Cyber Threat Trends

Summary: 2025/04/19 11:29

First reported date: 2020/05/15
Inquiry period : 2025/03/20 11:29 ~ 2025/04/19 11:29 (1 months), 2 search results

전 기간대비 신규 트렌드를 보이고 있습니다.
악성코드 유형 Dbatloader SmokeLoader Ransomware FakeUpdates ModiLoader GootLoader 도 새롭게 확인됩니다.
공격기술 Phishing Campaign MalSpam 도 새롭게 확인됩니다.
기관 및 기업 Taiwan 도 새롭게 확인됩니다.
기타 ThreatProtection attack Update Malware spyware 등 신규 키워드도 확인됩니다.

According to PCrisk, BATLOADER is part of the infection chain where it is used to perform the initial compromise. This malware is used to execute payloads like Ursnif. Our team has discovered BATLOADER after executing installers for legitimate software (such as Zoom, TeamViewer Visual Studio) bundled with this malware. We have found those installers on compromised websites. Ref.

참고로 동일한 그룹의 악성코드 타입은 SmokeLoader GuLoader Zloader 등 47개 종이 확인됩니다.

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	Dbatloader	2	▲ new
2	ThreatProtection	1	▲ new
3	SmokeLoader	1	▲ new
4	attack	1	▲ new
5	Update	1	▲ new
6	Phishing	1	▲ new
7	Ransomware	1	▲ new
8	FakeUpdates	1	▲ new
9	Malware	1	▲ new
10	spyware	1	▲ new
11	Endgame	1	▲ new
12	cybercrime	1	▲ new
13	Operation	1	▲ new
14	Europols	1	▲ new
15	Taiwan	1	▲ new
16	SCR	1	▲ new
17	ModiLoader	1	▲ new
18	Campaign	1	▲ new
19	MalSpam	1	▲ new
20	GootLoader	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
Dbatloader		2 (28.6%)
SmokeLoader		1 (14.3%)
Ransomware		1 (14.3%)
FakeUpdates		1 (14.3%)
ModiLoader		1 (14.3%)

Attacker & Actors

The status of the attacker or attack group being issued.

No data.

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Phishing		1 (33.3%)
Campaign		1 (33.3%)
MalSpam		1 (33.3%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
Taiwan		1 (100%)

Malware Family

Top 5

A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.

Threat info

Last 5

SNS

(Total : 2)

Total keyword

Dbatloader SmokeLoader attack Update Phishing Ransomware FakeUpdates Malware spyware Operation Taiwan ModiLoader Campaign MalSpam GootLoader

No	Title	Date
1	The Hacker News @TheHackersNews ???? Europol's Operation Endgame just busted 5+ SmokeLoader customers linked to ransomware, spyware, and crypto theft. Meanwhile, new malware loaders like ModiLoader, GootLoader, and FakeUpdates are hitting users with phishing, fake installs, and drive-by attacks. ???? Full story: https://t.co/tjA	2025.04.10
2	Threat Intelligence @threatintel #ThreatProtection Malspam campaign – ModiLoader deployed via .SCR in Taiwanese freight impersonation. https://t.co/tPoxqURxoG #Cybercrime #Cybersecurity	2025.04.07

News

(Total : 0)

No data.

Additional information

No	Title	Date
1	Tesla to Delay Production of Cheaper EVs, Reuters Reports - Bloomberg Technology	2025.04.19
2	When Vulnerability Information Flows are Vulnerable Themselves - Malware.News	2025.04.19
3	CISA warns threat hunting staff of end to Google, Censys contracts as agency cuts set in - Malware.News	2025.04.19
4	Radiology practice reportedly working with FBI after ‘data security incident’ - Malware.News	2025.04.19
5	Text scams grow to steal hundreds of millions of dollars - Malware.News	2025.04.19
View only the last 5

No	Title	Date
1	Warning Against ModiLoader (DBatLoader) Spreading via MS Windows CAB Header Batch File (*.cmd) - ASEC BLOG	2025.01.14
2	Phishing targeting Polish SMBs continues via ModiLoader - Eset	2024.07.30
3	CMD파일로 유포되는 DBatLoader - Ahnlab/ASEC	2024.06.21
4	ESRC 주간 Email 위협 통계 (5월 넷째주) - 이스트시큐리티 알약 블로그...	2024.05.21
5	ESRC 주간 Email 위협 통계 (5월 넷째주) - 이스트시큐리티 알약 블로그...	2024.05.21
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	po-docs-may24.exe Dbatloader UPX Malicious Library Admin Tool (Sysinternals etc ...) MZP Format PE File PE32	14d2501921d7cf94f36f5deb78c93982	41605	2023.05.25
2	dmwa.jpg Dbatloader Generic Malware Malicious Packer UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE32 PE Fi	dc71ed81724056f7ee199d098356e155	13753	2021.07.21

Level	Description
danger	File has been identified by 30 AntiVirus engines on VirusTotal as malicious
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	Performs some HTTP requests
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	One or more processes crashed
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)
info	The executable uses a known packer
Network	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

No data

No	URL	CC	ASN Co	Reporter	Date
1	https://cml.lk/doc/r.txt DBatLoader ModiLoader opendir rat RemcosRAT	SG	DIGITALOCEAN-ASN	abuse_ch	2025.04.17
2	https://link.storjshare.io/raw/jxhn64sg5f3hjwqbbctalsw4ivsa/office/r.txt DBatLoader Formbook ModiLoader	US	SPIRITTEL-AS	abuse_ch	2025.04.17
3	https://doc-sharepoint.nbcoiling.com/index.php/s/iRa8xZKGecLG8mZ/download/output.dat DBatLoader encrypted ModiLoader	US	CLOUDFLARENET	abuse_ch	2025.04.15
4	http://192.3.26.143/440/hkcmd.exe DBatLoader exe Formbook opendir	US	AS-COLOCROSSING	abuse_ch	2025.04.15
5	https://huadongrubbercable.com/customer-order/friday/r.txt ascii DBatLoader Encoded ModiLoader rat RemcosRAT	US	NAMECHEAP-NET	abuse_ch	2025.04.11
View only the last 5

Beta Service, If you select keyword, you can check detailed information.