Summary: 2025/04/24 18:43
First reported date: 2012/03/06
Inquiry period : 2025/03/25 18:43 ~ 2025/04/24 18:43 (1 months), 6 search results
전 기간대비 67% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 DLL 입니다.
악성코드 유형 ShadowPad 도 새롭게 확인됩니다.
공격기술 Campaign apt 도 새롭게 확인됩니다.
기타 g0njxa actor lure DeepSeek TookPS 등 신규 키워드도 확인됩니다.
Trend graph by period
Related keyword cloud
Top 100| # | Trend | Count | Comparison |
|---|---|---|---|
| 1 | DLL | 6 | ▲ 4 (67%) |
| 2 | g0njxa | 1 | ▲ new |
| 3 | Malware | 1 | - 0 (0%) |
| 4 | actor | 1 | ▲ new |
| 5 | lure | 1 | ▲ new |
| 6 | DeepSeek | 1 | ▲ new |
| 7 | TookPS | 1 | ▲ new |
| 8 | Do | 1 | ▲ new |
| 9 | CharlesLydgate | 1 | ▲ new |
| 10 | xAdvSec | 1 | ▲ new |
| 11 | Campaign | 1 | ▲ new |
| 12 | hexe | 1 | ▲ new |
| 13 | Malicious | 1 | ▲ new |
| 14 | msimg | 1 | ▲ new |
| 15 | File | 1 | ▲ new |
| 16 | IoC | 1 | ▲ new |
| 17 | ShadowPad | 1 | ▲ new |
| 18 | delete | 1 | ▲ new |
| 19 | apt | 1 | ▲ new |
| 20 | flaxtyphoon | 1 | ▲ new |
| 21 | Hash | 1 | ▲ new |
| 22 | Parents | 1 | ▲ new |
| 23 | Execution | 1 | ▲ new |
| 24 | Same | 1 | ▲ new |
| 25 | Password | 1 | ▲ new |
| 26 | Bat | 1 | ▲ new |
| 27 | httpstcorSZDzbLcCL | 1 | ▲ new |
| 28 | httpstcobTb | 1 | ▲ new |
| 29 | Zip | 1 | ▲ new |
| 30 | sample | 1 | ▲ new |
| 31 | please | 1 | ▲ new |
| 32 | httpstcookaMxLx | 1 | ▲ new |
Special keyword group
Top 5
Malware Type
This is the type of malware that is becoming an issue.
| Keyword | Average | Label |
|---|---|---|
| ShadowPad |
|
1 (100%) |
Attacker & Actors
The status of the attacker or attack group being issued.
No data.
Country & Company
This is a country or company that is an issue.
No data.
Threat info
Last 5SNS
(Total : 6)
Total keyword
Malware Campaign IoC ShadowPad apt Password
News
(Total : 0)No data.
Additional information
| No | Title | Date |
|---|---|---|
| 1 | Google Warns: Threat Actors Growing More Sophisticated, Exploiting Zero-Day Vulnerabilities - Malware.News | 2025.04.24 |
| 2 | 포티넷코리아, 2024 지속가능성 보고서 발표 - 데일리시큐 | 2025.04.24 |
| 3 | 정보 탈취형 악성코드 이메일 작년 대비 84% 증가 - 데일리시큐 | 2025.04.24 |
| 4 | DslogdRAT Malware Installed in Ivanti Connect Secure - Malware.News | 2025.04.24 |
| 5 | Orange Sales Rise Slightly Buoyed by African Unit Growth - Bloomberg Technology | 2025.04.24 |
| View only the last 5 | ||
| No | Title | Date |
|---|---|---|
| 1 | StaryDobry ruins New Year’s Eve, delivering miner instead of presents - Malware.News | 2025.02.18 |
| 2 | StaryDobry ruins New Year’s Eve, delivering miner instead of presents - Malware.News | 2025.02.18 |
| 3 | Qbot is Back.Connect - Malware.News | 2025.01.20 |
| 4 | Qbot is Back.Connect - Malware.News | 2025.01.20 |
| 5 | Qbot is Back.Connect - Malware.News | 2025.01.20 |
| View only the last 5 | ||
| No | Request | Hash(md5) | Report No | Date |
|---|---|---|---|---|
| 1 |  PropertyFiles_2025-04-21.exenjRAT backdoor Generic Malware Antivirus Malicious Library UPX PE File CAB OS Name Check MSOffice File PE32 OS Processor Check DLL | b4f9c6f50cc331920c86a36e83e6b9f6 | 59888 | 2025.04.24 |
| 2 |  UQdB.exeFormbook Generic Malware .NET framework(MSIL) Malicious Library UPX Antivirus PWS AntiDebug AntiVM PE File .NET EXE PE32 DLL | 143aa2a76396aab15a8bf762dfa7f377 | 59879 | 2025.04.23 |
| 3 |  VPN-Installer.exenjRAT backdoor Generic Malware Malicious Library Antivirus UPX PE File CAB PE32 MSOffice File OS Processor Check OS Name Check DLL | 5188e0fd775892a2bdd22429988ab955 | 59727 | 2025.04.21 |
| 4 | Adobe-Setup.msi Generic Malware Malicious Library UPX CAB MSOffice File OS Processor Check PE File DLL PE32 | 3bc9b48b3d9a97503d1739d86522e5bc | 59809 | 2025.04.21 |
| 5 |  doitallmain.exeAdmin Tool (Sysinternals etc ...) UPX PE File DllRegisterServer dll PE32 MSOffice File | b1bbdf491a3d32319eb33121c086030d | 59719 | 2025.04.21 |
| View only the last 5 | ||||
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| watch | Creates known Upatre files |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | One or more potentially interesting buffers were extracted |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | Resolves a suspicious Top Level Domain (TLD) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
| info | Uses Windows APIs to generate a cryptographic key |
| Network | ET DNS Query to a *.top domain - Likely Hostile |
No data
| No | URL | CC | ASN Co | Reporter | Date |
|---|---|---|---|---|---|
| 1 | https://osdugalic.edu.rs/Fhmcvdf.vdf dll encrypted PureLogs stealer | RS  | United Internet Ltd. | dani5577 | 2025.04.23 |
| 2 | https://osdugalic.edu.rs/Txhkx.mp4 dll encrypted PureLogs stealer | RS | United Internet Ltd. | dani5577 | 2025.04.23 |
| 3 | http://176.65.144.205/example.dll dll opendir | DE  | NDA0E | 2025.04.21 | |
| 4 | http://176.65.144.205/implant.dll dll opendir | DE | NDA0E | 2025.04.21 | |
| 5 | http://196.251.118.210/d/rref.dll dll opendir | ZA  | xneelo | NDA0E | 2025.04.21 |
| View only the last 5 | |||||
Beta Service, If you select keyword, you can check detailed information.