popup

Cyber Threat Trends

  1. Day Week

conference CrowdStrike 북한

Summary: 2025/04/17 13:19

First reported date: 2011/04/26
Inquiry period : 2025/03/18 13:19 ~ 2025/04/17 13:19 (1 months), 94 search results

전 기간대비 44% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Chrome Google Browser Malware Exploit 입니다.
공격자 SideCopy 도 새롭게 확인됩니다.
공격기술 RCE 도 새롭게 확인됩니다.
기관 및 기업 China India Recorded Future Fortinet 도 새롭게 확인됩니다.
기타 Operation Kritische EDR sophisticated mozilla 등 신규 키워드도 확인됩니다.

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/17 Hi, robot: Half of all internet traffic now automated
    ㆍ 2025/04/17 IT Sicherheitsnews taegliche Zusammenfassung 2025-04-16 18h : 7 posts
    ㆍ 2025/04/17 Advanced KQL Deep Dive: User State Change Tracking

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1Chrome 94 ▲ 41 (44%)
2Google 62 ▲ 28 (45%)
3Browser 37 ▲ 23 (62%)
4Malware 34 ▲ 12 (35%)
5Exploit 34 ▲ 28 (82%)
6Update 31 ▲ 19 (61%)
7ZeroDay 28 ▲ 26 (93%)
8Windows 25 ▲ 15 (60%)
9target 23 ▲ 18 (78%)
10attack 22 ▲ 17 (77%)
11Campaign 22 ▲ 11 (50%)
12Vulnerability 18 ▲ 15 (83%)
13Kaspersky 17 ▲ 15 (88%)
14Operation 15 ▲ new
15Firefox 14 ▲ 4 (29%)
16Victim 14 ▲ 5 (36%)
17Email 13 ▲ 8 (62%)
18Phishing 13 ▲ 6 (46%)
19Microsoft 13 ▲ 1 (8%)
20Advertising 10 - 0 (0%)
21Remote Code Execution 10 ▲ 6 (60%)
22Russia 10 ▲ 8 (80%)
23IoC 9 ▲ 2 (22%)
24Report 9 ▼ -2 (-22%)
25United States 8 ▲ 4 (50%)
26Criminal 8 ▲ 1 (13%)
27Government 8 ▲ 5 (63%)
28Education 8 ▲ 5 (63%)
29Stealer 7 ▼ -3 (-43%)
30Trojan 7 ▲ 4 (57%)
31c&c 7 ▲ 1 (14%)
32Software 6 ▲ 1 (17%)
33powershell 6 ▲ 1 (17%)
34Microsoft Edge 6 ▼ -1 (-17%)
35Kritische 5 ▲ new
36EDR 5 ▲ new
37hacking 5 - 0 (0%)
38advisory 5 ▲ 2 (40%)
39sophisticated 5 ▲ new
40Mehrere 5 - 0 (0%)
41Schwachstellen 5 ▼ -5 (-100%)
42mozilla 5 ▲ new
43hijack 5 ▲ 4 (80%)
44intelligence 5 ▲ 4 (80%)
45Apple 5 ▲ 4 (80%)
46Edge 5 ▲ 1 (20%)
47Ransomware 5 ▲ 2 (40%)
48Targeted 4 ▲ new
49Exploited 4 ▲ new
50Urgent 4 ▲ new
51last 4 ▲ 3 (75%)
52Schwachstelle 4 ▲ new
53China 4 ▲ new
54Sicherheitsnews 4 ▲ 2 (50%)
55amp 4 ▲ new
56taegliche 4 ▲ 2 (50%)
57MFA 4 ▲ 2 (50%)
58googlechrome 4 ▲ new
59Zusammenfassung 4 ▲ 2 (50%)
60flaw 3 ▲ new
61ForumTroll 3 ▲ new
62North Korea 3 ▲ 2 (67%)
63Distribution 3 - 0 (0%)
64threat 3 ▲ new
65unknown 3 ▲ new
66Linux 3 ▲ new
67Password 3 ▼ -1 (-33%)
68Safari 3 - 0 (0%)
69RCE 3 ▲ new
70Android 3 ▲ 1 (33%)
71Takedown 3 ▲ 2 (67%)
72fingerprint 3 ▲ new
73von 3 ▲ new
74India 3 ▲ new
75MacOS 3 ▲ new
76ChatGPT 3 ▲ new
77Cryptocurrency 3 - 0 (0%)
78Lenovo 3 ▲ 2 (67%)
79Sicherheitslücke 3 ▲ new
80Telegram 3 ▲ 1 (33%)
81ermöglicht 2 ▲ new
82GitHub 2 - 0 (0%)
83Recorded Future 2 ▲ new
84Future 2 ▲ new
85Recorded 2 ▲ new
86Record 2 ▲ new
87Fortinet 2 ▲ new
88Webbrowser 2 ▲ new
89Codeausführung 2 ▲ new
90Cobalt Strike 2 - 0 (0%)
91RAT 2 ▼ -2 (-100%)
92Umgehen 2 ▲ new
93CVE 2 ▲ new
94start 2 ▲ new
95first 2 ▲ new
96securityaffairs 2 ▲ new
97Cisco 2 - 0 (0%)
98SideCopy 2 ▲ new
99NetWireRC 2 ▼ -8 (-400%)
100payment 2 ▲ 1 (50%)
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
Trojan
7 (41.2%)
Ransomware
5 (29.4%)
RAT
2 (11.8%)
Clop
2 (11.8%)
Vawtrak
1 (5.9%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
SideCopy
2 (50%)
Kimsuky
2 (50%)
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Exploit
34 (32.4%)
Campaign
22 (21%)
Phishing
13 (12.4%)
Remote Code Execution
10 (9.5%)
Stealer
7 (6.7%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
Google
62 (40.8%)
Kaspersky
17 (11.2%)
Microsoft
13 (8.6%)
Russia
10 (6.6%)
United States
8 (5.3%)
Threat info
Last 5

