Summary: 2025/04/19 11:18
First reported date: 2012/03/06
Inquiry period : 2025/03/20 11:18 ~ 2025/04/19 11:18 (1 months), 6 search results
전 기간대비 50% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 DLL 입니다.
악성코드 유형 ShadowPad 도 새롭게 확인됩니다.
공격기술 apt 도 새롭게 확인됩니다.
기타 g0njxa actor lure DeepSeek TookPS 등 신규 키워드도 확인됩니다.
Trend graph by period
Related keyword cloud
Top 100| # | Trend | Count | Comparison |
|---|---|---|---|
| 1 | DLL | 6 | ▲ 3 (50%) |
| 2 | g0njxa | 1 | ▲ new |
| 3 | Malware | 1 | ▼ -1 (-100%) |
| 4 | actor | 1 | ▲ new |
| 5 | lure | 1 | ▲ new |
| 6 | DeepSeek | 1 | ▲ new |
| 7 | TookPS | 1 | ▲ new |
| 8 | Do | 1 | ▲ new |
| 9 | CharlesLydgate | 1 | ▲ new |
| 10 | xAdvSec | 1 | ▲ new |
| 11 | Campaign | 1 | - 0 (0%) |
| 12 | hexe | 1 | ▲ new |
| 13 | Malicious | 1 | ▲ new |
| 14 | msimg | 1 | ▲ new |
| 15 | File | 1 | - 0 (0%) |
| 16 | IoC | 1 | - 0 (0%) |
| 17 | ShadowPad | 1 | ▲ new |
| 18 | delete | 1 | ▲ new |
| 19 | apt | 1 | ▲ new |
| 20 | flaxtyphoon | 1 | ▲ new |
| 21 | Hash | 1 | ▲ new |
| 22 | Parents | 1 | ▲ new |
| 23 | Execution | 1 | ▲ new |
| 24 | Same | 1 | ▲ new |
| 25 | Password | 1 | ▲ new |
| 26 | Bat | 1 | ▲ new |
| 27 | httpstcorSZDzbLcCL | 1 | ▲ new |
| 28 | httpstcobTb | 1 | ▲ new |
| 29 | Zip | 1 | ▲ new |
| 30 | sample | 1 | - 0 (0%) |
| 31 | please | 1 | ▲ new |
| 32 | httpstcookaMxLx | 1 | ▲ new |
Special keyword group
Top 5
Malware Type
This is the type of malware that is becoming an issue.
| Keyword | Average | Label |
|---|---|---|
| ShadowPad |
|
1 (100%) |
Attacker & Actors
The status of the attacker or attack group being issued.
No data.
Country & Company
This is a country or company that is an issue.
No data.
Threat info
Last 5SNS
(Total : 6)
Total keyword
Malware Campaign IoC ShadowPad apt Password
News
(Total : 0)No data.
Additional information
| No | Title | Date |
|---|---|---|
| 1 | Tesla to Delay Production of Cheaper EVs, Reuters Reports - Bloomberg Technology | 2025.04.19 |
| 2 | When Vulnerability Information Flows are Vulnerable Themselves - Malware.News | 2025.04.19 |
| 3 | CISA warns threat hunting staff of end to Google, Censys contracts as agency cuts set in - Malware.News | 2025.04.19 |
| 4 | Radiology practice reportedly working with FBI after ‘data security incident’ - Malware.News | 2025.04.19 |
| 5 | Text scams grow to steal hundreds of millions of dollars - Malware.News | 2025.04.19 |
| View only the last 5 | ||
| No | Title | Date |
|---|---|---|
| 1 | StaryDobry ruins New Year’s Eve, delivering miner instead of presents - Malware.News | 2025.02.18 |
| 2 | StaryDobry ruins New Year’s Eve, delivering miner instead of presents - Malware.News | 2025.02.18 |
| 3 | Qbot is Back.Connect - Malware.News | 2025.01.20 |
| 4 | Qbot is Back.Connect - Malware.News | 2025.01.20 |
| 5 | Qbot is Back.Connect - Malware.News | 2025.01.20 |
| View only the last 5 | ||
| No | Request | Hash(md5) | Report No | Date |
|---|---|---|---|---|
| 1 |  snd16061.exeGen1 Generic Malware Malicious Library UPX Admin Tool (Sysinternals etc ...) Antivirus Malicious Packer Anti_VM PE File PE32 DLL OS Processor Check GIF Format Lnk Format | e24d2cdf95e080f2b6a1db32352d8a3c | 59182 | 2025.04.18 |
| 2 | loader.ps1 Generic Malware Antivirus PE File DLL PE32 .NET DLL | d9c04694bd6c6a3c8d7e9e88e224f327 | 59184 | 2025.04.18 |
| 3 | loader2.ps1 Generic Malware Antivirus PE File DLL PE32 .NET DLL | 754021a1fb8aa76c3d927ef703c6a1d5 | 59185 | 2025.04.18 |
| 4 |  bloxshade.exeGen1 NSIS Generic Malware Malicious Library UPX Malicious Packer Antivirus Anti_VM Javascript_Blob PE File PE32 DLL PE64 OS Processor Check ftp | a1bf1ba9b9f57bf46936f5ee5554297f | 59043 | 2025.04.16 |
| 5 |  wesharelovetogethreforgetbestt...Generic Malware Antivirus AntiDebug AntiVM PE File DLL PE32 .NET DLL | 0f974b2ff0fc79e75bacb4f709a087d3 | 59048 | 2025.04.16 |
| View only the last 5 | ||||
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Installs itself for autorun at Windows startup |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | Executes one or more WMI queries |
| notice | Executes one or more WMI queries which can be used to identify virtual machines |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Queries for potentially installed applications |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | This executable has a PDB path |
| Network | ET POLICY NetSupport GeoLocation Lookup Request |
No data
| No | URL | CC | ASN Co | Reporter | Date |
|---|---|---|---|---|---|
| 1 | https://github.com/citraadvertising/X/raw/refs/heads/main/log2.dll dll | US  | MICROSOFT-CORP-MSN-AS-BLOCK | abuse_ch | 2025.04.11 |
| 2 | https://github.com/RQ3Xd/1/raw/refs/heads/main/quas.dll dll QuasarRAT | US | MICROSOFT-CORP-MSN-AS-BLOCK | abuse_ch | 2025.04.11 |
| 3 | https://github.com/RQ3Xd/1/raw/refs/heads/main/log.dll dll | US | MICROSOFT-CORP-MSN-AS-BLOCK | abuse_ch | 2025.04.11 |
| 4 | https://downloadbanny.b-cdn.net/SuperPack/private/841921513_x64.dll dll | JP  | abuse_ch | 2025.04.02 | |
| 5 | http://45.93.20.28/c66c0eade263c9a8/mozglue.dll dll Stealc | NL  | COGENT-174 | DaveLikesMalwre | 2025.03.27 |
| View only the last 5 | |||||
Beta Service, If you select keyword, you can check detailed information.