popup

Cyber Threat Trends

  1. Day Week

Gemelli flickerflypro flickerfly

Summary: 2025/04/28 23:20

First reported date: 2015/03/18
Inquiry period : 2025/03/29 23:20 ~ 2025/04/28 23:20 (1 months), 29 search results

전 기간대비 -110% 낮은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 IoC LummaStealer c&c AgentTesla DarkWeb 입니다.
공격기술 RCE 도 새롭게 확인됩니다.
기관 및 기업 ESET Binance Quick Heal McAfee Italy 도 새롭게 확인됩니다.
기타 neconyd jrxsafertop VPN clarmodqtop sophisticated 등 신규 키워드도 확인됩니다.

Lumma is an information stealer written in C, sold as a Malware-as-a-Service by LummaC on Russian-speaking underground forums and Telegram since at least August 2022. Lumma's capabilities are those of a classic stealer, with a focus on cryptocurrency wallets, and file grabber capabilities. - malpedia

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/24 [단독] 해커, KS한국고용정보 22GB 분량 내부 데이터 유출…다크웹서 15,000달러에 판매중
    ㆍ 2025/04/23 Private: Stealing the Future: Infostealers Power Cybercrime in 2025
    ㆍ 2025/04/21 Lumma Stealer – Tracking distribution channels


참고로 동일한 그룹의 악성코드 타입은 FormBook QakBot RedLine 등 101개 종이 확인됩니다.

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1Lumma 29 ▼ -32 (-110%)
2Stealer 20 ▼ -31 (-155%)
3IoC 11 ▲ 2 (18%)
4Malware 11 ▼ -20 (-182%)
5LummaStealer 9 ▲ 4 (44%)
6c&c 8 ▲ 1 (13%)
7Campaign 7 ▼ -18 (-257%)
8NetWireRC 7 ▼ -3 (-43%)
9Advertising 7 ▼ -3 (-43%)
10Phishing 7 ▼ -8 (-114%)
11Exploit 6 ▼ -3 (-50%)
12AsyncRAT 6 ▼ -3 (-50%)
13AgentTesla 6 ▲ 4 (67%)
14XWorm 6 ▼ -1 (-17%)
15DarkWeb 5 ▲ 2 (40%)
16Victim 5 ▼ -5 (-100%)
17Email 5 ▲ 1 (20%)
18Ransomware 5 ▼ -2 (-40%)
19Amadey 5 ▲ 2 (40%)
20Report 5 ▼ -6 (-120%)
21last 5 ▲ 2 (40%)
22tofsee 5 ▲ 3 (60%)
23snake 5 ▲ 2 (40%)
24Top 5 ▲ 2 (40%)
25Remcos 5 ▲ 3 (60%)
26Cryptocurrency 4 ▲ 1 (25%)
27Windows 4 ▼ -4 (-100%)
28Update 4 ▼ -5 (-125%)
29Browser 4 ▼ -2 (-50%)
30Distribution 4 ▼ -5 (-125%)
31intelligence 4 ▲ 2 (50%)
32powershell 4 ▼ -5 (-125%)
33Criminal 4 ▼ -4 (-100%)
34Vulnerability 3 - 0 (0%)
35Microsoft 3 ▼ -4 (-133%)
36Kaspersky 3 ▼ -8 (-267%)
37neconyd 3 ▲ new
38MFA 3 - 0 (0%)
39Stealc 3 ▲ 2 (67%)
40GameoverP2P 3 ▲ 1 (33%)
41United States 3 ▼ -4 (-133%)
42EDR 3 ▲ 2 (67%)
43Vidar 3 ▲ 1 (33%)
44Linux 2 ▲ 1 (50%)
45Russia 2 ▼ -8 (-400%)
46quasar 2 ▲ 1 (50%)
47target 2 ▼ -6 (-300%)
48jrxsafertop 2 ▲ new
49GitHub 2 ▼ -6 (-300%)
50ESET 2 ▲ new
51Social Engineering 2 ▼ -3 (-150%)
52Government 2 - 0 (0%)
53Software 2 ▼ -3 (-150%)
54hacking 2 ▼ -1 (-50%)
55attack 2 ▼ -9 (-450%)
56Operation 2 - 0 (0%)
57Telegram 2 - 0 (0%)
58Java 2 ▼ -4 (-200%)
59VPN 2 ▲ new
60Google 2 ▼ -1 (-50%)
61Raccoon 2 ▲ 1 (50%)
62RedLine 2 ▲ 1 (50%)
63FormBook 2 - 0 (0%)
64clarmodqtop 2 ▲ new
65sophisticated 1 ▲ new
66equatorfrun 1 ▲ new
67CAPTCHA 1 ▼ -3 (-300%)
68Takedown 1 - 0 (0%)
69RCE 1 ▲ new
70Securelist 1 ▲ new
71climatologfytop 1 ▲ new
72Binance 1 ▲ new
73Quick Heal 1 ▲ new
74McAfee 1 ▲ new
75Kali 1 ▲ new
76Exploit Kit 1 ▲ new
77Tracking 1 ▲ new
78tmekzprokla 1 ▲ new
79mlconlfqecfyefcpo 1 ▲ new
80ROT 1 ▲ new
81QRadar Security Suite 1 ▲ new
82Blog 1 - 0 (0%)
83Italy 1 ▲ new
84정보 1 ▲ new
85IBM 1 ▲ new
86RAT 1 ▼ -1 (-100%)
87name 1 ▲ new
88Bankas 1 ▲ new
89Beogradska 1 ▲ new
90late 1 ▲ new
91Somebody 1 ▲ new
92malspamming 1 ▲ new
93cartograhphytop 1 ▲ new
94biosphxeredigital 1 ▲ new
95detailed 1 ▲ new
96continuation 1 ▲ new
97Cybereason 1 ▲ new
98KS 1 ▲ new
99고용 1 ▲ new
100Lobshot 1 - 0 (0%)
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
Lumma
29 (27.6%)
LummaStealer
9 (8.6%)
NetWireRC
7 (6.7%)
AsyncRAT
6 (5.7%)
AgentTesla
6 (5.7%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
Dark Caracal
1 (100%)
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Stealer
20 (40.8%)
Campaign
7 (14.3%)
Phishing
7 (14.3%)
Exploit
6 (12.2%)
Social Engineering
2 (4.1%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
Microsoft
3 (10%)
Kaspersky
3 (10%)
United States
3 (10%)
Russia
2 (6.7%)
ESET
2 (6.7%)
Malware Family
Top 5

