popup

Cyber Threat Trends

  1. Day Week

conference CrowdStrike 북한

Summary: 2025/04/19 11:32

First reported date: 2014/08/08
Inquiry period : 2025/03/20 11:32 ~ 2025/04/19 11:32 (1 months), 37 search results

전 기간대비 16% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Cobalt Strike Campaign Backdoor China United States 입니다.
악성코드 유형 TONESHELL RATel SectopRAT BlackSuit AsyncRAT 도 새롭게 확인됩니다.
공격자 Tick Anonymous 도 새롭게 확인됩니다.
공격기술 Dropper 도 새롭게 확인됩니다.
기관 및 기업 Zscaler Türkiye 도 새롭게 확인됩니다.
기타 Anubis keylogger ThreatLabz Password StarProxy 등 신규 키워드도 확인됩니다.

Cobalt Strike is a legitimate penetration software toolkit developed by Forta. But its cracked versions are widely adopted by bad actors, who use it as a C2 system of choice for targeted attacks.  Ref.

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/18 Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
    ㆍ 2025/04/17 Unmasking the new XorDDoS controller and infrastructure
    ㆍ 2025/04/17 Chinese Hacker Group Mustang Panda Bypass EDR Detection With New Hacking Tools

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1Cobalt Strike 37 ▲ 6 (16%)
2Malware 25 - 0 (0%)
3Campaign 16 ▲ 4 (25%)
4Backdoor 15 ▲ 12 (80%)
5Report 13 ▼ -2 (-15%)
6China 13 ▲ 5 (38%)
7c&c 12 - 0 (0%)
8Windows 12 - 0 (0%)
9Victim 11 ▼ -1 (-9%)
10United States 11 ▲ 2 (18%)
11IoC 10 ▼ -1 (-10%)
12MUSTANG PANDA 10 ▲ 6 (60%)
13target 10 ▲ 3 (30%)
14Update 10 ▼ -1 (-10%)
15Cobalt 9 ▼ -8 (-89%)
16Mustang 8 ▲ 7 (88%)
17Operation 8 ▲ 6 (75%)
18Microsoft 8 - 0 (0%)
19Phishing 8 ▼ -1 (-13%)
20EDR 7 ▲ 2 (29%)
21FIN7 7 ▲ 4 (57%)
22Kaspersky 7 ▲ 5 (71%)
23FIN 7 ▲ 6 (86%)
24hacking 6 ▲ 2 (33%)
25Zscaler 6 ▲ new
26Anubis 6 ▲ new
27Russia 6 ▲ 3 (50%)
28TONESHELL 6 ▲ new
29GameoverP2P 6 ▲ 4 (67%)
30Panda 6 ▲ 5 (83%)
31NetWireRC 6 ▲ 3 (50%)
32Advertising 6 ▲ 1 (17%)
33Government 6 ▲ 4 (67%)
34attack 6 - 0 (0%)
35Trojan 5 ▲ 3 (60%)
36Taiwan 4 ▼ -1 (-25%)
37Linux 4 ▼ -1 (-25%)
38keylogger 4 ▲ new
39Criminal 4 ▲ 1 (25%)
40Stealer 4 ▲ 2 (50%)
41Ransomware 4 ▼ -4 (-100%)
42Email 4 ▲ 3 (75%)
43Education 3 ▲ 1 (33%)
44intelligence 3 ▼ -3 (-100%)
45threat 3 ▼ -1 (-33%)
46Türkiye 3 ▲ new
47Remote Code Execution 3 ▼ -2 (-67%)
48ThreatLabz 3 ▲ new
49RATel 3 ▲ new
50Android 3 ▼ -3 (-100%)
51hijack 3 ▲ 1 (33%)
52GitHub 3 ▼ -3 (-100%)
53Vulnerability 3 ▼ -6 (-200%)
54group 3 ▲ 2 (67%)
55Cisco 3 ▼ -2 (-67%)
56Germany 3 ▲ 1 (33%)
57powershell 3 ▼ -3 (-100%)
58MFA 3 ▼ -2 (-67%)
59Exploit 3 ▼ -8 (-267%)
60Password 3 ▲ new
61Chinese 2 - 0 (0%)
62StarProxy 2 ▲ new
63SectopRAT 2 ▲ new
64SplatCloak 2 ▲ new
65Chinalinked 2 ▲ new
66United Kingdom 2 - 0 (0%)
67Earth 2 ▲ new
68Alux 2 ▲ new
69securityaffairs 2 ▲ new
70full 2 ▲ new
71UNIX 2 ▲ new
72Canada 2 ▲ 1 (50%)
73APT41 2 ▼ -2 (-100%)
74ZeroDay 2 ▲ 1 (50%)
75Tick 2 ▲ new
76Anonymous 2 ▲ new
77Sliver 2 ▲ new
78VirusTotal 2 - 0 (0%)
79Social Engineering 2 - 0 (0%)
80BlackSuit 2 ▲ new
81India 2 - 0 (0%)
82Browser 2 - 0 (0%)
83Russian 2 ▲ new
84France 2 - 0 (0%)
85APT 2 ▲ 1 (50%)
86Software 2 ▼ -3 (-150%)
87Cryptocurrency 2 - 0 (0%)
88Australia 2 ▼ -1 (-50%)
89MWNEWS 2 ▲ 1 (50%)
90Telegram 2 ▼ -2 (-100%)
91Distribution 2 - 0 (0%)
92Dropper 2 ▲ new
93Malware download 2 ▲ 1 (50%)
94AsyncRAT 2 ▲ new
95Chrome 2 - 0 (0%)
96W 1 ▲ new
97C2 1 ▲ new
98RAT 1 - 0 (0%)
99Opera 1 - 0 (0%)
100njRAT 1 ▲ new
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
TONESHELL
6 (14.6%)
GameoverP2P
6 (14.6%)
NetWireRC
6 (14.6%)
Trojan
5 (12.2%)
Ransomware
4 (9.8%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
Tick
2 (40%)
Anonymous
2 (40%)
MuddyWater
1 (20%)
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Campaign
16 (25%)
Backdoor
15 (23.4%)
Phishing
8 (12.5%)
hacking
6 (9.4%)
Stealer
4 (6.3%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
China
13 (14.3%)
United States
11 (12.1%)
Microsoft
8 (8.8%)
Kaspersky
7 (7.7%)
Zscaler
6 (6.6%)
Threat info
Last 5

