popup

Cyber Threat Trends

  1. Day Week

conference CrowdStrike 북한

Summary: 2025/04/17 15:50

First reported date: 2019/01/19
Inquiry period : 2025/03/18 15:50 ~ 2025/04/17 15:50 (1 months), 15 search results

전 기간대비 -53% 낮은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Backdoor Amadey Trojan Vidar Education 입니다.
악성코드 유형 Stealc DYEPACK ReverseRAT ActionRAT 도 새롭게 확인됩니다.
공격자 MuddyWater SideCopy APT28 도 새롭게 확인됩니다.
공격기술 Smishing 도 새롭게 확인됩니다.
기관 및 기업 China ESET Germany Iran India Trend Micro Japan 도 새롭게 확인됩니다.
기타 Low abusech EDR sample Cobalt Strike 등 신규 키워드도 확인됩니다.

AsyncRAT is a RAT that can monitor and remotely control infected systems. This malware was introduced on Github as a legitimate open-source remote administration software, but hackers use it for its many powerful malicious functions.  Ref.

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/16 How Indicators of Compromise, Attack, and Behavior Help Spot and Stop Cyber Threats
    ㆍ 2025/04/14 파키스탄 연계 해킹 그룹, 인도 정부·국방·해양 집중 공격
    ㆍ 2025/03/31 Operation HollowQuill: Malware delivered into Russian R&D Networks via Research Decoy PDFs


참고로 동일한 그룹의 악성코드 타입은 Remcos njRAT QuasarRAT 등 110개 종이 확인됩니다.

