Cyber Threat Trends

Summary: 2025/04/18 11:18

First reported date: 2014/10/31
Inquiry period : 2025/04/11 11:17 ~ 2025/04/18 11:17 (7 days), 2 search results

전 기간대비 신규 트렌드를 보이고 있습니다.
기관 및 기업 United States US 도 새롭게 확인됩니다.
기타 FTP access Sale Alleged Report 등 신규 키워드도 확인됩니다.

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	FTP	2	▲ new
2	access	2	▲ new
3	Sale	2	▲ new
4	United States	2	▲ new
5	Alleged	1	▲ new
6	Report	1	▲ new
7	target	1	▲ new
8	US	1	▲ new
9	Corporation	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

No data.

Attacker & Actors

The status of the attacker or attack group being issued.

No data.

Technique

This is an attack technique that is becoming an issue.

No data.

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
United States		2 (66.7%)
US		1 (33.3%)

Threat info

Last 5

SNS

(Total : 2)

Total keyword

United States Report target US

No	Title	Date
1	Dark Web Informer - Cyber Threat Intelligence @DarkWebInformer ???? FTP Access for Sale – $20.9B US Corporation Threat actor is offering super_admin FTP access to a major U.S. company: ???? 29,945 employees ???? Revenue: $20.9 Billion ???? Access includes 4 accounts with elevated privileges ???? Price: $2,000 https://t.co/tn0cA3JsBC	2025.04.12
2	ThreatMon @MonThreat ???????? ???? Alleged Sale of FTP Access to Major U.S. Corporation A threat actor claims to be offering FTP access with super admin privileges to a large U.S.-based corporation. The access reportedly spans 4 high-level accounts. The targeted company is said to employ approximately https://t.co/h5kh	2025.04.12

News

(Total : 0)

No data.

Additional information

No	Title	Date
1	Japan FSA Says Hacked Online Trading Reaches About $700 Million - Bloomberg Technology	2025.04.18
2	Secure legacy Oracle cloud credentials amid leak reports, CISA warns - Malware.News	2025.04.18
3	가짜 돈·위조품 '꼼짝마!'.. 보안 잉크 아세요? - 시큐리티팩트	2025.04.18
4	Care what you share - Malware.News	2025.04.18
5	Inside Black Basta: Ransomware Resilience and Evolution After the Leak - Malware.News	2025.04.18
View only the last 5

No	Title	Date
1	Microsoft: Hacked Solarwinds FTP Software Lacked Basic Anti-Exploit Mitigation - Securityweek	2021.09.03
2	10 Tips to Protect Your Company’s Data in 2021 - Security Boulevard	2021.01.22
3	Google Keeps Support for FTP in Chrome - securityweek.com	2020.04.15
4	Google reenables FTP support in Chrome due to pandemic - Bleeping Computer	2020.04.14
5	Google Has Started Removing FTP Support From Chrome - Bleeping Computer	2019.08.16
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	http://www.cipd.org/globalasse... Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File PNG Format JPEG Format	4e58a191b515eed2a9894dc8698bc5c0	59078	2025.04.18
2	layout.bin Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File	72c582ab7db10af86a90608f98e5e614	59058	2025.04.17
3	os.dat Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File	af1d8d9435cb10fe2f4b4215eaf6bec4	59059	2025.04.17
4	setup.bmp Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM BMP Format MSOffice File	f1874e4041a511771e01e079227ca8ca	59060	2025.04.17
5	SETUP.INI Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File	ac9d9386a57420db9299eb1be1fa82de	59062	2025.04.17
View only the last 5

Level	Description
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	Performs some HTTP requests
notice	Potentially malicious URLs were found in the process memory dump
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
Network	ET INFO TLS Handshake Failure
Network	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

No data

No	URL	CC	ASN Co	Reporter	Date
1	http://185.225.17.58/arm7 bash curl ftp tftp wget	RO	MivoCloud SRL	Ash_XSS_1	2025.01.26

Beta Service, If you select keyword, you can check detailed information.

Cyber Threat Trends

Summary: 2025/04/18 11:18

Trend graph by period

Related keyword cloud

Special keyword group

Malware Type

Attacker & Actors

Technique

Country & Company

Threat info

SNS

News

Additional information

Top10 search keywords

Submissions

Report

Company