Cyber Threat Trends

Summary: 2025/04/29 04:49

First reported date: 2017/10/30
Inquiry period : 2025/03/30 04:49 ~ 2025/04/29 04:49 (1 months), 5 search results

전 기간대비 40% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Es 입니다.
악성코드 유형 NetWireRC rurat RMS 도 새롭게 확인됩니다.
기관 및 기업 UN Google PayPal 도 새롭게 확인됩니다.
기타 geht Chrome Bytedance desactivar persistencia 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/13 Bytedance: Geht es wirklich um Social Media oder ist Tiktok nur ein Mittel zum KI-Zweck?
    ㆍ 2025/04/11 Einigung auf Koalitionsvertrag: Wie geht es weiter?
    ㆍ 2025/04/02 Google Chrome: Mehrere Schwachstellen

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	Es	5	▲ 2 (40%)
2	geht	2	▲ new
3	Chrome	1	▲ new
4	Bytedance	1	▲ new
5	UN	1	▲ new
6	NetWireRC	1	▲ new
7	desactivar	1	▲ new
8	persistencia	1	▲ new
9	instalar	1	▲ new
10	Además	1	▲ new
11	rurat	1	▲ new
12	um	1	▲ new
13	wirklich	1	▲ new
14	TikTok	1	▲ new
15	Software	1	- 0 (0%)
16	Google	1	▲ new
17	Wie	1	▲ new
18	Einigung	1	▲ new
19	Koalitionsvertrag	1	▲ new
20	posible	1	▲ new
21	tenpocl	1	▲ new
22	PayPal	1	▲ new
23	saamux	1	▲ new
24	Mehrere	1	▲ new
25	Schwachstellen	1	▲ new
26	RMS	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
NetWireRC		1 (33.3%)
rurat		1 (33.3%)
RMS		1 (33.3%)

Attacker & Actors

The status of the attacker or attack group being issued.

No data.

Technique

This is an attack technique that is becoming an issue.

No data.

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
UN		1 (33.3%)
Google		1 (33.3%)
PayPal		1 (33.3%)

Threat info

Last 5

SNS

(Total : 2)

Total keyword

PayPal rurat NetWireRC UN RMS

No	Title	Date
1	Germán Fernández @1ZRR4H 2/ Además de instalar persistencia, desactivar AV's y eliminar arranque en modo seguro (entre otras cosas), también implementa: 1.- "fisherprice.msi" es #RuRAT (Remote Utilities) con conexión hacia el dominio ru.elquecreeenmiviviraporsiempre.xyz ???? 2.- "4.dll" es un binario en https://t.co/hgNLs9	2025.04.24
2	Germán Fernández @1ZRR4H @saamux @PayPal @tenpocl Es posible que esa persona siga en Tenpo, probablemente alguien con algún tipo de acceso o conocimiento muy profundo del código y/o las bases de datos. A día de hoy siguen pasando cosas muy raras ???? https://t.co/pQb1ydtws3	2025.04.03

News

(Total : 3)

Total keyword

Chrome Google TikTok Software

No	Title	Date
1	Bytedance: Geht es wirklich um Social Media oder ist Tiktok nur ein Mittel zum KI-Zweck? - IT Sicherheitsnews	2025.04.13
2	Einigung auf Koalitionsvertrag: Wie geht es weiter? - IT Sicherheitsnews	2025.04.11
3	Google Chrome: Mehrere Schwachstellen - IT Sicherheitsnews	2025.04.02

Additional information

No	Title	Date
1	FBI Reports ₹1.38 Lakh Crore Loss in 2024, a 33% Surge from 2023 - Malware.News	2025.04.29
2	US intensifies Salt Typhoon crackdown with public info request - Malware.News	2025.04.29
3	Trump moves threaten US cyber defenses, says former CISA director Easterly - Malware.News	2025.04.29
4	Escalating attacks against Ivanti VPN appliances expected - Malware.News	2025.04.29
5	Critical Planet Technology switch vulnerabilities pose total takeover risk - Malware.News	2025.04.29
View only the last 5

