popup

Cyber Threat Trends

  1. Day Week

Gemelli flickerflypro flickerfly

Summary: 2025/04/28 19:37

First reported date: 2010/05/28
Inquiry period : 2025/03/29 19:37 ~ 2025/04/28 19:37 (1 months), 14 search results

전 기간대비 36% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 keylogger Victim China Windows Update 입니다.
악성코드 유형 TONESHELL PlugX GameoverP2P Lobshot 도 새롭게 확인됩니다.
공격기술 hijack Dropper 도 새롭게 확인됩니다.
기관 및 기업 Zscaler Government Microsoft Recorded Future Türkiye 도 새롭게 확인됩니다.
기타 EDR MUSTANG PANDA Cobalt Strike IoC SplatCloak 등 신규 키워드도 확인됩니다.

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/17 Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2
    ㆍ 2025/04/17 Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1
    ㆍ 2025/04/14 A week in security (April 7 – April 13)

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1keylogger 14 ▲ 5 (36%)
2EDR 4 ▲ new
3Victim 4 ▲ 2 (50%)
4MUSTANG PANDA 4 ▲ new
5Zscaler 4 ▲ new
6Malware 4 ▼ -2 (-50%)
7Cobalt Strike 4 ▲ new
8China 3 ▲ 2 (67%)
9Windows 3 ▲ 2 (67%)
10Update 3 ▲ 2 (67%)
11TONESHELL 3 ▲ new
12Campaign 3 ▲ 1 (33%)
13SnakeKeylogger 3 ▲ 2 (67%)
14c&c 3 ▲ 2 (67%)
15IoC 3 ▲ new
16target 3 ▲ 1 (33%)
17Exploit 2 ▼ -1 (-50%)
18SplatCloak 2 ▲ new
19Government 2 ▲ new
20attack 2 ▼ -1 (-50%)
21GitHub 2 ▲ new
22Advertising 2 - 0 (0%)
23Backdoor 2 - 0 (0%)
24hijack 2 ▲ new
25Trojan 2 ▲ 1 (50%)
26Mustang 2 ▲ new
27Operation 2 ▲ new
28ThreatProtection 2 ▼ -1 (-50%)
29Dropper 2 ▲ new
30c2 2 ▲ new
31StarProxy 2 ▲ new
32Stealer 2 ▲ 1 (50%)
33pharmacist 2 ▲ new
34Maryland 2 ▲ new
35driver 1 ▲ new
36errord 1 ▲ new
37generated 1 ▲ new
38small 1 ▲ new
39second 1 ▲ new
40part 1 ▲ new
41series 1 ▲ new
42server 1 ▲ new
43Kaspersky 1 - 0 (0%)
44Europe 1 - 0 (0%)
45Microsoft 1 ▲ new
46schtasks 1 ▲ new
47file 1 ▲ new
48Mustan 1 ▲ new
49PlugX 1 ▲ new
50UNIX 1 ▲ new
51GameoverP2P 1 ▲ new
52stealth 1 ▲ new
53v3 1 ▲ new
54mailalnozhaqacom 1 ▲ new
55MassLogger 1 ▲ new
56employment 1 ▲ new
57Panda 1 ▲ new
58Record 1 ▲ new
59personal 1 ▲ new
60Man 1 ▲ new
61Magic Kitten 1 ▲ new
62Recorded Future 1 ▲ new
63Future 1 ▲ new
64Recorded 1 ▲ new
65decade 1 ▲ new
66recent 1 ▲ new
67NortonLifeLock 1 ▼ -1 (-100%)
68infostealer 1 ▲ new
69multistage 1 - 0 (0%)
70variety 1 ▲ new
71notorious 1 ▲ new
72iocs 1 ▲ new
73maas 1 ▲ new
74home 1 ▲ new
75Android 1 ▲ new
76exploration 1 ▲ new
77cybercrime 1 - 0 (0%)
78ThreatLabz 1 ▲ new
79Türkiye 1 ▲ new
80MalSpam 1 ▼ -1 (-100%)
81İŞKUR 1 ▲ new
82agency 1 ▲ new
83Turkeys 1 ▲ new
84Last 1 ▲ new
85Phishing 1 ▼ -2 (-200%)
86April 1 ▲ new
87Google 1 - 0 (0%)
88ZeroDay 1 ▲ new
89WhatsApp 1 ▲ new
90Ransomware 1 ▼ -1 (-100%)
91Lobshot 1 ▲ new
92Report 1 - 0 (0%)
93execution 1 ▲ new
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
TONESHELL
3 (25%)
SnakeKeylogger
3 (25%)
Trojan
2 (16.7%)
PlugX
1 (8.3%)
GameoverP2P
1 (8.3%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Campaign
3 (20%)
Exploit
2 (13.3%)
Backdoor
2 (13.3%)
hijack
2 (13.3%)
Dropper
2 (13.3%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
Zscaler
4 (26.7%)
China
3 (20%)
Government
2 (13.3%)
Kaspersky
1 (6.7%)
Europe
1 (6.7%)
Threat info
Last 5

