Summary: 2025/04/19 11:26
First reported date: 2017/09/20
Inquiry period : 2025/03/20 11:26 ~ 2025/04/19 11:26 (1 months), 6 search results
전 기간대비 -67% 낮은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 IoC 입니다.
악성코드 유형 Raccoon Nanocore GameoverP2P DYEPACK RecordBreaker Emotet RedLine 도 새롭게 확인됩니다.
공격기술 Stealer 도 새롭게 확인됩니다.
기관 및 기업 Microsoft Russia China Kaspersky 도 새롭게 확인됩니다.
기타 Education Cobalt Strike Android powershell Malware download 등 신규 키워드도 확인됩니다.
FormBook is a well-known commercial malware that steals information from victims’ machines using keyloggers and form grabbers.
* 최근 뉴스기사 Top3:
ㆍ 2025/04/08 How MSSP Expertware Uses ANY.RUN’s Interactive Sandbox for Faster Threat Analysis
참고로 동일한 그룹의 악성코드 타입은 FormBook QakBot RedLine 등 101개 종이 확인됩니다.
Trend graph by period
Related keyword cloud
Top 100| # | Trend | Count | Comparison |
|---|---|---|---|
| 1 | FormBook | 6 | ▼ -4 (-67%) |
| 2 | IoC | 5 | ▲ 3 (60%) |
| 3 | Report | 2 | - 0 (0%) |
| 4 | Education | 1 | ▲ new |
| 5 | United States | 1 | - 0 (0%) |
| 6 | Raccoon | 1 | ▲ new |
| 7 | Nanocore | 1 | ▲ new |
| 8 | Cobalt Strike | 1 | ▲ new |
| 9 | Malware | 1 | ▼ -2 (-200%) |
| 10 | Android | 1 | ▲ new |
| 11 | Phishing | 1 | - 0 (0%) |
| 12 | Campaign | 1 | ▼ -1 (-100%) |
| 13 | powershell | 1 | ▲ new |
| 14 | c&c | 1 | - 0 (0%) |
| 15 | Windows | 1 | - 0 (0%) |
| 16 | Remcos | 1 | ▼ -2 (-200%) |
| 17 | Microsoft | 1 | ▲ new |
| 18 | GameoverP2P | 1 | ▲ new |
| 19 | Xloader | 1 | ▼ -4 (-400%) |
| 20 | DYEPACK | 1 | ▲ new |
| 21 | Stealer | 1 | ▲ new |
| 22 | Linux | 1 | - 0 (0%) |
| 23 | RecordBreaker | 1 | ▲ new |
| 24 | Emotet | 1 | ▲ new |
| 25 | Malware download | 1 | ▲ new |
| 26 | onebodyonequranonline | 1 | ▲ new |
| 27 | ecksbadgirlsnet | 1 | ▲ new |
| 28 | omfycoffeecornersite | 1 | ▲ new |
| 29 | ioaceitnet | 1 | ▲ new |
| 30 | dubaicarparkxyz | 1 | ▲ new |
| 31 | progressreportsbs | 1 | ▲ new |
| 32 | tzurikclick | 1 | ▲ new |
| 33 | ejaonlineorg | 1 | ▲ new |
| 34 | livasionlive | 1 | ▲ new |
| 35 | greyareaclothingstore | 1 | ▲ new |
| 36 | RedLine | 1 | ▲ new |
| 37 | hellosweetienet | 1 | ▲ new |
| 38 | vaishnavixyz | 1 | ▲ new |
| 39 | MalSpam | 1 | ▼ -4 (-400%) |
| 40 | aramco | 1 | ▲ new |
| 41 | httpstco | 1 | ▲ new |
| 42 | Russia | 1 | ▲ new |
| 43 | China | 1 | ▲ new |
| 44 | Kaspersky | 1 | ▲ new |
| 45 | Advertising | 1 | ▼ -2 (-200%) |
Special keyword group
Top 5
Malware Type
This is the type of malware that is becoming an issue.
| Keyword | Average | Label |
|---|---|---|
| FormBook |
|
6 (40%) |
| Raccoon |
|
1 (6.7%) |
| Nanocore |
|
1 (6.7%) |
| Remcos |
|
1 (6.7%) |
| GameoverP2P |
|
1 (6.7%) |
Attacker & Actors
The status of the attacker or attack group being issued.
No data.
Country & Company
This is a country or company that is an issue.
| Keyword | Average | Label |
|---|---|---|
| United States |
|
1 (20%) |
| Microsoft |
|
1 (20%) |
| Russia |
|
1 (20%) |
| China |
|
1 (20%) |
| Kaspersky |
|
1 (20%) |
Malware Family
Top 5
A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.
