Cyber Threat Trends

Summary: 2025/04/29 04:29

First reported date: 2011/07/01
Inquiry period : 2025/03/30 04:29 ~ 2025/04/29 04:29 (1 months), 1 search results

전 기간대비 신규 트렌드를 보이고 있습니다.
악성코드 유형 Lumma XWorm AgentTesla AsyncRAT Remcos DCRat Amadey NetWireRC 도 새롭게 확인됩니다.
기타 Snake tofsee sality Top last 등 신규 키워드도 확인됩니다.

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	Lumma	1	▲ new
2	Snake	1	▲ new
3	XWorm	1	▲ new
4	AgentTesla	1	▲ new
5	AsyncRAT	1	▲ new
6	Remcos	1	▲ new
7	tofsee	1	▲ new
8	sality	1	▲ new
9	DCRat	1	▲ new
10	Amadey	1	▲ new
11	Top	1	▲ new
12	last	1	▲ new
13	NetWireRC	1	▲ new
14	Advertising	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
Lumma		1 (12.5%)
XWorm		1 (12.5%)
AgentTesla		1 (12.5%)
AsyncRAT		1 (12.5%)
Remcos		1 (12.5%)

Attacker & Actors

The status of the attacker or attack group being issued.

No data.

Technique

This is an attack technique that is becoming an issue.

No data.

Country & Company

This is a country or company that is an issue.

No data.

Threat info

Last 5

SNS

(Total : 1)

Total keyword

Lumma XWorm AgentTesla AsyncRAT Remcos DCRat Amadey NetWireRC Advertising

No	Title	Date
1	ANY.RUN @anyrun_app Top 10 last week's threats by uploads ???? ⬆️ #Lumma 644 (630) ⬆️ #Snake 513 (251) ⬆️ #Xworm 341 (305) ⬆️ #Agenttesla 326 (116) ⬆️ #Asyncrat 303 (165) ⬆️ #Remcos 203 (127) ⬇️ #Tofsee 194 (529) ⬆️ #Sality 151 (98) ⬆️ #Dcrat 132 (72) ⬇️ #Amadey 95 (146) Track them all: https://t.co/bNrGjS46DF	2025.04.14

News

(Total : 0)

No data.

Additional information

No	Title	Date
1	FBI Reports ₹1.38 Lakh Crore Loss in 2024, a 33% Surge from 2023 - Malware.News	2025.04.29
2	US intensifies Salt Typhoon crackdown with public info request - Malware.News	2025.04.29
3	Trump moves threaten US cyber defenses, says former CISA director Easterly - Malware.News	2025.04.29
4	Escalating attacks against Ivanti VPN appliances expected - Malware.News	2025.04.29
5	Critical Planet Technology switch vulnerabilities pose total takeover risk - Malware.News	2025.04.29
View only the last 5

No data

No	Request	Hash(md5)	Report No	Date
1	PC_Cleaner.exe Emotet Sality Generic Malware Malicious Library UPX Antivirus Admin Tool (Sysinternals etc ...) Anti_VM PE32 PE File ftp MZP Format OS Processor Check Lnk Format GIF Format DllRegisterServer dll URL Format DLL PE64 BMP Format	84326112ddead59fca719ef1d7d87685	47078	2023.12.14
2	Setup_WinThruster_2021.exe Gen2 PWS Loki[b] Loki.m Sality Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM Antivirus AntiDebug AntiVM PE File OS Processor Check PE32 DLL PNG Format GIF Format MSOffice File PE64	426fd133506f9bec04b326330e2b31a9	19678	2021.11.21

Level	Description
watch	Attempts to create or modify system certificates
watch	Checks the CPU name from registry
watch	Collects information about installed applications
watch	Communicates with host for which no DNS query was performed
watch	Deletes executed files from disk
watch	File has been identified by 11 AntiVirus engines on VirusTotal as malicious
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Checks adapter addresses which can be used to detect virtual network interfaces
notice	Creates a shortcut to an executable file
notice	Creates executable files on the filesystem
notice	Drops an executable to the user AppData folder
notice	Performs some HTTP requests
notice	Queries for potentially installed applications
notice	Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
notice	Steals private information from local Internet browsers
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	One or more processes crashed
info	Queries for the computername
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)
info	Tries to locate where the browsers are installed
Network	ET INFO TLS Handshake Failure
Network	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

No data

No	URL	CC	ASN Co	Reporter	Date
1	http://49.81.203.0:97/29.exe sality	CN	No.31,Jin-rong Street	lontze7	2024.11.28
2	http://27.25.147.19:8088/1.04.zip sality	CN	No.31,Jin-rong Street	lontze7	2024.07.05
3	http://27.25.147.19:8088/1.0.0.2.exe sality	CN	No.31,Jin-rong Street	lontze7	2024.07.05
4	http://27.25.147.19:8088/1.03.zip sality	CN	No.31,Jin-rong Street	lontze7	2024.07.05
5	http://27.25.147.19:8088/%e6%96%87%e4%bb%b6%e7%89%b9%e5%be%81%e6%91%98%e8%a6%81%e5%88%97%e8%a1%a8%e7... sality	CN	No.31,Jin-rong Street	lontze7	2024.07.05
View only the last 5

Beta Service, If you select keyword, you can check detailed information.

Cyber Threat Trends

Summary: 2025/04/29 04:29

Trend graph by period

Related keyword cloud

Special keyword group

Malware Type

Attacker & Actors

Technique

Country & Company

Threat info

SNS

News

Additional information

Top10 search keywords

Submissions

Report

Company