Summary: 2025/04/28 21:43
First reported date: 2024/02/12
Inquiry period : 2025/04/21 21:43 ~ 2025/04/28 21:43 (7 days), 1 search results
전 기간대비 동일한 트렌드를 보이고 있습니다.
기타 low Uploaded abusech httpstcowU 신규 키워드도 확인됩니다.
Trend graph by period
Special keyword group
Top 5
Malware Type
This is the type of malware that is becoming an issue.
| Keyword | Average | Label |
|---|---|---|
| NetWireRC |
|
1 (100%) |
Attacker & Actors
The status of the attacker or attack group being issued.
No data.
Technique
This is an attack technique that is becoming an issue.
No data.
Country & Company
This is a country or company that is an issue.
No data.
Threat info
Last 5SNS
(Total : 1)
Total keyword
| No | Title | Date |
|---|---|---|
| 1 | Szabolcs Schmidt @smica83 Looks like a low detected #GhostRAT Uploaded @abuse_ch https://t.co/wU5at7zuhH https://t.co/oW7we4Uian | 2025.04.27 |
News
(Total : 0)No data.
Additional information
| No | Title | Date |
|---|---|---|
| 1 | 2025 Cyber Resilience Research Discovers Speed of AI Advancing Emerging Attack Types - Malware.News | 2025.04.28 |
| 2 | Intel CEO Targets Change in Corporate Culture to Shape Up - Bloomberg Technology | 2025.04.28 |
| 3 | IR Trends Q1 2025: Phishing soars as identity-based attacks persist - Malware.News | 2025.04.28 |
| 4 | Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries - Malware.News | 2025.04.28 |
| 5 | 28th April – Threat Intelligence Report - Malware.News | 2025.04.28 |
| View only the last 5 | ||
| No | Title | Date |
|---|---|---|
| 1 | Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularity - Malware.News | 2025.03.06 |
| 2 | Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularity - Malware.News | 2025.03.06 |
| 3 | 2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT - The Hacker News | 2025.02.25 |
| 4 | Threat Bulletin: Weaponized Software Targets Chinese-Speaking Organizations - Malware.News | 2025.01.17 |
| 5 | TI Lookup: Real-World Use Cases from a Malware Researcher - Malware.News | 2024.10.02 |
| View only the last 5 | ||
| No | Request | Hash(md5) | Report No | Date |
|---|---|---|---|---|
| 1 |  Xzserver.exeGhostRAT Malicious Library UPX PE32 PE File OS Processor Check | 6a7dbf9cf7f21fd9e36a8f946a9ba32b | 48908 | 2024.03.17 |
| 2 |  Jserver.exeGhostRAT Malicious Library UPX PE32 PE File OS Processor Check | acb1db4ec57c38396cf879d242fc163b | 48897 | 2024.03.17 |
| 3 |  Selap.exeGhostCringe GhostRAT NSIS Malicious Library UPX PE File PE32 | aff7cf93b494c088fb991bebde49df9a | 21752 | 2022.01.01 |
| 4 |  Semt.exeGhostRAT NSIS Malicious Library PE File PE32 OS Processor Check | fbce6a70198854557fbeca0f09587758 | 15668 | 2021.09.07 |
| 5 |  run.exeGhostCringe GhostRAT PE File PE32 OS Processor Check | 63a11a44eeb7ee8c76f834d4435f4af3 | 11588 | 2021.05.24 |
| View only the last 5 | ||||
| Level | Description |
|---|---|
| danger | File has been identified by 68 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Creates known Zegost files |
| watch | Detects VMWare through the in instruction feature |
| watch | Installs itself for autorun at Windows startup |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Expresses interest in specific running processes |
| notice | Foreign language identified in PE resource |
| notice | Searches running processes potentially to identify processes for sandbox evasion |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable uses a known packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| Network | ET MALWARE [ANY.RUN] Win32/Gh0stRat Keep-Alive |
| Network | ET MALWARE Backdoor family PCRat/Gh0st CnC traffic |
| Network | ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102 |
| Network | ET MALWARE Gh0st Remote Access Trojan Encrypted Session To CnC Server |
| No | Category | URL | CC | ASN Co | Date |
|---|---|---|---|---|---|
| 1 | c2 | http://23.224.239.91:123/ | US  | CNSERVERS | 2024.09.04 |
| 2 | c2 | http://192.151.244.144:9090/ | US | CNSERVERS | 2024.02.06 |
| No | URL | CC | ASN Co | Reporter | Date |
|---|---|---|---|---|---|
| 1 | http://18.143.169.29/abc.exe backdoor exe ghostrat | SG  | AMAZON-02 | abus3reports | 2024.08.05 |
| 2 | http://60.204.249.34/1.exe ghostrat trojan | CN  | Try0 | 2024.05.06 | |
| 3 | http://60.204.249.34/23.exe ghostrat trojan | CN | Try0 | 2024.05.06 | |
| 4 | http://82.157.254.217:8080/server1.exe ghostrat | CN | abus3reports | 2023.12.14 | |
| 5 | http://82.157.254.217:8080/server.exe ghostrat | CN | abus3reports | 2023.12.14 | |
| View only the last 5 | |||||
Beta Service, If you select keyword, you can check detailed information.