Trend graph by period
Special keyword group
Top 5
Malware Type
This is the type of malware that is becoming an issue.
No data.
Attacker & Actors
The status of the attacker or attack group being issued.
No data.
Technique
This is an attack technique that is becoming an issue.
| Keyword | Average | Label |
|---|---|---|
| Exploit |
|
1 (100%) |
Country & Company
This is a country or company that is an issue.
No data.
Threat info
Last 5SNS
(Total : 1)
Total keyword
News
(Total : 0)No data.
Additional information
| No | Title | Date |
|---|---|---|
| 1 | 28th April – Threat Intelligence Report - Malware.News | 2025.04.28 |
| 2 | Navigating Through The Fog - Malware.News | 2025.04.28 |
| 3 | Huawei Set to Test Powerful AI Chip to Rival Nvidia’s, WSJ Says - Bloomberg Technology | 2025.04.28 |
| 4 | Gamers Beware! New Attack Targets Gamers to Deploy AgeoStealer Malware - Malware.News | 2025.04.26 |
| 5 | Threat Hunting: For what, when, and how? - Malware.News | 2025.04.26 |
| View only the last 5 | ||
| No | Title | Date |
|---|---|---|
| 1 | SVC New Stealer on the Horizon - Malware.News | 2025.03.21 |
| 2 | SVC New Stealer on the Horizon - Malware.News | 2025.03.21 |
| 3 | Top 10 Cyber Threats of 2024 - Malware.News | 2024.12.09 |
| 4 | Top 10 Cyber Threats of 2024 - Malware.News | 2024.12.09 |
| 5 | Top 10 Cyber Threats of 2024 - Malware.News | 2024.12.09 |
| View only the last 5 | ||
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| watch | Attempts to identify installed AV products by installation directory |
| watch | Checks for the presence of known devices from debuggers and forensic tools |
| watch | Checks for the presence of known windows from debuggers and forensic tools |
| watch | Checks the version of Bios |
| watch | Communicates with host for which no DNS query was performed |
| watch | Deletes executed files from disk |
| watch | Detects VMWare through the in instruction feature |
| watch | Installs itself for autorun at Windows startup |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | A process attempted to delay the analysis task. |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | An executable file was downloaded by the process namez.exe |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | Expresses interest in specific running processes |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| notice | Potentially malicious URLs were found in the process memory dump |
| notice | Queries for potentially installed applications |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | Sends data using the HTTP POST Method |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
| info | Uses Windows APIs to generate a cryptographic key |
| Network | ET DROP Spamhaus DROP Listed Traffic Inbound group 32 |
| Network | ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response |
| Network | ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) |
| Network | ET INFO Executable Download from dotted-quad Host |
| Network | ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download |
| Network | ET INFO Packed Executable Download |
| Network | ET MALWARE Amadey CnC Response |
| Network | ET POLICY PE EXE or DLL Windows file download HTTP |
| Network | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) |
| Network | SURICATA TLS invalid record type |
| Network | SURICATA TLS invalid record/traffic |
No data
| No | URL | CC | ASN Co | Reporter | Date |
|---|---|---|---|---|---|
| 1 | http://209.141.49.113/1.c c cve-2021-4034 | US  | PONYNET | NDA0E | 2025.04.19 |
| 2 | http://196.251.71.193/PwnKit/PwnKit.c c cve-2021-4034 opendir | GH  | Web4Africa | NDA0E | 2025.02.27 |
| 3 | http://ydl-v2.mhdy.site/c.arm botnetdomain c elf | RU  | Metroset | NDA0E | 2024.09.05 |
| 4 | http://cnc.ghty.online/c.arm6 botnetdomain c elf | RU | Metroset | NDA0E | 2024.09.05 |
| 5 | http://cnc.ghty.online/c.arm7 botnetdomain c elf | RU | Metroset | NDA0E | 2024.09.05 |
| View only the last 5 | |||||
Beta Service, If you select keyword, you can check detailed information.