popup

Cyber Threat Trends

  1. Day Month

conference CrowdStrike 북한

Summary: 2025/04/17 15:36

First reported date: 2009/08/05
Inquiry period : 2025/04/10 15:36 ~ 2025/04/17 15:36 (7 days), 28 search results

전 기간대비 14% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Browser Malware Update Email Google 입니다.
악성코드 유형 RAT njRAT 도 새롭게 확인됩니다.
공격기술 RCE hijack Malvertising 도 새롭게 확인됩니다.
기관 및 기업 Binance Okta 도 새롭게 확인됩니다.
기타 WhatsApp kritische Bug Sicherheitslücke Version 등 신규 키워드도 확인됩니다.

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/17 Hi, robot: Half of all internet traffic now automated
    ㆍ 2025/04/17 Exploiting SMS: Threat Actors Use Social Engineering to Target Companies
    ㆍ 2025/04/17 Advanced KQL Deep Dive: User State Change Tracking

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1Browser 28 ▲ 4 (14%)
2Malware 13 ▲ 1 (8%)
3Update 9 ▲ 1 (11%)
4Email 8 ▲ 4 (50%)
5Google 7 ▲ 1 (14%)
6Chrome 7 ▲ 2 (29%)
7Report 7 - 0 (0%)
8target 6 ▼ -3 (-50%)
9attack 5 ▼ -1 (-20%)
10Microsoft 5 ▼ -1 (-20%)
11RCE 5 ▲ new
12United States 4 ▼ -1 (-25%)
13Password 4 ▲ 2 (50%)
14Phishing 4 ▼ -3 (-75%)
15threat 3 ▲ 1 (33%)
16WhatsApp 3 ▲ new
17Campaign 3 ▼ -6 (-200%)
18account 3 ▲ 2 (67%)
19Software 3 ▼ -3 (-100%)
20Exploit 3 ▼ -5 (-167%)
21Windows 3 ▼ -4 (-133%)
22Victim 3 ▼ -2 (-67%)
23Edge 3 ▲ 2 (67%)
24Microsoft Edge 3 ▲ 1 (33%)
25kritische 2 ▲ new
26Cryptocurrency 2 - 0 (0%)
27Bug 2 ▲ new
28Sicherheitslücke 2 ▲ new
29Version 2 ▲ new
30Stealer 2 ▼ -3 (-150%)
31IoC 2 ▼ -3 (-150%)
32Criminal 2 ▼ -4 (-200%)
33Social Engineering 2 ▼ -1 (-50%)
34Safari 2 ▲ 1 (50%)
35Vulnerability 2 ▼ -1 (-50%)
36GameoverP2P 2 - 0 (0%)
37Apple 2 - 0 (0%)
38hijack 2 ▲ new
39MFA 2 - 0 (0%)
40Education 2 ▲ new
41enterprise 2 ▲ new
42Figure 2 ▲ new
43GitHub 2 - 0 (0%)
44privacy 2 ▲ new
45payment 2 - 0 (0%)
46RAT 2 ▲ new
47Advertising 2 ▼ -6 (-300%)
48risk 2 ▲ new
49Android 2 ▼ -1 (-50%)
50IcedID 1 ▲ new
51LinkedIn 1 - 0 (0%)
52Türkiye 1 ▲ new
53Twitter 1 - 0 (0%)
54Binance 1 ▲ new
55EDR 1 ▲ new
56web 1 - 0 (0%)
57Check Point 1 ▲ new
58bot 1 ▲ new
59ZeroDay 1 - 0 (0%)
60Operation 1 ▼ -3 (-300%)
61MalSpam 1 ▲ new
62human 1 ▲ new
63WMI 1 ▲ new
64powershell 1 ▼ -4 (-400%)
65Government 1 ▼ -2 (-200%)
66Malvertising 1 ▲ new
67Europe 1 ▲ new
68c&c 1 ▼ -4 (-400%)
69VBScript 1 ▼ -1 (-100%)
70Firefox 1 ▼ -2 (-200%)
71Java 1 ▼ -1 (-100%)
72Cofense 1 ▲ new
73Webbrowser 1 ▲ new
74last 1 ▲ new
75Zusammenfassung 1 - 0 (0%)
76taegliche 1 - 0 (0%)
77Sicherheitsnews 1 - 0 (0%)
78own 1 ▲ new
79address 1 ▲ new
80access 1 - 0 (0%)
81Trojan 1 ▼ -2 (-200%)
82NetWireRC 1 - 0 (0%)
83njRAT 1 ▲ new
84sense 1 ▲ new
85legitimate 1 ▲ new
86intelligence 1 ▼ -3 (-300%)
87intelligen 1 ▲ new
88Router 1 ▲ new
89Smishing 1 - 0 (0%)
90Tick 1 ▼ -2 (-200%)
91Australia 1 ▲ new
92dichtet 1 ▲ new
93state 1 ▲ new
94operator 1 ▲ new
95step 1 ▲ new
96abgedichtet 1 ▲ new
97traffic 1 ▲ new
98Okta 1 ▲ new
99RATel 1 - 0 (0%)
100ChatGPT 1 - 0 (0%)
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
GameoverP2P
2 (25%)
RAT
2 (25%)
Trojan
1 (12.5%)
NetWireRC
1 (12.5%)
njRAT
1 (12.5%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
Tick
1 (100%)
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
RCE
5 (21.7%)
Phishing
4 (17.4%)
Campaign
3 (13%)
Exploit
3 (13%)
Stealer
2 (8.7%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
Google
7 (31.8%)
Microsoft
5 (22.7%)
United States
4 (18.2%)
Apple
2 (9.1%)
Binance
1 (4.5%)
Threat info
Last 5

