Summary: 2025/04/28 20:19
First reported date: 2014/08/08
Inquiry period : 2025/04/21 20:19 ~ 2025/04/28 20:19 (7 days), 4 search results
전 기간대비 -325% 낮은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Kaspersky powershell Social Engineering APT41 Ransomware 입니다.
악성코드 유형 Black Basta Maze CACTUS RMS LockBit RATel ShadowPad 도 새롭게 확인됩니다.
공격자 OilRig APT28 Sandworm Kimsuky LOTUS PANDA Lazarus 도 새롭게 확인됩니다.
기관 및 기업 Russia Mandiant Google North Korea Palo Alto Networks 도 새롭게 확인됩니다.
기타 Backdo mustangpanda utilizing DarkWeb APT15 등 신규 키워드도 확인됩니다.
Cobalt Strike is a legitimate penetration software toolkit developed by Forta. But its cracked versions are widely adopted by bad actors, who use it as a C2 system of choice for targeted attacks. Ref.
* 최근 뉴스기사 Top3:
ㆍ 2025/04/28 Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries
ㆍ 2025/04/23 Introducing ToyMaker, an Initial Access Broker working in cahoots with double extortion gangs
ㆍ 2025/04/23 ATT&CK v17: New Platform (ESXi), Collection Optimization, & More Countermeasures
Trend graph by period
Related keyword cloud
Top 100| # | Trend | Count | Comparison |
|---|---|---|---|
| 1 | Cobalt Strike | 4 | ▼ -13 (-325%) |
| 2 | Malware | 3 | ▼ -6 (-200%) |
| 3 | Victim | 3 | ▼ -3 (-100%) |
| 4 | Campaign | 3 | ▼ -3 (-100%) |
| 5 | Black Basta | 2 | ▲ new |
| 6 | Report | 2 | ▼ -4 (-200%) |
| 7 | Vulnerability | 2 | - 0 (0%) |
| 8 | Kaspersky | 2 | ▲ 1 (50%) |
| 9 | powershell | 2 | ▲ 1 (50%) |
| 10 | Russia | 2 | ▲ new |
| 11 | United States | 2 | ▼ -2 (-100%) |
| 12 | Microsoft | 2 | - 0 (0%) |
| 13 | Social Engineering | 2 | ▲ 1 (50%) |
| 14 | APT41 | 2 | ▲ 1 (50%) |
| 15 | Ransomware | 2 | ▲ 1 (50%) |
| 16 | 1 | - 0 (0%) | |
| 17 | Panda | 1 | ▼ -4 (-400%) |
| 18 | Backdo | 1 | ▲ new |
| 19 | mustangpanda | 1 | ▲ new |
| 20 | Mandiant | 1 | ▲ new |
| 21 | 1 | ▲ new | |
| 22 | Mustang | 1 | ▼ -7 (-700%) |
| 23 | Advertising | 1 | ▼ -1 (-100%) |
| 24 | Exploit | 1 | ▼ -1 (-100%) |
| 25 | China | 1 | ▼ -6 (-600%) |
| 26 | Government | 1 | ▼ -1 (-100%) |
| 27 | TTPs | 1 | - 0 (0%) |
| 28 | utilizing | 1 | ▲ new |
| 29 | North Korea | 1 | ▲ new |
| 30 | Windows | 1 | ▼ -2 (-200%) |
| 31 | EDR | 1 | ▼ -6 (-600%) |
| 32 | DarkWeb | 1 | ▲ new |
| 33 | TONESHELL | 1 | ▼ -5 (-500%) |
| 34 | target | 1 | ▼ -3 (-300%) |
| 35 | MUSTANG PANDA | 1 | ▼ -9 (-900%) |
| 36 | Maze | 1 | ▲ new |
| 37 | APT15 | 1 | ▲ new |
| 38 | Palo Alto Networks | 1 | ▲ new |
| 39 | Telegram | 1 | - 0 (0%) |
| 40 | Cobra Carbon System | 1 | ▲ new |
| 41 | Update | 1 | ▼ -5 (-500%) |
| 42 | CACTUS | 1 | ▲ new |
| 43 | RMS | 1 | ▲ new |
| 44 | Ucraina | 1 | - 0 (0%) |
| 45 | OilRig | 1 | ▲ new |
| 46 | APT28 | 1 | ▲ new |
| 47 | Sandworm | 1 | ▲ new |
| 48 | Kimsuky | 1 | ▲ new |
| 49 | LOTUS PANDA | 1 | ▲ new |
| 50 | RedEcho | 1 | ▲ new |
| 51 | Sea Turtle | 1 | ▲ new |
| 52 | Lazarus | 1 | ▲ new |
| 53 | LockBit | 1 | ▲ new |
| 54 | Android | 1 | ▲ new |
| 55 | Phishing | 1 | ▼ -2 (-200%) |
