popup

Cyber Threat Trends

  1. Day Week

conference CrowdStrike 북한

Summary: 2025/04/19 12:28

First reported date: 2017/11/13
Inquiry period : 2025/03/20 12:28 ~ 2025/04/19 12:28 (1 months), 8 search results

전 기간대비 13% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 IcedID Report Email Exploit intelligence 입니다.
악성코드 유형 TrickBot SmokeLoader SystemBC Pikabot BumbleBee Botnet FlawedAmmyy Dridex Houdini TA505 Evil Corp Wshrat LUNAR SPIDER Lobshot 도 새롭게 확인됩니다.
공격자 Volt Typhoon 도 새롭게 확인됩니다.
공격기술 RCE Backdoor Malvertising hijack 도 새롭게 확인됩니다.
기관 및 기업 Google Kaspersky Saudi Arabia Binance Sparrow Oracle Cisco Taiwan Australia Russia 도 새롭게 확인됩니다.
기타 Operation target Software SaudiArabia att 등 신규 키워드도 확인됩니다.

IcedID, also known as BokBot, is a modular banking trojan that targets user financial information and is capable of acting as a dropper for other malware

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/16 Threat actors misuse Node.js to deliver malware and other malicious payloads
    ㆍ 2025/04/11 DNS Response analysis with KQL: queries, answers, TTL, RTT & more
    ㆍ 2025/04/10 Operation Endgame follow-up cracks down on Smokeloader botnet


참고로 동일한 그룹의 악성코드 타입은 FormBook QakBot RedLine 등 101개 종이 확인됩니다.

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1IcedID 8 ▲ 1 (13%)
2Malware 7 - 0 (0%)
3Report 7 ▲ 1 (14%)
4Microsoft 5 ▼ -1 (-20%)
5Update 5 - 0 (0%)
6Windows 4 ▼ -1 (-25%)
7United States 4 ▼ -2 (-50%)
8Email 4 ▲ 2 (50%)
9Exploit 4 ▲ 1 (25%)
10Twitter 3 ▼ -2 (-67%)
11GameoverP2P 3 ▼ -3 (-100%)
12Advertising 3 - 0 (0%)
13intelligence 3 ▲ 2 (67%)
14c&c 3 ▼ -2 (-67%)
15LinkedIn 3 ▼ -3 (-100%)
16Vulnerability 3 ▼ -2 (-67%)
17Campaign 3 - 0 (0%)
18powershell 3 - 0 (0%)
19MFA 2 ▼ -1 (-50%)
20Google 2 ▲ new
21Operation 2 ▲ new
22WMI 2 - 0 (0%)
23target 2 ▲ new
24TrickBot 2 ▲ new
25Software 2 ▲ new
26RCE 2 ▲ new
27attack 2 ▲ 1 (50%)
28ZeroDay 2 ▲ 1 (50%)
29China 2 - 0 (0%)
30Browser 2 ▼ -1 (-50%)
31XDR 2 ▲ 1 (50%)
32Victim 2 - 0 (0%)
33Backdoor 2 ▲ new
34GitHub 2 ▼ -1 (-50%)
35Stealer 2 - 0 (0%)
36EDR 2 ▲ 1 (50%)
37Kaspersky 2 ▲ new
38Malvertising 1 ▲ new
39SaudiArabia 1 ▲ new
40Saudi Arabia 1 ▲ new
41att 1 ▲ new
42SmokeLoader 1 ▲ new
43SystemBC 1 ▲ new
44Java 1 ▼ -2 (-200%)
45Pikabot 1 ▲ new
46followup 1 ▲ new
47BumbleBee 1 ▲ new
48Cryptocurrency 1 ▼ -2 (-200%)
49IPv 1 ▲ new
50TTLs 1 ▲ new
51parsejson 1 ▲ new
52AdditionalFields 1 ▲ new
53VBScript 1 ▼ -1 (-100%)
54DNS 1 ▲ new
55Binance 1 ▲ new
56arrest 1 ▲ new
57Phishing 1 ▼ -4 (-400%)
58hijack 1 ▲ new
59Vawtrak 1 - 0 (0%)
60SSRF 1 - 0 (0%)
61Social Engineering 1 ▼ -1 (-100%)
62Endgame 1 ▲ new
63Botnet 1 ▲ new
64DoTNet 1 ▲ new
65United Kingd 1 ▲ new
66ESET 1 ▼ -1 (-100%)
67Sparrow 1 ▲ new
68FlawedAmmyy 1 ▲ new
69Dridex 1 ▲ new
70Cobalt Strike 1 ▲ new
71G 1 ▲ new
72Chrome 1 - 0 (0%)
73Houdini 1 ▲ new
74Oracle 1 ▲ new
75Cisco 1 ▲ new
76Cobalt 1 ▲ new
77MimiKatz 1 - 0 (0%)
78Meterpreter 1 ▲ new
79Volt Typhoon 1 ▲ new
80Zero Trust 1 - 0 (0%)
81Taiwan 1 ▲ new
82SMB 1 - 0 (0%)
83IoC 1 ▼ -3 (-300%)
84TA505 1 ▲ new
85Evil Corp 1 ▲ new
86Ransomware 1 - 0 (0%)
87Wshrat 1 ▲ new
88ChatGPT 1 ▲ new
89LUNAR SPIDER 1 ▲ new
90gang 1 ▲ new
91average 1 ▲ new
92SPIDER 1 ▲ new
93LUNAR 1 ▲ new
94eCrime 1 ▲ new
95Australia 1 ▲ new
96FIN11 1 ▲ new
97Lobshot 1 ▲ new
98Distribution 1 ▼ -2 (-200%)
99Russia 1 ▲ new
100IBM 1 ▲ new
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
IcedID
8 (26.7%)
GameoverP2P
3 (10%)
TrickBot
2 (6.7%)
SmokeLoader
1 (3.3%)
SystemBC
1 (3.3%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
Volt Typhoon
1 (100%)
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Exploit
4 (23.5%)
Campaign
3 (17.6%)
RCE
2 (11.8%)
Backdoor
2 (11.8%)
Stealer
2 (11.8%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
Microsoft
5 (20.8%)
United States
4 (16.7%)
Google
2 (8.3%)
China
2 (8.3%)
Kaspersky
2 (8.3%)
Malware Family
Top 5

