popup

Cyber Threat Trends

  1. Day Week

conference CrowdStrike 북한

Summary: 2025/04/19 12:32

First reported date: 2011/05/25
Inquiry period : 2025/03/20 12:32 ~ 2025/04/19 12:32 (1 months), 115 search results

전 기간대비 -82% 낮은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Operation Government MWNEWS AMOS DYEPACK 입니다.
악성코드 유형 Grandoreiro 도 새롭게 확인됩니다.
기관 및 기업 South Korea 도 새롭게 확인됩니다.
기타 free npm Think Multiple ArcanaLoader 등 신규 키워드도 확인됩니다.

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/18 Dark Web Market: STYX Market
    ㆍ 2025/04/18 Identity-based cyberattacks a third of intrusions, drop infostealers
    ㆍ 2025/04/17 Interlock ransomware evolves tactics with ClickFix, infostealers


참고로 동일한 그룹의 악성코드 타입은 FormBook QakBot RedLine 등 101개 종이 확인됩니다.

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1Stealer 115 ▼ -94 (-82%)
2Malware 62 ▼ -59 (-95%)
3Campaign 35 ▼ -46 (-131%)
4target 34 ▼ -9 (-26%)
5Phishing 29 ▼ -13 (-45%)
6Report 28 ▼ -24 (-86%)
7IoC 25 ▼ -20 (-80%)
8Update 23 ▼ -7 (-30%)
9attack 23 ▼ -22 (-96%)
10Victim 22 ▼ -17 (-77%)
11intelligence 20 ▼ -7 (-35%)
12Email 20 ▼ -9 (-45%)
13Criminal 20 ▼ -13 (-65%)
14Exploit 20 ▼ -15 (-75%)
15Browser 18 - 0 (0%)
16Advertising 17 ▼ -17 (-100%)
17Windows 17 ▼ -17 (-100%)
18United States 16 ▼ -11 (-69%)
19Lumma 16 ▼ -48 (-300%)
20c&c 15 ▼ -10 (-67%)
21Operation 15 ▲ 4 (27%)
22Software 14 ▼ -4 (-29%)
23Microsoft 14 ▼ -9 (-64%)
24powershell 13 ▼ -6 (-46%)
25Government 11 ▲ 1 (9%)
26Ransomware 11 ▼ -15 (-136%)
27Remote Code Execution 11 ▼ -9 (-82%)
28Cryptocurrency 11 ▼ -11 (-100%)
29DarkWeb 10 ▼ -5 (-50%)
30Trojan 10 ▼ -4 (-40%)
31Password 10 ▼ -3 (-30%)
32infostealer 10 ▼ -1 (-10%)
33Social Engineering 9 ▼ -2 (-22%)
34MFA 8 ▼ -2 (-25%)
35LinkedIn 8 ▼ -5 (-63%)
36Kaspersky 8 ▼ -13 (-163%)
37hacking 8 ▼ -6 (-75%)
38Android 8 - 0 (0%)
39Telegram 8 ▼ -10 (-125%)
40MWNEWS 8 ▲ 3 (38%)
41AMOS 8 ▲ 1 (13%)
42Distribution 7 ▼ -17 (-243%)
43Vulnerability 7 ▼ -7 (-100%)
44NetWireRC 7 ▼ -16 (-229%)
45Russia 7 ▼ -11 (-157%)
46Twitter 7 ▼ -13 (-186%)
47Chrome 7 ▼ -3 (-43%)
48free 6 ▲ new
49Banking 6 - 0 (0%)
50DYEPACK 6 ▲ 4 (67%)
51MacOS 6 ▼ -7 (-117%)
52North Korea 6 ▼ -3 (-50%)
53Education 6 ▼ -3 (-50%)
54GitHub 6 ▼ -17 (-283%)
55GameoverP2P 6 - 0 (0%)
56Google 5 ▼ -17 (-340%)
57EDR 5 ▲ 4 (80%)
58Downloader 5 ▲ 2 (40%)
59Stealc 5 ▲ 4 (80%)
60ThreatProtection 5 ▼ -2 (-40%)
61Grandoreiro 5 ▲ new
62LummaStealer 5 ▼ -2 (-40%)
63Linux 5 ▲ 1 (20%)
64Java 4 ▼ -8 (-200%)
65recent 4 ▼ -2 (-50%)
66VBScript 4 ▼ -2 (-50%)
67payment 4 - 0 (0%)
68Raccoon 4 ▲ 2 (50%)
69Vidar 4 - 0 (0%)
70npm 4 ▲ new
71hijack 4 ▼ -4 (-100%)
72Think 4 ▲ new
73RedLine 4 ▼ -2 (-50%)
74ZeroDay 4 - 0 (0%)
75Cobalt Strike 4 ▲ 2 (50%)
76Takedown 4 ▲ 1 (25%)
77Braodo 4 ▼ -5 (-125%)
78Rhadamanthys 4 ▼ -3 (-75%)
79Installerv 4 ▲ 3 (75%)
80NortonLifeLock 4 ▼ -3 (-75%)
81China 4 ▼ -7 (-175%)
82DDoS 4 ▼ -1 (-25%)
83Backdoor 4 ▼ -6 (-150%)
84malicious 4 ▼ -1 (-25%)
85March 3 ▲ 2 (67%)
86crypto 3 ▲ 1 (33%)
87Multiple 3 ▲ new
88ArcanaLoader 3 ▲ new
89cheat 3 ▲ new
90twice 3 ▲ new
91Installer 3 ▲ 2 (67%)
92India 3 ▼ -1 (-33%)
93Ucraina 3 - 0 (0%)
94GIFTEDCROOK 3 ▲ new
95Kimsuky 3 ▲ 2 (67%)
96South Korea 3 ▲ new
97Supply chain 3 - 0 (0%)
98AsyncRAT 3 ▼ -6 (-200%)
99RAT 3 ▼ -6 (-200%)
100Firefox 3 ▼ -2 (-67%)
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
Lumma
16 (16.5%)
Ransomware
11 (11.3%)
Trojan
10 (10.3%)
NetWireRC
7 (7.2%)
DYEPACK
6 (6.2%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
Kimsuky
3 (60%)
MuddyWater
2 (40%)
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Stealer
115 (46.6%)
Campaign
35 (14.2%)
Phishing
29 (11.7%)
Exploit
20 (8.1%)
Remote Code Execution
11 (4.5%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
United States
16 (15.1%)
Microsoft
14 (13.2%)
Government
11 (10.4%)
Kaspersky
8 (7.5%)
Russia
7 (6.6%)
Malware Family
Top 5

