popup

Cyber Threat Trends

  1. Day Month

conference CrowdStrike 북한

Summary: 2025/04/19 12:32

First reported date: 2010/11/26
Inquiry period : 2025/04/12 12:32 ~ 2025/04/19 12:32 (7 days), 27 search results

전 기간대비 56% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Backdoor Malware target Update attack 입니다.
악성코드 유형 TONESHELL Trojan Mirai 도 새롭게 확인됩니다.
공격자 Red Menshen 도 새롭게 확인됩니다.
공격기술 Dropper 도 새롭게 확인됩니다.
기관 및 기업 Egypt Hong Kong Zscaler Fortinet Europe Chinese Trend Micro Russia CISA Cisco Taiwan 도 새롭게 확인됩니다.
기타 Cobalt Strike Linux MUSTANG PANDA IoC BPFDoor 등 신규 키워드도 확인됩니다.

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/19 Florida senate panel OKs criticized social media backdoor bill
    ㆍ 2025/04/18 Dark Web Profile: Flax Typhoon
    ㆍ 2025/04/18 Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1Backdoor 27 ▲ 15 (56%)
2Malware 13 ▲ 6 (46%)
3target 12 ▲ 9 (75%)
4Update 10 ▲ 7 (70%)
5attack 10 ▲ 7 (70%)
6Report 8 ▲ 2 (25%)
7China 8 ▲ 7 (88%)
8Cobalt Strike 6 ▲ new
9Windows 6 ▲ 3 (50%)
10EDR 6 ▲ 5 (83%)
11Linux 5 ▲ new
12Exploit 5 ▲ 1 (20%)
13Advertising 5 ▲ 3 (60%)
14Campaign 5 ▲ 3 (60%)
15Operation 5 ▲ 4 (80%)
16Government 5 ▲ 4 (80%)
17c&c 5 ▲ 4 (80%)
18Victim 5 ▲ 4 (80%)
19South Korea 5 ▲ 4 (80%)
20MUSTANG PANDA 5 ▲ new
21United States 5 ▲ 1 (20%)
22TONESHELL 5 ▲ new
23Egypt 4 ▲ new
24Microsoft 4 ▲ 2 (50%)
25IoC 4 ▲ new
26Hong Kong 4 ▲ new
27Vulnerability 4 ▲ 1 (25%)
28Zscaler 4 ▲ new
29BPFDoor 4 ▲ new
30Controller 3 ▲ new
31hijack 3 ▲ 1 (33%)
32RCE 3 ▲ 1 (33%)
33RAT 3 ▲ 2 (67%)
34Kaspersky 3 ▲ 2 (67%)
35NetWireRC 3 ▲ 2 (67%)
36intelligence 3 - 0 (0%)
37Mustang 3 ▲ new
38MWNEWS 3 ▲ new
39Fortinet 3 ▲ new
40Europe 2 ▲ new
41GameoverP2P 2 - 0 (0%)
42ZeroDay 2 - 0 (0%)
43Supply 2 ▲ new
44BRICKSTORM 2 ▲ new
45powershell 2 ▲ 1 (50%)
46Trojan 2 ▲ new
47Chinese 2 ▲ new
48symlink 2 ▲ new
49GitHub 2 ▲ 1 (50%)
50chain 2 ▲ new
51keylogger 2 ▲ new
52file 2 ▲ new
53Supply chain 2 ▲ 1 (50%)
54Trend Micro 2 ▲ new
55access 2 ▲ new
56novel 2 ▲ new
57Russia 2 ▲ new
58stealth 2 ▲ new
59Threat 2 ▲ 1 (50%)
60Panda 2 ▲ new
61Myanmar 1 ▲ new
62VPN 1 ▲ new
63Undocumented 1 ▲ new
64Ruckus 1 ▲ new
65Mirai 1 ▲ new
66state 1 ▲ new
67IoT 1 - 0 (0%)
68Java 1 - 0 (0%)
69social 1 ▲ new
70Education 1 - 0 (0%)
71Florida 1 ▲ new
72Telegram 1 ▲ new
73CISA 1 ▲ new
74Europ 1 ▲ new
75dive 1 ▲ new
76Research 1 ▲ new
77deep 1 ▲ new
78ThreatLabz 1 ▲ new
79Team 1 ▲ new
80MimiKatz 1 ▲ new
81hacking 1 ▼ -1 (-100%)
82UNC5221 1 ▲ new
83SplatCloak 1 ▲ new
84version 1 ▲ new
85MysterySnail 1 ▲ new
86plugin 1 - 0 (0%)
87internetexposed 1 ▲ new
88Cisco 1 ▲ new
89covert 1 ▲ new
90component 1 ▲ new
91Red Menshen 1 ▲ new
92Mustan 1 ▲ new
93driver 1 ▲ new
94UNIX 1 ▲ new
95cyberespionage 1 ▲ new
96Dropper 1 ▲ new
97C2 1 ▲ new
98StarProxy 1 ▲ new
99server 1 ▲ new
100Taiwan 1 ▲ new
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
TONESHELL
5 (25%)
RAT
3 (15%)
NetWireRC
3 (15%)
GameoverP2P
2 (10%)
Trojan
2 (10%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
Red Menshen
1 (50%)
Anonymous
1 (50%)
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Backdoor
27 (57.4%)
Exploit
5 (10.6%)
Campaign
5 (10.6%)
hijack
3 (6.4%)
RCE
3 (6.4%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
China
8 (13.3%)
Government
5 (8.3%)
South Korea
5 (8.3%)
United States
5 (8.3%)
Egypt
4 (6.7%)
Threat info
Last 5

