Summary: 2025/04/29 14:31
First reported date: 2017/10/30
Inquiry period : 2025/04/22 14:31 ~ 2025/04/29 14:31 (7 days), 1 search results
전 기간대비 신규 트렌드를 보이고 있습니다.
악성코드 유형 rurat NetWireRC RMS 도 새롭게 확인됩니다.
기관 및 기업 UN 도 새롭게 확인됩니다.
기타 es Además instalar persistencia desactivar 신규 키워드도 확인됩니다.
Trend graph by period
Related keyword cloud
Top 100| # | Trend | Count | Comparison |
|---|---|---|---|
| 1 | rurat | 1 | ▲ new |
| 2 | es | 1 | ▲ new |
| 3 | Además | 1 | ▲ new |
| 4 | instalar | 1 | ▲ new |
| 5 | persistencia | 1 | ▲ new |
| 6 | desactivar | 1 | ▲ new |
| 7 | NetWireRC | 1 | ▲ new |
| 8 | UN | 1 | ▲ new |
| 9 | RMS | 1 | ▲ new |
Special keyword group
Top 5
Attacker & Actors
The status of the attacker or attack group being issued.
No data.
Technique
This is an attack technique that is becoming an issue.
No data.
Threat info
Last 5SNS
(Total : 1)
Total keyword
News
(Total : 0)No data.
Additional information
| No | Title | Date |
|---|---|---|
| 1 | Transforming Malware Defense for the AI Era - Malware.News | 2025.04.29 |
| 2 | People should be ‘outraged’ by efforts to shrink federal cyber teams, former CISA head says - Malware.News | 2025.04.29 |
| 3 | NXP Announces New CEO, Warns of ‘Very Uncertain Environment’ - Bloomberg Technology | 2025.04.29 |
| 4 | FBI Reports ₹1.38 Lakh Crore Loss in 2024, a 33% Surge from 2023 - Malware.News | 2025.04.29 |
| 5 | US intensifies Salt Typhoon crackdown with public info request - Malware.News | 2025.04.29 |
| View only the last 5 | ||
| No | Title | Date |
|---|---|---|
| 1 | Google Chrome: Mehrere Schwachstellen - IT Sicherheitsnews | 2025.04.02 |
| 2 | Google Chrome: Mehrere Schwachstellen - IT Sicherheitsnews | 2025.02.20 |
| 3 | Google Maps: Dieses neue Symbol soll Autofahrern helfen – was es bedeutet - IT Sicherheitsnews | 2025.02.08 |
| 4 | Google Chrome: Mehrere Schwachstellen - IT Sicherheitsnews | 2024.12.11 |
| 5 | Whatsapp könnt ihr auch über Google Gemini nutzen: So funktioniert es - IT Sicherheitsnews | 2024.12.06 |
| View only the last 5 | ||
| Level | Description |
|---|---|
| danger | Executed a process and injected code into it |
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Appends a known multi-family ransomware file extension to files that have been encrypted |
| watch | Communicates with host for which no DNS query was performed |
| watch | Found URLs in memory pointing to an IP address rather than a domain (potentially indicative of Command & Control traffic) |
| watch | Installs itself for autorun at Windows startup |
| watch | One or more non-whitelisted processes were created |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Uses Sysinternals tools in order to add additional command line functionality |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | An application raised an exception which may be indicative of an exploit crash |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Potentially malicious URLs were found in the process memory dump |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | Starts servers listening |
| notice | Steals private information from local Internet browsers |
| notice | Terminates another process |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
| info | Tries to locate where the browsers are installed |
| Network | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) |
No data
Beta Service, If you select keyword, you can check detailed information.