popup

Cyber Threat Trends

  1. Week Month

conference CrowdStrike 북한

Summary: 2025/04/17 10:57

First reported date: 2014/08/08
Inquiry period : 2025/04/16 10:57 ~ 2025/04/17 10:57 (1 days), 6 search results

지난 7일 기간대비 100% 높은 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 Cobalt Strike c&c Victim Malware IoC 입니다.
악성코드 유형 TONESHELL Trojan PlugX MgBot ZXShell XWorm AsyncRAT Lumma Vawtrak RAT 도 새롭게 확인됩니다.
공격자 Equation Group Hacking Team Volt Typhoon Anonymous MuddyWater 도 새롭게 확인됩니다.
공격기술 Backdoor hijack Exploit Dropper 도 새롭게 확인됩니다.
기관 및 기업 Zscaler China Taiwan Kaspersky Police Iran Government Europe 도 새롭게 확인됩니다.
기타 MUSTANG PANDA EDR Update keylogger GitHub 등 신규 키워드도 확인됩니다.

Cobalt Strike is a legitimate penetration software toolkit developed by Forta. But its cracked versions are widely adopted by bad actors, who use it as a C2 system of choice for targeted attacks.  Ref.

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/17 Wars without Gun Smoke: China Plays the Cyber Name-and-Shame Game on Taiwan and the U.S
    ㆍ 2025/04/17 Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2
    ㆍ 2025/04/17 Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1Cobalt Strike 6 ▲ 6 (100%)
2Zscaler 4 ▲ new
3MUSTANG PANDA 4 ▲ new
4c&c 4 ▲ 4 (100%)
5Victim 4 ▲ 4 (100%)
6EDR 4 ▲ new
7Malware 4 ▲ 4 (100%)
8Update 4 ▲ new
9Backdoor 4 ▲ new
10TONESHELL 3 ▲ new
11IoC 3 ▲ 3 (100%)
12Campaign 3 ▲ 3 (100%)
13keylogger 3 ▲ new
14Windows 3 ▲ 3 (100%)
15GameoverP2P 3 ▲ 3 (100%)
16GitHub 2 ▲ new
17China 2 ▲ new
18Advertising 2 ▲ 2 (100%)
19ThreatLabz 2 ▲ new
20hijack 2 ▲ new
21United States 2 ▲ 2 (100%)
22Phishing 2 ▲ 2 (100%)
23Exploit 2 ▲ new
24Trojan 2 ▲ new
25NetWireRC 2 ▲ 2 (100%)
26target 2 ▲ new
27Operation 2 ▲ new
28Mustang 2 ▲ new
29Dropper 1 ▲ new
30attack 1 ▲ new
31SplatCloak 1 ▲ new
32PlugX 1 ▲ new
33driver 1 ▲ new
34schtasks 1 ▲ new
35Mustan 1 ▲ new
36Ransomware 1 ▲ 1 (100%)
37Equation Group 1 ▲ new
38Cobalt 1 ▲ 1 (100%)
39Hacking Team 1 ▲ new
40The Shadow Brokers 1 ▲ new
41Report 1 ▲ 1 (100%)
42Taiwan 1 ▲ new
43Volt Typhoon 1 ▲ new
44Kaspersky 1 ▲ new
45MgBot 1 ▲ new
46Sliver 1 ▲ new
47Anonymous 1 ▲ new
48ZXShell 1 ▲ new
49Police 1 ▲ new
50Criminal 1 ▲ new
51arrest 1 ▲ new
52Microsoft 1 ▲ 1 (100%)
53intelligence 1 ▲ new
54server 1 ▲ new
55XWorm 1 ▲ new
56deep 1 ▲ new
57dive 1 ▲ new
58exploration 1 ▲ new
59Panda 1 ▲ new
60AsyncRAT 1 ▲ new
61MuddyWater 1 ▲ new
62Vulnerability 1 ▲ new
63powershell 1 ▲ 1 (100%)
64Iran 1 ▲ new
65Lumma 1 ▲ new
66Vawtrak 1 ▲ new
67StarProxy 1 ▲ new
68Stealer 1 ▲ 1 (100%)
69Linux 1 ▲ 1 (100%)
70ZeroDay 1 ▲ new
71RAT 1 ▲ new
72Email 1 ▲ new
73UNIX 1 ▲ new
74Government 1 ▲ new
75Europe 1 ▲ new
76C2 1 ▲ new
77file 1 ▲ new
78hac 1 ▲ new
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
TONESHELL
3 (15.8%)
GameoverP2P
3 (15.8%)
Trojan
2 (10.5%)
NetWireRC
2 (10.5%)
PlugX
1 (5.3%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
Equation Group
1 (20%)
Hacking Team
1 (20%)
Volt Typhoon
1 (20%)
Anonymous
1 (20%)
MuddyWater
1 (20%)
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Backdoor
4 (26.7%)
Campaign
3 (20%)
hijack
2 (13.3%)
Phishing
2 (13.3%)
Exploit
2 (13.3%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
Zscaler
4 (26.7%)
China
2 (13.3%)
United States
2 (13.3%)
Taiwan
1 (6.7%)
Kaspersky
1 (6.7%)
Threat info
Last 5

