET DROP Spamhaus DROP Listed Traffic Inbound group 23 |
| Network | ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response |
| Network | ET INFO Executable Download from dotted-quad Host |
| Network | ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download |
| Network | ET POLICY PE EXE or DLL Windows file download HTTP |
| Network | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) |