Summary: 2025/04/29 00:05
First reported date: 2014/08/08
Inquiry period : 2025/04/28 00:05 ~ 2025/04/29 00:05 (1 days), 1 search results
지난 7일 기간대비 100% 높은 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 Cobalt Strike Victim Ransomware Black Basta Microsoft 입니다.
악성코드 유형 Maze ShadowPad 도 새롭게 확인됩니다.
기관 및 기업 China North Korea Palo Alto Networks 도 새롭게 확인됩니다.
기타 EDR DarkWeb Cobra Carbon System Telegram APT15 신규 키워드도 확인됩니다.
Cobalt Strike is a legitimate penetration software toolkit developed by Forta. But its cracked versions are widely adopted by bad actors, who use it as a C2 system of choice for targeted attacks. Ref.
* 최근 뉴스기사 Top3:
ㆍ 2025/04/28 Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries
Trend graph by period
Related keyword cloud
Top 100| # | Trend | Count | Comparison |
|---|---|---|---|
| 1 | Cobalt Strike | 1 | ▲ 1 (100%) |
| 2 | Victim | 1 | ▲ 1 (100%) |
| 3 | EDR | 1 | ▲ new |
| 4 | DarkWeb | 1 | ▲ new |
| 5 | Ransomware | 1 | ▲ 1 (100%) |
| 6 | China | 1 | ▲ new |
| 7 | North Korea | 1 | ▲ new |
| 8 | Black Basta | 1 | ▲ 1 (100%) |
| 9 | Cobra Carbon System | 1 | ▲ new |
| 10 | Telegram | 1 | ▲ new |
| 11 | Microsoft | 1 | ▲ 1 (100%) |
| 12 | United States | 1 | ▲ 1 (100%) |
| 13 | Maze | 1 | ▲ new |
| 14 | Campaign | 1 | ▲ 1 (100%) |
| 15 | Russia | 1 | ▲ 1 (100%) |
| 16 | Report | 1 | ▲ 1 (100%) |
| 17 | Kaspersky | 1 | ▲ 1 (100%) |
| 18 | Social Engineering | 1 | ▲ 1 (100%) |
| 19 | Malware | 1 | ▲ 1 (100%) |
| 20 | Palo Alto Networks | 1 | ▲ new |
| 21 | Vulnerability | 1 | ▲ 1 (100%) |
| 22 | APT15 | 1 | ▲ new |
| 23 | APT41 | 1 | ▲ 1 (100%) |
| 24 | ShadowPad | 1 | ▲ new |
Special keyword group
Top 5
Malware Type
This is the type of malware that is becoming an issue.
| Keyword | Average | Label |
|---|---|---|
| Ransomware |
|
1 (25%) |
| Black Basta |
|
1 (25%) |
| Maze |
|
1 (25%) |
| ShadowPad |
|
1 (25%) |
Attacker & Actors
The status of the attacker or attack group being issued.
| Keyword | Average | Label |
|---|
Technique
This is an attack technique that is becoming an issue.
| Keyword | Average | Label |
|---|---|---|
| Campaign |
|
1 (50%) |
| Social Engineering |
|
1 (50%) |
Country & Company
This is a country or company that is an issue.
| Keyword | Average | Label |
|---|---|---|
| China |
|
1 (14.3%) |
| North Korea |
|
1 (14.3%) |
| Microsoft |
|
1 (14.3%) |
| United States |
|
1 (14.3%) |
| Russia |
|
1 (14.3%) |
Threat info
Last 5SNS
(Total : 0)No data.
