Cyber Threat Trends

Summary: 2025/04/29 22:15

First reported date: 2013/03/05
Inquiry period : 2025/04/28 22:15 ~ 2025/04/29 22:15 (1 days), 1 search results

지난 7일 기간대비 동일한 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 Advertising Software RCE intelligence Update 입니다.
악성코드 유형 Clop solarmarker 도 새롭게 확인됩니다.
기타 LLM documentation AI detection LinkedIn 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
ㆍ 2025/04/29 Can We Stop Documenting Our Detections?

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	Clop	1	▲ new
2	Advertising	1	▲ 1 (100%)
3	LLM	1	▲ new
4	documentation	1	▲ new
5	AI	1	▲ new
6	detection	1	▲ new
7	Software	1	▲ 1 (100%)
8	RCE	1	▲ 1 (100%)
9	intelligence	1	▲ 1 (100%)
10	Update	1	▲ 1 (100%)
11	Malware	1	- 0 (0%)
12	LinkedIn	1	▲ new
13	GitHub	1	▲ 1 (100%)
14	solarmarker	1	▲ new
15	RATel	1	▲ 1 (100%)
16	powershell	1	- 0 (0%)
17	United States	1	▲ 1 (100%)
18	ChatGPT	1	▲ new
19	investigative	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
Clop		1 (33.3%)
solarmarker		1 (33.3%)
RATel		1 (33.3%)

Attacker & Actors

The status of the attacker or attack group being issued.

No data.

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
RCE		1 (100%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
United States		1 (100%)

Threat info

Last 5

SNS

(Total : 0)

No data.

News

(Total : 1)

Total keyword

Clop Advertising Software RCE intelligence Update Malware LinkedIn GitHub solarmarker RATel powershell United States ChatGPT

No	Title	Date
1	Can We Stop Documenting Our Detections? - Malware.News	2025.04.29

Additional information

No	Title	Date
1	Threat Actors Accelerate Transition from Reconnaissance to Compromise – New Report Finds - Malware.News	2025.04.29
2	Pro-Russian hackers strike Dutch municipalities with coordinated DDoS attack - Malware.News	2025.04.29
3	What privacy? Perplexity wants your data, builds browser to track you and serve ads - Malware.News	2025.04.29
4	Cloudflare Report: Deutschland das am häufigsten per DDoS attackierte Land - IT Sicherheitsnews	2025.04.29
5	Foldable Phones Need Better Software to Drive Wider Interest - Bloomberg Technology	2025.04.29
View only the last 5

No	Title	Date
1	IR Trends Q1 2025: Phishing soars as identity-based attacks persist - Malware.News	2025.04.28
2	IR Trends Q1 2025: Phishing soars as identity-based attacks persist - Malware.News	2025.04.28
3	Introducing ToyMaker, an Initial Access Broker working in cahoots with double extortion gangs - Malware.News	2025.04.23
4	Introducing ToyMaker, an Initial Access Broker working in cahoots with double extortion gangs - Malware.News	2025.04.23
5	Introducing ToyMaker, an Initial Access Broker working in cahoots with double extortion gangs - Malware.News	2025.04.23
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	test.pdf.lnk Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM GIF Format Lnk Format PowerShell	3b4cbac8dad90d932e233a89650530a0	60265	2025.04.29
2	test.pdf.lnk Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM GIF Format Lnk Format PowerShell	3b4cbac8dad90d932e233a89650530a0	60266	2025.04.29
3	nums.vbs Generic Malware Antivirus PowerShell	fe71e84d826e568fb59858c87d53d966	60252	2025.04.28
4	nums.vbs Generic Malware Antivirus PowerShell	99478b4bbce91c6b394be55e1b9df39d	59870	2025.04.23
5	prevenue.hta AntiDebug AntiVM PowerShell MSOffice File	a3353ea094f45915408065d03ae157c4	59871	2025.04.23
View only the last 5

Level	Description
danger	The process powershell.exe wrote an executable file to disk which it then attempted to execute
danger	File has been identified by 32 AntiVirus engines on VirusTotal as malicious
watch	A command shell or script process was created by an unexpected parent process
watch	Communicates with host for which no DNS query was performed
watch	Disables proxy possibly for traffic interception
watch	Found URLs in memory pointing to an IP address rather than a domain (potentially indicative of Command & Control traffic)
watch	One or more non-whitelisted processes were created
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Creates a shortcut to an executable file
notice	Creates a suspicious process
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	Performs some HTTP requests
notice	Potentially malicious URLs were found in the process memory dump
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	Queries for the computername
info	Uses Windows APIs to generate a cryptographic key

No data

No	URL	CC	ASN Co	Reporter	Date
1	https://paste.ee/d/foOP0g8Z/0 ascii powershell ps1			abuse_ch	2025.04.25
2	http://176.65.134.8/metacodings.txt ascii AsyncRAT powershell ps1 rat	DE	Diogelo Ltd.	abuse_ch	2025.04.25
3	https://paste.ee/d/L8tHN98p/0 ascii powershell ps1 xworm			abuse_ch	2025.04.25
4	https://www.wilkinsonbeane.com/css/slider/asclepiadaceaebOet.php ascii opendir powershell ps1	US	UNIFIEDLAYER-AS-1	abuse_ch	2025.04.25
5	https://www.wilkinsonbeane.com/css/slider/sciurineslwWf.php ascii opendir powershell ps1	US	UNIFIEDLAYER-AS-1	abuse_ch	2025.04.25
View only the last 5

Beta Service, If you select keyword, you can check detailed information.