Summary: 2025/04/17 12:59
First reported date: 2016/08/25
Inquiry period : 2025/04/16 12:59 ~ 2025/04/17 12:59 (1 days), 1 search results
지난 7일 기간대비 100% 높은 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 AgentTesla 입니다.
공격기술 MalSpam Campaign 도 새롭게 확인됩니다.
기타 ThreatProtection deliver multistage 신규 키워드도 확인됩니다.
A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. Ref.
참고로 동일한 그룹의 악성코드 타입은 FormBook QakBot RedLine 등 101개 종이 확인됩니다.
Trend graph by period
Related keyword cloud
Top 100| # | Trend | Count | Comparison |
|---|---|---|---|
| 1 | ThreatProtection | 1 | ▲ new |
| 2 | MalSpam | 1 | ▲ new |
| 3 | AgentTesla | 1 | ▲ 1 (100%) |
| 4 | deliver | 1 | ▲ new |
| 5 | multistage | 1 | ▲ new |
| 6 | Campaign | 1 | ▲ new |
Special keyword group
Top 5
Malware Type
This is the type of malware that is becoming an issue.
| Keyword | Average | Label |
|---|---|---|
| AgentTesla |
|
1 (100%) |
Attacker & Actors
The status of the attacker or attack group being issued.
No data.
Country & Company
This is a country or company that is an issue.
No data.
Malware Family
Top 5
A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.
Threat info
Last 5SNS
(Total : 1)News
(Total : 0)No data.
Additional information
| No | Title | Date |
|---|---|---|
| 1 | 엔디비아 'AI 심장부' GPU에 보안 구멍.. '즉시 패치' 비상 - 시큐리티팩트 | 2025.04.17 |
| 2 | Hi, robot: Half of all internet traffic now automated - Malware.News | 2025.04.17 |
| 3 | Zoom Sees Outage With 50,000 Users Reporting Availability Issues - Bloomberg Technology | 2025.04.17 |
| 4 | Nude photos and names: KU Health and Kansas hospital sued for data breach - Malware.News | 2025.04.17 |
| 5 | DeepSeek Poses ‘Profound’ Security Threat, US House Panel Claims - Bloomberg Technology | 2025.04.17 |
| View only the last 5 | ||
| No | Title | Date |
|---|---|---|
| 1 | What Is The New Steganographic Campaign Distributing Multiple Malware - Malware.News | 2025.03.17 |
| 2 | Campagna AgentTesla ritorna in azione dopo un attacco fallito: aggiornato loader e nuove tecniche di cifratura - Malware.News | 2024.12.02 |
| 3 | ESRC 주간 Email 위협 통계 (6월 첫째주) - 이스트시큐리티 알약 블로그... | 2024.06.04 |
| 4 | ESRC 주간 Email 위협 통계 (6월 첫째주) - 이스트시큐리티 알약 블로그... | 2024.06.04 |
| 5 | ESRC 주간 Email 위협 통계 (6월 첫째주) - 이스트시큐리티 알약 블로그... | 2024.06.04 |
| View only the last 5 | ||
| No | Request | Hash(md5) | Report No | Date |
|---|---|---|---|---|
| 1 |  ori.jsAgentTesla Hide_EXE Malicious Library Malicious Packer UPX PE File OS Memory Check .NET EXE PE32 OS Processor Check OS Name Check | 01e995c96291c13d4ec3a08ebcdca4f6 | 58912 | 2025.04.09 |
| 2 |  singer.exeAgentTesla Malicious Library .NET framework(MSIL) PWS KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 | c65f4749e6f2262761814de48341a4ba | 58166 | 2025.03.17 |
| 3 |  singer.exeAgentTesla Malicious Library .NET framework(MSIL) PWS KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 | b0a7ffb9d597ceb2ab1b7a8b8e0bd097 | 58179 | 2025.03.17 |
| 4 |  BELIEVVE.exeAgentTesla Malicious Library Malicious Packer UPX PE File OS Memory Check .NET EXE PE32 OS Processor Check OS Name Check | 2ec0e8114c49cba545e0cfd5e4a12ddf | 58088 | 2025.03.16 |
| 5 |  EMAIL.exeAgentTesla Malicious Library Malicious Packer UPX PE File OS Memory Check .NET EXE PE32 OS Processor Check OS Name Check | 1d6485deef98e3e3ffd59ec9e2815771 | 58091 | 2025.03.16 |
| View only the last 5 | ||||
| Level | Description |
|---|---|
| danger | The process wscript.exe wrote an executable file to disk which it then attempted to execute |
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| watch | A process attempted to delay the analysis task. |
| watch | Creates a windows hook that monitors keyboard input (keylogger) |
| watch | Drops a binary and executes it |
| watch | Harvests credentials from local email clients |
| watch | Looks for the Windows Idle Time to determine the uptime |
| watch | Makes SMTP requests |
| watch | One or more non-whitelisted processes were created |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Connects to smtp.gmail.com |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | Steals private information from local Internet browsers |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
| Network | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) |
| Network | SURICATA Applayer Detect protocol only one direction |
| No | Category | URL | CC | ASN Co | Date |
|---|---|---|---|---|---|
| 1 | c2 | http://mail.chinaplasticsac.com/ | US  | Radware Ltd | 2025.03.18 |
| 2 | c2 | http://ftp.concaribe.com/ | US | UNIFIEDLAYER-AS-1 | 2025.03.17 |
| 3 | c2 | http://ftp.antoniomayol.com/ | US | UNIFIEDLAYER-AS-1 | 2024.09.19 |
| 4 | c2 | http://ftp.jeepcommerce.rs/ | RS  | BeotelNet-ISP d.o.o | 2024.09.19 |
| 5 | c2 | http://smtp.coxenregy.com/ | US | PUBLIC-DOMAIN-REGISTRY | 2024.08.08 |
| View only the last 5 | |||||
| No | URL | CC | ASN Co | Reporter | Date |
|---|---|---|---|---|---|
| 1 | https://paste.ee/d/wgmq7eQD/0 AgentTesla ascii Encoded | abuse_ch | 2025.04.15 | ||
| 2 | https://paste.ee/d/gkS5S6ML AgentTesla ascii powershell | abuse_ch | 2025.04.15 | ||
| 3 | https://www.klapalevanda.com/sd/cdbMMDaCnqc244.bin AgentTesla encrypted GuLoader | HR  | Sedmi Odjel d.o.o. | abuse_ch | 2025.04.15 |
| 4 | https://www.klapalevanda.com/sd/Perosomus.pfb AgentTesla ascii Encoded GuLoader | HR | Sedmi Odjel d.o.o. | abuse_ch | 2025.04.15 |
| 5 | http://176.65.142.190/host/NEWFILEEE.ps1 AgentTesla | DE  | JAMESWT_WT | 2025.04.11 | |
| View only the last 5 | |||||