popup

Cyber Threat Trends

  1. Day Week

conference CrowdStrike 북한

Summary: 2025/04/19 11:22

First reported date: 2007/12/04
Inquiry period : 2025/03/20 11:22 ~ 2025/04/19 11:22 (1 months), 17 search results

전 기간대비 -235% 낮은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Linux Mirai Advertising Cryptocurrency Cryptocurrency Miner 입니다.
악성코드 유형 SmokeLoader BumbleBee Pikabot TrickBot IcedID RATel 도 새롭게 확인됩니다.
공격기술 Hijacking RCE 도 새롭게 확인됩니다.
기관 및 기업 US South Korea 도 새롭게 확인됩니다.
기타 arrest GorillaBot SSH Outlaw ALERT 등 신규 키워드도 확인됩니다.

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/10 Operation Endgame follow-up cracks down on Smokeloader botnet
    ㆍ 2025/04/10 Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence
    ㆍ 2025/04/03 Additional details on Outlaw Linux cryptomining botnet emerge


참고로 동일한 그룹의 악성코드 타입은 PingPull Prometei Mirai 등 9개 종이 확인됩니다.

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1Botnet 17 ▼ -40 (-235%)
2Malware 11 ▼ -12 (-109%)
3target 7 ▼ -2 (-29%)
4attack 6 ▼ -12 (-200%)
5Linux 6 ▲ 5 (83%)
6Mirai 4 ▲ 3 (75%)
7Advertising 4 ▲ 1 (25%)
8DDoS 4 ▼ -4 (-100%)
9United States 4 ▼ -1 (-25%)
10Report 4 ▼ -7 (-175%)
11Remote Code Execution 3 ▼ -5 (-167%)
12Operation 3 ▼ -3 (-100%)
13Cryptocurrency 3 ▲ 2 (67%)
14IoC 3 ▼ -1 (-33%)
15Cryptocurrency Miner 3 ▲ 2 (67%)
16Phishing 3 ▼ -2 (-67%)
17Hijacking 2 ▲ new
18hijack 2 ▲ 1 (50%)
19DarkWeb 2 ▼ -2 (-100%)
20SmokeLoader 2 ▲ new
21arrest 2 ▲ new
22GorillaBot 2 ▲ new
23SSH 2 ▲ new
24intelligence 2 ▼ -5 (-250%)
25Windows 2 - 0 (0%)
26Government 2 ▼ -2 (-100%)
27Exploit 2 ▼ -6 (-300%)
28Outlaw 2 ▲ new
29Criminal 2 ▼ -3 (-150%)
30Campaign 2 ▼ -5 (-250%)
31c&c 2 ▼ -3 (-150%)
32Software 2 - 0 (0%)
33Victim 2 - 0 (0%)
34Email 2 ▼ -2 (-100%)
35Stealer 2 ▲ 1 (50%)
36Update 1 ▼ -8 (-800%)
37Distribution 1 ▼ -2 (-200%)
38ALERT 1 ▲ new
39Sandbox 1 ▲ new
40ANY 1 ▲ new
41TI 1 ▲ new
42Lookup 1 ▲ new
43Password 1 ▼ -9 (-900%)
44SHODAN 1 - 0 (0%)
45flaxtyphoon 1 ▲ new
46Ubuntu 1 ▲ new
47YouTube 1 ▲ new
48US 1 ▲ new
49Forensics 1 ▲ new
50Stressor 1 ▲ new
51Claims 1 ▼ -1 (-100%)
52tool 1 ▲ new
53TeamR 1 ▲ new
54mining 1 ▲ new
55RCE 1 ▲ new
56Targets 1 ▼ -1 (-100%)
57followup 1 ▲ new
58Evidence 1 ▲ new
59Endgame 1 ▲ new
60BumbleBee 1 ▲ new
61Pikabot 1 ▲ new
62Flax 1 ▲ new
63TrickBot 1 ▲ new
64Typhoon 1 ▲ new
65SystemBC 1 - 0 (0%)
66IcedID 1 ▲ new
67mid 1 ▲ new
68Database 1 ▲ new
69Additional 1 ▲ new
70Seized 1 ▲ new
71Africa 1 ▼ -1 (-100%)
72Europol 1 ▲ new
73South Korea 1 ▲ new
74XorDDoS 1 ▲ new
75DVR 1 ▲ new
76TVT 1 ▲ new
77surge 1 ▲ new
78Variant 1 ▼ -2 (-200%)
79emerge 1 ▲ new
80Cobalt Strike 1 - 0 (0%)
81Dropper 1 - 0 (0%)
82Unparalleled 1 ▲ new
83Badbox 1 ▼ -3 (-300%)
84packet 1 ▲ new
85C2 1 - 0 (0%)
86Kubernetes 1 ▲ new
87Honeynet 1 - 0 (0%)
88Education 1 ▲ new
89LinkedIn 1 - 0 (0%)
90RATel 1 ▲ new
91infizierte 1 ▲ new
92Eine 1 ▲ new
93Million 1 - 0 (0%)
94C 1 ▲ new
95analysis 1 ▲ new
96Spear Phishing 1 - 0 (0%)
97Trojan 1 ▼ -2 (-200%)
98Google 1 ▼ -3 (-300%)
99Browser 1 ▼ -1 (-100%)
100Opera 1 ▲ new
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
Botnet
17 (50%)
Mirai
4 (11.8%)
Cryptocurrency Miner
3 (8.8%)
SmokeLoader
2 (5.9%)
BumbleBee
1 (2.9%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
DDoS
4 (17.4%)
Remote Code Execution
3 (13%)
Phishing
3 (13%)
Hijacking
2 (8.7%)
hijack
2 (8.7%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
United States
4 (25%)
Government
2 (12.5%)
US
1 (6.3%)
Africa
1 (6.3%)
South Korea
1 (6.3%)
Malware Family
Top 5

A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.