A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.

Threat info
Last 5

SNS

(Total : 20)
  Total keyword

Lumma Stealer LummaStealer IoC Remcos Advertising NetWireRC Amadey AgentTesla AsyncRAT XWorm Distribution Malware c&c Operation MalSpam Exploit Trellix Cryptocurrency Browser Email Report fakecaptcha Vidar Stealc GitHub Xloader DCRat powershell FormBook

No Title Date
1ANY.RUN @anyrun_app
Top 10 last week's threats by uploads ???? ⬇️ #Lumma 569 (1077) ⬆️ #Tofsee 363 (263) ⬇️ #Xworm 309 (1099) ⬇️ #Asyncrat 290 (395) ⬆️ #Neconyd 283 (169) ⬇️ #Snake 254 (379) ⬇️ #Remcos 232 (566) ⬇️ #Amadey 156 (380) ⬆️ #Formbook 134 (78) ⬇️ #Agenttesla 114 (271) Track them all: https://t.co/8l4AJmdDCa		2025.04.28
2Szabolcs Schmidt @smica83
Somebody is using the late Beogradska Banka's name for #malspamming. Attachment looks like a #LummaStealer Sample @abuse_ch https://t.co/jGuqxryHO6 C2: 84.38.132(.)39:7702 @_operations6_ this mail is croatian? https://t.co/stKsTklO4d		2025.04.26
3Konstantin Nikolenko @K_N1kolenko
#LummaStealer #ioc biosphxere.digital cartograhphy.top clarmodq.top climatologfy.top geographys.run topographky.top tropiscbs.live vigorbridgoe.top woodpeckersd.run		2025.04.25
4Virus Bulletin @virusbtn
Cybereason researchers present the continuation of their LummaStealer report, providing detailed insights to assist security analysts in identifying, classifying, containing and eradicating incidents involving LummaStealer. https://t.co/RF6fOgybcM https://t.co/p3V2Q2UdnO		2025.04.24
5Virus Bulletin @virusbtn
Trellix researcher Mohideen Abdul Khader analyses a recent version of Lumma infostealer. The malware is capable of exfiltrating sensitive data from web browsers, email applications, cryptocurrency wallets & other PII stored in critical system directories. https://t.co/opa42VIGUo https://t.co/FRg		2025.04.23

News

(Total : 9)
  Total keyword

Malware Lumma Phishing Campaign Stealer c&c Victim Exploit DarkWeb Ransomware Attacker Email Criminal Report Windows Update IoC intelligence Microsoft EDR Kaspersky powershell MFA Vulnerability United States Browser GameoverP2P Cryptocurrency hacking NetWireRC ESET Advertising Java VPN Vidar Telegram Social Engineering Google Russia Stealc attack Linux Software target Government RedLine Raccoon Takedown RCE Operation Exploit Kit Binance Distribution Italy McAfee Kali Quick Heal China Android IBM GitHub FormBook QRadar Security Suite AgentTesla Lobshot Germany BlackSuit CrowdStrike Recorded Future South Korea 한국 Grandoreiro Vawtrak Backdoor RATel Twitter LinkedIn Education Africa Dnspy Process Hacker Remote Code Execution Copy-Paste Clop Dark Caracal Black Basta DYEPACK RAT Banking Trojan LummaStealer ...