SNS

(Total : 8)
  Total keyword

Browser Chrome Email WhatsApp target plugin Tor Update MacOS Safari RAT attack Malware India Symantec Stealer IoC

No Title Date
1Microsoft Threat Intelligence @MsftSecIntel
@sherrod_im However, the QR code is used by WhatsApp to connect an account to a linked device and/or the WhatsApp Web portal. If the target follows the instructions on the page, the threat actor could gain access to messages in their WhatsApp account & exfiltrate data using browser plugins.		2025.04.16
2Dark Web Informer - Cyber Threat Intelligence @DarkWebInformer
????Tor Browser 14.5 has been released! Update!???? https://t.co/eKBLwkcgFp		2025.04.16
3Yogesh Londhe @suyog41
Banshee Stealer Safari_Browser_2.45.dmg 1d96e46f60f297e1e520af4ec7d0e895 olaiokejk-oikeja 37127f6ea5453f025b1727f565107545 #Banshee #Stealer #MAC #IOC https://t.co/rphCN7rNsh		2025.04.15
4Virus Bulletin @virusbtn
Kadji's Nick Zolotko, Christopher Lopez & Adam Kohler investigate suspicious macOS cases used to capture data from macOS systems and applications, including WeChat, QQ, web browsers, email, etc. https://t.co/Ne0faplLpf https://t.co/xoCXS8LR9j		2025.04.15
5The Hacker News @TheHackersNews
???? Your biggest enterprise risk might be hiding in plain sight — THE BROWSER EXTENSIONS. ???? 99% of employees use them ???? 53% access sensitive data ???? 54% have unknown publishers ???? Your entire org could be one extension away from compromise. ???? Act now → Audit, assess, and https://t.c		2025.04.15

News

(Total : 20)
  Total keyword

Browser Malware Update Report Email Google Chrome Attacker RCE target Microsoft Password attack United States Phishing Victim Campaign Exploit Software Windows Microsoft Edge Android payment WhatsApp Criminal Education hijack Cryptocurrency Apple GameoverP2P Vulnerability MFA Advertising GitHub Social Engineering EDR Twitter Malvertising LinkedIn Java Safari Okta ChatGPT Stealer Binance RATel NetWireRC Router intelligence Firefox Tick Trojan RAT njRAT Smishing IoC WMI SMB powershell VPN ...

No Title Date
1Hi, robot: Half of all internet traffic now automated - Malware.News2025.04.17
2IT Sicherheitsnews taegliche Zusammenfassung 2025-04-16 18h : 7 posts - IT Sicherheitsnews2025.04.17
3Exploiting SMS: Threat Actors Use Social Engineering to Target Companies - Malware.News2025.04.17
4Advanced KQL Deep Dive: User State Change Tracking - Malware.News2025.04.17
5Webbrowser: Kritische Sicherheitslücke in Chrome abgedichtet - IT Sicherheitsnews2025.04.17

Additional information

No Request Hash(md5) Report No Date
1 remcos_a.exe
Client SW User Data Stealer Backdoor RemcosRAT Browser Login Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library Malicious Packer UPX Create Service Socket Escalate priviledges PWS Sniff Audio DNS Interne 		e3aecc3188eac24edb8e34f5044b3a6a589982025.04.14
2 pdf.ps1
Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Hide_EXE Generic Malware Google Chrome User Data Downloader Malicious Library .NET framework(MSIL) Antivirus Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Inte 		642647cf863119977d7bd52e848e0cfe583952025.03.31
3 kent.ps1
Client SW User Data Stealer Backdoor RemcosRAT Formbook browser info stealer Hide_EXE Generic Malware Google Chrome User Data Downloader Malicious Library Confuser .NET Antivirus Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Co 		432719ce1459add67ebe4c01b47310f2580592025.03.13
4 nyoilsafkjawd.exe
Client SW User Data Stealer Backdoor RemcosRAT Browser Login Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library Malicious Packer UPX Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio 		0bea38a3f664f5c8d72ab74db022aacd580452025.03.12
5 crossings.exe
Client SW User Data Stealer Backdoor RemcosRAT Browser Login Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library Malicious Packer UPX Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio 		db59bfef32bc15d53bdf499dd1ae62c4580442025.03.12
View only the last 5
Level Description
danger File has been identified by 66 AntiVirus engines on VirusTotal as malicious
danger The process wscript.exe wrote an executable file to disk which it then attempted to execute
danger Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
danger Executed a process and injected code into it
warning Disables Windows Security features
watch Communicates with host for which no DNS query was performed
watch Installs itself for autorun at Windows startup
watch One or more non-whitelisted processes were created
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
watch Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice A process attempted to delay the analysis task.
notice A process created a hidden window
notice Checks whether any human activity is being performed by constantly checking whether the foreground window changed
notice Creates a suspicious process
notice Creates executable files on the filesystem
notice Drops a binary and executes it
notice Drops an executable to the user AppData folder
notice One or more potentially interesting buffers were extracted
notice Terminates another process
notice Uses Windows utilities for basic Windows functionality
notice Yara rule detected in process memory
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Command line console output was observed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
No data
No data
Beta Service, If you select keyword, you can check detailed information.