Threat info
Last 5

SNS

(Total : 8)
  Total keyword

botnet DDoS Malware Hijacking Mirai Exploit United States Government hijack DarkWeb Linux target RCE attack Docker DVR US Report South Korea Africa Distribution Advertising Android Dropper Java Interception USA Operation

No Title Date
1The Hacker News @TheHackersNews
???? New XorDDoS Variant Targets U.S. Servers! The malware is now hijacking Docker and Linux systems via SSH brute-force attacks. A new “VIP” controller spotted in 2024 suggests it’s being sold as a service, expanding botnet operations. Full story → https://t.co/bEjHFJRUcW		2025.04.18
2Cyber_OSINT @Cyber_O51NT
A report reveals that the Flax Typhoon botnet, identified in mid-2021, is linked to cyber activities across Malaysia, Laos, South Korea, the US, and parts of Africa. #CyberSecurity #FlaxTyphoon https://t.co/edHOjzyZwA		2025.04.18
3BleepingComputer @BleepinComputer
New Mirai botnet behind surge in TVT DVR exploitation - @billtoulas https://t.co/q6rHcqO0fV https://t.co/q6rHcqO0fV		2025.04.08
4The Hacker News @TheHackersNews
???? New Linux botnet ALERT! Outlaw—a Romanian-linked group—is actively hijacking SSH servers to mine crypto via auto-spreading malware. – Targets servers with weak SSH creds – Uses BLITZ to self-propagate – Installs SHELLBOT for remote control, DDoS, and data theft – Exploits https://t.co/6sA1QGH		2025.04.02
5Dark Web Intelligence @DailyDarkWeb
#USA ???????? - Team R70 Boasts About "Unparalleled" Cyber Weapon The threat actor claims to have developed an "unparalleled" botnet stresser capable of attacking government websites, banks, and airports. #darkweb #cybersecurity #infosec https://t.co/eFJDKs9Nxn		2025.04.02

News

(Total : 9)
  Total keyword

Botnet Malware target attack Linux Remote Code Execution Cryptocurrency Miner Phishing IoC Cryptocurrency Advertising Report Software SmokeLoader Operation Mirai Windows Email arrest intelligence Campaign c&c Stealer Criminal Victim United States Update Password SHODAN YouTube Ubuntu Forensics DDoS Cobalt Strike BumbleBee Pikabot TrickBot SystemBC IcedID Kaspersky Google Spear Phishing Trojan Browser RATel Opera Microsoft Edge Chrome Discord Telegram Microsoft LinkedIn WAF Attacker IoT Takedown GitHub China North Korea VMware Russia Education PIZZO SPIDER C2 Kubernetes Honeynet

No Title Date
1Operation Endgame follow-up cracks down on Smokeloader botnet - Malware.News2025.04.10
2Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence - The Hacker News2025.04.10
3Additional details on Outlaw Linux cryptomining botnet emerge - Malware.News2025.04.03
4How to Hunt and Investigate Linux Malware - Malware.News2025.04.02
5Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers - The Hacker News2025.04.02

Additional information

Level Description
watch Communicates with host for which no DNS query was performed
watch Resumed a suspended thread in a remote process potentially indicative of process injection
notice Allocates read-write-execute memory (usually to unpack itself)
notice An application raised an exception which may be indicative of an exploit crash
notice Performs some HTTP requests
notice Uses Windows utilities for basic Windows functionality
notice Yara rule detected in process memory
info One or more processes crashed
Network ET POLICY Executable and linking format (ELF) file download
No Category URL CC ASN Co Date
1c2http://f.codingdrunk.cc/SG SGAS-CHOOPA2023.10.06
2c2http://sms.codingdrunk.cc/2023.10.06
3c2http://fuckyounigger.8x19.com/2023.03.20
No URL CC ASN Co Reporter Date
1http://196.189.108.143:38244/Mozi.m
botnet iot Mozi 		ET ET...iLikeMalware2025.04.17
2http://177.92.240.168:52658/Mozi.m
botnet iot Mozi 		BR BR...iLikeMalware2025.04.17
3http://222.127.237.115:52061/Mozi.m
botnet iot mirai Mozi 		PH PHGlobe Telecom Inc.iLikeMalware2025.04.16
4http://138.204.196.254:60966/Mozi.m
botnet iot mirai Mozi 		BR BRIUB Telecom LtdaiLikeMalware2025.04.16
5http://77.247.88.103:33472/Mozi.m
botnet Mozi 		AL ALTele.Co.Albania SHPKiLikeMalware2025.04.15
View only the last 5
Beta Service, If you select keyword, you can check detailed information.