popup

Cyber Threat Trends

  1. Day Month

conference CrowdStrike 북한

Summary: 2025/04/17 13:16

First reported date: 2007/03/20
Inquiry period : 2025/04/10 13:16 ~ 2025/04/17 13:16 (7 days), 16 search results

전 기간대비 -56% 낮은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 target RAT attack Cryptocurrency Victim 입니다.
악성코드 유형 TONESHELL njRAT PlugX AsyncRAT 도 새롭게 확인됩니다.
공격자 TraderTraitor 도 새롭게 확인됩니다.
공격기술 RCE Hijacking 도 새롭게 확인됩니다.
기관 및 기업 Europe Zscaler India 도 새롭게 확인됩니다.
기타 MUSTANG PANDA keylogger ResolverRAT WhatsApp C2 등 신규 키워드도 확인됩니다.

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/17 Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2
    ㆍ 2025/04/17 Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1
    ㆍ 2025/04/17 “I sent you an email from your email account,” sextortion scam claims

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1Trojan 16 ▼ -9 (-56%)
2Malware 13 ▼ -3 (-23%)
3target 9 ▲ 2 (22%)
4RAT 8 ▲ 5 (63%)
5Campaign 7 ▼ -4 (-57%)
6attack 7 ▲ 1 (14%)
7Cryptocurrency 5 ▲ 3 (60%)
8Victim 5 ▲ 3 (60%)
9Advertising 5 ▲ 1 (20%)
10Android 5 ▼ -1 (-20%)
11Phishing 5 ▼ -4 (-80%)
12NetWireRC 5 - 0 (0%)
13China 4 ▲ 1 (25%)
14Microsoft 4 ▲ 2 (50%)
15Update 4 ▼ -1 (-25%)
16Windows 4 ▼ -1 (-25%)
17Email 3 ▲ 1 (33%)
18hacking 3 ▲ 1 (33%)
19Report 3 ▼ -4 (-133%)
20Operation 3 ▼ -1 (-33%)
21Distribution 3 ▼ -1 (-33%)
22c&c 3 ▼ -1 (-33%)
23IoC 3 ▼ -2 (-67%)
24RCE 3 ▲ new
25hijack 3 ▲ 1 (33%)
26MUSTANG PANDA 2 ▲ new
27GitHub 2 ▲ 1 (50%)
28TONESHELL 2 ▲ new
29EDR 2 ▲ 1 (50%)
30Europe 2 ▲ new
31Linux 2 - 0 (0%)
32Kaspersky 2 ▼ -6 (-300%)
33Cobalt Strike 2 ▲ 1 (50%)
34keylogger 2 ▲ new
35ResolverRAT 2 ▲ new
36intelligence 2 ▼ -1 (-50%)
37WhatsApp 2 ▲ new
38Telegram 2 ▲ 1 (50%)
39file 2 - 0 (0%)
40Stealer 2 - 0 (0%)
41Government 2 - 0 (0%)
42Backdoor 2 ▼ -1 (-50%)
43Zscaler 2 ▲ new
44India 2 ▲ new
45Software 2 ▼ -2 (-100%)
46malicious 2 ▲ 1 (50%)
47C2 1 ▲ new
48payment 1 - 0 (0%)
49crypto 1 ▲ new
50MWNEWS 1 - 0 (0%)
51RN 1 ▲ new
52Browser 1 ▼ -2 (-200%)
53TraderTraitor 1 ▲ new
54North Korea 1 - 0 (0%)
55account 1 ▲ new
56Password 1 - 0 (0%)
57Morphisecs 1 ▲ new
58June 1 ▲ new
59Phones 1 ▲ new
60access 1 ▲ new
61Consumer 1 ▲ new
62address 1 ▲ new
63Attacks 1 ▲ new
64njRAT 1 ▲ new
65Nadav 1 ▲ new
66Dropper 1 - 0 (0%)
67UNIX 1 ▲ new
68server 1 ▲ new
69schtasks 1 ▲ new
70PlugX 1 ▲ new
71GameoverP2P 1 - 0 (0%)
72Exploit 1 ▼ -5 (-500%)
73SplatCloak 1 ▲ new
74StarProxy 1 ▲ new
75driver 1 ▲ new
76apps 1 ▲ new
77Chinese 1 - 0 (0%)
78Russia 1 ▼ -2 (-200%)
79Mustan 1 ▲ new
80remote 1 - 0 (0%)
81Lorber 1 ▲ new
82Threat 1 ▼ -1 (-100%)
83package 1 ▲ new
84Snapshot 1 ▲ new
85Alleged 1 - 0 (0%)
86AsyncRAT 1 ▲ new
87various 1 ▲ new
88Spark 1 ▲ new
89CurlBack 1 ▲ new
90Hijacking 1 ▲ new
91Downloader 1 - 0 (0%)
92DarkWeb 1 ▲ new
93wellknown 1 ▲ new
94Sale 1 - 0 (0%)
95GYware 1 ▲ new
96powershell 1 ▼ -2 (-200%)
97Learn 1 ▼ -1 (-100%)
98supernatural 1 ▼ -1 (-100%)
99Tarot 1 ▼ -4 (-400%)
100Bogus 1 ▲ new
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
Trojan
16 (43.2%)
RAT
8 (21.6%)
NetWireRC
5 (13.5%)
TONESHELL
2 (5.4%)
njRAT
1 (2.7%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
TraderTraitor
1 (50%)
SideCopy
1 (50%)
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Campaign
7 (24.1%)
Phishing
5 (17.2%)
hacking
3 (10.3%)
RCE
3 (10.3%)
hijack
3 (10.3%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
China
4 (17.4%)
Microsoft
4 (17.4%)
Europe
2 (8.7%)
Kaspersky
2 (8.7%)
Government
2 (8.7%)
Threat info
Last 5

