popup

Cyber Threat Trends

  1. Day Week

Gemelli flickerflypro flickerfly

Summary: 2025/04/28 23:49

First reported date: 2017/09/20
Inquiry period : 2025/03/29 23:49 ~ 2025/04/28 23:49 (1 months), 10 search results

전 기간대비 -10% 낮은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Campaign Malware Phishing United States 입니다.
악성코드 유형 Lobshot BlackSuit Ransomware Stealc Raccoon DYEPACK Nanocore Emotet RedLine RecordBreaker GameoverP2P Vidar 도 새롭게 확인됩니다.
공격기술 Stealer Social Engineering 도 새롭게 확인됩니다.
기관 및 기업 Microsoft Recorded Future Germany CrowdStrike Kaspersky China Russia Fortinet 도 새롭게 확인됩니다.
기타 Infostealer Malware download Cryptocurrency Victim greyareaclothingstore 등 신규 키워드도 확인됩니다.

FormBook is a well-known commercial malware that steals information from victims’ machines using keyloggers and form grabbers.

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/23 Private: Stealing the Future: Infostealers Power Cybercrime in 2025
    ㆍ 2025/04/08 How MSSP Expertware Uses ANY.RUN’s Interactive Sandbox for Faster Threat Analysis


참고로 동일한 그룹의 악성코드 타입은 FormBook QakBot RedLine 등 101개 종이 확인됩니다.

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1FormBook 10 ▼ -1 (-10%)
2Stealer 5 ▲ new
3Campaign 5 ▲ 3 (60%)
4Malware 5 ▲ 2 (40%)
5IoC 4 ▼ -1 (-25%)
6Phishing 4 ▲ 3 (75%)
7Report 3 - 0 (0%)
8Remcos 2 ▼ -1 (-50%)
9Lumma 2 - 0 (0%)
10AgentTesla 2 ▼ -1 (-50%)
11Advertising 2 ▼ -1 (-50%)
12Microsoft 2 ▲ new
13United States 2 ▲ 1 (50%)
14Infostealer 2 ▲ new
15Malware download 1 ▲ new
16Recorded Future 1 ▲ new
17Cryptocurrency 1 ▲ new
18Victim 1 ▲ new
19Lobshot 1 ▲ new
20Germany 1 ▲ new
21BlackSuit 1 ▲ new
22Ransomware 1 ▲ new
23greyareaclothingstore 1 ▲ new
24DarkWeb 1 ▲ new
25MFA 1 ▲ new
26Stealc 1 ▲ new
27EDR 1 ▲ new
28CrowdStrike 1 ▲ new
29Ch 1 ▲ new
30Social Engineering 1 ▲ new
31FortiGuard 1 ▲ new
32Labs 1 ▲ new
33antesyapionline 1 ▲ new
34igbeeonline 1 ▲ new
35fizzjetlive 1 ▲ new
36landsflllc 1 ▲ new
37Tofsee 1 ▼ -1 (-100%)
38XWorm 1 ▼ -2 (-200%)
39AsyncRAT 1 ▼ -2 (-200%)
40neconyd 1 ▲ new
41snake 1 ▼ -1 (-100%)
42Amadey 1 - 0 (0%)
43Top 1 ▼ -1 (-100%)
44last 1 ▼ -1 (-100%)
45hellosweetienet 1 ▲ new
46IBM 1 ▲ new
47Raccoon 1 ▲ new
48DYEPACK 1 ▲ new
49Nanocore 1 ▲ new
50Cobalt Strike 1 ▲ new
51Emotet 1 ▲ new
52Android 1 ▲ new
53RedLine 1 ▲ new
54Kaspersky 1 ▲ new
55China 1 ▲ new
56Russia 1 ▲ new
57c&c 1 - 0 (0%)
58powershell 1 ▲ new
59RecordBreaker 1 ▲ new
60httpstco 1 ▲ new
61GameoverP2P 1 ▲ new
62Xloader 1 ▼ -2 (-200%)
63aramco 1 ▲ new
64QRadar Security Suite 1 ▲ new
65Linux 1 - 0 (0%)
66Windows 1 - 0 (0%)
67Education 1 ▲ new
68MalSpam 1 ▼ -2 (-200%)
69Fortinet 1 ▲ new
70Threat 1 - 0 (0%)
71Research 1 ▲ new
72Blog 1 ▲ new
73vaishnavixyz 1 ▲ new
74ThreatProtection 1 ▲ new
75recent 1 ▲ new
76Distribution 1 ▲ new
77NortonLifeLock 1 ▲ new
78Vidar 1 ▲ new
79NetWireRC 1 ▼ -2 (-200%)
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
FormBook
10 (30.3%)
Remcos
2 (6.1%)
Lumma
2 (6.1%)
AgentTesla
2 (6.1%)
Lobshot
1 (3%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Stealer
5 (31.3%)
Campaign
5 (31.3%)
Phishing
4 (25%)
Social Engineering
1 (6.3%)
MalSpam
1 (6.3%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
Microsoft
2 (18.2%)
United States
2 (18.2%)
Recorded Future
1 (9.1%)
Germany
1 (9.1%)
CrowdStrike
1 (9.1%)
Malware Family
Top 5

A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.

