Summary: 2025/04/17 10:06
First reported date: 2015/03/11
Inquiry period : 2025/04/16 10:06 ~ 2025/04/17 10:06 (1 days), 1 search results
지난 7일 기간대비 동일한 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 Operation RCE intelligence Report Malware 입니다.
악성코드 유형 QakBot RATel Ransomware Black Basta 도 새롭게 확인됩니다.
공격기술 Campaign 도 새롭게 확인됩니다.
기타 Advertising engineering rule detection attack 등 신규 키워드도 확인됩니다.
* 최근 뉴스기사 Top3:
ㆍ 2025/04/16 Streamlining detection engineering in security operation centers
Trend graph by period
Related keyword cloud
Top 100| # | Trend | Count | Comparison |
|---|---|---|---|
| 1 | QakBot | 1 | ▲ new |
| 2 | Advertising | 1 | ▲ new |
| 3 | engineering | 1 | ▲ new |
| 4 | SOC | 1 | - 0 (0%) |
| 5 | rule | 1 | ▲ new |
| 6 | detection | 1 | ▲ new |
| 7 | Operation | 1 | ▲ 1 (100%) |
| 8 | attack | 1 | ▲ new |
| 9 | target | 1 | ▲ new |
| 10 | Software | 1 | ▲ new |
| 11 | RCE | 1 | ▲ 1 (100%) |
| 12 | intelligence | 1 | ▲ 1 (100%) |
| 13 | Update | 1 | ▲ new |
| 14 | Vulnerability | 1 | ▲ new |
| 15 | Windows | 1 | ▲ new |
| 16 | Linux | 1 | ▲ new |
| 17 | RATel | 1 | ▲ new |
| 18 | Cyber Kill Chain | 1 | ▲ new |
| 19 | Ransomware | 1 | ▲ new |
| 20 | Black Basta | 1 | ▲ new |
| 21 | Distribution | 1 | ▲ new |
| 22 | Campaign | 1 | ▲ new |
| 23 | Report | 1 | ▲ 1 (100%) |
| 24 | Malware | 1 | ▲ 1 (100%) |
| 25 | time | 1 | ▲ 1 (100%) |
Special keyword group
Top 5
Malware Type
This is the type of malware that is becoming an issue.
| Keyword | Average | Label |
|---|---|---|
| QakBot |
|
1 (25%) |
| RATel |
|
1 (25%) |
| Ransomware |
|
1 (25%) |
| Black Basta |
|
1 (25%) |
Attacker & Actors
The status of the attacker or attack group being issued.
| Keyword | Average | Label |
|---|
Country & Company
This is a country or company that is an issue.
No data.
Threat info
Last 5SNS
(Total : 0)No data.
News
(Total : 1)
Total keyword
QakBot Advertising Operation attack target Software RCE intelligence Update Vulnerability Windows Linux RATel Cyber Kill Chain Ransomware Black Basta Distribution Attacker Campaign Report Malware
| No | Title | Date |
|---|---|---|
| 1 | Streamlining detection engineering in security operation centers - Malware.News | 2025.04.16 |
Additional information
| No | Title | Date |
|---|---|---|
| 1 | Hi, robot: Half of all internet traffic now automated - Malware.News | 2025.04.17 |
| 2 | Zoom Sees Outage With 50,000 Users Reporting Availability Issues - Bloomberg Technology | 2025.04.17 |
| 3 | Nude photos and names: KU Health and Kansas hospital sued for data breach - Malware.News | 2025.04.17 |
| 4 | DeepSeek Poses ‘Profound’ Security Threat, US House Panel Claims - Bloomberg Technology | 2025.04.17 |
| 5 | 6,000 WordPress Sites Affected by Arbitrary File Move Vulnerability in Drag and Drop Multiple File Upload for WooCommerce WordPress Plugin - Malware.News | 2025.04.17 |
| View only the last 5 | ||
| No | Title | Date |
|---|---|---|
| 1 | Winter 2024 SOC 1 report is now available with 183 services in scope - AWS Security Blog | 2025.03.27 |
| 2 | SOC and Awe — How Autonomous Security Is Changing the Game - Malware.News | 2025.03.18 |
| 3 | Helping us help you: Practical applications of AI in the SOC - Rapid7 | 2025.03.11 |
| 4 | The AI Analyst Advantage: The Complete Package With Built-In Reverse Engineering - Malware.News | 2025.02.12 |
| 5 | Work Smarter in 2025: 7 Benefits of Automating CTI into SOC Activities Copy - Malware.News | 2025.02.11 |
| View only the last 5 | ||
| Level | Description |
|---|---|
| danger | Disables Windows Security features |
| danger | Executed a process and injected code into it |
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Appends a known multi-family ransomware file extension to files that have been encrypted |
| watch | Attempts to access Bitcoin/ALTCoin wallets |
| watch | Attempts to disable Windows Auto Updates |
| watch | Attempts to stop active services |
| watch | Checks for the presence of known devices from debuggers and forensic tools |
| watch | Checks for the presence of known windows from debuggers and forensic tools |
| watch | Checks the CPU name from registry |
| watch | Checks the version of Bios |
| watch | Collects information about installed applications |
| watch | Communicates with host for which no DNS query was performed |
| watch | Detects the presence of Wine emulator |
| watch | Detects VirtualBox through the presence of a registry key |
| watch | Detects VMWare through the in instruction feature |
| watch | Found URLs in memory pointing to an IP address rather than a domain (potentially indicative of Command & Control traffic) |
| watch | Harvests credentials from local email clients |
| watch | Harvests credentials from local FTP client softwares |
| watch | Installs itself for autorun at Windows startup |
| watch | Network activity contains more than one unique useragent |
| watch | One or more non-whitelisted processes were created |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Uses Sysinternals tools in order to add additional command line functionality |
| notice | A process attempted to delay the analysis task. |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | An application raised an exception which may be indicative of an exploit crash |
| notice | An executable file was downloaded by the process bugai.exe |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Creates hidden or system file |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | Expresses interest in specific running processes |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Looks up the external IP address |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Potentially malicious URLs were found in the process memory dump |
| notice | Queries for potentially installed applications |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | Steals private information from local Internet browsers |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Collects information to fingerprint the system (MachineGuid |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | Tries to locate where the browsers are installed |
| Network | ET DROP Spamhaus DROP Listed Traffic Inbound group 22 |
| Network | ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response |
| Network | ET INFO Executable Download from dotted-quad Host |
| Network | ET INFO Packed Executable Download |
| Network | ET MALWARE [ANY.RUN] RisePro TCP (Activity) |
| Network | ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) |
| Network | ET MALWARE [ANY.RUN] RisePro TCP (Token) |
| Network | ET MALWARE RisePro CnC Activity (Inbound) |
| Network | ET MALWARE RisePro TCP Heartbeat Packet |
| Network | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile |
| Network | ET POLICY PE EXE or DLL Windows file download HTTP |
| Network | ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) |
| Network | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) |
No data
No data
Beta Service, If you select keyword, you can check detailed information.