| 56 | Distribution | 1 | - 0 (0%) |
| 57 | RATel | 1 | ▲ new |
| 58 | VMware | 1 | ▲ new |
| 59 | North K | 1 | ▲ new |
| 60 | Watchdog | 1 | ▲ new |
| 61 | Forensics | 1 | ▲ new |
| 62 | IoC | 1 | ▼ -5 (-500%) |
| 63 | c&c | 1 | ▼ -5 (-500%) |
| 64 | NetWireRC | 1 | ▼ -2 (-200%) |
| 65 | PDB | 1 | ▲ new |
| 66 | Zero Trust | 1 | ▲ new |
| 67 | schtasks | 1 | - 0 (0%) |
| 68 | MFA | 1 | - 0 (0%) |
| 69 | Cisco | 1 | ▼ -1 (-100%) |
| 70 | ShadowPad | 1 | ▲ new |
Special keyword group
Top 5
Malware Type
This is the type of malware that is becoming an issue.
| Keyword | Average | Label |
|---|---|---|
| Black Basta |
|
2 (16.7%) |
| Ransomware |
|
2 (16.7%) |
| TONESHELL |
|
1 (8.3%) |
| Maze |
|
1 (8.3%) |
| CACTUS |
|
1 (8.3%) |
Attacker & Actors
The status of the attacker or attack group being issued.
| Keyword | Average | Label |
|---|---|---|
| OilRig |
|
1 (16.7%) |
| APT28 |
|
1 (16.7%) |
| Sandworm |
|
1 (16.7%) |
| Kimsuky |
|
1 (16.7%) |
| LOTUS PANDA |
|
1 (16.7%) |
Technique
This is an attack technique that is becoming an issue.
| Keyword | Average | Label |
|---|---|---|
| Campaign |
|
3 (42.9%) |
| Social Engineering |
|
2 (28.6%) |
| Exploit |
|
1 (14.3%) |
| Phishing |
|
1 (14.3%) |
Country & Company
This is a country or company that is an issue.
| Keyword | Average | Label |
|---|---|---|
| Kaspersky |
|
2 (12.5%) |
| Russia |
|
2 (12.5%) |
| United States |
|
2 (12.5%) |
| Microsoft |
|
2 (12.5%) |
| Mandiant |
|
1 (6.3%) |
Threat info
Last 5SNS
(Total : 1)Government TONESHELL target MUSTANG PANDA Cobalt Strike
News
(Total : 3)Attacker Cobalt Strike Victim Campaign Malware Report Ransomware Microsoft Kaspersky Vulnerability Black Basta powershell United States Russia APT41 Social Engineering Android Email RATel RMS Windows Update Exploit Advertising Google Mandiant MFA Maze APT15 Palo Alto Networks Telegram Cobra Carbon System North Korea China DarkWeb EDR Cisco schtasks OilRig Ucraina LockBit Lazarus Sea Turtle RedEcho LOTUS PANDA Distribution VMware Kimsuky Watchdog Phishing Sandworm Forensics NetWireRC IoC c&c APT28 CACTUS PDB Zero Trust ShadowPad
| No | Title | Date |
|---|---|---|
| 1 | Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries - Malware.News | 2025.04.28 |
| 2 | Introducing ToyMaker, an Initial Access Broker working in cahoots with double extortion gangs - Malware.News | 2025.04.23 |
| 3 | ATT&CK v17: New Platform (ESXi), Collection Optimization, & More Countermeasures - Malware.News | 2025.04.23 |
Additional information
| No | Title | Date |
|---|---|---|
| 1 | Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries - Malware.News | 2025.04.28 |
| 2 | 28th April – Threat Intelligence Report - Malware.News | 2025.04.28 |
| 3 | Navigating Through The Fog - Malware.News | 2025.04.28 |
| 4 | Huawei Set to Test Powerful AI Chip to Rival Nvidia’s, WSJ Says - Bloomberg Technology | 2025.04.28 |