News
(Total : 1)Cobalt Strike Victim EDR DarkWeb Ransomware China North Korea Black Basta Cobra Carbon System Telegram Microsoft Attacker United States Maze Campaign Russia Report Kaspersky Social Engineering Malware Palo Alto Networks Vulnerability APT15 APT41 ShadowPad
| No | Title | Date |
|---|---|---|
| 1 | Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries - Malware.News | 2025.04.28 |
Additional information
| No | Title | Date |
|---|---|---|
| 1 | Employee monitoring app exposes users, leaks 21+ million screenshots - Malware.News | 2025.04.28 |
| 2 | Introducing XSIAM 3.0 - Malware.News | 2025.04.28 |
| 3 | Deploy Bravely with Prisma AIRS - Malware.News | 2025.04.28 |
| 4 | 2025 Cyber Resilience Research Discovers Speed of AI Advancing Emerging Attack Types - Malware.News | 2025.04.28 |
| 5 | Intel CEO Targets Change in Corporate Culture to Shape Up - Bloomberg Technology | 2025.04.28 |
| View only the last 5 | ||
| No | Title | Date |
|---|---|---|
| 1 | Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries - Malware.News | 2025.04.28 |
| 2 | Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries - Malware.News | 2025.04.28 |
| 3 | Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries - Malware.News | 2025.04.28 |
| 4 | Introducing ToyMaker, an Initial Access Broker working in cahoots with double extortion gangs - Malware.News | 2025.04.23 |
| 5 | Introducing ToyMaker, an Initial Access Broker working in cahoots with double extortion gangs - Malware.News | 2025.04.23 |
| View only the last 5 | ||
| No | Request | Hash(md5) | Report No | Date |
|---|---|---|---|---|
| 1 |  toolspab1.exeDarkside Ransomware Cobalt Strike Malicious Library UPX AntiDebug AntiVM PE File OS Processor Check PE32 | 74237f2f009020c7bfe80f274a049843 | 23951 | 2022.02.25 |
| 2 |  toolspab3.exeDarkside Ransomware Cobalt Strike Malicious Library UPX AntiDebug AntiVM PE File OS Processor Check PE32 | 9efd29a1bfac21fbd3843dd95acc8582 | 23949 | 2022.02.25 |
| 3 |  toolspab2.exeDarkside Ransomware Cobalt Strike Malicious Library UPX AntiDebug AntiVM PE File OS Processor Check PE32 | f2336cbcb716869cea7e6d49f5749f1b | 23947 | 2022.02.25 |
| 4 | Updated_Payments_Statements.li... Darkside Ransomware Cobalt Strike Generic Malware Antivirus Malicious Library UPX AntiDebug AntiVM GIF Format PE File PE32 OS Processor Check | 8bdf50e9270b6f6e3c461be75999305d | 22459 | 2022.01.18 |
| 5 |  invoice.exeDarkside Ransomware Cobalt Strike Malicious Library UPX PE File PE32 | 9fca8332a98b2475b8c5243f70ce5058 | 22464 | 2022.01.18 |
| View only the last 5 | ||||
| Level | Description |
|---|---|
| danger | Executed a process and injected code into it |
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Detects Avast Antivirus through the presence of a library |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | One or more potentially interesting buffers were extracted |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Yara rule detected in process memory |
| info | Checks if process is being debugged by a debugger |
| info | This executable has a PDB path |
| No | URL | CC | ASN Co | Reporter | Date |
|---|---|---|---|---|---|
| 1 | http://gh-hr.cn/beacon.exe Cobalt strike CobaltStrike exe | CN  | ... | DonPasci | 2025.01.17 |
| 2 | http://39.107.254.213/beacon.exe Cobalt strike CobaltStrike | CN | ... | lontze7 | 2025.01.16 |
| 3 | http://106.53.83.169/beacon.exe c2 Cobalt strike | CN | ... | lontze7 | 2025.01.13 |
| 4 | http://zzz.hnyzh.co/beacon_x86.exe Cobalt strike CobaltStrike | US  | PONYNET | lontze7 | 2025.01.10 |
| 5 | http://zzz.hnyzh.co/beacon_x64.exe Cobalt strike CobaltStrike | US | PONYNET | lontze7 | 2025.01.10 |
| View only the last 5 | |||||