A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.

Threat info
Last 5

SNS

(Total : 1)
  Total keyword

LUNAR SPIDER IcedID

No Title Date
1CrowdStrike @CrowdStrike
LUNAR SPIDER isn’t your average eCrime gang —they behave like a Silicon Valley startup. Testing. Innovating. Adapting fast. Hear how they fit into the global eCrime ecosystem on the latest episode of the Adversary Universe Podcast. ???????? https://t.co/VbFhkuUO5U https://t.co/LdWuGVpM6s		2025.03.31

News

(Total : 7)
  Total keyword

IcedID Malware Report Attacker Microsoft Update United States Exploit Windows Email intelligence Vulnerability Advertising Campaign LinkedIn Twitter GameoverP2P powershell c&c RCE WMI Operation target Kaspersky Backdoor Software EDR ZeroDay XDR attack TrickBot Google GitHub China MFA Victim Stealer Browser Vawtrak SmokeLoader Binance Cryptocurrency VBScript Phishing Social Engineering SystemBC SSRF Pikabot DoTNet BumbleBee hijack arrest Botnet Java DNS Malvertising Distribution Cisco Cobalt Strike Chrome Houdini Oracle Sparrow MimiKatz FlawedAmmyy Meterpreter Volt Typhoon Zero Trust Taiwan SMB IoC Dridex TA505 Saudi Arabia Wshrat ESET Ransomware ChatGPT Australia Lobshot Russia Cobalt IBM QRadar Security Suite LockBit Clop FIN11 Evil Corp

No Title Date
1Threat actors misuse Node.js to deliver malware and other malicious payloads - Malware.News2025.04.16
2DNS Response analysis with KQL: queries, answers, TTL, RTT & more - Malware.News2025.04.11
3Operation Endgame follow-up cracks down on Smokeloader botnet - Malware.News2025.04.10
4Stopping attacks against on-premises Exchange Server and SharePoint Server with AMSI - Malware.News2025.04.10
5Exploitation of CLFS zero-day leads to ransomware activity - Malware.News2025.04.09

Additional information

Level Description
watch File has been identified by 16 AntiVirus engines on VirusTotal as malicious
notice A process attempted to delay the analysis task.
notice Allocates read-write-execute memory (usually to unpack itself)
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice Performs some HTTP requests
notice The binary likely contains encrypted or compressed data indicative of a packer
notice Uses Windows utilities for basic Windows functionality
info Checks if process is being debugged by a debugger
info One or more processes crashed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info This executable has a PDB path
Network ET MALWARE Win32/IcedID Request Cookie
No Category URL CC ASN Co Date
1c2http://mistulinno.com/US USCLOUDFLARENET2023.10.20
2malicioushttp://89.147.111.46/gWUA/HU HUGelka Hirtech Kft2023.10.17
3c2http://aptekoagraliy.com/US USCLOUDFLARENET2023.10.17
4malicioushttp://155.138.164.116/RfOhPtl/JaZUS USAS-CHOOPA2023.10.03
5malicioushttp://155.138.160.67/fYYQ0/1JUS USAS-CHOOPA2023.10.03
View only the last 5
No URL CC ASN Co Reporter Date
1https://amtri.ma/opc/
IcedID TA577 TR zip 		MA MAHostoweb Ltd0x482153332023.11.29
2https://cavaempaque.com/sedx/
IcedID TR 		US USAS-TIERP-36024Cryptolaemus12023.11.28
3https://channeldistribution.net/evo/
IcedID TR 		US USHost Europe GmbHCryptolaemus12023.11.28
4https://bossajazzbrasil.com/iii/
IcedID TR 		US USUNIFIEDLAYER-AS-1Cryptolaemus12023.11.28
5https://crpao.ac.th/tade/
IcedID TR 		TH TH...Cryptolaemus12023.11.28
View only the last 5
Beta Service, If you select keyword, you can check detailed information.