popup

Cyber Threat Trends

  1. Week Month

conference CrowdStrike 북한

Summary: 2025/04/15 19:00

First reported date: 2009/08/05
Inquiry period : 2025/04/14 19:00 ~ 2025/04/15 19:00 (1 days), 1 search results

지난 7일 기간대비 -200% 낮은 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 Stealer IoC SafariBrowser Safari 입니다.
기타 Banshee MAC olaiokejkoikeja 신규 키워드도 확인됩니다.

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1Banshee 1 ▲ new
2Stealer 1 ▲ 1 (100%)
3MAC 1 ▲ new
4IoC 1 ▲ 1 (100%)
5SafariBrowser 1 ▲ 1 (100%)
6olaiokejkoikeja 1 ▲ new
7Browser 1 ▼ -2 (-200%)
8Safari 1 ▲ 1 (100%)
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

No data.

Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

No data.

Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Stealer
1 (100%)
Country & Company
Country & Company

This is a country or company that is an issue.

No data.

Threat info
Last 5

SNS

(Total : 1)
  Total keyword

Stealer IoC Browser Safari

No Title Date
1Yogesh Londhe @suyog41
Banshee Stealer Safari_Browser_2.45.dmg 1d96e46f60f297e1e520af4ec7d0e895 olaiokejk-oikeja 37127f6ea5453f025b1727f565107545 #Banshee #Stealer #MAC #IOC https://t.co/rphCN7rNsh		2025.04.15

News

(Total : 0)

No data.

Additional information

No Request Hash(md5) Report No Date
1 remcos_a.exe
Client SW User Data Stealer Backdoor RemcosRAT Browser Login Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library Malicious Packer UPX Create Service Socket Escalate priviledges PWS Sniff Audio DNS Interne 		e3aecc3188eac24edb8e34f5044b3a6a589982025.04.14
2 pdf.ps1
Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Hide_EXE Generic Malware Google Chrome User Data Downloader Malicious Library .NET framework(MSIL) Antivirus Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Inte 		642647cf863119977d7bd52e848e0cfe583952025.03.31
3 kent.ps1
Client SW User Data Stealer Backdoor RemcosRAT Formbook browser info stealer Hide_EXE Generic Malware Google Chrome User Data Downloader Malicious Library Confuser .NET Antivirus Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Co 		432719ce1459add67ebe4c01b47310f2580592025.03.13
4 nyoilsafkjawd.exe
Client SW User Data Stealer Backdoor RemcosRAT Browser Login Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library Malicious Packer UPX Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio 		0bea38a3f664f5c8d72ab74db022aacd580452025.03.12
5 crossings.exe
Client SW User Data Stealer Backdoor RemcosRAT Browser Login Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library Malicious Packer UPX Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio 		db59bfef32bc15d53bdf499dd1ae62c4580442025.03.12
View only the last 5
Level Description
danger File has been identified by 66 AntiVirus engines on VirusTotal as malicious
danger The process wscript.exe wrote an executable file to disk which it then attempted to execute
danger Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
danger Executed a process and injected code into it
warning Disables Windows Security features
watch Communicates with host for which no DNS query was performed
watch Installs itself for autorun at Windows startup
watch One or more non-whitelisted processes were created
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
watch Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice A process attempted to delay the analysis task.
notice A process created a hidden window
notice Checks whether any human activity is being performed by constantly checking whether the foreground window changed
notice Creates a suspicious process
notice Creates executable files on the filesystem
notice Drops a binary and executes it
notice Drops an executable to the user AppData folder
notice One or more potentially interesting buffers were extracted
notice Terminates another process
notice Uses Windows utilities for basic Windows functionality
notice Yara rule detected in process memory
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Command line console output was observed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
No data
No data
Beta Service, If you select keyword, you can check detailed information.