popup

Cyber Threat Trends

  1. Day Week

Gemelli flickerflypro flickerfly

Summary: 2025/04/28 20:30

First reported date: 2014/08/08
Inquiry period : 2025/03/29 20:30 ~ 2025/04/28 20:30 (1 months), 37 search results

전 기간대비 24% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Cobalt Strike Campaign Report Backdoor Windows 입니다.
악성코드 유형 TONESHELL AsyncRAT BlackSuit SectopRAT RMS 도 새롭게 확인됩니다.
공격자 Tick Anonymous 도 새롭게 확인됩니다.
공격기술 Dropper 도 새롭게 확인됩니다.
기관 및 기업 Zscaler Chinese 도 새롭게 확인됩니다.
기타 MUSTANG PANDA Mustang keylogger ThreatLabz Password 등 신규 키워드도 확인됩니다.

Cobalt Strike is a legitimate penetration software toolkit developed by Forta. But its cracked versions are widely adopted by bad actors, who use it as a C2 system of choice for targeted attacks.  Ref.

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/28 Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries
    ㆍ 2025/04/23 Introducing ToyMaker, an Initial Access Broker working in cahoots with double extortion gangs
    ㆍ 2025/04/23 ATT&CK v17: New Platform (ESXi), Collection Optimization, & More Countermeasures

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1Cobalt Strike 37 ▲ 9 (24%)
2Malware 24 - 0 (0%)
3Campaign 15 ▲ 2 (13%)
4Report 14 ▲ 1 (7%)
5Backdoor 14 ▲ 10 (71%)
6Windows 13 ▲ 5 (38%)
7China 12 ▲ 5 (42%)
8Victim 12 - 0 (0%)
9Update 11 ▲ 2 (18%)
10MUSTANG PANDA 11 ▲ new
11United States 11 ▲ 2 (18%)
12c&c 11 ▲ 1 (9%)
13IoC 10 - 0 (0%)
14Mustang 9 ▲ new
15target 9 ▲ 3 (33%)
16EDR 8 ▲ 3 (38%)
17Kaspersky 8 ▲ 5 (63%)
18Cobalt 8 ▼ -8 (-100%)
19Microsoft 8 ▲ 1 (13%)
20Phishing 8 ▼ -1 (-13%)
21NetWireRC 7 ▲ 3 (43%)
22Russia 7 ▲ 4 (57%)
23Operation 7 ▲ 3 (43%)
24TONESHELL 7 ▲ new
25Ransomware 6 - 0 (0%)
26FIN7 6 ▲ 2 (33%)
27FIN 6 ▲ 4 (67%)
28Panda 6 ▲ 5 (83%)
29GameoverP2P 6 ▲ 4 (67%)
30Zscaler 6 ▲ new
31Advertising 6 ▲ 2 (33%)
32hacking 6 ▲ 3 (50%)
33Government 6 ▲ 4 (67%)
34powershell 5 ▼ -1 (-20%)
35Vulnerability 5 ▼ -3 (-60%)
36Anubis 5 ▲ 4 (80%)
37attack 5 ▲ 1 (20%)
38Android 4 ▼ -1 (-25%)
39Exploit 4 ▼ -4 (-100%)
40MFA 4 ▼ -1 (-25%)
41Social Engineering 4 ▲ 1 (25%)
42APT41 4 ▲ 1 (25%)
43Linux 4 - 0 (0%)
44Cisco 4 ▼ -1 (-25%)
45keylogger 4 ▲ new
46Email 4 ▲ 2 (50%)
47RATel 4 ▲ 3 (75%)
48Trojan 4 ▲ 2 (50%)
49ThreatLabz 3 ▲ new
50Password 3 ▲ new
51Stealer 3 - 0 (0%)
52Germany 3 ▲ 2 (67%)
53Education 3 ▲ 1 (33%)
54intelligence 3 ▼ -1 (-33%)
55Taiwan 3 ▼ -2 (-67%)
56Remote Code Execution 3 ▼ -1 (-33%)
57GitHub 3 ▼ -3 (-100%)
58hijack 3 ▲ 2 (67%)
59threat 3 ▲ 1 (33%)
60Criminal 3 - 0 (0%)
61group 3 ▲ new
62Canada 2 ▲ 1 (50%)
63SplatCloak 2 ▲ new
64VirusTotal 2 ▲ 1 (50%)
65ZeroDay 2 ▲ 1 (50%)
66ttps 2 ▲ new
67StarProxy 2 ▲ new
68United Kingdom 2 ▲ 1 (50%)
69Telegram 2 ▼ -2 (-100%)
70schtasks 2 ▲ 1 (50%)
71Distribution 2 ▼ -1 (-50%)
72Chinese 2 ▲ new
73Tick 2 ▲ new
74UNIX 2 ▲ new
75AsyncRAT 2 ▲ new
76Sliver 2 ▲ new
77Anonymous 2 ▲ new
78Malware download 2 ▲ new
79Ucraina 2 ▲ 1 (50%)
80BlackSuit 2 ▲ new
81Alux 2 ▲ new
82Earth 2 ▲ new
83securityaffairs 2 ▲ new
84full 2 ▲ new
85Chinalinked 2 ▲ new
86Dropper 2 ▲ new
87Russian 2 ▲ new
88Türkiye 2 ▲ 1 (50%)
89Black Basta 2 ▲ 1 (50%)
90India 2 - 0 (0%)
91SectopRAT 2 ▲ new
92DarkWeb 2 - 0 (0%)
93Up 1 ▲ new
94Mustan 1 ▲ new
95Zero Trust 1 ▼ -1 (-100%)
96RMS 1 ▲ new
97Google 1 ▼ -2 (-200%)
98Mandiant 1 - 0 (0%)
99North Korea 1 ▼ -1 (-100%)
100South Korea 1 ▼ -1 (-100%)
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
NetWireRC
7 (14.9%)
TONESHELL
7 (14.9%)
Ransomware
6 (12.8%)
GameoverP2P
6 (12.8%)
RATel
4 (8.5%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
Tick
2 (33.3%)
Anonymous
2 (33.3%)
Equation Group
1 (16.7%)
Hacking Team
1 (16.7%)
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Campaign
15 (23.8%)
Backdoor
14 (22.2%)
Phishing
8 (12.7%)
hacking
6 (9.5%)
Exploit
4 (6.3%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
China
12 (13.2%)
United States
11 (12.1%)
Kaspersky
8 (8.8%)
Microsoft
8 (8.8%)
Russia
7 (7.7%)
Threat info
Last 5

