popup

Cyber Threat Trends

  1. Day Week

Gemelli flickerflypro flickerfly

Summary: 2025/04/29 18:50

First reported date: 2021/07/28
Inquiry period : 2025/03/30 18:50 ~ 2025/04/29 18:50 (1 months), 1 search results

전 기간대비 -300% 낮은 트렌드를 보이고 있습니다.
공격자 Kimsuky 도 새롭게 확인됩니다.
기관 및 기업 Naver South Korea 도 새롭게 확인됩니다.
기타 payment DDNS Advertising Firefox Distribution 등 신규 키워드도 확인됩니다.

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/04 Kimsuky: A Continuous Threat to South Korea with Deceptive Tactics

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1Kimsuky 1 ▲ new
2Chrome 1 - 0 (0%)
3payment 1 ▲ new
4Operation 1 ▼ -1 (-100%)
5attack 1 ▼ -1 (-100%)
6target 1 ▼ -1 (-100%)
7DDNS 1 ▲ new
8Trojan 1 - 0 (0%)
9intelligence 1 ▼ -1 (-100%)
10Government 1 - 0 (0%)
11Email 1 ▼ -2 (-200%)
12Advertising 1 ▲ new
13Browser 1 - 0 (0%)
14Firefox 1 ▲ new
15Exploit 1 ▼ -1 (-100%)
16Malware 1 ▼ -3 (-300%)
17Naver 1 ▲ new
18Windows 1 - 0 (0%)
19Stealer 1 - 0 (0%)
20Criminal 1 ▼ -1 (-100%)
21South Korea 1 ▲ new
22Distribution 1 ▲ new
23powershell 1 ▲ new
24Cryptocurrency 1 - 0 (0%)
25VBScript 1 ▲ new
26c&c 1 - 0 (0%)
27IoC 1 - 0 (0%)
28Campaign 1 ▼ -1 (-100%)
29Phishing 1 ▼ -1 (-100%)
30P 1 ▼ -3 (-300%)
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
Trojan
1 (100%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
Kimsuky
1 (100%)
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Exploit
1 (25%)
Stealer
1 (25%)
Campaign
1 (25%)
Phishing
1 (25%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
Government
1 (33.3%)
Naver
1 (33.3%)
South Korea
1 (33.3%)
Threat info
Last 5

SNS

(Total : 0)

No data.

News

(Total : 1)
  Total keyword

Kimsuky Chrome payment Operation attack target DDNS Trojan intelligence Government Email Advertising Browser Firefox Exploit Malware Naver Windows Stealer Criminal South Korea Distribution powershell Cryptocurrency VBScript c&c IoC Campaign Phishing

No Title Date
1Kimsuky: A Continuous Threat to South Korea with Deceptive Tactics - Malware.News2025.04.04

Additional information

No Title Date
1Kimsuky: A Continuous Threat to South Korea with Deceptive Tactics - Malware.News2025.04.04
2Money Laundering 101, and why Joe is worried - Malware.News2025.03.28
3Money Laundering 101, and why Joe is worried - Malware.News2025.03.28
4Money Laundering 101, and why Joe is worried - Malware.News2025.03.28
5Money Laundering 101, and why Joe is worried - Malware.News2025.03.28
View only the last 5
No Request Hash(md5) Report No Date
1 random.exe
Gen1 Themida Generic Malware PhysicalDrive Downloader UPX Malicious Packer Malicious Library Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P 		bfd4ad6d57c086d2e64ccd39398a908e602442025.04.28
2 random.exe
Client SW User Data Stealer RedLine stealer browser info stealer Generic Malware Downloader Google Chrome User Data Malicious Library Malicious Packer UPX Code injection Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential P 		e77e058e126ae8b898308d7ae78847fc530522024.08.19
3 amadka.exe
Amadey Gen1 RedLine stealer RedlineStealer Lumma Stealer Generic Malware Themida Packer Malicious Library UPX Downloader Malicious Packer Antivirus .NET framework(MSIL) ScreenShot Http API PWS Code injection Anti_VM AntiDebug AntiVM PE File PE32 P 		5a12fd39ea2482c5ef29e1ca1fe5c083509532024.06.15
4Qwsyldgxfuefxl.bat
Gen1 Generic Malware Suspicious_Script_Bin Downloader Malicious Library Malicious Packer UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P 		3e942e68cf16c51d836d7762eaa2085d503432024.05.31
5Emuxedlljrbbjp.bat
Gen1 Generic Malware Suspicious_Script_Bin Downloader Malicious Library Malicious Packer UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P 		a33d1bcae258475e7ec293f1abf928e5503422024.05.31
View only the last 5
Level Description
danger File has been identified by 33 AntiVirus engines on VirusTotal as malicious
watch Attempts to stop active services
watch Creates known SpyNet files
watch Resumed a suspended thread in a remote process potentially indicative of process injection
notice Allocates read-write-execute memory (usually to unpack itself)
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice Creates a suspicious process
notice Creates executable files on the filesystem
notice Drops a binary and executes it
notice Drops an executable to the user AppData folder
notice Executes one or more WMI queries
notice The binary likely contains encrypted or compressed data indicative of a packer
notice Uses Windows utilities for basic Windows functionality
notice Yara rule detected in process memory
info Checks amount of memory in system
info Command line console output was observed
info One or more processes crashed
info Queries for the computername
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
No data
No URL CC ASN Co Reporter Date
1http://80.94.92.109/bins/pppc
elf opendir p 		FR FREZNet LIMITEDNDA0E2024.09.19
2http://80.94.92.109/bins/pspc
elf opendir p 		FR FREZNet LIMITEDNDA0E2024.09.19
3http://80.94.92.109/bins/pmips
elf opendir p ua-wget 		FR FREZNet LIMITEDClearlyNotB2024.09.19
4http://80.94.92.109/bins/parm
elf opendir p ua-wget 		FR FREZNet LIMITEDClearlyNotB2024.09.19
5http://80.94.92.109/bins/pmpsl
elf opendir p ua-wget 		FR FREZNet LIMITEDClearlyNotB2024.09.19
View only the last 5
Beta Service, If you select keyword, you can check detailed information.