SNS

(Total : 15)
  Total keyword

Cobalt Strike MUSTANG PANDA Backdoor Malware Windows FIN7 hacking Zscaler Report Campaign Cobalt Russia keylogger Kaspersky attack China TONESHELL EDR iocs Intelligence APT41 Beacon Chinese APT RATel DoTNet Dropper Ransomware BlackSuit IDATLoader SectopRAT Update Spain Phishing Operation Password IoC

No Title Date
1Kimberly @StopMalvertisin
Dark Reading | Chinese APT Mustang Panda Debuts 4 New Attack Tools https://t.co/5k6cmxR5ag		2025.04.18
2ANY.RUN @anyrun_app
???? Explore Threat Intelligence Reports from #ANYRUN. Discover detailed research on active cyber threats and APTs with actionable insights, #IOCs, & #TTPs. Enrich proactive security, report on #APT41 inside ???? https://t.co/ZkhxJ3hf17		2025.04.18
3Kimberly @StopMalvertisin
NVISO Labs | Crisis Management – Beacon in the Storm https://t.co/38lUEOpj4p		2025.04.17
4Virus Bulletin @virusbtn
Zscaler researchers present the second part of a series on Mustang Panda tools. This time they analyse two new keyloggers, PAKLOG and CorKLOG, as well as an EDR evasion driver (SplatCloak). https://t.co/ni8tV0XVIH https://t.co/841bhFetTp		2025.04.17
5Cyber_OSINT @Cyber_O51NT
Mustang Panda: PAKLOG, CorKLOG, and SplatCloak | ThreatLabz https://t.co/5zZoo2hTWn		2025.04.17

News

(Total : 22)
  Total keyword

Cobalt Strike Malware Campaign Attacker c&c United States Victim China Report target Update IoC Backdoor Microsoft Windows Phishing Operation Government GameoverP2P NetWireRC Advertising Cobalt Kaspersky Trojan EDR Email Stealer attack Russia TONESHELL Linux Taiwan MUSTANG PANDA Criminal Android Zscaler hijack Education Germany Remote Code Execution Vulnerability FIN7 Cisco GitHub powershell MFA Exploit hacking Ransomware Türkiye Cryptocurrency intelligence Social Engineering keylogger UNIX India VirusTotal Chrome RATel ZeroDay Tick France Anonymous Sliver Canada United Kingdom Telegram Password Distribution Browser Australia Software AsyncRAT Chinese McAfee Dropper Police MuddyWater ZXShell Iran arrest Lumma NirCmd Akamai Okta Accenture KrakenKeylogger ...

No Title Date
1Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates - The Hacker News2025.04.18
2Unmasking the new XorDDoS controller and infrastructure - Malware.News2025.04.17
3Chinese Hacker Group Mustang Panda Bypass EDR Detection With New Hacking Tools - Malware.News2025.04.17
4Wars without Gun Smoke: China Plays the Cyber Name-and-Shame Game on Taiwan and the U.S - Malware.News2025.04.17
5Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2 - Malware.News2025.04.17

Additional information

Level Description
danger Executed a process and injected code into it
warning File has been identified by 27 AntiVirus engines on VirusTotal as malicious
watch Allocates execute permission to another process indicative of possible code injection
watch Detects Avast Antivirus through the presence of a library
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
watch Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice Allocates read-write-execute memory (usually to unpack itself)
notice Foreign language identified in PE resource
notice One or more potentially interesting buffers were extracted
notice The binary likely contains encrypted or compressed data indicative of a packer
notice Yara rule detected in process memory
info Checks if process is being debugged by a debugger
info This executable has a PDB path
No data
No URL CC ASN Co Reporter Date
1http://gh-hr.cn/beacon.exe
Cobalt strike CobaltStrike exe 		CN CN...DonPasci2025.01.17
2http://39.107.254.213/beacon.exe
Cobalt strike CobaltStrike 		CN CN...lontze72025.01.16
3http://106.53.83.169/beacon.exe
c2 Cobalt strike 		CN CN...lontze72025.01.13
4http://zzz.hnyzh.co/beacon_x86.exe
Cobalt strike CobaltStrike 		US USPONYNETlontze72025.01.10
5http://zzz.hnyzh.co/beacon_x64.exe
Cobalt strike CobaltStrike 		US USPONYNETlontze72025.01.10
View only the last 5
Beta Service, If you select keyword, you can check detailed information.