Summary: 2025/05/03 16:18
First reported date: 2015/04/24
Inquiry period : 2025/04/03 16:18 ~ 2025/05/03 16:18 (1 months), 27 search results
전 기간대비 48% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Power attack Malware intelligence AI 입니다.
공격기술 RCE hacking Phishing 도 새롭게 확인됩니다.
기관 및 기업 Spain United States CISA dprk Okta North Korea Google Microsoft Symantec 도 새롭게 확인됩니다.
기타 Portugal outage Scotia Nova QRadar Security Suite 등 신규 키워드도 확인됩니다.
* 최근 뉴스기사 Top3:
ㆍ 2025/04/29 Spain and Portugal Power Outages Spark a Surge in Phishing Attacks
ㆍ 2025/04/26 How SBOMs power secure software acquisition | Sonatype Blog
ㆍ 2025/04/24 Power Parasites: Job & Investment Scam Campaign Targets Energy Companies and Major Brands
Trend graph by period
Related keyword cloud
Top 100Special keyword group
Top 5
Malware Type
This is the type of malware that is becoming an issue.
| Keyword | Average | Label |
|---|---|---|
| BlackSuit |
|
1 (100%) |
Attacker & Actors
The status of the attacker or attack group being issued.
| Keyword | Average | Label |
|---|---|---|
| Tick |
|
1 (100%) |
Country & Company
This is a country or company that is an issue.
| Keyword | Average | Label |
|---|---|---|
| Spain |
|
5 (22.7%) |
| United States |
|
2 (9.1%) |
| CISA |
|
1 (4.5%) |
| dprk |
|
1 (4.5%) |
| Okta |
|
1 (4.5%) |
Threat info
Last 5SNS
(Total : 13)Spain hacking Google attack intelligence CrowdStrike dprk Okta North Korea
News
(Total : 14)Malware attack RCE QRadar Security Suite IBM Exploit Phishing intelligence Data Center Report Attacker United States Email France Telegram Victim India BlackSuit LinkedIn Facebook Instagram Campaign Advertising target Banking Spain Indonesia Supply chain Software CISA OSINT payment Operation YouTube DLP IDC Symantec Microsoft German Germany Stealer Tick Japan hacking
| No | Title | Date |
|---|---|---|
| 1 | Spain and Portugal Power Outages Spark a Surge in Phishing Attacks - Cofense | 2025.04.29 |
| 2 | Save Cells from the Landfill, Get a Power Bank For Your Troubles - Hackaday | 2025.04.27 |
| 3 | How SBOMs power secure software acquisition | Sonatype Blog - Malware.News | 2025.04.26 |
| 4 | Power Parasites: Job & Investment Scam Campaign Targets Energy Companies and Major Brands - Malware.News | 2025.04.24 |
| 5 | Attackers stick with effective intrusion points, valid credentials and exploits - CyberScoop | 2025.04.22 |
Additional information
| No | Title | Date |
|---|---|---|
| 1 | The Double-Edged Sword of AI in Cybersecurity: Threats, Defenses & the Dark Web Insights Report 2025 - Malware.News | 2025.05.03 |
| 2 | US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks - Malware.News | 2025.05.03 |
| 3 | On world password day, Microsoft says fewer passwords, more passkeys - Malware.News | 2025.05.03 |
| 4 | Pro-Russian hacktivists intensify DDoS attacks on Dutch orgs - Malware.News | 2025.05.03 |
| 5 | Malware gains persistence by mimicking WordPress security plugin - Malware.News | 2025.05.03 |
| View only the last 5 | ||
| No | Title | Date |
|---|---|---|
| 1 | How SBOMs power secure software acquisition | Sonatype Blog - Malware.News | 2025.04.26 |
| 2 | Power Parasites: Job & Investment Scam Campaign Targets Energy Companies and Major Brands - Malware.News | 2025.04.24 |
| 3 | Attackers stick with effective intrusion points, valid credentials and exploits - CyberScoop | 2025.04.22 |
| 4 | [NEU] [hoch] IBM Power Hardware Management Console: Mehrere Schwachstellen - IT Sicherheitsnews | 2025.04.22 |
| 5 | [NEU] [hoch] IBM Power Hardware Management Console: Schwachstelle ermöglicht Privilegieneskalation - IT Sicherheitsnews | 2025.04.22 |
| View only the last 5 | ||
| Level | Description |
|---|---|
| danger | The processes wscript.exe |
| danger | Executed a process and injected code into it |
| warning | Generates some ICMP traffic |
| watch | A potential heapspray has been detected. 79 megabytes was sprayed onto the heap of the powershell.exe process |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Code injection by writing an executable or DLL to the memory of another process |
| watch | Communicates with host for which no DNS query was performed |
| watch | Creates a windows hook that monitors keyboard input (keylogger) |
| watch | Network communications indicative of a potential document or script payload download was initiated by the process powershell.exe |
| watch | One or more non-whitelisted processes were created |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | A process attempted to delay the analysis task. |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | Executes one or more WMI queries |
| notice | File has been identified by 6 AntiVirus engines on VirusTotal as malicious |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Moves the original executable to a new location |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Poweshell is sending data to a remote host |
| notice | URL downloaded by powershell script |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Queries for the computername |
| info | Uses Windows APIs to generate a cryptographic key |
| Network | ET JA3 Hash - Remcos 3.x TLS Connection |