A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.

Threat info
Last 5

SNS

(Total : 61)
  Total keyword

Stealer IoC Malware target Lumma Campaign MacOS LummaStealer Criminal powershell Password GitHub Report Email Phishing Browser Update Downloader keylogger Android attack Spain Government Telegram North Korea Software Microsoft Police dprk Proofpoint LinkedIn iCloud ...

No Title Date
1Kaspersky @kaspersky
That 'free' cracked software? It comes with a price. ????️ Miner? Check. Credential stealer? Check. Working program? Not so much. Learn more: https://t.co/GspIi8Hrad https://t.co/qr8MaVFRSL		2025.04.18
2Cyber_OSINT @Cyber_O51NT
A recent report shows that the StrelaStealer malware, which exfiltrates email credentials via phishing, has impacted over 100 organizations in the EU and U.S., with ties to the HIVE-0145 threat actor group. #cybersecurity #malware https://t.co/coKCajkKg8		2025.04.18
3Yogesh Londhe @suyog41
Amos Stealer New Variant ? Contains string "MacOS Stealer by mentalpositive" Installer_v.1.12.dmg f93be429a213f2ea8aef277862a8e8bf C2 gq8ruzk1h3a8.cfd #Amos #AmosStealer #Stealer #IOC https://t.co/SFMHluCtMG		2025.04.18
4Yogesh Londhe @suyog41
IAX Stealer Trojanized Hey Real AI HeyRealSetup.exe ca4ff73dfbde570b4a82867292a6ecd6 SABlAHkAUgBlAGEAbAAuAGUAeABlAA== H e y R e a l . e x e d5b74c59d31cc0e2aa6d3d2a50267447 Telegram t.me/s/iax_stealer HeyRealSetup(1).7z 0914bb00ef2173506ba5ebe66b730acb #IAXStealer https://t.co/tAhSul3uMV		2025.04.18
5Yogesh Londhe @suyog41
AMOS Stealer update 308c24e004185a20d94ce92fcbc212ff 9d7fae4405dce220040c66a311cccb7d 0084dc8f7d6ec3244ba2d2bdb899a761 Installer_v.4.94.dmg 9ef4a38b202a3f40868e5b1a8d6ca77f Installer 0d3c885f4ad550ef28861e4e51947c05 Setup_v.3.60.dmg 4ad30a5d1d7916d1cab9c798b24c01fd Setup		2025.04.17

