popup

Cyber Threat Trends

  1. Day Month

conference CrowdStrike 북한

Summary: 2025/04/19 11:32

First reported date: 2014/08/08
Inquiry period : 2025/04/12 11:32 ~ 2025/04/19 11:32 (7 days), 17 search results

전 기간대비 76% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Cobalt Strike Malware China c&c Update 입니다.
악성코드 유형 TONESHELL Trojan PlugX ZXShell MgBot Vawtrak XWorm Lumma AsyncRAT 도 새롭게 확인됩니다.
공격자 Anonymous Equation Group Hacking Team Volt Typhoon MuddyWater 도 새롭게 확인됩니다.
공격기술 Backdoor hijack Dropper APT 도 새롭게 확인됩니다.
기관 및 기업 Zscaler Government Chinese Taiwan Canada United Kingdom Police Europe Iran McAfee 도 새롭게 확인됩니다.
기타 MUSTANG PANDA Mustang EDR Panda keylogger 등 신규 키워드도 확인됩니다.

Cobalt Strike is a legitimate penetration software toolkit developed by Forta. But its cracked versions are widely adopted by bad actors, who use it as a C2 system of choice for targeted attacks.  Ref.

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/18 Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
    ㆍ 2025/04/17 Unmasking the new XorDDoS controller and infrastructure
    ㆍ 2025/04/17 Chinese Hacker Group Mustang Panda Bypass EDR Detection With New Hacking Tools

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1Cobalt Strike 17 ▲ 13 (76%)
2MUSTANG PANDA 10 ▲ new
3Malware 9 ▲ 5 (56%)
4Mustang 8 ▲ new
5EDR 7 ▲ new
6China 7 ▲ 6 (86%)
7c&c 6 ▲ 3 (50%)
8Update 6 ▲ 4 (67%)
9Backdoor 6 ▲ new
10Zscaler 6 ▲ new
11TONESHELL 6 ▲ new
12Report 6 ▲ 3 (50%)
13Victim 6 ▲ 4 (67%)
14IoC 6 ▲ 5 (83%)
15Campaign 6 ▲ 3 (50%)
16Panda 5 ▲ new
17target 4 ▲ 3 (75%)
18keylogger 4 ▲ new
19GameoverP2P 4 ▲ 3 (75%)
20United States 4 ▲ 1 (25%)
21GitHub 3 ▲ new
22Windows 3 ▲ 1 (33%)
23NetWireRC 3 ▲ 1 (33%)
24Cobalt 3 ▲ 2 (67%)
25attack 3 ▲ new
26ThreatLabz 3 ▲ new
27Phishing 3 ▲ 1 (33%)
28Linux 3 ▲ 2 (67%)
29Criminal 3 ▲ new
30Government 2 ▲ new
31StarProxy 2 ▲ new
32Exploit 2 ▲ 1 (50%)
33intelligence 2 ▲ new
34Chinese 2 ▲ new
35SplatCloak 2 ▲ new
36Operation 2 ▲ 1 (50%)
37Trojan 2 ▲ new
38hijack 2 ▲ new
39UNIX 2 ▲ new
40Taiwan 2 ▲ new
41Advertising 2 ▲ 1 (50%)
42Cisco 2 ▲ 1 (50%)
43Canada 2 ▲ new
44Vulnerability 2 ▲ 1 (50%)
45Anonymous 2 ▲ new
46threat 2 ▲ new
47Sliver 2 ▲ new
48United Kingdom 2 ▲ new
49Microsoft 2 ▼ -1 (-50%)
50C2 1 ▲ new
51series 1 ▲ new
52part 1 ▲ new
53second 1 ▲ new
54Mustan 1 ▲ new
55Dropper 1 ▲ new
56driver 1 ▲ new
57Myanmar 1 ▲ new
58ANYRUN 1 ▲ new
59iocs 1 ▲ new
60ttps 1 ▲ new
61APT41 1 ▲ new
62Explore 1 ▲ new
63APT 1 ▲ new
64The Shadow Brokers 1 ▲ new
65Equation Group 1 ▲ new
66hac 1 ▲ new
67PlugX 1 ▲ new
68server 1 ▲ new
69hacking 1 - 0 (0%)
70CorKLOG 1 ▲ new
71PAKLOG 1 ▲ new
72Dark 1 ▲ new
73arrest 1 ▲ new
74Hacking Team 1 ▲ new
75Police 1 ▲ new
76Reading 1 ▲ new
77ZXShell 1 ▲ new
78MgBot 1 ▲ new
79Ransomware 1 ▼ -1 (-100%)
80Volt Typhoon 1 ▲ new
81Europe 1 ▲ new
82file 1 ▲ new
83Tick 1 - 0 (0%)
84schtasks 1 ▲ new
85exploration 1 ▲ new
86Stealer 1 ▼ -1 (-100%)
87Vawtrak 1 ▲ new
88XWorm 1 ▲ new
89Lumma 1 ▲ new
90Iran 1 ▲ new
91powershell 1 ▼ -1 (-100%)
92MuddyWater 1 ▲ new
93AsyncRAT 1 ▲ new
94W 1 ▲ new
95RAT 1 ▲ new
96McAfee 1 ▲ new
97Telegram 1 ▲ new
98Social Engineering 1 - 0 (0%)
99VirusTotal 1 - 0 (0%)
100State 1 ▲ new
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
TONESHELL
6 (26.1%)
GameoverP2P
4 (17.4%)
NetWireRC
3 (13%)
Trojan
2 (8.7%)
PlugX
1 (4.3%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
Anonymous
2 (33.3%)
Equation Group
1 (16.7%)
Hacking Team
1 (16.7%)
Volt Typhoon
1 (16.7%)
MuddyWater
1 (16.7%)
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Backdoor
6 (25%)
Campaign
6 (25%)
Phishing
3 (12.5%)
Exploit
2 (8.3%)
hijack
2 (8.3%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
China
7 (14.9%)
Zscaler
6 (12.8%)
United States
4 (8.5%)
Government
2 (4.3%)
Chinese
2 (4.3%)
Threat info
Last 5

