Cyber Threat Trends

Summary: 2025/04/17 10:35

First reported date: 2016/02/24
Inquiry period : 2025/04/16 10:35 ~ 2025/04/17 10:35 (1 days), 2 search results

지난 7일 기간대비 50% 높은 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 Lazarus Campaign Report APT cti 입니다.
악성코드 유형 Konni 도 새롭게 확인됩니다.
공격자 Kimsuky 도 새롭게 확인됩니다.
기관 및 기업 AhnLab SECUI 도 새롭게 확인됩니다.
기타 동향 AhnLabSecuInfo 보고서 그룹 PDF 등 신규 키워드도 확인됩니다.

Since 2009, HIDDEN COBRA actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature. Commercial reporting has referred to this activity as Lazarus Group and Guardians of Peace. Tools and capabilities used by HIDDEN COBRA actors include DDoS botnets, keyloggers, remote access tools (RATs), and wiper malware. Variants of malware and tools used by HIDDEN COBRA actors include Destover, Duuzer, and Hangman.

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	Lazarus	2	▲ 1 (50%)
2	동향	1	▲ new
3	AhnLab	1	▲ new
4	SECUI	1	▲ new
5	Campaign	1	▲ 1 (100%)
6	Report	1	▲ 1 (100%)
7	AhnLabSecuInfo	1	▲ new
8	APT	1	▲ 1 (100%)
9	보고서	1	▲ new
10	그룹	1	▲ new
11	PDF	1	▲ new
12	cti	1	▲ 1 (100%)
13	dprk	1	▲ 1 (100%)
14	trend	1	▲ new
15	Konni	1	▲ new
16	Kimsuky	1	▲ new
17	RepositoriesPython	1	▲ new
18	GitHub	1	▲ new
19	Lures	1	▲ new
20	North Korea	1	- 0 (0%)

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
Konni		1 (100%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
Lazarus		2 (66.7%)
Kimsuky		1 (33.3%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Campaign		1 (50%)
APT		1 (50%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
AhnLab		1 (25%)
SECUI		1 (25%)
dprk		1 (25%)
North Korea		1 (25%)

Threat info

Last 5

SNS

(Total : 2)

Total keyword

Lazarus AhnLab SECUI Campaign Report APT 보고서 dprk Konni Kimsuky GitHub North Korea

No	Title	Date
1	blackorbird @blackorbird #Lazarus PDF Lures -> GitHub Repositories/Python Repository https://t.co/j1qUBG4os3 https://t.co/jcxDJdCpRj	2025.04.16
2	lazarusholic @lazarusholic "2025년 3월 APT 그룹 동향 보고서" published by @AhnLab_SecuInfo. #Kimsuky, #Konni, #Lazarus, #Trend, #DPRK, #CTI https://t.co/RV2DSuFAt3	2025.04.16

News

(Total : 0)

No data.

Additional information

No	Title	Date
1	Hi, robot: Half of all internet traffic now automated - Malware.News	2025.04.17
2	Zoom Sees Outage With 50,000 Users Reporting Availability Issues - Bloomberg Technology	2025.04.17
3	Nude photos and names: KU Health and Kansas hospital sued for data breach - Malware.News	2025.04.17
4	DeepSeek Poses ‘Profound’ Security Threat, US House Panel Claims - Bloomberg Technology	2025.04.17
5	6,000 WordPress Sites Affected by Arbitrary File Move Vulnerability in Drag and Drop Multiple File Upload for WooCommerce WordPress Plugin - Malware.News	2025.04.17
View only the last 5

No	Title	Date
1	은둔 왕국을 해킹 초강대국으로.. 북한 '라자루스 그룹' 실체 - 시큐리티팩트	2025.04.11
2	은둔 왕국을 해킹 초강대국으로.. 북한 '라자루스 그룹' 실체 - 시큐리티팩트	2025.04.11
3	'해킹 비트코인' 부국 북한, 암호화폐가 김정은 정권 금고로 - 시큐리티팩트	2025.04.08
4	'해킹 비트코인' 부국 북한, 암호화폐가 김정은 정권 금고로 - 시큐리티팩트	2025.04.08
5	5세부터 키운다.. 김정은 '해커 군단' 육성 프로젝트 - 시큐리티팩트	2025.04.07
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	Winvoke.exe Lazarus Generic Malware PE64 PE File OS Processor Check GIF Format	f4d46629ca15313b94992f3798718df7	12352	2021.06.16

Level	Description
danger	File has been identified by 49 AntiVirus engines on VirusTotal as malicious
watch	Installs itself for autorun at Windows startup
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Creates a shortcut to an executable file
notice	Creates executable files on the filesystem
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	Performs some HTTP requests
notice	Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
notice	Sends data using the HTTP POST Method
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	Checks amount of memory in system
info	Queries for the computername
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)

No	Category	URL	CC	ASN Co	Date
1	c2	https://blockchain-newtech.com/download/download.asp			2023.10.10

No	URL	CC	ASN Co	Reporter	Date
1	https://api.camdrivers.cloud/linux.update Lazarus zip	US	NAMECHEAP-NET	NDA0E	2025.03.04
2	https://api.camdrivers.cloud/linux-al2i.sh Lazarus sh ua-curl	US	NAMECHEAP-NET	NDA0E	2025.03.04
3	https://api.drivercamhub.cloud/linux-al2i.sh Lazarus	US	ADVANTAGECOM	lontze7	2025.02.27
4	http://45.43.11.201:1244/pdown APT BeaverTail Lazarus python StrelaStealer	US	Packet Flip, LLC	DaveLikesMalwre	2024.12.12
5	http://147.124.197.138:1244/pdown APT BeaverTail Lazarus python StrelaStealer	US	AC-AS-1	DaveLikesMalwre	2024.12.12
View only the last 5

Beta Service, If you select keyword, you can check detailed information.