Summary: 2025/04/29 21:05
First reported date: 2023/11/18
Inquiry period : 2025/03/30 21:05 ~ 2025/04/29 21:05 (1 months), 1 search results
전 기간대비 신규 트렌드를 보이고 있습니다.
악성코드 유형 Ransomware GraphicalNeutrino 도 새롭게 확인됩니다.
공격자 APT29 도 새롭게 확인됩니다.
공격기술 Backdoor Exploit Campaign Phishing 도 새롭게 확인됩니다.
기관 및 기업 Check Point Government Apple Oracle Taiwan United States Russia Kaspersky 도 새롭게 확인됩니다.
기타 intelligence Advertising Education ZeroDay Update 등 신규 키워드도 확인됩니다.
* 최근 뉴스기사 Top3:
ㆍ 2025/04/21 21st April – Threat Intelligence Report
Trend graph by period
Related keyword cloud
Top 100| # | Trend | Count | Comparison |
|---|---|---|---|
| 1 | APT29 | 1 | ▲ new |
| 2 | Check Point | 1 | ▲ new |
| 3 | intelligence | 1 | ▲ new |
| 4 | Backdoor | 1 | ▲ new |
| 5 | Government | 1 | ▲ new |
| 6 | Advertising | 1 | ▲ new |
| 7 | Education | 1 | ▲ new |
| 8 | Exploit | 1 | ▲ new |
| 9 | ZeroDay | 1 | ▲ new |
| 10 | Update | 1 | ▲ new |
| 11 | Apple | 1 | ▲ new |
| 12 | GitHub | 1 | ▲ new |
| 13 | Oracle | 1 | ▲ new |
| 14 | DarkWeb | 1 | ▲ new |
| 15 | Vulnerability | 1 | ▲ new |
| 16 | Ransomware | 1 | ▲ new |
| 17 | GraphicalNeutrino | 1 | ▲ new |
| 18 | Taiwan | 1 | ▲ new |
| 19 | Victim | 1 | ▲ new |
| 20 | United States | 1 | ▲ new |
| 21 | Campaign | 1 | ▲ new |
| 22 | Russia | 1 | ▲ new |
| 23 | Report | 1 | ▲ new |
| 24 | Phishing | 1 | ▲ new |
| 25 | Kaspersky | 1 | ▲ new |
| 26 | Malware | 1 | ▲ new |
| 27 | h | 1 | ▲ new |
Special keyword group
Top 5
Malware Type
This is the type of malware that is becoming an issue.
| Keyword | Average | Label |
|---|---|---|
| Ransomware |
|
1 (50%) |
| GraphicalNeutrino |
|
1 (50%) |
Attacker & Actors
The status of the attacker or attack group being issued.
| Keyword | Average | Label |
|---|---|---|
| APT29 |
|
1 (100%) |
Country & Company
This is a country or company that is an issue.
| Keyword | Average | Label |
|---|---|---|
| Check Point |
|
1 (12.5%) |
| Government |
|
1 (12.5%) |
| Apple |
|
1 (12.5%) |
| Oracle |
|
1 (12.5%) |
| Taiwan |
|
1 (12.5%) |
Threat info
Last 5SNS
(Total : 0)No data.
News
(Total : 1)APT29 Check Point intelligence Backdoor Government Advertising Education Exploit ZeroDay Update Apple GitHub Oracle DarkWeb Vulnerability Ransomware GraphicalNeutrino Taiwan Attacker Victim United States Campaign Russia Report Phishing Kaspersky Malware
| No | Title | Date |
|---|---|---|
| 1 | 21st April – Threat Intelligence Report - Malware.News | 2025.04.21 |
Additional information
| No | Title | Date |
|---|---|---|
| 1 | What privacy? Perplexity wants your data, builds browser to track you and serve ads - Malware.News | 2025.04.29 |
| 2 | Foldable Phones Need Better Software to Drive Wider Interest - Bloomberg Technology | 2025.04.29 |
| 3 | Year in Review: AI based threats - Malware.News | 2025.04.29 |
| 4 | Spotify’s Subscriber Count Climbs 12%, Beating Forecast - Bloomberg Technology | 2025.04.29 |
| 5 | Microsoft and Amazon Capex in Focus Amid Potential AI Pullback - Bloomberg Technology | 2025.04.29 |
| View only the last 5 | ||
| No | Title | Date |
|---|---|---|
| 1 | 21st April – Threat Intelligence Report - Malware.News | 2025.04.21 |
| 2 | 21st April – Threat Intelligence Report - Malware.News | 2025.04.21 |
| 3 | 21st April – Threat Intelligence Report - Malware.News | 2025.04.21 |
| 4 | 21st April – Threat Intelligence Report - Malware.News | 2025.04.21 |
| 5 | Hackers Don’t Hack, They Log In – Stealer Logs and Identity Attacks - Malware.News | 2024.11.21 |
| View only the last 5 | ||
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Found URLs in memory pointing to an IP address rather than a domain (potentially indicative of Command & Control traffic) |
| watch | One or more non-whitelisted processes were created |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | An application raised an exception which may be indicative of an exploit crash |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Executes one or more WMI queries |
| notice | Foreign language identified in PE resource |
| notice | Performs some HTTP requests |
| notice | Potentially malicious URLs were found in the process memory dump |
| notice | Queries for potentially installed applications |
| notice | Steals private information from local Internet browsers |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | Tries to locate where the browsers are installed |
| Network | ET INFO TLS Handshake Failure |
| Network | ET POLICY IP Check Domain (iplogger .org in DNS Lookup) |
| Network | ET POLICY IP Check Domain (iplogger .org in TLS SNI) |
| Network | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) |