SNS

(Total : 8)
  Total keyword

Cobalt Strike MUSTANG PANDA Zscaler TONESHELL EDR keylogger Campaign Chinese APT Report attack China iocs APT41 Intelligence Backdoor Update Beacon IoC

No Title Date
1Kimberly @StopMalvertisin
Dark Reading | Chinese APT Mustang Panda Debuts 4 New Attack Tools https://t.co/5k6cmxR5ag		2025.04.18
2ANY.RUN @anyrun_app
???? Explore Threat Intelligence Reports from #ANYRUN. Discover detailed research on active cyber threats and APTs with actionable insights, #IOCs, & #TTPs. Enrich proactive security, report on #APT41 inside ???? https://t.co/ZkhxJ3hf17		2025.04.18
3Kimberly @StopMalvertisin
NVISO Labs | Crisis Management – Beacon in the Storm https://t.co/38lUEOpj4p		2025.04.17
4Virus Bulletin @virusbtn
Zscaler researchers present the second part of a series on Mustang Panda tools. This time they analyse two new keyloggers, PAKLOG and CorKLOG, as well as an EDR evasion driver (SplatCloak). https://t.co/ni8tV0XVIH https://t.co/841bhFetTp		2025.04.17
5Cyber_OSINT @Cyber_O51NT
Mustang Panda: PAKLOG, CorKLOG, and SplatCloak | ThreatLabz https://t.co/5zZoo2hTWn		2025.04.17

News

(Total : 9)
  Total keyword

Cobalt Strike Malware Victim c&c China Update Attacker IoC EDR Report Backdoor MUSTANG PANDA Campaign United States target TONESHELL GameoverP2P Windows Cobalt Linux GitHub Criminal Zscaler NetWireRC Phishing United Kingdom Vulnerability UNIX Advertising hijack Trojan attack Taiwan keylogger Operation Canada Exploit Cisco Sliver Anonymous Microsoft Government ZXShell schtasks PlugX hacking Dropper Europe C2 Equation Group Hacking Team Chinese The Shadow Brokers arrest Police Volt Typhoon Ransomware MgBot Distribution Kaspersky McAfee Lumma Iran powershell MuddyWater AsyncRAT Telegram Vawtrak Social Engineering VirusTotal XWorm Stealer Australia MFA Israel Türkiye India Italy France Germany Japan ZeroDay South Korea Ucraina ...

No Title Date
1Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates - The Hacker News2025.04.18
2Unmasking the new XorDDoS controller and infrastructure - Malware.News2025.04.17
3Chinese Hacker Group Mustang Panda Bypass EDR Detection With New Hacking Tools - Malware.News2025.04.17
4Wars without Gun Smoke: China Plays the Cyber Name-and-Shame Game on Taiwan and the U.S - Malware.News2025.04.17
5Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2 - Malware.News2025.04.17

Additional information

Level Description
danger Executed a process and injected code into it
warning File has been identified by 27 AntiVirus engines on VirusTotal as malicious
watch Allocates execute permission to another process indicative of possible code injection
watch Detects Avast Antivirus through the presence of a library
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
watch Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice Allocates read-write-execute memory (usually to unpack itself)
notice Foreign language identified in PE resource
notice One or more potentially interesting buffers were extracted
notice The binary likely contains encrypted or compressed data indicative of a packer
notice Yara rule detected in process memory
info Checks if process is being debugged by a debugger
info This executable has a PDB path
No data
No URL CC ASN Co Reporter Date
1http://gh-hr.cn/beacon.exe
Cobalt strike CobaltStrike exe 		CN CN...DonPasci2025.01.17
2http://39.107.254.213/beacon.exe
Cobalt strike CobaltStrike 		CN CN...lontze72025.01.16
3http://106.53.83.169/beacon.exe
c2 Cobalt strike 		CN CN...lontze72025.01.13
4http://zzz.hnyzh.co/beacon_x86.exe
Cobalt strike CobaltStrike 		US USPONYNETlontze72025.01.10
5http://zzz.hnyzh.co/beacon_x64.exe
Cobalt strike CobaltStrike 		US USPONYNETlontze72025.01.10
View only the last 5
Beta Service, If you select keyword, you can check detailed information.