popup

Cyber Threat Trends

  1. Day Week

Gemelli flickerflypro flickerfly

Summary: 2025/04/28 23:58

First reported date: 2016/10/04
Inquiry period : 2025/03/29 23:58 ~ 2025/04/28 23:58 (1 months), 7 search results

전 기간대비 동일한 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 c&c Phishing live Raccoon IoC 입니다.
악성코드 유형 GameoverP2P DYEPACK Stealc Xloader FormBook Emotet Remcos Nanocore RecordBreaker 도 새롭게 확인됩니다.
공격기술 Campaign RCE Remote Code Execution 도 새롭게 확인됩니다.
기관 및 기업 Kaspersky Russia Google ESET 도 새롭게 확인됩니다.
기타 Advertising Cryptocurrency Windows id66nn idcheat 등 신규 키워드도 확인됩니다.

RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.  Ref.

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/18 Dark Web Market: STYX Market
    ㆍ 2025/04/08 How MSSP Expertware Uses ANY.RUN’s Interactive Sandbox for Faster Threat Analysis
    ㆍ 2025/04/06 HELLCAT Ransomware Group Strikes Again: Four New Victims Breached via Jira Credentials from Infostealer Logs


참고로 동일한 그룹의 악성코드 타입은 FormBook QakBot RedLine 등 101개 종이 확인됩니다.

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1RedLine 7 - 0 (0%)
2c&c 5 ▲ 1 (20%)
3Stealer 4 ▼ -1 (-25%)
4C2 3 - 0 (0%)
5Malware 3 ▼ -1 (-33%)
6Phishing 3 ▲ 2 (67%)
7live 3 ▲ 1 (33%)
8Campaign 3 ▲ new
9Raccoon 3 ▲ 2 (67%)
10IoC 2 ▲ 1 (50%)
11intelligence 2 ▲ 1 (50%)
12Email 2 ▲ 1 (50%)
13Advertising 2 ▲ new
14Exploit 2 ▲ 1 (50%)
15Education 2 - 0 (0%)
16GameoverP2P 2 ▲ new
17Report 2 - 0 (0%)
18United States 2 - 0 (0%)
19DarkWeb 2 ▲ 1 (50%)
20Lumma 2 ▲ 1 (50%)
21Ransomware 2 ▲ 1 (50%)
22Cryptocurrency 1 ▲ new
23Windows 1 ▲ new
24id66nn 1 ▲ new
25idcheat 1 ▲ new
26Vidar 1 - 0 (0%)
27Operation 1 - 0 (0%)
28Kaspersky 1 ▲ new
29Russia 1 ▲ new
30Software 1 ▲ new
31Telegram 1 ▲ new
32Criminal 1 ▲ new
33RCE 1 ▲ new
34Update 1 - 0 (0%)
35Browser 1 ▲ new
36VPN 1 ▲ new
37Linux 1 ▲ new
38attack 1 - 0 (0%)
39Google 1 ▲ new
40Takedown 1 ▲ new
41target 1 - 0 (0%)
42Kali 1 ▲ new
43Cobalt Strike 1 ▲ new
44DYEPACK 1 ▲ new
45Government 1 - 0 (0%)
46Vulnerability 1 ▲ new
47Victim 1 - 0 (0%)
48MFA 1 - 0 (0%)
49Stealc 1 ▲ new
50EDR 1 ▲ new
51hacking 1 - 0 (0%)
52Twitter 1 ▼ -1 (-100%)
53LinkedIn 1 ▼ -1 (-100%)
54ESET 1 ▲ new
55Remote Code Execution 1 ▲ new
56Xloader 1 ▲ new
57Ba 1 ▲ new
58FormBook 1 ▲ new
59Emotet 1 ▲ new
60Malware download 1 ▲ new
61Remcos 1 ▲ new
62Nanocore 1 ▲ new
63Android 1 ▲ new
64powershell 1 - 0 (0%)
65RecordBreaker 1 ▲ new
66Microsoft 1 - 0 (0%)
67id 1 ▲ new
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
RedLine
7 (28%)
Raccoon
3 (12%)
GameoverP2P
2 (8%)
Lumma
2 (8%)
Ransomware
2 (8%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Stealer
4 (26.7%)
Phishing
3 (20%)
Campaign
3 (20%)
Exploit
2 (13.3%)
RCE
1 (6.7%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
United States
2 (25%)
Kaspersky
1 (12.5%)
Russia
1 (12.5%)
Google
1 (12.5%)
Government
1 (12.5%)
Malware Family
Top 5

A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.