Threat info
Last 5

SNS

(Total : 8)
  Total keyword

FormBook Stealer IoC Campaign Malware Phishing Lumma Report XWorm AsyncRAT Remcos Amadey AgentTesla NetWireRC Distribution China MalSpam Russia Kaspersky Fortinet Advertising

No Title Date
1ANY.RUN @anyrun_app
Top 10 last week's threats by uploads ???? ⬇️ #Lumma 569 (1077) ⬆️ #Tofsee 363 (263) ⬇️ #Xworm 309 (1099) ⬇️ #Asyncrat 290 (395) ⬆️ #Neconyd 283 (169) ⬇️ #Snake 254 (379) ⬇️ #Remcos 232 (566) ⬇️ #Amadey 156 (380) ⬆️ #Formbook 134 (78) ⬇️ #Agenttesla 114 (271) Track them all: https://t.co/8l4AJmdDCa		2025.04.28
2Konstantin Nikolenko @K_N1kolenko
#FormBook #Stealer #ioc 91b44.xyz fizzjet.live landsfl.llc nkywzv.top placemakinghub.net resauthormed-mail.biz usemotion.pro		2025.04.24
3Cyber_OSINT @Cyber_O51NT
FortiGuard Labs reported on a phishing campaign distributing Infostealer malware, FormBook, via a malicious Word document attachment. Learn more about this threat! #CyberSecurity #Phishing https://t.co/71N4kvdeHp		2025.04.23
4Konstantin Nikolenko @K_N1kolenko
#FormBook #Stealer #ioc 436bet.lol antesyapi.online igbee.online niloofar1388.shop resauthormed-mail.biz shopystart.store thought-hop.app u939.top well-prophesied.sbs xelactoy.biz zixvy.xyz		2025.04.23
5Threat Intelligence @threatintel
#ThreatProtection A recent #FormBook distribution campaign observed in the wild, read more about Symantec's protection: https://t.co/KMTbFbD2Ao #malware		2025.04.23

News

(Total : 2)
  Total keyword

FormBook Malware Microsoft Campaign Report Phishing United States DarkWeb Lobshot IBM Social Engineering AgentTesla Cryptocurrency Victim Attacker Recorded Future Germany MFA BlackSuit Ransomware Vidar CrowdStrike EDR Stealc Lumma QRadar Security Suite Linux Advertising IoC Emotet Remcos Raccoon Nanocore Cobalt Strike Android c&c Education powershell RecordBreaker GameoverP2P Xloader DYEPACK Stealer RedLine Windows

No Title Date
1Private: Stealing the Future: Infostealers Power Cybercrime in 2025 - Malware.News2025.04.23
2How MSSP Expertware Uses ANY.RUN’s Interactive Sandbox for Faster Threat Analysis - Malware.News2025.04.08

Additional information

Level Description
danger Executed a process and injected code into it
warning File has been identified by 24 AntiVirus engines on VirusTotal as malicious
watch Allocates execute permission to another process indicative of possible code injection
watch Attempts to identify installed AV products by installation directory
watch Code injection by writing an executable or DLL to the memory of another process
watch Manipulates memory of a non-child process indicative of process injection
watch Network communications indicative of a potential document or script payload download was initiated by the process wscript.exe
watch One or more non-whitelisted processes were created
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
watch The processes powershell.exe
watch Used NtSetContextThread to modify a thread in a remote process indicative of process injection
watch Wscript.exe initiated network communications indicative of a script based payload download
notice A process attempted to delay the analysis task.
notice A process created a hidden window
notice Allocates read-write-execute memory (usually to unpack itself)
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice Creates a shortcut to an executable file
notice Creates a suspicious process
notice Creates executable files on the filesystem
notice Drops an executable to the user AppData folder
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Resolves a suspicious Top Level Domain (TLD)
notice Sends data using the HTTP POST Method
notice Steals private information from local Internet browsers
notice Terminates another process
notice The binary likely contains encrypted or compressed data indicative of a packer
notice Yara rule detected in process memory
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Command line console output was observed
info Queries for the computername
info Uses Windows APIs to generate a cryptographic key
Network ET DNS Query to a *.top domain - Likely Hostile
Network ET INFO HTTP Request to a *.top domain
No Category URL CC ASN Co Date
1c2http://www.436bet.lol/lcva/US USCLOUDFLARENET2025.04.23
2c2http://www.igbee.online/tyrp/VG VGCONFLUENCE-NETWORK-INC2025.04.23
3c2http://www.meshki-co-uk.shop/b8n0/US USCLOUDFLARENET2025.04.11
4c2http://www.nesuns.asia/2025.03.26
5c2http://www.aifriendship.store/2025.03.26
View only the last 5
No URL CC ASN Co Reporter Date
1http://185.215.113.19//inc/freedom.exe
Formbook 		anonymous2025.04.26
2http://185.215.113.19//inc/explorer.exe
Formbook 		anonymous2025.04.26
3http://185.215.113.117//inc/freedom.exe
Formbook 		abus3reports2025.04.26
4http://185.215.113.117//inc/explorer.exe
Formbook 		abus3reports2025.04.26
5https://paste.ee/r/BY9muntt/0
ascii Encoded Formbook 		abuse_ch2025.04.25
View only the last 5
Beta Service, If you select keyword, you can check detailed information.