SNS

(Total : 16)
  Total keyword

Cobalt Strike MUSTANG PANDA Backdoor Malware FIN7 Windows Zscaler Campaign Cobalt TONESHELL Report hacking attack China Kaspersky Russia keylogger EDR Beacon Government APT Chinese IoC Intelligence APT41 iocs Ransomware BlackSuit IDATLoader RATel SectopRAT Operation DoTNet Dropper Spain Phishing Password Update target

No Title Date
1Cyber_OSINT @Cyber_O51NT
Mustang Panda has emerged with new TTPs, utilizing advanced tools like ToneShell and StarProxy to target government, military, and NGOs in Myanmar and East Asia, employing evasion techniques for espionage. #CyberSecurity #MustangPanda https://t.co/lnUfK40xXG		2025.04.27
2Kimberly @StopMalvertisin
Dark Reading | Chinese APT Mustang Panda Debuts 4 New Attack Tools https://t.co/5k6cmxR5ag		2025.04.18
3ANY.RUN @anyrun_app
???? Explore Threat Intelligence Reports from #ANYRUN. Discover detailed research on active cyber threats and APTs with actionable insights, #IOCs, & #TTPs. Enrich proactive security, report on #APT41 inside ???? https://t.co/ZkhxJ3hf17		2025.04.18
4Kimberly @StopMalvertisin
NVISO Labs | Crisis Management – Beacon in the Storm https://t.co/38lUEOpj4p		2025.04.17
5Virus Bulletin @virusbtn
Zscaler researchers present the second part of a series on Mustang Panda tools. This time they analyse two new keyloggers, PAKLOG and CorKLOG, as well as an EDR evasion driver (SplatCloak). https://t.co/ni8tV0XVIH https://t.co/841bhFetTp		2025.04.17

News

(Total : 21)
  Total keyword

Cobalt Strike Malware Attacker Campaign Victim Report c&c United States China Update IoC Windows Microsoft Backdoor target Phishing NetWireRC EDR Operation GameoverP2P Advertising Kaspersky powershell Government Ransomware Vulnerability Russia Cobalt MFA Social Engineering Cisco TONESHELL Android Exploit Email MUSTANG PANDA Linux Trojan Zscaler hacking Germany Taiwan Education APT41 Remote Code Execution attack Criminal RATel GitHub hijack Stealer VirusTotal Tick AsyncRAT Telegram United Kingdom Canada Sliver Anonymous keylogger UNIX Ucraina schtasks Distribution ZeroDay Türkiye FIN7 Black Basta DarkWeb India Password intelligence Zero Trust Dropper Equation Group RMS Google Mandiant The Shadow Brokers PlugX Maze APT15 Palo Alto Networks Cobra Carbon System Israel Italy France Australia North Korea Hacking Team ZXShell ...

No Title Date
1Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries - Malware.News2025.04.28
2Introducing ToyMaker, an Initial Access Broker working in cahoots with double extortion gangs - Malware.News2025.04.23
3ATT&CK v17: New Platform (ESXi), Collection Optimization, & More Countermeasures - Malware.News2025.04.23
4Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates - The Hacker News2025.04.18
5Unmasking the new XorDDoS controller and infrastructure - Malware.News2025.04.17

Additional information

Level Description
danger Executed a process and injected code into it
warning File has been identified by 27 AntiVirus engines on VirusTotal as malicious
watch Allocates execute permission to another process indicative of possible code injection
watch Detects Avast Antivirus through the presence of a library
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
watch Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice Allocates read-write-execute memory (usually to unpack itself)
notice Foreign language identified in PE resource
notice One or more potentially interesting buffers were extracted
notice The binary likely contains encrypted or compressed data indicative of a packer
notice Yara rule detected in process memory
info Checks if process is being debugged by a debugger
info This executable has a PDB path
No data
No URL CC ASN Co Reporter Date
1http://gh-hr.cn/beacon.exe
Cobalt strike CobaltStrike exe 		CN CN...DonPasci2025.01.17
2http://39.107.254.213/beacon.exe
Cobalt strike CobaltStrike 		CN CN...lontze72025.01.16
3http://106.53.83.169/beacon.exe
c2 Cobalt strike 		CN CN...lontze72025.01.13
4http://zzz.hnyzh.co/beacon_x86.exe
Cobalt strike CobaltStrike 		US USPONYNETlontze72025.01.10
5http://zzz.hnyzh.co/beacon_x64.exe
Cobalt strike CobaltStrike 		US USPONYNETlontze72025.01.10
View only the last 5
Beta Service, If you select keyword, you can check detailed information.