SNS

(Total : 2)
  Total keyword

Zscaler MUSTANG PANDA Cobalt Strike TONESHELL Backdoor Update Campaign keylogger EDR

No Title Date
1Zscaler ThreatLabz @Threatlabz
Zscaler ThreatLabz has published a deep dive on ????Mustang Panda’s latest arsenal including updates to the ToneShell backdoor and a newly discovered lateral movement tool that we have named StarProxy. Read our full technical analysis here: https://t.co/qTsApYXBTm https://t.co/WJ8bPHRxt7		2025.04.16
2Zscaler ThreatLabz @Threatlabz
Zscaler ThreatLabz continues its exploration of Mustang Panda tools by analyzing two new keyloggers that we have named PAKLOG & CorKLOG, and an EDR tampering tool that we have named SplatCloak. Learn how this APT evades detection: https://t.co/xpSVDVTATu https://t.co/FNu1FmqIzd		2025.04.16

News

(Total : 4)
  Total keyword

c&c Malware Victim Cobalt Strike EDR Windows Update Attacker IoC GameoverP2P Backdoor Exploit GitHub hijack MUSTANG PANDA Zscaler Trojan target Advertising keylogger TONESHELL Operation United States Campaign Phishing NetWireRC China Equation Group Dropper attack Taiwan Cobalt Hacking Team The Shadow Brokers Report schtasks Volt Typhoon Ransomware MgBot Sliver Anonymous ZXShell Police Criminal arrest PlugX AsyncRAT Microsoft ZeroDay MuddyWater Vulnerability powershell Iran Lumma XWorm Vawtrak Stealer Linux RAT Kaspersky Email intelligence UNIX Government Europe C2

No Title Date
1Wars without Gun Smoke: China Plays the Cyber Name-and-Shame Game on Taiwan and the U.S - Malware.News2025.04.17
2Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2 - Malware.News2025.04.17
3Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1 - Malware.News2025.04.17
4How Indicators of Compromise, Attack, and Behavior Help Spot and Stop Cyber Threats - Malware.News2025.04.16

Additional information

Level Description
danger Executed a process and injected code into it
warning File has been identified by 27 AntiVirus engines on VirusTotal as malicious
watch Allocates execute permission to another process indicative of possible code injection
watch Detects Avast Antivirus through the presence of a library
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
watch Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice Allocates read-write-execute memory (usually to unpack itself)
notice Foreign language identified in PE resource
notice One or more potentially interesting buffers were extracted
notice The binary likely contains encrypted or compressed data indicative of a packer
notice Yara rule detected in process memory
info Checks if process is being debugged by a debugger
info This executable has a PDB path
No data
No URL CC ASN Co Reporter Date
1http://gh-hr.cn/beacon.exe
Cobalt strike CobaltStrike exe 		CN CN...DonPasci2025.01.17
2http://39.107.254.213/beacon.exe
Cobalt strike CobaltStrike 		CN CN...lontze72025.01.16
3http://106.53.83.169/beacon.exe
c2 Cobalt strike 		CN CN...lontze72025.01.13
4http://zzz.hnyzh.co/beacon_x86.exe
Cobalt strike CobaltStrike 		US USPONYNETlontze72025.01.10
5http://zzz.hnyzh.co/beacon_x64.exe
Cobalt strike CobaltStrike 		US USPONYNETlontze72025.01.10
View only the last 5
Beta Service, If you select keyword, you can check detailed information.