News

(Total : 54)
  Total keyword

Stealer Malware Campaign target Phishing Report Victim Attacker attack intelligence Update Exploit Email Windows Advertising Criminal United States c&c Operation Browser Software IoC Microsoft Remote Code Execution Cryptocurrency Ransomware DarkWeb powershell Social Engineering Government Lumma Trojan Kaspersky MFA Twitter Vulnerability NetWireRC Russia Chrome LinkedIn hacking Password DYEPACK Distribution GameoverP2P Education Telegram Android Linux Banking Google Stealc EDR Grandoreiro China Cobalt Strike payment Java VBScript ZeroDay Backdoor North Korea RedLine DDoS Rhadamanthys Raccoon Zero Trust RCE Vidar Takedown Supply chain South Korea Firefox YouTube Kimsuky India hijack AsyncRAT GitHub RAT Naver IcedID Tor PayPal ESET MuddyWater CrowdStrike Vawtrak Ucraina Recorded Future AhnLab ...

No Title Date
1Dark Web Market: STYX Market - Malware.News2025.04.18
2Identity-based cyberattacks a third of intrusions, drop infostealers - Malware.News2025.04.18
3Interlock ransomware evolves tactics with ClickFix, infostealers - Malware.News2025.04.17
4Malicious crypto developer-targeted coding challenges spread infostealers - Malware.News2025.04.16
5Infostealer deployed via bogus PDFCandy converter - Malware.News2025.04.16

Additional information

No Title Date
1Dark Web Market: STYX Market - Malware.News2025.04.18
2Dark Web Market: STYX Market - Malware.News2025.04.18
3Threat Intelligence Snapshot: Week 14, 2025 - Malware.News2025.04.16
4Threat Intelligence Snapshot: Week 14, 2025 - Malware.News2025.04.16
5Threat actors misuse Node.js to deliver malware and other malicious payloads - Malware.News2025.04.16
View only the last 5
Level Description
danger File has been identified by 59 AntiVirus engines on VirusTotal as malicious
danger Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
danger Executed a process and injected code into it
watch Allocates execute permission to another process indicative of possible code injection
watch Attempts to remove evidence of file being downloaded from the Internet
watch Communicates with host for which no DNS query was performed
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
watch Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice Allocates read-write-execute memory (usually to unpack itself)
notice One or more potentially interesting buffers were extracted
notice Potentially malicious URLs were found in the process memory dump
notice The binary likely contains encrypted or compressed data indicative of a packer
notice Yara rule detected in process memory
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info This executable has a PDB path
No data
No URL CC ASN Co Reporter Date
1http://80.66.84.133/YJTURMRG.mp4
hta stealer 		BY BY...DaveLikesMalwre2025.04.15
2https://www.dropbox.com/scl/fi/xfme3jj5rgt6u5ig7he70/CapCut-Pro.rar?rlkey=ndad0985or8n5rokxmb0pz5k0&...
Lumma LummaStealer stealer 		US USDROPBOXiLikeMalware2025.04.13
3https://sites.google.com/view/robloxfree2025/roblox-free-hack
Lumma LummaStealer stealer 		US USGOOGLEiLikeMalware2025.04.13
4https://drive.google.com/file/d/11SRBeq-5b2C7gf5Z24SzNiSxCTSHONLJ/view
Lumma LummaStealer stealer 		US USGOOGLEiLikeMalware2025.04.13
5https://github.com/Fortnite-Wallhacks-2025/.github/releases/tag/files
Lumma LummaStealer stealer 		US USMICROSOFT-CORP-MSN-AS-BLOCKiLikeMalware2025.04.13
View only the last 5
Beta Service, If you select keyword, you can check detailed information.