SNS

(Total : 9)
  Total keyword

keylogger SnakeKeylogger Campaign Stealer EDR MUSTANG PANDA Cobalt Strike Zscaler TONESHELL c2 c&c China MalSpam target iocs IoC Türkiye Recorded Future Victim

No Title Date
1James @James_inthe_box
@naumovax Manually running one of the small generated jar's resulted in an error'd execution, but did see "KeyLogger (0)" so that's another point.		2025.04.23
2Virus Bulletin @virusbtn
Zscaler researchers present the second part of a series on Mustang Panda tools. This time they analyse two new keyloggers, PAKLOG and CorKLOG, as well as an EDR evasion driver (SplatCloak). https://t.co/ni8tV0XVIH https://t.co/841bhFetTp		2025.04.17
3James @James_inthe_box
#snakekeylogger c2: mail.alnozha-qa\.com		2025.04.17
4The Hacker News @TheHackersNews
???? China-backed hackers are deploying TONESHELL v3, StarProxy, and stealth tools like SplatCloak to breach Myanmar targets—dodging EDR, logging keystrokes, and hopping across networks with FakeTLS tricks. • 3 TONESHELL variants • 2 new keyloggers (PAKLOG, CorKLOG) • StarProxy https://t.co/11q34ce		2025.04.17
5Zscaler ThreatLabz @Threatlabz
Zscaler ThreatLabz continues its exploration of Mustang Panda tools by analyzing two new keyloggers that we have named PAKLOG & CorKLOG, and an EDR tampering tool that we have named SplatCloak. Learn how this APT evades detection: https://t.co/xpSVDVTATu https://t.co/FNu1FmqIzd		2025.04.16

News

(Total : 5)
  Total keyword

keylogger Malware Victim Windows Update hijack Trojan Backdoor Advertising GitHub Exploit EDR c&c IoC Zscaler MUSTANG PANDA target attack Operation Government TONESHELL Cobalt Strike China Dropper Magic Kitten ZeroDay UNIX Europe C2 Attacker GameoverP2P Report WhatsApp Ransomware Lobshot Kaspersky Phishing Google Android Microsoft schtasks PlugX

No Title Date
1Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2 - Malware.News2025.04.17
2Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1 - Malware.News2025.04.17
3A week in security (April 7 – April 13) - Malware.News2025.04.14
4Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home - Malwarebytes Labs2025.04.09
5Maryland pharmacist used keyloggers to spy on coworkers for a decade, victim alleges - The Record / James Reddick / malpedia2025.04.05

Additional information

Level Description
danger File has been identified by 50 AntiVirus engines on VirusTotal as malicious
danger Executed a process and injected code into it
watch Allocates execute permission to another process indicative of possible code injection
watch Code injection by writing an executable or DLL to the memory of another process
watch Communicates with host for which no DNS query was performed
watch Deletes executed files from disk
watch Manipulates memory of a non-child process indicative of process injection
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
watch Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice Allocates read-write-execute memory (usually to unpack itself)
notice Checks adapter addresses which can be used to detect virtual network interfaces
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice Creates executable files on the filesystem
notice Drops an executable to the user AppData folder
notice Executes one or more WMI queries
notice Executes one or more WMI queries which can be used to identify virtual machines
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Terminates another process
notice Uses Windows utilities for basic Windows functionality
notice Yara rule detected in process memory
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info One or more processes crashed
info Queries for the computername
info Uses Windows APIs to generate a cryptographic key
Network ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
Network ET INFO Executable Download from dotted-quad Host
Network ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
Network ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
Network ET POLICY PE EXE or DLL Windows file download HTTP
No data
No URL CC ASN Co Reporter Date
1https://tinyfilemanagerdemo.alwaysdata.net/user/files/b.exe
alwaysdata exe keylogger 		FR FRAlwaysdata Sarluser12222025.02.23
2http://141.147.43.219:3000/ftp/EmmetPROD.exe
exe keylogger lazy 		SE SERiordz2025.01.31
3http://107.172.148.212/260/cvss.exe
exe keylogger snake 		US USAS-COLOCROSSINGRiordz2025.01.30
4http://caca.vercel.app/file.exe
keylogger 		US USabus3reports2024.12.06
5https://raw.githubusercontent.com/cheetz/nishang/master/Gather/Keylogger.ps1
keylogger 		US USFASTLYabus3reports2024.12.06
View only the last 5
Beta Service, If you select keyword, you can check detailed information.