popup

Cyber Threat Trends

  1. Week Month

conference CrowdStrike 북한

Summary: 2025/04/17 12:34

First reported date: 2010/11/15
Inquiry period : 2025/04/16 12:34 ~ 2025/04/17 12:34 (1 days), 3 search results

지난 7일 기간대비 -33% 낮은 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 WhatsApp AI 입니다.
기타 intelligence Domain Trouble COBOL obfuscation 등 신규 키워드도 확인됩니다.

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/16 Has AI changed malicious script obfuscation techniques?

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1code 3 ▼ -1 (-33%)
2WhatsApp 1 ▲ 1 (100%)
3intelligence 1 ▲ new
4Domain 1 ▲ new
5Trouble 1 ▲ new
6COBOL 1 ▲ new
7MWNEWS 1 - 0 (0%)
8obfuscation 1 ▲ new
9AI 1 ▲ 1 (100%)
10Criminal 1 ▲ new
11account 1 ▲ new
12Malware 1 - 0 (0%)
13plugin 1 ▲ new
14target 1 ▲ new
15Browser 1 ▲ new
16QR 1 ▲ new
17sherrodim 1 ▲ new
18Specific 1 ▲ new
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

No data.

Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

No data.

Attack technique
Technique

This is an attack technique that is becoming an issue.

No data.

Country & Company
Country & Company

This is a country or company that is an issue.

No data.

Threat info
Last 5

SNS

(Total : 1)
  Total keyword

WhatsApp Browser target plugin

No Title Date
1Microsoft Threat Intelligence @MsftSecIntel
@sherrod_im However, the QR code is used by WhatsApp to connect an account to a linked device and/or the WhatsApp Web portal. If the target follows the instructions on the page, the threat actor could gain access to messages in their WhatsApp account & exfiltrate data using browser plugins.		2025.04.16

News

(Total : 2)
  Total keyword

Malware Criminal intelligence

No Title Date
1Porting COBOL Code and the Trouble With Ditching Domain Specific Languages - Hackaday2025.04.16
2Has AI changed malicious script obfuscation techniques? - Malware.News2025.04.16

Additional information

No Request Hash(md5) Report No Date
1 random.exe
SystemBC Gen1 RedLine stealer RedlineStealer Generic Malware Downloader UPX Malicious Library Malicious Packer Antivirus .NET framework(MSIL) Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code 		25db2d5ac24b8e34330f8dd7882b6dd6519702024.07.26
2 Safety Manager JD (General Dyn...
Client SW User Data Stealer browser info stealer Generic Malware Hide_EXE Google Chrome User Data Downloader Malicious Library UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code 		8346d90508b5d41d151b7098c7a3e868504012024.06.03
3 riviera_tour_sochi.pdf.exe
Client SW User Data Stealer browser info stealer NSIS Generic Malware Themida Packer Google Chrome User Data Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code 		5bcfa8f37baca2ce16991579bbcd6637490352024.03.24
4 Wezwanie_swiadka.pdf.exe
Client SW User Data Stealer browser info stealer NSIS Generic Malware Themida Packer Google Chrome User Data Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code 		d7ff05311350b4990ccd642a44679d1d484982024.02.14
5 pdf.exe
Client SW User Data Stealer browser info stealer NSIS Themida Packer Generic Malware Google Chrome User Data Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code 		cf3f2a8109842ba7c78c1903423b3ba8484662024.02.13
View only the last 5
Level Description
danger File has been identified by 38 AntiVirus engines on VirusTotal as malicious
warning Generates some ICMP traffic
watch Attempts to create or modify system certificates
watch Attempts to identify installed AV products by installation directory
watch Checks for the presence of known devices from debuggers and forensic tools
watch Checks for the presence of known windows from debuggers and forensic tools
watch Checks the version of Bios
watch Collects information about installed applications
watch Communicates with host for which no DNS query was performed
watch Deletes a large number of files from the system indicative of ransomware
watch Detects VMWare through the in instruction feature
watch Executes one or more WMI queries
watch Harvests credentials from local FTP client softwares
watch Installs itself for autorun at Windows startup
watch Resumed a suspended thread in a remote process potentially indicative of process injection
notice A process attempted to delay the analysis task.
notice A process created a hidden window
notice Allocates read-write-execute memory (usually to unpack itself)
notice An executable file was downloaded by the process axplong.exe
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice Creates a shortcut to an executable file
notice Creates executable files on the filesystem
notice Creates hidden or system file
notice Drops a binary and executes it
notice Drops an executable to the user AppData folder
notice Executes one or more WMI queries which can be used to identify virtual machines
notice Expresses interest in specific running processes
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Queries for potentially installed applications
notice Sends data using the HTTP POST Method
notice Steals private information from local Internet browsers
notice The binary likely contains encrypted or compressed data indicative of a packer
notice Yara rule detected in process memory
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info One or more processes crashed
info Queries for the computername
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info Tries to locate where the browsers are installed
info Uses Windows APIs to generate a cryptographic key
Network ET DROP Spamhaus DROP Listed Traffic Inbound group 33
Network ET HUNTING Download Request Containing Suspicious Filename - Crypted
Network ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
Network ET INFO Executable Download from dotted-quad Host
Network ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
Network ET INFO Microsoft net.tcp Connection Initialization Activity
Network ET INFO Packed Executable Download
Network ET INFO TLS Handshake Failure
Network ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)
Network ET MALWARE Amadey Bot Activity (POST)
Network ET MALWARE Redline Stealer TCP CnC - Id1Response
Network ET MALWARE Redline Stealer TCP CnC Activity
Network ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)
Network ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2
Network ET POLICY PE EXE or DLL Windows file download HTTP
Network SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
No data
No URL CC ASN Co Reporter Date
1https://dl.google.com/go/go1.13.linux-amd64.tar.gz
code mirai 		US USGOOGLEabus3reports2024.04.25
Beta Service, If you select keyword, you can check detailed information.