Summary: 2025/04/19 11:32
First reported date: 2019/10/14
Inquiry period : 2025/03/20 11:32 ~ 2025/04/19 11:32 (1 months), 1 search results
전 기간대비 신규 트렌드를 보이고 있습니다.
악성코드 유형 FormBook DYEPACK Xloader GameoverP2P RecordBreaker RedLine Nanocore Raccoon Remcos Emotet 도 새롭게 확인됩니다.
공격기술 Stealer Campaign Phishing 도 새롭게 확인됩니다.
기관 및 기업 Microsoft United States 도 새롭게 확인됩니다.
기타 IoC Education Windows Linux powershell 등 신규 키워드도 확인됩니다.
This malware is a successor to Raccoon Stealer (also referred to as Raccoon Stealer 2.0), which is however a full rewrite in C/C++. Ref.
* 최근 뉴스기사 Top3:
ㆍ 2025/04/08 How MSSP Expertware Uses ANY.RUN’s Interactive Sandbox for Faster Threat Analysis
참고로 동일한 그룹의 악성코드 타입은 FormBook QakBot RedLine 등 101개 종이 확인됩니다.
Trend graph by period
Related keyword cloud
Top 100| # | Trend | Count | Comparison |
|---|---|---|---|
| 1 | FormBook | 1 | ▲ new |
| 2 | IoC | 1 | ▲ new |
| 3 | Education | 1 | ▲ new |
| 4 | Windows | 1 | ▲ new |
| 5 | Linux | 1 | ▲ new |
| 6 | Stealer | 1 | ▲ new |
| 7 | DYEPACK | 1 | ▲ new |
| 8 | Xloader | 1 | ▲ new |
| 9 | GameoverP2P | 1 | ▲ new |
| 10 | Microsoft | 1 | ▲ new |
| 11 | RecordBreaker | 1 | ▲ new |
| 12 | powershell | 1 | ▲ new |
| 13 | c&c | 1 | ▲ new |
| 14 | United States | 1 | ▲ new |
| 15 | RedLine | 1 | ▲ new |
| 16 | Campaign | 1 | ▲ new |
| 17 | Report | 1 | ▲ new |
| 18 | Phishing | 1 | ▲ new |
| 19 | Android | 1 | ▲ new |
| 20 | Malware | 1 | ▲ new |
| 21 | Cobalt Strike | 1 | ▲ new |
| 22 | Nanocore | 1 | ▲ new |
| 23 | Raccoon | 1 | ▲ new |
| 24 | Remcos | 1 | ▲ new |
| 25 | Malware download | 1 | ▲ new |
| 26 | Emotet | 1 | ▲ new |
| 27 | Advertising | 1 | ▲ new |
Special keyword group
Top 5
Malware Type
This is the type of malware that is becoming an issue.
| Keyword | Average | Label |
|---|---|---|
| FormBook |
|
1 (10%) |
| DYEPACK |
|
1 (10%) |
| Xloader |
|
1 (10%) |
| GameoverP2P |
|
1 (10%) |
| RecordBreaker |
|
1 (10%) |
Attacker & Actors
The status of the attacker or attack group being issued.
No data.
Country & Company
This is a country or company that is an issue.
| Keyword | Average | Label |
|---|---|---|
| Microsoft |
|
1 (50%) |
| United States |
|
1 (50%) |
Malware Family
Top 5
A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.
Threat info
Last 5SNS
(Total : 0)No data.
News
(Total : 1)FormBook IoC Education Windows Linux Stealer DYEPACK Xloader GameoverP2P Microsoft RecordBreaker powershell c&c United States RedLine Campaign Report Phishing Android Malware Cobalt Strike Nanocore Raccoon Remcos Emotet Advertising
| No | Title | Date |
|---|---|---|
| 1 | How MSSP Expertware Uses ANY.RUN’s Interactive Sandbox for Faster Threat Analysis - Malware.News | 2025.04.08 |
Additional information
| No | Title | Date |
|---|---|---|
| 1 | Tesla to Delay Production of Cheaper EVs, Reuters Reports - Bloomberg Technology | 2025.04.19 |
| 2 | When Vulnerability Information Flows are Vulnerable Themselves - Malware.News | 2025.04.19 |
| 3 | CISA warns threat hunting staff of end to Google, Censys contracts as agency cuts set in - Malware.News | 2025.04.19 |
| 4 | Radiology practice reportedly working with FBI after ‘data security incident’ - Malware.News | 2025.04.19 |
| 5 | Text scams grow to steal hundreds of millions of dollars - Malware.News | 2025.04.19 |
| View only the last 5 | ||
| No | Title | Date |
|---|---|---|
| 1 | How MSSP Expertware Uses ANY.RUN’s Interactive Sandbox for Faster Threat Analysis - Malware.News | 2025.04.08 |
| 2 | Malware development trick 44: Stealing data via legit GitHub API. Simple C example - Malware.News | 2025.01.20 |
| 3 | Malware development trick 44: Stealing data via legit GitHub API. Simple C example - Malware.News | 2025.01.20 |
| 4 | Malware development trick 44: Stealing data via legit GitHub API. Simple C example - Malware.News | 2025.01.20 |
| 5 | TI Lookup: Real-World Use Cases from a Malware Researcher - Malware.News | 2024.10.02 |
| View only the last 5 | ||
| No | Category | URL | CC | ASN Co | Date |
|---|---|---|---|---|---|
| 1 | c2 | http://45.80.151.223/ | NL  | 2024.08.19 | |
| 2 | c2 | http://45.80.151.52/ | NL | 2024.08.19 | |
| 3 | c2 | http://178.17.171.77/ | MD  | I.C.S. Trabia-Network S.R.L. | 2024.08.19 |
| 4 | c2 | http://178-17-171-77.static.as43289.net/ | 2024.08.19 | ||
| 5 | c2 | http://147.45.44.2/ | RU  | OOO FREEnet Group | 2024.07.22 |
| View only the last 5 | |||||
| No | URL | CC | ASN Co | Reporter | Date |
|---|---|---|---|---|---|
| 1 | http://lide.omernisar.com/revada/66e46380144a5_cryrac.exe exe RecordBreaker | RU | OOO FREEnet Group | abus3reports | 2024.10.20 |
| 2 | http://proxy.amazonscouts.com/revada/66e4638fb0392_otrrac.exe RecordBreaker | RU | OOO FREEnet Group | abus3reports | 2024.10.08 |
| 3 | http://proxy.amazonscouts.com/revada/66e46380144a5_cryrac.exe RecordBreaker | RU | OOO FREEnet Group | abus3reports | 2024.10.08 |
| 4 | http://kale.amwebsolution.com/revada/66e4638fb0392_otrrac.exe RecordBreaker | RU | OOO FREEnet Group | abus3reports | 2024.10.08 |
| 5 | http://yowui.johnmccrea.com/revada/66e4638fb0392_otrrac.exe RecordBreaker | RU | OOO FREEnet Group | abus3reports | 2024.10.08 |
| View only the last 5 | |||||