Cyber Threat Trends

Summary: 2025/04/19 12:12

First reported date: 2015/07/05
Inquiry period : 2025/03/20 12:12 ~ 2025/04/19 12:12 (1 months), 3 search results

전 기간대비 신규 트렌드를 보이고 있습니다.
공격기술 Dropper 도 새롭게 확인됩니다.
기타 PS abusech Low coyote job 등 신규 키워드도 확인됩니다.

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	PS	3	▲ new
2	abusech	2	▲ new
3	Low	1	▲ new
4	Dropper	1	▲ new
5	coyote	1	▲ new
6	job	1	▲ new
7	priyaa	1	▲ new
8	bcd	1	▲ new
9	uploaded	1	▲ new
10	Anybody	1	▲ new
11	hell	1	▲ new
12	Gabon	1	▲ new
13	Operation	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

No data.

Attacker & Actors

The status of the attacker or attack group being issued.

No data.

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Dropper		1 (100%)

Country & Company

This is a country or company that is an issue.

No data.

Threat info

Last 5

SNS

(Total : 3)

Total keyword

Dropper Operation

No	Title	Date
1	Szabolcs Schmidt @smica83 Anybody knows what the hell is this? This PS uploaded from Gabon @abuse_ch https://t.co/u4iuDRfa6b @_operations6_ @_priyaa_1 @500mk500 https://t.co/gTKAgynQTt	2025.04.15
2	Szabolcs Schmidt @smica83 Thanks for tagging @_priyaa_1 This PS 'bcd21beea7e7aad25d85c15f22a047bdf2501154534ea2b9a4988a16e497924f' is uploaded @abuse_ch https://t.co/pygmC7IvD3 Keep up the good work, Priya :) https://t.co/nhWaErSiB6	2025.04.14
3	Szabolcs Schmidt @smica83 Low detected PS dropper with coyote job offer PDF @abuse_ch https://t.co/n25ywgPTTD Original @Dropbox URL https://www.dropbox(.)com/scl/fi/npwqv7n691bj39mlbdcjw/A7OLBWCH87.txt?rlkey=qkg3nzi36z60u3rxtcwq52jca&dl=1 @JAMESWT_WT https://t.co/AlYEZnm1pD	2025.04.08

News

(Total : 0)

No data.

Additional information

No	Title	Date
1	Tesla to Delay Production of Cheaper EVs, Reuters Reports - Bloomberg Technology	2025.04.19
2	When Vulnerability Information Flows are Vulnerable Themselves - Malware.News	2025.04.19
3	CISA warns threat hunting staff of end to Google, Censys contracts as agency cuts set in - Malware.News	2025.04.19
4	Radiology practice reportedly working with FBI after ‘data security incident’ - Malware.News	2025.04.19
5	Text scams grow to steal hundreds of millions of dollars - Malware.News	2025.04.19
View only the last 5

No	Title	Date
1	The 4 P’s of Customer Engagement - CIO Security	2022.03.23

No	Request	Hash(md5)	Report No	Date
1	886535bbe925890a01f49f49f49fee... Generic Malware HWP PS PostScript Antivirus AntiDebug AntiVM MSOffice File Lnk Format GIF Format PowerShell	886535bbe925890a01f49f49f49fee40	52188	2024.08.01
2	부가가치세 수정신고 안내(부가가치세사무처리규정).hwp... Generic Malware Malicious Library Antivirus HWP PS PostScript AntiDebug AntiVM GIF Format Lnk Format PE File PE32 CAB JPEG Format MSOffice File	6eee6fa92a270b1f32390eec50512eea	51261	2024.06.27
3	부가가치세 수정신고 안내(부가가치세사무처리규정).hwp... Generic Malware Malicious Library HWP PS PostScript Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell CAB PE32 PE File MSOffice File JPEG Format	0777cbcc96dd9a2d4319a4bf9404bba7	50878	2024.06.12
4	03e297f4a0ac3f262ca8ae50f9e14d... HWP PS PostScript UPX MSOffice File Lnk Format GIF Format PE File PE32 OS Processor Check JPEG Format	4c033029dd47e1029ff45d550d5811f9	49080	2024.03.25
5	03e297f4a0ac3f262ca8ae50f9e14d... HWP PS PostScript UPX MSOffice File JPEG Format PE File PE32 OS Processor Check Lnk Format GIF Format	4c033029dd47e1029ff45d550d5811f9	49081	2024.03.25
View only the last 5

Level	Description
warning	File has been identified by 27 AntiVirus engines on VirusTotal as malicious
watch	Creates a suspicious Powershell process
watch	Network communications indicative of a potential document or script payload download was initiated by the process powershell.exe
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
watch	The process powershell.exe wrote an executable file to disk
notice	A process created a hidden window
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Checks adapter addresses which can be used to detect virtual network interfaces
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Creates a shortcut to an executable file
notice	Creates a suspicious process
notice	Poweshell is sending data to a remote host
notice	URL downloaded by powershell script
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	Command line console output was observed
info	Queries for the computername
info	Uses Windows APIs to generate a cryptographic key
Network	ET POLICY [401TRG] DropBox Access via API (SNI)
Network	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

No data

No	URL	CC	ASN Co	Reporter	Date
1	https://pastebin.com/raw/uh1GCpxx ascii powershell ps	US		abuse_ch	2025.02.07
2	http://87.120.120.56/crypt/laser.ps1 ps Ranpack	BG	Yuri Jordanov Ltd.	SanchoZZ	2025.02.04
3	https://0x0.st/8-5S.ps1 ascii MassLogger powershell ps	DE		abuse_ch	2025.01.22
4	https://paste.ee/d/IWZXK/0 ps	US		abus3reports	2024.12.06
5	https://paste.ee/d/GDlGg/0 ps	US	CLOUDFLARENET	abus3reports	2024.12.06
View only the last 5

Beta Service, If you select keyword, you can check detailed information.

Cyber Threat Trends

Summary: 2025/04/19 12:12

Trend graph by period

Related keyword cloud

Special keyword group

Malware Type

Attacker & Actors

Technique

Country & Company

Threat info

SNS

News

Additional information

Top10 search keywords

Submissions

Report

Company