Trend graph by period
Special keyword group
Top 5
Malware Type
This is the type of malware that is becoming an issue.
No data.
Attacker & Actors
The status of the attacker or attack group being issued.
No data.
Technique
This is an attack technique that is becoming an issue.
No data.
Country & Company
This is a country or company that is an issue.
No data.
Threat info
Last 5SNS
(Total : 1)News
(Total : 0)No data.
Additional information
| No | Title | Date |
|---|---|---|
| 1 | Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries - Malware.News | 2025.04.28 |
| 2 | 28th April – Threat Intelligence Report - Malware.News | 2025.04.28 |
| 3 | Navigating Through The Fog - Malware.News | 2025.04.28 |
| 4 | Huawei Set to Test Powerful AI Chip to Rival Nvidia’s, WSJ Says - Bloomberg Technology | 2025.04.28 |
| 5 | Gamers Beware! New Attack Targets Gamers to Deploy AgeoStealer Malware - Malware.News | 2025.04.26 |
| View only the last 5 | ||
| No | Title | Date |
|---|---|---|
| 1 | Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2 - Malware.News | 2025.04.17 |
| 2 | Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2 - Malware.News | 2025.04.17 |
| 3 | Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2 - Malware.News | 2025.04.17 |
| 4 | Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1 - Malware.News | 2025.04.17 |
| 5 | A week in security (April 7 – April 13) - Malware.News | 2025.04.14 |
| View only the last 5 | ||
| No | Request | Hash(md5) | Report No | Date |
|---|---|---|---|---|
| 1 |  ret.exetask schedule PWS Code injection KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 DLL .NET DLL | 69f49a50e927c947f4cb26a03dc67285 | 60241 | 2025.04.28 |
| 2 |  random.exeGen1 Themida Generic Malware PhysicalDrive Downloader UPX Malicious Packer Malicious Library Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P | bfd4ad6d57c086d2e64ccd39398a908e | 60244 | 2025.04.28 |
| 3 |  Distribution Document.pdf.mscScreenShot KeyLogger AntiDebug AntiVM | 88a97131e57b1a857d13bb0cae48380e | 60256 | 2025.04.28 |
| 4 |  Purchase Order.pdf.mscScreenShot KeyLogger AntiDebug AntiVM | 490df99cbb5c295e25a0234d86ab1d98 | 60263 | 2025.04.28 |
| 5 | file.7z Escalate priviledges PWS KeyLogger AntiDebug AntiVM | 7d3d40ab4713e39df7171bd505172cab | 59889 | 2025.04.24 |
| View only the last 5 | ||||
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| danger | Executed a process and injected code into it |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Code injection by writing an executable or DLL to the memory of another process |
| watch | Communicates with host for which no DNS query was performed |
| watch | Deletes executed files from disk |
| watch | Manipulates memory of a non-child process indicative of process injection |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | Executes one or more WMI queries |
| notice | Executes one or more WMI queries which can be used to identify virtual machines |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Terminates another process |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
| info | Queries for the computername |
| info | Uses Windows APIs to generate a cryptographic key |
| Network | ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response |
| Network | ET INFO Executable Download from dotted-quad Host |
| Network | ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download |
| Network | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile |
| Network | ET POLICY PE EXE or DLL Windows file download HTTP |
No data
| No | URL | CC | ASN Co | Reporter | Date |
|---|---|---|---|---|---|
| 1 | https://tinyfilemanagerdemo.alwaysdata.net/user/files/b.exe alwaysdata exe keylogger | FR  | Alwaysdata Sarl | user1222 | 2025.02.23 |
| 2 | http://141.147.43.219:3000/ftp/EmmetPROD.exe exe keylogger lazy | SE  | Riordz | 2025.01.31 | |
| 3 | http://107.172.148.212/260/cvss.exe exe keylogger snake | US  | AS-COLOCROSSING | Riordz | 2025.01.30 |
| 4 | http://caca.vercel.app/file.exe keylogger | US | abus3reports | 2024.12.06 | |
| 5 | https://raw.githubusercontent.com/cheetz/nishang/master/Gather/Keylogger.ps1 keylogger | US | FASTLY | abus3reports | 2024.12.06 |
| View only the last 5 | |||||
Beta Service, If you select keyword, you can check detailed information.