Threat info
Last 5SNS
(Total : 5)FormBook IoC China Russia MalSpam Report Kaspersky
News
(Total : 1)FormBook IoC Education Windows Linux Stealer DYEPACK Xloader GameoverP2P Microsoft RecordBreaker powershell c&c United States RedLine Campaign Report Phishing Android Malware Cobalt Strike Nanocore Raccoon Remcos Emotet Advertising
| No | Title | Date |
|---|---|---|
| 1 | How MSSP Expertware Uses ANY.RUN’s Interactive Sandbox for Faster Threat Analysis - Malware.News | 2025.04.08 |
Additional information
| No | Title | Date |
|---|---|---|
| 1 | Tesla to Delay Production of Cheaper EVs, Reuters Reports - Bloomberg Technology | 2025.04.19 |
| 2 | When Vulnerability Information Flows are Vulnerable Themselves - Malware.News | 2025.04.19 |
| 3 | CISA warns threat hunting staff of end to Google, Censys contracts as agency cuts set in - Malware.News | 2025.04.19 |
| 4 | Radiology practice reportedly working with FBI after ‘data security incident’ - Malware.News | 2025.04.19 |
| 5 | Text scams grow to steal hundreds of millions of dollars - Malware.News | 2025.04.19 |
| View only the last 5 | ||
| No | Title | Date |
|---|---|---|
| 1 | How MSSP Expertware Uses ANY.RUN’s Interactive Sandbox for Faster Threat Analysis - Malware.News | 2025.04.08 |
| 2 | Technical Analysis of Xloader Versions 6 and 7 | Part 2 - Malware.News | 2025.02.14 |
| 3 | 3rd February – Threat Intelligence Report - Malware.News | 2025.02.06 |
| 4 | 3rd February – Threat Intelligence Report - Malware.News | 2025.02.06 |
| 5 | Technical Analysis of Xloader Versions 6 and 7 | Part 1 - Malware.News | 2025.01.28 |
| View only the last 5 | ||
| No | Request | Hash(md5) | Report No | Date |
|---|---|---|---|---|
| 1 |  csrss.exeFormbook Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File PE32 Device_File_Check OS Processor Ch | 67e4a0dc097ec49476cd4e56805e5e56 | 58946 | 2025.04.11 |
| 2 |  cosses.exeFormbook Process Kill Generic Malware Malicious Library FindFirstVolume CryptGenKey | c338c9cdccb21a6f023987865b4a6269 | 58240 | 2025.03.21 |
| 3 |  vfc.exeFormbook Process Kill Generic Malware Malicious Library FindFirstVolume CryptGenKey | 907d825de589180257b3cdd1515c7002 | 58242 | 2025.03.21 |
| 4 |  vsse.exeFormbook Process Kill Generic Malware Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Process | cd00eab486d24844b6ae7933c4514271 | 58243 | 2025.03.21 |
| 5 |  casos.exeFormbook Process Kill Generic Malware Malicious Library FindFirstVolume CryptGenKey | 7e45d87c02e2f5736fb0bf91f0b5b71f | 58241 | 2025.03.21 |
| View only the last 5 | ||||
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Created a process named as a common system process |
| notice | Performs some HTTP requests |
| notice | Sends data using the HTTP POST Method |
| notice | Steals private information from local Internet browsers |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks if process is being debugged by a debugger |
| Network | ET DROP Spamhaus DROP Listed Traffic Inbound group 26 |
| Network | ET INFO TLS Handshake Failure |
| Network | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) |
| Network | SURICATA Applayer Wrong direction first Data |
| No | Category | URL | CC | ASN Co | Date |
|---|---|---|---|---|---|
| 1 | c2 | http://www.meshki-co-uk.shop/b8n0/ | US  | CLOUDFLARENET | 2025.04.11 |
| 2 | c2 | http://www.nesuns.asia/ | 2025.03.26 | ||
| 3 | c2 | http://www.aifriendship.store/ | 2025.03.26 | ||
| 4 | c2 | http://www.seasay.xyz/ | NZ  | 174.net.nz Limited | 2025.02.12 |
| 5 | c2 | http://www.brothersharetender.xyz/zt2z/ | US | AMAZON-02 | 2025.02.03 |
| View only the last 5 | |||||
| No | URL | CC | ASN Co | Reporter | Date |
|---|---|---|---|---|---|
| 1 | https://link.storjshare.io/raw/jxhn64sg5f3hjwqbbctalsw4ivsa/office/r.txt DBatLoader Formbook ModiLoader | US | SPIRITTEL-AS | abuse_ch | 2025.04.17 |
| 2 | https://www.directdownloadlink.ru/wp-content/uploads/2025/04/r.txt ascii Encoded Formbook | NL  | SpectraIP B.V. | abuse_ch | 2025.04.17 |
| 3 | https://paste.ee/d/gJc2MRc7/0 ascii Encoded Formbook | abuse_ch | 2025.04.15 | ||
| 4 | http://192.3.26.143/440/hkcmd.exe DBatLoader exe Formbook opendir | US | AS-COLOCROSSING | abuse_ch | 2025.04.15 |
| 5 | http://192.3.26.143/470/csrss.exe exe Formbook opendir | US | AS-COLOCROSSING | abuse_ch | 2025.04.15 |
| View only the last 5 | |||||