SNS

(Total : 12)
  Total keyword

Backdoor Fortinet target China Update attack Supply chain Zscaler TONESHELL MUSTANG PANDA Cobalt Strike Malware Chinese United States Exploit Linux NetWireRC Hong Kong South Korea Egypt Trend Micro RAT US Telegram

No Title Date
1Cyber_OSINT @Cyber_O51NT
Socket’s Threat Research Team has revealed a supply chain attack where typosquatted npm packages targeting Telegram bot developers install SSH backdoors, risking unauthorized access and data exfiltration. #CyberSecurity #Malware https://t.co/SjGRvCPzo3		2025.04.18
2Cyber_OSINT @Cyber_O51NT
Over 16,000 internet-exposed Fortinet devices have been compromised with a symlink backdoor, granting read-only access to sensitive files on previously affected systems. #cybersecurity #Fortinet https://t.co/tONViUdbgJ		2025.04.17
3The Hacker News @TheHackersNews
???? Supply chain cyberattacks are exploding — and hitting where it hurts most: healthcare, retail, energy. ???? One breach = millions exposed. The risk? Vendors are the backdoor. Hackers are walking right in. Learn what’s driving this wave and how to stay ahead: https://t.co/4LGcPEY37W		2025.04.16
4Zscaler ThreatLabz @Threatlabz
Zscaler ThreatLabz has published a deep dive on ????Mustang Panda’s latest arsenal including updates to the ToneShell backdoor and a newly discovered lateral movement tool that we have named StarProxy. Read our full technical analysis here: https://t.co/qTsApYXBTm https://t.co/WJ8bPHRxt7		2025.04.16
5Kimberly @StopMalvertisin
Dark Reading | China-Linked Hackers Lay Brickstorm Backdoors on Euro Networks https://t.co/mrAffs2sof		2025.04.16

News

(Total : 15)
  Total keyword

Backdoor Malware target Update Report attack China Windows EDR Campaign Operation Government Cobalt Strike Victim c&c Advertising Attacker Vulnerability United States Linux Microsoft South Korea MUSTANG PANDA Exploit IoC TONESHELL Zscaler intelligence RCE Kaspersky hijack Hong Kong Egypt powershell Europe ZeroDay RAT GitHub Trojan keylogger NetWireRC GameoverP2P Russia Trend Micro UNIX Chinese hacking plugin Cisco Red Menshen C2 CISA Education Taiwan VPN Java Mirai MimiKatz MFA DarkWeb Australia Dropper Cloudflare DYEPACK Anonymous Stealer Vawtrak Red Hat XWorm Lumma Email Iran Hijacking DNS Software ...

No Title Date
1Florida senate panel OKs criticized social media backdoor bill - Malware.News2025.04.19
2Dark Web Profile: Flax Typhoon - Malware.News2025.04.18
3Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates - The Hacker News2025.04.18
4Novel BPFDoor backdoor component facilitates covert attacks - Malware.News2025.04.17
5China-linked BRICKSTORM backdoor involved in Europe-targeted cyberespionage - Malware.News2025.04.17

Additional information

Level Description
danger File has been identified by 66 AntiVirus engines on VirusTotal as malicious
danger The process wscript.exe wrote an executable file to disk which it then attempted to execute
danger Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
danger Executed a process and injected code into it
warning Disables Windows Security features
watch Communicates with host for which no DNS query was performed
watch Installs itself for autorun at Windows startup
watch One or more non-whitelisted processes were created
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
watch Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice A process attempted to delay the analysis task.
notice A process created a hidden window
notice Checks whether any human activity is being performed by constantly checking whether the foreground window changed
notice Creates a suspicious process
notice Creates executable files on the filesystem
notice Drops a binary and executes it
notice Drops an executable to the user AppData folder
notice One or more potentially interesting buffers were extracted
notice Terminates another process
notice Uses Windows utilities for basic Windows functionality
notice Yara rule detected in process memory
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Command line console output was observed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
No data
No URL CC ASN Co Reporter Date
1http://124.123.26.174:8889/sshd
backdoor censys elf sshdkit 		IN INDaveLikesMalwre2025.04.19
2http://78.137.84.190:8080/sshd
backdoor censys elf sshdkit 		YE YE...DaveLikesMalwre2025.04.19
3http://14.227.169.55:8082/sshd
backdoor censys elf sshdkit 		VN VNVNPT CorpDaveLikesMalwre2025.04.19
4http://188.28.75.169:8081/sshd
backdoor censys elf sshdkit 		GB GBThreeDaveLikesMalwre2025.04.19
5http://113.169.217.235/sshd
backdoor censys elf sshdkit 		VN VNVNPT CorpDaveLikesMalwre2025.04.19
View only the last 5
Beta Service, If you select keyword, you can check detailed information.