| 5 | Gamers Beware! New Attack Targets Gamers to Deploy AgeoStealer Malware - Malware.News | 2025.04.26 |
| View only the last 5 | ||
| No | Title | Date |
|---|---|---|
| 1 | Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries - Malware.News | 2025.04.28 |
| 2 | Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries - Malware.News | 2025.04.28 |
| 3 | Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries - Malware.News | 2025.04.28 |
| 4 | Introducing ToyMaker, an Initial Access Broker working in cahoots with double extortion gangs - Malware.News | 2025.04.23 |
| 5 | Introducing ToyMaker, an Initial Access Broker working in cahoots with double extortion gangs - Malware.News | 2025.04.23 |
| View only the last 5 | ||
| No | Request | Hash(md5) | Report No | Date |
|---|---|---|---|---|
| 1 |  toolspab1.exeDarkside Ransomware Cobalt Strike Malicious Library UPX AntiDebug AntiVM PE File OS Processor Check PE32 | 74237f2f009020c7bfe80f274a049843 | 23951 | 2022.02.25 |
| 2 |  toolspab3.exeDarkside Ransomware Cobalt Strike Malicious Library UPX AntiDebug AntiVM PE File OS Processor Check PE32 | 9efd29a1bfac21fbd3843dd95acc8582 | 23949 | 2022.02.25 |
| 3 |  toolspab2.exeDarkside Ransomware Cobalt Strike Malicious Library UPX AntiDebug AntiVM PE File OS Processor Check PE32 | f2336cbcb716869cea7e6d49f5749f1b | 23947 | 2022.02.25 |
| 4 | Updated_Payments_Statements.li... Darkside Ransomware Cobalt Strike Generic Malware Antivirus Malicious Library UPX AntiDebug AntiVM GIF Format PE File PE32 OS Processor Check | 8bdf50e9270b6f6e3c461be75999305d | 22459 | 2022.01.18 |
| 5 |  invoice.exeDarkside Ransomware Cobalt Strike Malicious Library UPX PE File PE32 | 9fca8332a98b2475b8c5243f70ce5058 | 22464 | 2022.01.18 |
| View only the last 5 | ||||
| Level | Description |
|---|---|
| danger | Executed a process and injected code into it |
| warning | File has been identified by 27 AntiVirus engines on VirusTotal as malicious |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Detects Avast Antivirus through the presence of a library |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | One or more potentially interesting buffers were extracted |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Yara rule detected in process memory |
| info | Checks if process is being debugged by a debugger |
| info | This executable has a PDB path |
| No | URL | CC | ASN Co | Reporter | Date |
|---|---|---|---|---|---|
| 1 | http://gh-hr.cn/beacon.exe Cobalt strike CobaltStrike exe | CN  | ... | DonPasci | 2025.01.17 |
| 2 | http://39.107.254.213/beacon.exe Cobalt strike CobaltStrike | CN | ... | lontze7 | 2025.01.16 |
| 3 | http://106.53.83.169/beacon.exe c2 Cobalt strike | CN | ... | lontze7 | 2025.01.13 |
| 4 | http://zzz.hnyzh.co/beacon_x86.exe Cobalt strike CobaltStrike | US  | PONYNET | lontze7 | 2025.01.10 |
| 5 | http://zzz.hnyzh.co/beacon_x64.exe Cobalt strike CobaltStrike | US | PONYNET | lontze7 | 2025.01.10 |
| View only the last 5 | |||||