SNS

(Total : 32)
  Total keyword

Chrome ZeroDay Exploit Google Kaspersky target attack Browser Operation Vulnerability Education Campaign Government Russia Victim EDR Targeted Update Windows Apple Takedown Firefox Recorded Future CVE hacking Vawtrak Fortinet Remote Code Execution APT Android Kubernetes Malware Spain hijack Türkiye Phishing

No Title Date
1MalwareHunterTeam @malwrhunterteam
"Chrome.apk": 47fb7c6c96b036ce50b6dca26157f6ac4d7b40c1059114b6b7d8eefa9c435eff From: https://www.navegador-update.com/download.php https://t.co/E3y8exqGSG		2025.04.14
2BleepingComputer @BleepinComputer
Chrome 136 fixes 20-year browser history privacy risk - @billtoulas https://t.co/j4yUJlZxrD https://t.co/j4yUJlZxrD		2025.04.13
3BleepingComputer @BleepinComputer
These refurbished Lenovo Chromebooks are now $80 https://t.co/y0GQcYkpsO https://t.co/y0GQcYkpsO		2025.04.11
4BleepingComputer @BleepinComputer
Refurbished touchscreen Lenovo Chromebooks for $75, fewer than 50 left https://t.co/x56Un0fwH2 https://t.co/x56Un0fwH2		2025.04.10
5Kaspersky @kaspersky
#Google enables fingerprint tracking. #Edge & #Chrome cripple ad blockers. #Mozilla's new terms raise red flags. Meanwhile, #Apple watches from the sidelines. ????️ So what’s the safest browser in 2025? We break down the risks—and how to stay protected. ????️ Read more: https://t.co/PoDJAjoLsI		2025.04.08

