Summary: 2025/04/25 00:25
First reported date: 2023/10/27
Inquiry period : 2025/04/24 00:25 ~ 2025/04/25 00:25 (1 days), 2 search results
지난 7일 기간대비 신규 트렌드를 보이고 있습니다.
악성코드 유형 LPEClient Volgmer Bankshot RATel Maze 도 새롭게 확인됩니다.
공격자 Lazarus 도 새롭게 확인됩니다.
공격기술 Campaign APT 도 새롭게 확인됩니다.
기관 및 기업 Kaspersky Microsoft South Korea United Kingdom United States dprk North Korea 도 새롭게 확인됩니다.
기타 Update innorix Malicious Traffic Cryptocurrency Victim 등 신규 키워드도 확인됩니다.
LPEClient is an HTTP(S) downloader that expects two command line parameters: an encrypted string containing two URLs (a primary and a secondary C&C server), and the path on the victim's file system to store the downloaded payload.
It sends detailed information about the victim's environment, like computer name, type and number of processors, computer manufacturer, product name, major and minor Windows versions, architecture, memory information, installed security software and the version of the ntoskrnl.exe from its version-information resource.
LPEClient uses specific 32-bit values to represent its execution state (0x59863F09 when connecting via the WinHTTP interface, 0xA9348B57 via WinINet), or the nature of HTTP requests to the C&C servers (0xF07D6B34 when sending system information, 0xEF8C0D51 when requesting a DLL payload, 0xCB790A25 when reporting the successful loading of the DLL, 0xD7B20A96 when reporting the state of the the DLL execution). As the final step, malware looks for the export CloseEnv and executes it. Ref.
* 최근 뉴스기사 Top3:
ㆍ 2025/04/24 Operation SyncHole: Lazarus APT goes back to the well
참고로 동일한 그룹의 악성코드 타입은 SmokeLoader GuLoader Zloader 등 47개 종이 확인됩니다.
Trend graph by period
Related keyword cloud
Top 100| # | Trend | Count | Comparison |
|---|---|---|---|
| 1 | Lazarus | 2 | ▲ new |
| 2 | LPEClient | 2 | ▲ new |
| 3 | Update | 2 | ▲ new |
| 4 | Campaign | 2 | ▲ new |
| 5 | Kaspersky | 2 | ▲ new |
| 6 | innorix | 1 | ▲ new |
| 7 | Malicious Traffic | 1 | ▲ new |
| 8 | Cryptocurrency | 1 | ▲ new |
| 9 | Victim | 1 | ▲ new |
| 10 | Microsoft | 1 | ▲ new |
| 11 | South Korea | 1 | ▲ new |
| 12 | IoC | 1 | ▲ new |
| 13 | United Kingdom | 1 | ▲ new |
| 14 | EDR | 1 | ▲ new |
| 15 | Volgmer | 1 | ▲ new |
| 16 | Bankshot | 1 | ▲ new |
| 17 | RATel | 1 | ▲ new |
| 18 | UNIX | 1 | ▲ new |
| 19 | Windows | 1 | ▲ new |
| 20 | ZeroDay | 1 | ▲ new |
| 21 | c&c | 1 | ▲ new |
| 22 | Malware | 1 | ▲ new |
| 23 | United States | 1 | ▲ new |
| 24 | cti | 1 | ▲ new |
| 25 | signbt | 1 | ▲ new |
| 26 | synchole | 1 | ▲ new |
| 27 | threatneedle | 1 | ▲ new |
| 28 | agamemnon | 1 | ▲ new |
| 29 | crossex | 1 | ▲ new |
| 30 | dprk | 1 | ▲ new |
| 31 | APT | 1 | ▲ new |
| 32 | Report | 1 | ▲ new |
| 33 | toolset | 1 | ▲ new |
| 34 | hole | 1 | ▲ new |
| 35 | attack | 1 | ▲ new |
| 36 | North Korea | 1 | ▲ new |
| 37 | Maze | 1 | ▲ new |
| 38 | Vulnerability | 1 | ▲ new |
| 39 | RSA Conference | 1 | ▲ new |
| 40 | Ex | 1 | ▲ new |
Special keyword group
Top 5
Attacker & Actors
The status of the attacker or attack group being issued.
| Keyword | Average | Label |
|---|---|---|
| Lazarus |
|
2 (100%) |
Country & Company
This is a country or company that is an issue.
| Keyword | Average | Label |
|---|---|---|
| Kaspersky |
|
2 (25%) |
| Microsoft |
|
1 (12.5%) |
| South Korea |
|
1 (12.5%) |
| United Kingdom |
|
1 (12.5%) |
| United States |
|
1 (12.5%) |
Malware Family
Top 5
A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.
Threat info
Last 5SNS
(Total : 1)APT attack Update Campaign Kaspersky LPEClient dprk Lazarus North Korea
News
(Total : 1)Maze Malicious Traffic ZeroDay Update Windows UNIX RATel Bankshot Volgmer LPEClient EDR United Kingdom South Korea Microsoft Vulnerability Attacker Victim Cryptocurrency c&c IoC United States Campaign Report RSA Conference Kaspersky Malware Lazarus
| No | Title | Date |
|---|---|---|
| 1 | Operation SyncHole: Lazarus APT goes back to the well - Malware.News | 2025.04.24 |
Additional information
| No | Title | Date |
|---|---|---|
| 1 | Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Zero-Day and ThreatNeedle Malware - The Hacker News | 2025.04.24 |
| 2 | Android malware turns phones into malicious tap-to-pay machines - Malware.News | 2025.04.24 |
| 3 | 4.7 million customers’ data accidentally leaked to Google by Blue Shield of California - Malware.News | 2025.04.24 |
| 4 | 159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure - The Hacker News | 2025.04.24 |
| 5 | Cybercrime Magazine’s First YouTube Video: A 60-Second Walk In The Park - Cybercrime Magazine | 2025.04.24 |
| View only the last 5 | ||
| No | Title | Date |
|---|---|---|
| 1 | Operation SyncHole: Lazarus APT goes back to the well - Malware.News | 2025.04.24 |
| 2 | Operation SyncHole: Lazarus APT goes back to the well - Malware.News | 2025.04.24 |
| 3 | N. Korean Lazarus Group Targets Software Vendor Using Known Flaws - The Hacker News | 2023.10.27 |