No Title Date
1[단독] 해커, KS한국고용정보 22GB 분량 내부 데이터 유출…다크웹서 15,000달러에 판매중 - 데일리시큐2025.04.24
2Private: Stealing the Future: Infostealers Power Cybercrime in 2025 - Malware.News2025.04.23
3Lumma Stealer – Tracking distribution channels - Malware.News2025.04.21
4Dark Web Market: STYX Market - Malware.News2025.04.18
5How Indicators of Compromise, Attack, and Behavior Help Spot and Stop Cyber Threats - Malware.News2025.04.16

Additional information

Level Description
danger Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually)
danger File has been identified by 43 AntiVirus engines on VirusTotal as malicious
danger Executed a process and injected code into it
watch A process attempted to delay the analysis task.
watch Allocates execute permission to another process indicative of possible code injection
watch Attempts to access Bitcoin/ALTCoin wallets
watch Attempts to create or modify system certificates
watch Attempts to identify installed AV products by installation directory
watch Checks for the presence of known devices from debuggers and forensic tools
watch Checks for the presence of known windows from debuggers and forensic tools
watch Checks the CPU name from registry
watch Checks the version of Bios
watch Code injection by writing an executable or DLL to the memory of another process
watch Collects information about installed applications
watch Communicates with host for which no DNS query was performed
watch Detects the presence of Wine emulator
watch Detects VMWare through the in instruction feature
watch Harvests credentials from local email clients
watch Harvests credentials from local FTP client softwares
watch Installs itself for autorun at Windows startup
watch Looks for the Windows Idle Time to determine the uptime
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
watch Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice A process created a hidden window
notice Allocates read-write-execute memory (usually to unpack itself)
notice An executable file was downloaded by the processes axplong.exe
notice Checks adapter addresses which can be used to detect virtual network interfaces
notice Creates executable files on the filesystem
notice Creates hidden or system file
notice Drops a binary and executes it
notice Drops an executable to the user AppData folder
notice Expresses interest in specific running processes
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice Looks up the external IP address
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Queries for potentially installed applications
notice Repeatedly searches for a not-found process
notice Resolves a suspicious Top Level Domain (TLD)
notice Searches running processes potentially to identify processes for sandbox evasion
notice Sends data using the HTTP POST Method
notice Starts servers listening
notice Steals private information from local Internet browsers
notice Terminates another process
notice The binary likely contains encrypted or compressed data indicative of a packer
notice Yara rule detected in process memory
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Collects information to fingerprint the system (MachineGuid
info One or more processes crashed
info Queries for the computername
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info Tries to locate where the browsers are installed
info Uses Windows APIs to generate a cryptographic key
Network ET DNS Query to a *.top domain - Likely Hostile
Network ET DROP Spamhaus DROP Listed Traffic Inbound group 33
Network ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity
Network ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity
Network ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity
Network ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity
Network ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity
Network ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
Network ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
Network ET INFO Dotted Quad Host DLL Request
Network ET INFO EXE - Served Attached HTTP
Network ET INFO Executable Download from dotted-quad Host
Network ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
Network ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io)
Network ET INFO HTTP Request to a *.top domain
Network ET INFO Packed Executable Download
Network ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in
Network ET MALWARE Possible Kelihos.F EXE Download Common Structure
Network ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2
Network ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4
Network ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1
Network ET MALWARE Win32/Stealc Requesting browsers Config from C2
Network ET MALWARE Win32/Stealc Requesting plugins Config from C2
Network ET MALWARE Win32/Stealc Submitting System Information to C2
Network ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1
Network ET POLICY External IP Lookup SSL Cert Observed (ipinfo .io)
Network ET POLICY PE EXE or DLL Windows file download HTTP
Network ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
No Category URL CC ASN Co Date
1c2https://steamcommunity.com/profiles/76561199822375128US USAKAMAI-AS2025.03.31
2c2https://lunoxorn.top/gkELsopUS USCLOUDFLARENET2025.03.31
3c2http://49.13.143.126/DE DEHetzner Online GmbH2025.03.31
4c2https://65.21.246.249/US US2025.03.31
5c2https://zefnecho.cyou/api2025.02.19
View only the last 5
No URL CC ASN Co Reporter Date
1https://undo.sg/file.exe
Lumma lummac LummaStealer stealer 		UA UAanonymous2025.04.25
2https://www.dropbox.com/scl/fi/xfme3jj5rgt6u5ig7he70/CapCut-Pro.rar?rlkey=ndad0985or8n5rokxmb0pz5k0&...
Lumma LummaStealer stealer 		US USDROPBOXiLikeMalware2025.04.13
3https://sites.google.com/view/robloxfree2025/roblox-free-hack
Lumma LummaStealer stealer 		US USGOOGLEiLikeMalware2025.04.13
4https://drive.google.com/file/d/11SRBeq-5b2C7gf5Z24SzNiSxCTSHONLJ/view
Lumma LummaStealer stealer 		US USGOOGLEiLikeMalware2025.04.13
5https://github.com/Fortnite-Wallhacks-2025/.github/releases/tag/files
Lumma LummaStealer stealer 		US USMICROSOFT-CORP-MSN-AS-BLOCKiLikeMalware2025.04.13
View only the last 5
Beta Service, If you select keyword, you can check detailed information.