popup

Cyber Threat Trends

  1. Day Week

Gemelli flickerflypro flickerfly

Summary: 2025/04/29 03:02

First reported date: 2019/11/21
Inquiry period : 2025/03/30 03:02 ~ 2025/04/29 03:02 (1 months), 5 search results

전 기간대비 40% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 SectopRAT Report Malware Campaign NetWireRC 입니다.
악성코드 유형 RATel Ransomware BlackSuit XMRig Rhysida IDATLoader 도 새롭게 확인됩니다.
공격자 UNC5221 도 새롭게 확인됩니다.
공격기술 hacking ClickFix Phishing 도 새롭게 확인됩니다.
기관 및 기업 Apple Check Point Cisco China Germany India Binance 도 새롭게 확인됩니다.
기타 fake Cobalt Strike ZeroDay PDFCandy converter 등 신규 키워드도 확인됩니다.

SectopRAT, aka ArechClient2, is a .NET RAT with numerous capabilities including multiple stealth functions. Arechclient2 can profile victim systems, steal information such as browser and crypto-wallet data, and launch a hidden secondary desktop to control browser sessions. Additionally, it has several anti-VM and anti-emulator capabilities.  Ref.

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/16 Infostealer deployed via bogus PDFCandy converter
    ㆍ 2025/04/07 7th April – Threat Intelligence Report


참고로 동일한 그룹의 악성코드 타입은 Remcos njRAT QuasarRAT 등 112개 종이 확인됩니다.

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1SectopRAT 5 ▲ 2 (40%)
2Report 3 ▲ 1 (33%)
3Malware 3 ▲ 1 (33%)
4RATel 2 ▲ new
5Campaign 2 ▲ 1 (50%)
6fake 2 ▲ new
7Ransomware 2 ▲ new
8BlackSuit 2 ▲ new
9NetWireRC 2 ▲ 1 (50%)
10Cobalt Strike 2 ▲ new
11Stealer 1 - 0 (0%)
12UNC5221 1 ▲ new
13amp 1 - 0 (0%)
14ZeroDay 1 ▲ new
15Update 1 - 0 (0%)
16Apple 1 ▲ new
17hacking 1 ▲ new
18XMRig 1 ▲ new
19PDFCandy 1 ▲ new
20converter 1 ▲ new
21MWNEWS 1 ▲ new
22Infostealer 1 ▲ new
23bogus 1 ▲ new
24Rhysida 1 ▲ new
25Microsoft 1 - 0 (0%)
26Alert 1 ▲ new
27NodejsPowered 1 ▲ new
28powershell 1 - 0 (0%)
29ClickFix 1 ▲ new
30Phishing 1 ▲ new
31Check Point 1 ▲ new
32Cisco 1 ▲ new
33C2 1 ▲ new
34Zoom 1 ▲ new
35Cobalt 1 ▲ new
36IDATLoader 1 ▲ new
37arechclient2 1 ▲ new
38Low 1 ▲ new
39ArechClient 1 ▼ -1 (-100%)
40abusech 1 ▲ new
41httpstcoOIQANnaWNl 1 ▲ new
42c&c 1 - 0 (0%)
43DarkWeb 1 ▲ new
44Vulnerability 1 ▲ new
45CVSS 1 ▲ new
46Android 1 ▲ new
47United States 1 - 0 (0%)
48Victim 1 - 0 (0%)
49DFIR 1 ▲ new
50China 1 ▲ new
51Germany 1 ▲ new
52India 1 ▲ new
53Binance 1 ▲ new
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
SectopRAT
5 (29.4%)
RATel
2 (11.8%)
Ransomware
2 (11.8%)
BlackSuit
2 (11.8%)
NetWireRC
2 (11.8%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
UNC5221
1 (100%)
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Campaign
2 (33.3%)
Stealer
1 (16.7%)
hacking
1 (16.7%)
ClickFix
1 (16.7%)
Phishing
1 (16.7%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
Apple
1 (11.1%)
Microsoft
1 (11.1%)
Check Point
1 (11.1%)
Cisco
1 (11.1%)
United States
1 (11.1%)
Malware Family
Top 5

A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.

Threat info
Last 5

SNS

(Total : 3)
  Total keyword

SectopRAT Phishing ClickFix Campaign powershell NetWireRC Microsoft Malware c&c C2 ArechClient Cobalt Strike RATel IDATLoader BlackSuit Ransomware Cobalt Report Binance

No Title Date
1The Hacker News @TheHackersNews
???? Microsoft Alert: Node.js-Powered Malware Campaign Ongoing... Since Oct 2024, fake Binance & TradingView installers have been used to deploy malware via Node.js and PowerShell. Linked threats include ClickFix tricks, SectopRAT malware, fake PDF tools, and HR-themed phishing https://t.co/0J		2025.04.17
2Szabolcs Schmidt @smica83
Low detected (2/60) #ArechClient2 @abuse_ch https://t.co/OIQANnaWNl C2: 149.248.78(.)209:9000 @JAMESWT_MHT		2025.04.01
3Virus Bulletin @virusbtn
The DFIR Report researchers look at a fake Zoom installer that used d3f@ckloader & IDAT loader to drop SectopRAT, which dropped Cobalt Strike & Brute Ratel after 9 days. For later movement the threat actor used QDoor & finally deployed BlackSuit ransomware https://t.co/KmlladM4x7 https:/		2025.03.31

News

(Total : 2)
  Total keyword

SectopRAT Malware Report ZeroDay Check Point XMRig hacking Apple Update Stealer UNC5221 RATel Rhysida Cobalt Strike Cisco NetWireRC DarkWeb Ransomware BlackSuit India Germany China Attacker Victim United States Campaign Android CVSS Vulnerability

No Title Date
1Infostealer deployed via bogus PDFCandy converter - Malware.News2025.04.16
27th April – Threat Intelligence Report - Malware.News2025.04.07

Additional information

No data
No data
No Category URL CC ASN Co Date
1c2http://92.255.85.23:9000/wbinjgetRU RUComfortel Ltd.2025.04.10
2c2http://92.255.85.23:15847/RU RUComfortel Ltd.2025.04.10
3c2http://91.92.255.187:1334/BG BG2024.01.14
4c2http://94.130.51.115:15648/DE DEHetzner Online GmbH2023.12.11
5c2http://138.201.120.172:15648/DE DEHetzner Online GmbH2023.11.14
View only the last 5
No URL CC ASN Co Reporter Date
1http://87.120.127.223/panel/uploads/Afocvkc.dat
RedLine SectopRAT 		BG BGYuri Jordanov Ltd.Moneroon2024.10.17
2https://185.172.128.142/fj26s4kt9642y4o/2065428919.png
Arechclient2 SectopRAT 		RU RUOOO Nadym Svyaz Serviceabuse_ch2024.05.22
3http://88.150.180.26/temp_project/docs/old/227.exe
dropped-by-PrivateLoader SectopRAT 		GB GBIomart Cloud Services Limitedandretavare52023.11.22
4http://h171713.srv22.test-hf.su/227.exe
dropped-by-PrivateLoader SectopRAT 		RU RULLC Eximiusandretavare52023.11.21
5https://alexsazo.com/2.tar.gpg
SectopRAT 		RU RUAo a.b.n.JAMESWT_MHT2023.09.20
View only the last 5
Beta Service, If you select keyword, you can check detailed information.