Cyber Threat Trends

Summary: 2025/04/17 10:36

First reported date: 2013/09/11
Inquiry period : 2025/04/16 10:35 ~ 2025/04/17 10:35 (1 days), 2 search results

지난 7일 기간대비 100% 높은 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 Kimsuky North Korea APT cti dprk 입니다.
악성코드 유형 Konni 도 새롭게 확인됩니다.
공격자 Lazarus 도 새롭게 확인됩니다.
공격기술 Campaign 도 새롭게 확인됩니다.
기관 및 기업 북한 AhnLab SECUI 도 새롭게 확인됩니다.
기타 인터뷰 수해 김수 Malware Report 등 신규 키워드도 확인됩니다.

This threat actor targets South Korean think tanks, industry, nuclear power operators, and the Ministry of Unification for espionage purposes. Ref.

* 최근 뉴스기사 Top3:
ㆍ 2025/04/17 북한 김수키(Kimsuky)에서 만든악성코드-KxS 북한 수해 인터뷰 요청서(대문?아카데미 이?열 이사장님).lnk(2025.4.5)

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	Kimsuky	2	▲ 2 (100%)
2	North Korea	2	▲ 2 (100%)
3	Campaign	1	▲ new
4	인터뷰	1	▲ new
5	수해	1	▲ new
6	김수	1	▲ new
7	북한	1	▲ new
8	Malware	1	▲ new
9	AhnLab	1	▲ new
10	SECUI	1	▲ new
11	Report	1	▲ new
12	Konni	1	▲ new
13	AhnLabSecuInfo	1	▲ new
14	APT	1	▲ 1 (100%)
15	보고서	1	▲ new
16	동향	1	▲ new
17	그룹	1	▲ new
18	cti	1	▲ 1 (100%)
19	dprk	1	▲ 1 (100%)
20	trend	1	▲ new
21	Lazarus	1	▲ new
22	요청서	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
Konni		1 (100%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
Kimsuky		2 (66.7%)
Lazarus		1 (33.3%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Campaign		1 (50%)
APT		1 (50%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
North Korea		2 (33.3%)
북한		1 (16.7%)
AhnLab		1 (16.7%)
SECUI		1 (16.7%)
dprk		1 (16.7%)

Threat info

Last 5

SNS

(Total : 1)

Total keyword

Kimsuky Konni Lazarus dprk 보고서 APT Report Campaign SECUI AhnLab North Korea

No	Title	Date
1	lazarusholic @lazarusholic "2025년 3월 APT 그룹 동향 보고서" published by @AhnLab_SecuInfo. #Kimsuky, #Konni, #Lazarus, #Trend, #DPRK, #CTI https://t.co/RV2DSuFAt3	2025.04.16

News

(Total : 1)

Total keyword

Kimsuky Malware North Korea 북한

No	Title	Date
1	북한 김수키(Kimsuky)에서 만든악성코드-KxS 북한 수해 인터뷰 요청서(대문?아카데미 이?열 이사장님).lnk(2025.4.5) - Malware.News	2025.04.17

Additional information

No	Title	Date
1	Hi, robot: Half of all internet traffic now automated - Malware.News	2025.04.17
2	Zoom Sees Outage With 50,000 Users Reporting Availability Issues - Bloomberg Technology	2025.04.17
3	Nude photos and names: KU Health and Kansas hospital sued for data breach - Malware.News	2025.04.17
4	DeepSeek Poses ‘Profound’ Security Threat, US House Panel Claims - Bloomberg Technology	2025.04.17
5	6,000 WordPress Sites Affected by Arbitrary File Move Vulnerability in Drag and Drop Multiple File Upload for WooCommerce WordPress Plugin - Malware.News	2025.04.17
View only the last 5

No	Title	Date
1	Kimsuky: A Continuous Threat to South Korea with Deceptive Tactics - Malware.News	2025.04.04
2	ClickFix: Another Deceptive Social Engineering Technique - Malware.News	2025.03.28
3	ClickFix: Another Deceptive Social Engineering Technique - Malware.News	2025.03.28
4	ClickFix: Another Deceptive Social Engineering Technique - Malware.News	2025.03.28
5	Inside Kimsuky’s Latest Cyberattack: Analyzing Malicious Scripts and Payloads - Malware.News	2025.03.25
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	2.pdf Kimsuky Javascript ShellCode PDF	de2a8a728f81d44562bfd3e91c95f002	14565	2021.08.09
2	제4기AMP 안내자료.pdf Kimsuky Gen2 Emotet Gen1 Javascript ShellCode Malicious Packer Malicious Library Escalate priviledges KeyLogger HTTP Internet API ScreenShot Http API Downloader PDF AntiDebug AntiVM PNG Format JPEG Format MSOffice File OS Processor Check	70294ac8b61bfb936334bcb6e6e8cc50	14566	2021.08.09
3	2.pdf Kimsuky Javascript ShellCode PDF	de2a8a728f81d44562bfd3e91c95f002	14569	2021.08.09
4	제4기AMP 안내자료.pdf Kimsuky Javascript ShellCode PDF	70294ac8b61bfb936334bcb6e6e8cc50	14568	2021.08.09
5	제4기AMP 안내자료.pdf Kimsuky Javascript ShellCode PDF	70294ac8b61bfb936334bcb6e6e8cc50	14570	2021.08.09
View only the last 5

Level	Description
danger	A potential heapspray has been detected. 767 megabytes was sprayed onto the heap of the AcroRd32.exe process
warning	File has been identified by 25 AntiVirus engines on VirusTotal as malicious
watch	One or more non-whitelisted processes were created
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Performs some HTTP requests
notice	The PDF file contains an attachment
notice	The PDF file contains JavaScript code
notice	Uses Windows utilities for basic Windows functionality
Network	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

No	Category	URL	CC	ASN Co	Date
1	malicious	http://teishin.org/treasury/wp_asist.php	US	EGIHOSTING	2023.09.20
2	malicious	http://teishin.org/treasury/resources/admin/wp-admin/attack.php	US	EGIHOSTING	2023.09.20
3	c2	http://00701111.000webhostapp.com/wp-extra/show.php	US	...	2023.09.18

No	URL	CC	ASN Co	Reporter	Date
1	https://jpkinki.com/fjugm APT Kimsuky	US	CLOUDFLARENET	IdaNotPro	2025.03.26
2	https://www.dropbox.com/scl/fi/cnfhxf0nc3qxfklznh5na/zzJG_2.zip?rlkey=7t1et81enar4uvbb7nnk58m9b&st=2... APT Kimsuky zip	US	DROPBOX	abuse_ch	2025.02.12
3	https://www.dropbox.com/scl/fi/icvpzbx4vn6lcthva168z/zzJG.zip?rlkey=kntc36792grkm64xriqputbdq&st=px5... APT Kimsuky	US	DROPBOX	JAMESWT_MHT	2025.02.05
4	https://dl.dropboxusercontent.com/scl/fi/3br2y8fin0jqgrunrq3mf/cjfansgmlans1-f.txt?rlkey=rxnknu51ncb... Kimsuky	US	DROPBOX	JAMESWT_MHT	2025.01.29
5	https://dl.dropboxusercontent.com/scl/fi/nanwt6elsuxziz05hnlt4/cjfansgmlans1-x.txt?rlkey=l6gzro1rswk... Kimsuky	US	DROPBOX	JAMESWT_MHT	2025.01.29
View only the last 5

Beta Service, If you select keyword, you can check detailed information.