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1AsyncRAT 15 ▼ -8 (-53%)
2NetWireRC 15 ▼ -6 (-40%)
3Malware 8 ▼ -5 (-63%)
4Campaign 7 ▼ -3 (-43%)
5Advertising 5 ▼ -4 (-80%)
6Phishing 5 ▼ -2 (-40%)
7c&c 5 ▼ -2 (-40%)
8Lumma 5 ▼ -4 (-80%)
9AgentTesla 4 - 0 (0%)
10Windows 4 ▼ -2 (-50%)
11XWorm 4 ▼ -6 (-150%)
12IoC 4 ▼ -5 (-125%)
13tofsee 3 - 0 (0%)
14powershell 3 ▼ -3 (-100%)
15Low 3 ▲ new
16abusech 3 ▲ new
17last 3 ▼ -3 (-100%)
18Update 3 ▼ -1 (-33%)
19Stealer 3 ▼ -4 (-133%)
20Top 3 ▼ -2 (-67%)
21EDR 3 ▲ new
22snake 3 ▼ -2 (-67%)
23Microsoft 3 ▼ -4 (-133%)
24Remcos 3 ▼ -2 (-67%)
25Backdoor 3 ▲ 1 (33%)
26Amadey 3 ▲ 2 (67%)
27Email 3 - 0 (0%)
28Russia 2 - 0 (0%)
29Trojan 2 ▲ 1 (50%)
30Report 2 ▼ -5 (-250%)
31Vidar 2 ▲ 1 (50%)
32Victim 2 ▼ -3 (-150%)
33Stealc 2 ▲ new
34sample 2 ▲ new
35MuddyWater 2 ▲ new
36GameoverP2P 2 ▼ -1 (-50%)
37Kaspersky 2 - 0 (0%)
38intelligence 2 - 0 (0%)
39United States 2 ▼ -5 (-250%)
40Education 2 ▲ 1 (50%)
41Linux 2 - 0 (0%)
42Ransomware 2 ▲ 1 (50%)
43DYEPACK 2 ▲ new
44Exploit 2 - 0 (0%)
45target 2 ▼ -2 (-100%)
46RAT 2 - 0 (0%)
47China 2 ▲ new
48ESET 2 ▲ new
49Cobalt Strike 2 ▲ new
50Vawtrak 1 - 0 (0%)
51Remote Code Execution 1 ▼ -1 (-100%)
52Cloudfl 1 ▲ new
53Government 1 - 0 (0%)
54Vulnerability 1 ▼ -4 (-400%)
55amp 1 ▲ new
56사용 1 ▲ new
57Germany 1 ▲ new
58파일 1 ▲ new
59공격 1 ▲ new
60Iran 1 ▲ new
61DCRat 1 ▼ -3 (-300%)
62SideWinder 1 ▲ new
63Firefox 1 ▲ new
64sality 1 ▲ new
65ReverseRAT 1 ▲ new
66hacking 1 ▼ -1 (-100%)
67ActionRAT 1 ▲ new
68India 1 ▲ new
69Distribution 1 ▼ -1 (-100%)
70neconyd 1 ▲ new
71quasar 1 ▼ -1 (-100%)
72Brazil 1 - 0 (0%)
73httpstcokPcnJbIwA 1 ▲ new
74httpstco 1 ▲ new
75SideCopy 1 ▲ new
76Chrome 1 ▼ -1 (-100%)
77APT28 1 ▲ new
78Cobalt 1 ▲ new
79Android 1 ▲ new
80VPN 1 ▲ new
81Java 1 ▼ -4 (-400%)
82Criminal 1 ▼ -3 (-300%)
83Smishing 1 ▲ new
84Trend Micro 1 ▲ new
85Japan 1 ▲ new
86VMware 1 ▲ new
87APT10 1 ▲ new
88hijack 1 - 0 (0%)
89ChinaLinked 1 ▲ new
90European 1 ▲ new
91diplomatic 1 ▲ new
92ANEL 1 ▲ new
93MirrorFace 1 ▲ new
94Operation 1 ▼ -1 (-100%)
95attack 1 ▼ -2 (-200%)
96Europe 1 - 0 (0%)
97Takedown 1 ▲ new
98Troj 1 ▲ new
99Malware download 1 ▲ new
100il 1 ▲ new
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
AsyncRAT
15 (21.7%)
NetWireRC
15 (21.7%)
Lumma
5 (7.2%)
AgentTesla
4 (5.8%)
XWorm
4 (5.8%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
MuddyWater
2 (40%)
SideCopy
1 (20%)
APT28
1 (20%)
Kimsuky
1 (20%)
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Campaign
7 (28%)
Phishing
5 (20%)
Stealer
3 (12%)
Backdoor
3 (12%)
Exploit
2 (8%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
Microsoft
3 (13%)
Russia
2 (8.7%)
Kaspersky
2 (8.7%)
United States
2 (8.7%)
China
2 (8.7%)
Malware Family
Top 5

A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.

Threat info
Last 5

SNS

(Total : 7)
  Total keyword

NetWireRC AsyncRAT Advertising AgentTesla Lumma XWorm Remcos Amadey Brazil DCRat Stealc Vidar c&c C2 IoC

No Title Date
1Konstantin Nikolenko @K_N1kolenko
#AsyncRAT #ioc 23.160.168.165:7097 31.57.97.8:3333 65.108.77.73:3899 101.99.94.33:4449 157.20.182.70:4449 185.158.248.103:4449 196.251.84.29:8848		2025.04.15
2ANY.RUN @anyrun_app
Top 10 last week's threats by uploads ???? ⬆️ #Lumma 644 (630) ⬆️ #Snake 513 (251) ⬆️ #Xworm 341 (305) ⬆️ #Agenttesla 326 (116) ⬆️ #Asyncrat 303 (165) ⬆️ #Remcos 203 (127) ⬇️ #Tofsee 194 (529) ⬆️ #Sality 151 (98) ⬆️ #Dcrat 132 (72) ⬇️ #Amadey 95 (146) Track them all: https://t.co/bNrGjS46DF		2025.04.14
3Szabolcs Schmidt @smica83
Looks like a low detected #AsyncRAT @abuse_ch https://t.co/kPcnJbIwA9 https://t.co/7gar67fioh		2025.04.14
4Szabolcs Schmidt @smica83
Low detected #AsyncRAT sample from Brazil @abuse_ch https://t.co/7LSPXYTSVJ @JAMESWT_WT https://t.co/qxySKxVSN8		2025.04.13
5ANY.RUN @anyrun_app
Top 10 last week's threats by uploads ???? ⬇️ #Lumma 630 (647) ⬆️ #Tofsee 529 (524) ⬇️ #Xworm 305 (789) ⬇️ #Snake 251 (376) ⬆️ #Neconyd 218 (36) ⬇️ #Asyncrat 165 (377) ⬇️ #Amadey 146 (962) ⬇️ #Remcos 127 (876) ⬇️ #Agenttesla 116 (145) ⬆️ #Quasar 111 (107) Track them all: https://t.co/YZHSMDShnC		2025.04.07