No	Title	Date
1	Google Chrome: Mehrere Schwachstellen - IT Sicherheitsnews	2025.04.02
2	Google Chrome: Mehrere Schwachstellen - IT Sicherheitsnews	2025.02.20
3	Google Maps: Dieses neue Symbol soll Autofahrern helfen – was es bedeutet - IT Sicherheitsnews	2025.02.08
4	Google Chrome: Mehrere Schwachstellen - IT Sicherheitsnews	2024.12.11
5	Whatsapp könnt ihr auch über Google Gemini nutzen: So funktioniert es - IT Sicherheitsnews	2024.12.06
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	done.exe Client SW User Data Stealer Emotet Gen1 browser info stealer EnigmaProtector Generic Malware Google Chrome User Data Downloader Malicious Library UPX Malicious Packer .NET framework(MSIL) Http API PWS Code injection Create Service Socket DGA ScreenShot Es	750730cacee06f5b29188ef5050ff7ab	47462	2024.01.16
2	pushprocess.exe PWS[m] NPKI Emotet RAT PWS .NET framework Generic Malware Downloader task schedule UPX Malicious Library Malicious Packer Antivirus Create Service DGA Socket ScreenShot DNS Internet API Code injection Sniff Audio HTTP Steal credential KeyLogger P2P Es	388d0278aa8bd2dadf5b266a4977be7f	31629	2022.09.06
3	kizuna.exe PWS[m] NPKI Emotet RAT PWS .NET framework Generic Malware Downloader task schedule UPX Malicious Library Malicious Packer Antivirus Create Service DGA Socket ScreenShot DNS Internet API Code injection Sniff Audio HTTP Steal credential KeyLogger P2P Es	10cc003a69a348849797e27eb11d74ea	31247	2022.08.26
4	zxcv.EXE PWS Loki[b] Loki[m] Raccoon Stealer RAT .NET framework Gen1 Gen2 Generic Malware UPX Malicious Packer Malicious Library Antivirus DNS Socket KeyLogger HTTP Internet API ScreenShot Http API Steal credential DGA Create Service Sniff Audio Es	7fb10b8ea68c1e0064730018fca3cb39	14506	2021.08.09

Level	Description
danger	Executed a process and injected code into it
danger	File has been identified by 37 AntiVirus engines on VirusTotal as malicious
watch	Allocates execute permission to another process indicative of possible code injection
watch	Appends a known multi-family ransomware file extension to files that have been encrypted
watch	Communicates with host for which no DNS query was performed
watch	Found URLs in memory pointing to an IP address rather than a domain (potentially indicative of Command & Control traffic)
watch	Installs itself for autorun at Windows startup
watch	One or more non-whitelisted processes were created
watch	Potential code injection by writing to the memory of another process
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
watch	Uses Sysinternals tools in order to add additional command line functionality
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	An application raised an exception which may be indicative of an exploit crash
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	Creates executable files on the filesystem
notice	Drops an executable to the user AppData folder
notice	One or more potentially interesting buffers were extracted
notice	Performs some HTTP requests
notice	Potentially malicious URLs were found in the process memory dump
notice	Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
notice	Starts servers listening
notice	Steals private information from local Internet browsers
notice	Terminates another process
notice	The binary likely contains encrypted or compressed data indicative of a packer
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	One or more processes crashed
info	The file contains an unknown PE resource name possibly indicative of a packer
info	This executable has a PDB path
info	Tries to locate where the browsers are installed
Network	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

No data

No	URL	CC	ASN Co	Reporter	Date
1	https://236.94.74.97.host.secureserver.net/archivomx/9OvuiyrShgDSJHF658ytSJhgy86gSJHfSyt6shfS.html ES geofenced zip	US	AS-26496-GO-DADDY-COM-LLC	Cryptolaemus1	2024.04.10

Beta Service, If you select keyword, you can check detailed information.