News

(Total : 62)
  Total keyword

Chrome Google Malware Browser Update Windows Exploit Campaign target Attacker Microsoft attack Email Vulnerability ZeroDay Phishing Firefox Victim Advertising Remote Code Execution IoC Operation Report Criminal United States Kaspersky c&c Stealer Trojan Microsoft Edge Software powershell Ransomware intelligence Russia hijack China MFA North Korea Government Linux MacOS hacking RCE Education Safari Password ChatGPT Distribution India Cryptocurrency Telegram Naver Kimsuky Android Backdoor Facebook South Korea MalSpam iPhone Red Team DNS VBScript Cisco Cobalt Strike Apple GitHub Banking Check Point arrest VirusTotal Clop Opera RAT SideCopy payment ...

No Title Date
1Hi, robot: Half of all internet traffic now automated - Malware.News2025.04.17
2IT Sicherheitsnews taegliche Zusammenfassung 2025-04-16 18h : 7 posts - IT Sicherheitsnews2025.04.17
3Advanced KQL Deep Dive: User State Change Tracking - Malware.News2025.04.17
4Webbrowser: Kritische Sicherheitslücke in Chrome abgedichtet - IT Sicherheitsnews2025.04.17
5Google dichtet kritische Sicherheitslücke in Chrome ab - IT Sicherheitsnews2025.04.17

Additional information

No Request Hash(md5) Report No Date
1 remcos_a.exe
Client SW User Data Stealer Backdoor RemcosRAT Browser Login Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library Malicious Packer UPX Create Service Socket Escalate priviledges PWS Sniff Audio DNS Interne 		e3aecc3188eac24edb8e34f5044b3a6a589982025.04.14
2 pdf.ps1
Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Hide_EXE Generic Malware Google Chrome User Data Downloader Malicious Library .NET framework(MSIL) Antivirus Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Inte 		642647cf863119977d7bd52e848e0cfe583952025.03.31
3 kent.ps1
Client SW User Data Stealer Backdoor RemcosRAT Formbook browser info stealer Hide_EXE Generic Malware Google Chrome User Data Downloader Malicious Library Confuser .NET Antivirus Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Co 		432719ce1459add67ebe4c01b47310f2580592025.03.13
4 nyoilsafkjawd.exe
Client SW User Data Stealer Backdoor RemcosRAT Browser Login Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library Malicious Packer UPX Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio 		0bea38a3f664f5c8d72ab74db022aacd580452025.03.12
5 crossings.exe
Client SW User Data Stealer Backdoor RemcosRAT Browser Login Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library Malicious Packer UPX Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio 		db59bfef32bc15d53bdf499dd1ae62c4580442025.03.12
View only the last 5
Level Description
danger File has been identified by 66 AntiVirus engines on VirusTotal as malicious
danger The process wscript.exe wrote an executable file to disk which it then attempted to execute
danger Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
danger Executed a process and injected code into it
warning Disables Windows Security features
watch Communicates with host for which no DNS query was performed
watch Installs itself for autorun at Windows startup
watch One or more non-whitelisted processes were created
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
watch Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice A process attempted to delay the analysis task.
notice A process created a hidden window
notice Checks whether any human activity is being performed by constantly checking whether the foreground window changed
notice Creates a suspicious process
notice Creates executable files on the filesystem
notice Drops a binary and executes it
notice Drops an executable to the user AppData folder
notice One or more potentially interesting buffers were extracted
notice Terminates another process
notice Uses Windows utilities for basic Windows functionality
notice Yara rule detected in process memory
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Command line console output was observed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
No data
No URL CC ASN Co Reporter Date
1http://104.161.23.254/ChromeSetup.exe
chrome malformed 		US USSSASN2abus3reports2024.05.23
2http://94.156.6.89/chrome.apk
apk android chrome 		BG BGNET1 Ltd.anonymous2023.09.29
Beta Service, If you select keyword, you can check detailed information.