News

(Total : 8)
  Total keyword

AsyncRAT Malware NetWireRC Campaign Phishing Windows Attacker c&c IoC Stealer Email Microsoft Update EDR powershell Backdoor United States MuddyWater Cobalt Strike Advertising Education target Exploit GameoverP2P Report Trojan Linux intelligence DYEPACK Ransomware Kaspersky Russia China Lumma Victim RAT ESET Cobalt Rhadamanthys DarkGate Stealc CrowdStrike Germany hacking Firefox Chrome Vulnerability ReverseRAT Iran Government XWorm India Distribution Vawtrak SideCopy SideWinder Remote Code Execution ActionRAT VBScript Smishing Trend Micro Japan VMware Android APT10 Java Operation attack Europe Criminal VPN Social Engineering Vidar Kimsuky APT28 UN Takedown AgentTesla hijack ...

No Title Date
1How Indicators of Compromise, Attack, and Behavior Help Spot and Stop Cyber Threats - Malware.News2025.04.16
2파키스탄 연계 해킹 그룹, 인도 정부·국방·해양 집중 공격 - 시큐리티팩트2025.04.14
3Operation HollowQuill: Malware delivered into Russian R&D Networks via Research Decoy PDFs - Malware.News2025.03.31
4ClickFix: Another Deceptive Social Engineering Technique - Malware.News2025.03.28
5Nuova ondata malevola via PEC: MintsLoader ora distribuisce AsyncRat - Malware.News2025.03.26

Additional information

Level Description
danger File has been identified by 55 AntiVirus engines on VirusTotal as malicious
No Category URL CC ASN Co Date
1c2http://45.81.115.40:1951/UA UAmeerfarbig GmbH & Co. KG2025.04.14
2c2http://185.7.214.181:1414/FR FRQual.it S.a.s.2025.04.11
3c2http://92.255.85.66:1414/RU RUComfortel Ltd.2025.04.07
4c2http://92.255.85.2:1414/RU RUComfortel Ltd.2025.04.07
5c2http://chyanarc.twilightparadox.com/2025.04.04
View only the last 5
No URL CC ASN Co Reporter Date
1http://147.45.221.109/Wcjeaqxsil.dat
AsyncRAT 		RU RUOOO FREEnet GroupJames_inthe_box2025.04.14
2https://deft-sherbet-caf052.netlify.app/spoofer.exe
AsyncRAT XwormRAT 		SG SGAMAZON-02abus3reports2025.04.13
3https://lumiraseo.com/download/payload.exe
AsyncRAT XwormRAT 		DE DE...abus3reports2025.04.13
4http://github.com/naruto3213213/111/raw/refs/heads/main/Host.exe
AsyncRAT XwormRAT 		US USMICROSOFT-CORP-MSN-AS-BLOCKabus3reports2025.04.13
5http://github.com/naruto3213213/111/raw/refs/heads/main/Fix.exe
AsyncRAT XwormRAT 		US USMICROSOFT-CORP-MSN-AS-BLOCKabus3reports2025.04.13
View only the last 5
Beta Service, If you select keyword, you can check detailed information.