Summary: 2025/05/05 06:33
First reported date: 2010/06/28
Inquiry period : 2025/04/05 06:33 ~ 2025/05/05 06:33 (1 months), 6 search results
전 기간대비 -217% 낮은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Java Microsoft Criminal Victim File 입니다.
악성코드 유형 Vawtrak BLINDINGCAN ShadowPad 도 새롭게 확인됩니다.
공격자 Lazarus 도 새롭게 확인됩니다.
공격기술 RCE hacking ClickFix APT 도 새롭게 확인됩니다.
기관 및 기업 Government North Korea South Korea 도 새롭게 확인됩니다.
기타 Cryptocurrency SMB open source AnyDesk 등 신규 키워드도 확인됩니다.
* 최근 뉴스기사 Top3:
ㆍ 2025/04/10 Atomic and Exodus crypto wallets targeted in malicious npm campaign
ㆍ 2025/04/10 Atomic and Exodus crypto wallets targeted in malicious npm campaign
ㆍ 2025/04/10 GOFFEE continues to attack organizations in Russia
Trend graph by period
Related keyword cloud
Top 100Special keyword group
Top 5
Malware Type
This is the type of malware that is becoming an issue.
| Keyword | Average | Label |
|---|---|---|
| GameoverP2P |
|
1 (14.3%) |
| Vawtrak |
|
1 (14.3%) |
| Trojan |
|
1 (14.3%) |
| NetWireRC |
|
1 (14.3%) |
| BLINDINGCAN |
|
1 (14.3%) |
Attacker & Actors
The status of the attacker or attack group being issued.
| Keyword | Average | Label |
|---|---|---|
| Lazarus |
|
1 (100%) |
Technique
This is an attack technique that is becoming an issue.
| Keyword | Average | Label |
|---|---|---|
| Downloader |
|
6 (24%) |
| Campaign |
|
5 (20%) |
| RCE |
|
3 (12%) |
| hijack |
|
2 (8%) |
| Hijacking |
|
2 (8%) |
Country & Company
This is a country or company that is an issue.
| Keyword | Average | Label |
|---|---|---|
| Microsoft |
|
3 (30%) |
| United States |
|
1 (10%) |
| Russia |
|
1 (10%) |
| Kaspersky |
|
1 (10%) |
| Government |
|
1 (10%) |
Threat info
Last 5SNS
(Total : 2)Downloader target Criminal Campaign APT Update c&c Targeting C2 ShadowPad Stealer
News
(Total : 4)Downloader Software Campaign Java Victim Microsoft RCE Update target Report Attacker Malware Hijacking attack Cryptocurrency Phishing Criminal hijack Distribution Windows c&c IoC Vawtrak Email Government Advertising NetWireRC Operation Trojan AnyDesk Supply chain GameoverP2P Russia SMB Backdoor North Korea South Korea schtasks AhnLab BLINDINGCAN hacking GitHub Twitter RAT iCloud powershell ClickFix 악성코드 Kaspersky Lazarus United States VBScript
| No | Title | Date |
|---|---|---|
| 1 | Atomic and Exodus crypto wallets targeted in malicious npm campaign - Malware.News | 2025.04.10 |
| 2 | Atomic and Exodus crypto wallets targeted in malicious npm campaign - ReversingLabs Blog | 2025.04.10 |
| 3 | GOFFEE continues to attack organizations in Russia - Malware.News | 2025.04.10 |
| 4 | 북한 해커 조직, 악성 npm 패키지 11개 추가 배포… 한국 개발자 공격 - 시큐리티팩트 | 2025.04.07 |
Additional information
| No | Title | Date |
|---|---|---|
| 1 | Threat Actors Attacking U.S. Citizens Via Social Engineering Attack - Malware.News | 2025.05.04 |
| 2 | 틱톡, 유럽 사용자 데이터 중국 전송.. 8000억대 벌금 - 시큐리티팩트 | 2025.05.03 |
| 3 | Saskatoon children’s hospital nurse unlawfully snooped on records of 314 patients: privacy report - Malware.News | 2025.05.03 |
| 4 | Dating app Raw exposed users’ location data and personal information - Malware.News | 2025.05.03 |
| 5 | Hacker hired Telangana man to courier threats to Star Health Insurance MD - Malware.News | 2025.05.03 |
| View only the last 5 | ||
| No | Title | Date |
|---|---|---|
| 1 | Atomic and Exodus crypto wallets targeted in malicious npm campaign - Malware.News | 2025.04.10 |
| 2 | Atomic and Exodus crypto wallets targeted in malicious npm campaign - ReversingLabs Blog | 2025.04.10 |
| 3 | GOFFEE continues to attack organizations in Russia - Malware.News | 2025.04.10 |
| 4 | GOFFEE continues to attack organizations in Russia - Malware.News | 2025.04.10 |
| 5 | 북한 해커 조직, 악성 npm 패키지 11개 추가 배포… 한국 개발자 공격 - 시큐리티팩트 | 2025.04.07 |
| View only the last 5 | ||
| Level | Description |
|---|---|
| watch | A process performed obfuscation on information about the computer or sent it to a remote location indicative of CnC Traffic/Preperations. |
| watch | Attempts to identify installed AV products by installation directory |
| watch | Attempts to stop active services |
| watch | Checks for the presence of known devices from debuggers and forensic tools |
| watch | Checks for the presence of known windows from debuggers and forensic tools |
| watch | Checks the version of Bios |
| watch | Communicates with host for which no DNS query was performed |
| watch | Creates known SpyNet files |
| watch | Deletes executed files from disk |
| watch | Detects the presence of Wine emulator |
| watch | Detects VMWare through the in instruction feature |
| watch | Harvests credentials from local FTP client softwares |
| watch | Installs itself for autorun at Windows startup |
| watch | Putty Files |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | A process attempted to delay the analysis task. |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | An executable file was downloaded by the process ramez.exe |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Checks whether any human activity is being performed by constantly checking whether the foreground window changed |
| notice | Creates a shortcut to an executable file |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | Executes one or more WMI queries |
| notice | Expresses interest in specific running processes |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Potentially malicious URLs were found in the process memory dump |
| notice | Queries for potentially installed applications |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | Sends data using the HTTP POST Method |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
| info | Tries to locate where the browsers are installed |
| Network | ET DROP Spamhaus DROP Listed Traffic Inbound group 32 |
| Network | ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response |
| Network | ET INFO Executable Download from dotted-quad Host |
| Network | ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download |
| Network | ET INFO Packed Executable Download |
| Network | ET MALWARE Amadey CnC Response |
| Network | ET POLICY PE EXE or DLL Windows file download HTTP |
| No | URL | CC | ASN Co | Reporter | Date |
|---|---|---|---|---|---|
| 1 | http://147.124.216.113/image.exe DBatLoader downloader malware trojan VIPKeylogger | US  | AC-AS-1 | Joker | 2025.01.03 |
| 2 | https://hybrid-independently-eve-hint.trycloudflare.com/om.js downloader js obfuscated opendir webdav | DaveLikesMalwre | 2024.12.29 | ||
| 3 | http://37.120.234.31/Update-KB5005101.zip bat downloader Encoded opendir reverseshell | RO  | Secure Data Systems SRL | DaveLikesMalwre | 2024.12.10 |
| 4 | https://hoteltoscanaplaza.com.co/Index.txt downloader js | US | UNIFIEDLAYER-AS-1 | DaveLikesMalwre | 2024.11.03 |
| 5 | https://rartxt41.b-cdn.net/raril4.txt downloader Lumma ps1 ua-wget | US | DaveLikesMalwre | 2024.10.12 | |
| View only the last 5 | |||||