SNS

(Total : 4)
  Total keyword

Trojan Malware RAT China WhatsApp Telegram Distribution Android Victim Advertising DarkWeb RCE

No Title Date
1The Hacker News @TheHackersNews
???? New Android Phones, Pre-Loaded with Malware?! Since June 2024, cheap Androids from Chinese brands like SHOWJI come with trojanized WhatsApp/Telegram apps out of the box. ???? Fake models: “S24 Ultra”, “Note 13 Pro”, etc. ???? Malware replaces your crypto wallet address in chats https://t.co/5		2025.04.16
2Virus Bulletin @virusbtn
Morphisec's Nadav Lorber analyses ResolverRAT, a newly identified remote access trojan that combines advanced in-memory execution, API and resource resolution at runtime, and layered evasion techniques. https://t.co/28xWuAshLw https://t.co/LRRISv1Zhg		2025.04.16
3ThreatMon @MonThreat
Alleged Sale of GYware RAT On a well-known dark web forum, a threat actor is advertising 'GYware', a web-based Remote Access Trojan (RAT) panel described as “best in 2025”. The malware features self-spreading behavior—infecting a victim’s machine and automatically propagating https://t.co/TZuzCj8ae		2025.04.13
4Kaspersky @kaspersky
Tarot and cyberthreats: a new Trojan for fans of the supernatural ???? Learn more about the curse & our cure ???? https://t.co/DxtbrvSUbn https://t.co/KbIamX2TKP		2025.04.11

News

(Total : 12)
  Total keyword

Trojan Malware target Campaign attack RAT Phishing NetWireRC Cryptocurrency Android Advertising Windows Update Victim Microsoft IoC hacking Operation hijack Report c&c Email China Linux GitHub Backdoor Kaspersky TONESHELL EDR Zscaler MUSTANG PANDA Cobalt Strike intelligence Stealer Government keylogger Europe Distribution Attacker Software India RCE schtasks Password Attacks Russia TraderTraitor North Korea payment WhatsApp Browser PlugX C2 GameoverP2P Exploit Dropper UNIX Telegram njRAT Chinese Malicious Traffic powershell SideCopy AsyncRAT Google ReverseRAT Supply chain AnyDesk Downloader Hijacking Java Criminal ActionRAT Chrome Banking ...

No Title Date
1Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2 - Malware.News2025.04.17
2Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1 - Malware.News2025.04.17
3“I sent you an email from your email account,” sextortion scam claims - Malware.News2025.04.17
4Malicious crypto developer-targeted coding challenges spread infostealers - Malware.News2025.04.16
5Threat Intelligence Snapshot: Week 14, 2025 - Malware.News2025.04.16

Additional information

Level Description
danger Executed a process and injected code into it
warning File has been identified by 22 AntiVirus engines on VirusTotal as malicious
watch Allocates execute permission to another process indicative of possible code injection
watch Attempts to identify installed AV products by installation directory
watch Code injection by writing an executable or DLL to the memory of another process
watch Detects VirtualBox through the presence of a file
watch Detects VMWare through the presence of various files
watch Harvests credentials from local email clients
watch Harvests credentials from local FTP client softwares
watch Harvests information related to installed instant messenger clients
watch Installs itself for autorun at Windows startup
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
watch The process powershell.exe wrote an executable file to disk
watch Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice A process created a hidden window
notice Allocates read-write-execute memory (usually to unpack itself)
notice Checks adapter addresses which can be used to detect virtual network interfaces
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice Connects to a Dynamic DNS Domain
notice Creates a shortcut to an executable file
notice Creates a suspicious process
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice Looks up the external IP address
notice Moves the original executable to a new location
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Potentially malicious URLs were found in the process memory dump
notice Steals private information from local Internet browsers
notice Yara rule detected in process memory
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Command line console output was observed
info One or more processes crashed
info Queries for the computername
info Uses Windows APIs to generate a cryptographic key
Network ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
Network ET POLICY DynDNS CheckIp External IP Address Server Response
Network ET POLICY External IP Lookup - checkip.dyndns.org
Network SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
No data
No URL CC ASN Co Reporter Date
1http://usdtupdate.com/usdt/installer.msi
infostealer stealer trojan 		GB GBninjacatcher2025.04.13
2http://ellctrum.com/684231568748463651/NordPassSetup.exe
exe infostealer shadowharvest signed stealer trojan 		RU RUOOO MediaSetiJohns2025.04.05
3https://ellctrum.com/684231568748463651/NordPassSetup.exe
infostealer signed stealer trojan 		RU RUTimeWeb Ltd.boruch2025.04.04
4https://link.storjshare.io/raw/jwkobxhf3zi3dhhu2vh56mqu6c3q/68413587/electrum-4.5.8-setup.exe
exe rat shadowharvest trojan 		US USSPIRITTEL-ASninjacatcher2025.04.02
5https://link.storjshare.io/raw/jwdj7xvz476bs4554rsjtaybkl5a/68413587/NordPassSetup.exe
exe rat shadowharvest trojan 		US USSPIRITTEL-ASninjacatcher2025.04.02
View only the last 5
Beta Service, If you select keyword, you can check detailed information.