popup

Cyber Threat Trends

  1. Week Month

conference CrowdStrike 북한

Summary: 2025/04/17 10:25

First reported date: 2014/05/15
Inquiry period : 2025/04/16 10:25 ~ 2025/04/17 10:25 (1 days), 6 search results

지난 7일 기간대비 67% 높은 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 GitHub Update Advertising Malware target 입니다.
악성코드 유형 TONESHELL PlugX 도 새롭게 확인됩니다.
공격자 APT28 Lazarus 도 새롭게 확인됩니다.
공격기술 Backdoor Dropper MalSpam 도 새롭게 확인됩니다.
기관 및 기업 Zscaler Europe FBI Ucraina Australia Türkiye 도 새롭게 확인됩니다.
기타 MUSTANG PANDA Cobalt Strike keylogger UNIX driver 등 신규 키워드도 확인됩니다.

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/17 Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2
    ㆍ 2025/04/17 Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1
    ㆍ 2025/04/16 CVE-2025-24054, NTLM Exploit in the Wild

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1GitHub 6 ▲ 4 (67%)
2Update 4 ▲ 3 (75%)
3Advertising 3 ▲ 2 (67%)
4Malware 3 ▲ 2 (67%)
5target 3 ▲ 3 (100%)
6Operation 3 ▲ 3 (100%)
7Windows 3 ▲ 2 (67%)
8Victim 3 ▲ 2 (67%)
9Exploit 2 ▲ 2 (100%)
10IoC 2 ▲ 1 (50%)
11c&c 2 ▲ 2 (100%)
12MUSTANG PANDA 2 ▲ new
13Microsoft 2 ▲ 1 (50%)
14Zscaler 2 ▲ new
15TONESHELL 2 ▲ new
16Cobalt Strike 2 ▲ new
17attack 2 ▲ 1 (50%)
18Europe 2 ▲ new
19EDR 2 ▲ 2 (100%)
20Kaspersky 2 ▲ 2 (100%)
21Backdoor 2 ▲ new
22hijack 2 ▲ 2 (100%)
23Trojan 2 ▲ 2 (100%)
24keylogger 2 ▲ new
25Government 2 ▲ 2 (100%)
26UNIX 1 ▲ new
27PlugX 1 ▲ new
28driver 1 ▲ new
29SplatCloak 1 ▲ new
30Dropper 1 ▲ new
31GameoverP2P 1 ▲ 1 (100%)
32StarProxy 1 ▲ new
33schtasks 1 ▲ new
34server 1 ▲ new
35file 1 ▲ 1 (100%)
36C2 1 ▲ new
37China 1 ▲ 1 (100%)
38RCE 1 - 0 (0%)
39SaaS 1 ▲ new
40Email 1 ▲ 1 (100%)
41APT28 1 ▲ new
42identity 1 ▲ new
43account 1 ▲ new
44chain 1 ▲ new
45Lazarus 1 ▲ new
46PDF 1 ▲ new
47Lures 1 ▲ new
48RepositoriesPython 1 ▲ new
49bug 1 ▲ new
50Run 1 ▲ new
51gt 1 ▲ new
52FBI 1 ▲ new
53Watchdog 1 ▲ new
54Vulnerability 1 ▲ 1 (100%)
55MalSpam 1 ▲ new
56Phishing 1 ▲ 1 (100%)
57Report 1 - 0 (0%)
58Ucraina 1 ▲ new
59Russia 1 ▲ 1 (100%)
60Campaign 1 - 0 (0%)
61SMB 1 ▲ 1 (100%)
62Australia 1 ▲ new
63Türkiye 1 ▲ new
64Check Point 1 ▲ 1 (100%)
65ZeroDay 1 ▲ new
66hack 1 ▲ new
67Browser 1 ▲ 1 (100%)
68Mustan 1 ▲ new
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
TONESHELL
2 (33.3%)
Trojan
2 (33.3%)
PlugX
1 (16.7%)
GameoverP2P
1 (16.7%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
APT28
1 (50%)
Lazarus
1 (50%)
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Exploit
2 (18.2%)
Backdoor
2 (18.2%)
hijack
2 (18.2%)
Dropper
1 (9.1%)
RCE
1 (9.1%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
Microsoft
2 (11.8%)
Zscaler
2 (11.8%)
Europe
2 (11.8%)
Kaspersky
2 (11.8%)
Government
2 (11.8%)
Threat info
Last 5

SNS

(Total : 3)
  Total keyword

GitHub Lazarus FBI Watchdog Update

No Title Date
1blackorbird @blackorbird
#Lazarus PDF Lures -> GitHub Repositories/Python Repository https://t.co/j1qUBG4os3 https://t.co/jcxDJdCpRj		2025.04.16
2The Hacker News @TheHackersNews
⚠️ Why hack in… when you can just log in? 80% of breaches stem from SaaS identity misconfigurations. One compromised account can trigger a chain: Entra ID takeover → GitHub exfiltration → Slack leaks Wing Security gives full SaaS visibility—no agents, no blind spots. ✅ https://t.co/fUwDJBlwFr		2025.04.16
3Dark Web Informer - Cyber Threat Intelligence @DarkWebInformer
????You may have already seen it, but there is a bug in FBI Watchdog that causes updates to loop 2-3 runs and then it eventually stops. Once I'm back to normal I will look at the code and push a fix to GitHub. The bug: Run starts -> Fetches a change for example.com -> Run		2025.04.16

News

(Total : 3)
  Total keyword

Update Operation GitHub Windows Advertising target Victim Malware Cobalt Strike MUSTANG PANDA keylogger attack Zscaler Backdoor Government hijack IoC c&c Trojan Europe Exploit Microsoft Kaspersky Attacker TONESHELL EDR UNIX C2 PlugX GameoverP2P Dropper schtasks APT28 China Australia Phishing Report Ucraina Russia Campaign SMB Türkiye Vulnerability Check Point ZeroDay Browser MalSpam Email RCE

No Title Date
1Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2 - Malware.News2025.04.17
2Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1 - Malware.News2025.04.17
3CVE-2025-24054, NTLM Exploit in the Wild - Malware.News2025.04.16

Additional information

No data
No data
No data
No URL CC ASN Co Reporter Date
1https://raw.githubusercontent.com/coder9440/drop2/refs/heads/main/faktura_586507.pdf.lnk
github lnk 		US USFASTLYDaveLikesMalwre2025.03.27
2https://github.com/lauriiiiii/dawfraweda/raw/refs/heads/main/Client-built-woprkingfr.exe
exe github 		US USMICROSOFT-CORP-MSN-AS-BLOCKDaveLikesMalwre2025.03.27
3https://github.com/00094/String-Remover/raw/refs/heads/main/rah.exe
github QuasarRAT 		US USMICROSOFT-CORP-MSN-AS-BLOCKDaveLikesMalwre2025.03.27
4https://github.com/00094/String-Remover/raw/refs/heads/main/ConsoleApplication4.exe
github 		US USMICROSOFT-CORP-MSN-AS-BLOCKDaveLikesMalwre2025.03.27
5https://github.com/00094/String-Remover/raw/refs/heads/main/Realtek%20HD%20Audio%20Manager.exe
github QuasarRAT 		US USMICROSOFT-CORP-MSN-AS-BLOCKDaveLikesMalwre2025.03.27
View only the last 5
Beta Service, If you select keyword, you can check detailed information.