popup

Cyber Threat Trends

  1. Week Month

Gemelli flickerflypro flickerfly

Summary: 2025/04/24 17:43

First reported date: 2023/10/27
Inquiry period : 2025/04/23 17:43 ~ 2025/04/24 17:43 (1 days), 1 search results

지난 7일 기간대비 신규 트렌드를 보이고 있습니다.
악성코드 유형 Maze RATel Bankshot Volgmer LPEClient 도 새롭게 확인됩니다.
공격자 Lazarus 도 새롭게 확인됩니다.
공격기술 Campaign 도 새롭게 확인됩니다.
기관 및 기업 United Kingdom South Korea Microsoft United States Kaspersky 도 새롭게 확인됩니다.
기타 Malicious Traffic ZeroDay Update Windows UNIX 등 신규 키워드도 확인됩니다.

LPEClient is an HTTP(S) downloader that expects two command line parameters: an encrypted string containing two URLs (a primary and a secondary C&C server), and the path on the victim's file system to store the downloaded payload.

It sends detailed information about the victim's environment, like computer name, type and number of processors, computer manufacturer, product name, major and minor Windows versions, architecture, memory information, installed security software and the version of the ntoskrnl.exe from its version-information resource.

LPEClient uses specific 32-bit values to represent its execution state (0x59863F09 when connecting via the WinHTTP interface, 0xA9348B57 via WinINet), or the nature of HTTP requests to the C&C servers (0xF07D6B34 when sending system information, 0xEF8C0D51 when requesting a DLL payload, 0xCB790A25 when reporting the successful loading of the DLL, 0xD7B20A96 when reporting the state of the the DLL execution). As the final step, malware looks for the export CloseEnv and executes it.  Ref.

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/24 Operation SyncHole: Lazarus APT goes back to the well


참고로 동일한 그룹의 악성코드 타입은 SmokeLoader GuLoader Zloader 등 47개 종이 확인됩니다.

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1Maze 1 ▲ new
2Malicious Traffic 1 ▲ new
3ZeroDay 1 ▲ new
4Update 1 ▲ new
5Windows 1 ▲ new
6UNIX 1 ▲ new
7RATel 1 ▲ new
8Bankshot 1 ▲ new
9Volgmer 1 ▲ new
10LPEClient 1 ▲ new
11EDR 1 ▲ new
12United Kingdom 1 ▲ new
13South Korea 1 ▲ new
14Microsoft 1 ▲ new
15Vulnerability 1 ▲ new
16Victim 1 ▲ new
17Cryptocurrency 1 ▲ new
18c&c 1 ▲ new
19IoC 1 ▲ new
20United States 1 ▲ new
21Campaign 1 ▲ new
22Report 1 ▲ new
23RSA Conference 1 ▲ new
24Kaspersky 1 ▲ new
25Malware 1 ▲ new
26Lazarus 1 ▲ new
27Ex 1 ▲ new
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
Maze
1 (20%)
RATel
1 (20%)
Bankshot
1 (20%)
Volgmer
1 (20%)
LPEClient
1 (20%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
Lazarus
1 (100%)
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Campaign
1 (100%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
United Kingdom
1 (20%)
South Korea
1 (20%)
Microsoft
1 (20%)
United States
1 (20%)
Kaspersky
1 (20%)
Malware Family
Top 5

A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.

Threat info
Last 5

SNS

(Total : 0)

No data.

News

(Total : 1)
  Total keyword

Maze Malicious Traffic ZeroDay Update Windows UNIX RATel Bankshot Volgmer LPEClient EDR United Kingdom South Korea Microsoft Vulnerability Attacker Victim Cryptocurrency c&c IoC United States Campaign Report RSA Conference Kaspersky Malware Lazarus

No Title Date
1Operation SyncHole: Lazarus APT goes back to the well - Malware.News2025.04.24

Additional information

No data
No data
No data
No data
Beta Service, If you select keyword, you can check detailed information.