Threat info
Last 5

SNS

(Total : 4)
  Total keyword

RedLine C2 c&c Stealer IoC

No Title Date
1Konstantin Nikolenko @K_N1kolenko
#RedLine #Stealer #ioc 45.137.22.123:55615, id:'cheat' 80.64.16.35:1912, id:'66nn' 83.168.95.95:4844, id:' [@]JootuTraffic' 185.222.57.76:55615, id:'cheat' 207.244.76.146:29739, id:'cheat'		2025.04.25
2SarlackLab @SarlackLab
live #redline #C2 server 193.233.237.109:1912 confirmed 2025-04-20		2025.04.20
3SarlackLab @SarlackLab
live #redline #C2 server 172.252.236.112:1912 confirmed 2025-04-17		2025.04.18
4SarlackLab @SarlackLab
live #redline #C2 server 196.251.92.11:1912 confirmed 2025-04-08		2025.04.08

News

(Total : 3)
  Total keyword

RedLine Stealer Malware Phishing Raccoon Campaign c&c intelligence Email Advertising Education Exploit GameoverP2P United States DarkWeb Lumma Ransomware Report Cryptocurrency attack Xloader DYEPACK Linux Windows Vidar Kaspersky Russia RCE Telegram Takedown Criminal target Software Kali Microsoft Browser VPN Google Update RecordBreaker ESET Vulnerability Victim Attacker MFA Stealc EDR hacking Twitter LinkedIn Government powershell Remote Code Execution FormBook Emotet Remcos Nanocore Cobalt Strike Android IoC Operation

No Title Date
1Dark Web Market: STYX Market - Malware.News2025.04.18
2How MSSP Expertware Uses ANY.RUN’s Interactive Sandbox for Faster Threat Analysis - Malware.News2025.04.08
3HELLCAT Ransomware Group Strikes Again: Four New Victims Breached via Jira Credentials from Infostealer Logs - Malware.News2025.04.06

Additional information

Level Description
danger File has been identified by 69 AntiVirus engines on VirusTotal as malicious
watch Collects information about installed applications
watch Communicates with host for which no DNS query was performed
watch Harvests credentials from local FTP client softwares
notice Allocates read-write-execute memory (usually to unpack itself)
notice Checks adapter addresses which can be used to detect virtual network interfaces
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice Queries for potentially installed applications
notice Steals private information from local Internet browsers
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info One or more processes crashed
info Queries for the computername
info Tries to locate where the browsers are installed
info Uses Windows APIs to generate a cryptographic key
Network ET MALWARE RedLine Stealer - CheckConnect Response
Network ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)
Network ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound
Network SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
Network SURICATA HTTP unable to match response to request
No Category URL CC ASN Co Date
1c2http://193.233.237.109:1912/RU RUOOO FREEnet Group2025.04.22
2c2http://195.3.223.35:38397/PL PLMeverywhere sp. z o.o.2025.03.10
3c2http://91.92.136.87:26264/BG BGBelcloud LTD2025.02.19
4c2http://103.214.142.152:26264/HK HK...2025.02.12
5c2http://45.144.28.250:26912/GB GBDigital LLC2025.02.12
View only the last 5
No URL CC ASN Co Reporter Date
1https://bitbucket.org/x98989/8678678ff/downloads/fasdqweqw.dotm
bitbucket doc docx maldoc RedLine 		US USATLASSIAN PTY LTDDaveLikesMalwre2025.02.26
2https://bitbucket.org/x98989/8678678ff/downloads/word.zip
bitbucket maldoc RedLine RedLineStealer zip 		US USATLASSIAN PTY LTDDaveLikesMalwre2025.02.26
3https://raw.githubusercontent.com/lakrica0/asdfqw/main/wind.exe
exe RedLine RedLineStealer 		US USFASTLYRiordz2025.02.11
4https://upload.venomtools.in/build.exe
exe RedLine 		US USCLOUDFLARENETRiordz2025.02.11
5http://185.215.113.16/inc/Lead_dumper.exe
RedLine 		Riordz2025.02.01
View only the last 5
Beta Service, If you select keyword, you can check detailed information.