Summary: 2025/04/29 00:23
First reported date: 2011/06/21
Inquiry period : 2025/04/22 00:23 ~ 2025/04/29 00:23 (7 days), 27 search results
전 기간대비 19% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Cryptocurrency Malware Report Campaign North Korea 입니다.
악성코드 유형 Lobshot RATel Bankshot Volgmer LPEClient Clop 도 새롭게 확인됩니다.
공격자 Lazarus CryptoCore PLATINUM LOTUS PANDA 도 새롭게 확인됩니다.
기관 및 기업 북한 Mandiant Recorded Future South Korea Palo Alto Networks Ucraina 도 새롭게 확인됩니다.
기타 North ZeroDay Education 공격 Korean 등 신규 키워드도 확인됩니다.
* 최근 뉴스기사 Top3:
ㆍ 2025/04/28 28th April – Threat Intelligence Report
ㆍ 2025/04/25 North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures
ㆍ 2025/04/25 North Korean cyberespionage facilitated by bogus US firms, crackdown underway
Trend graph by period
Related keyword cloud
Top 100| # | Trend | Count | Comparison |
|---|---|---|---|
| 1 | Cryptocurrency | 27 | ▲ 5 (19%) |
| 2 | Malware | 18 | ▲ 7 (39%) |
| 3 | Report | 13 | ▲ 10 (77%) |
| 4 | Campaign | 13 | ▲ 5 (38%) |
| 5 | North Korea | 9 | ▲ 6 (67%) |
| 6 | United States | 8 | ▲ 4 (50%) |
| 7 | Victim | 8 | ▲ 6 (75%) |
| 8 | Phishing | 7 | ▲ 3 (43%) |
| 9 | attack | 7 | ▲ 2 (29%) |
| 10 | target | 6 | - 0 (0%) |
| 11 | North | 6 | ▲ new |
| 12 | 6 | ▲ 5 (83%) | |
| 13 | hacking | 6 | ▲ 5 (83%) |
| 14 | Browser | 5 | ▲ 2 (40%) |
| 15 | Exploit | 5 | ▲ 4 (80%) |
| 16 | Update | 5 | ▲ 3 (60%) |
| 17 | Vulnerability | 5 | ▲ 4 (80%) |
| 18 | Kaspersky | 4 | ▲ 2 (50%) |
| 19 | ZeroDay | 4 | ▲ new |
| 20 | Education | 4 | ▲ new |
| 21 | Advertising | 4 | - 0 (0%) |
| 22 | Ransomware | 4 | ▲ 1 (25%) |
| 23 | Threat | 4 | ▲ 2 (50%) |
| 24 | Software | 3 | - 0 (0%) |
| 25 | 북한 | 3 | ▲ new |
| 26 | 공격 | 3 | ▲ new |
| 27 | 3 | ▼ -2 (-67%) | |
| 28 | Korean | 3 | ▲ new |
| 29 | DarkWeb | 3 | ▲ 2 (67%) |
| 30 | Microsoft | 3 | ▼ -1 (-33%) |
| 31 | Lazarus | 3 | ▲ new |
| 32 | Russia | 3 | ▲ 1 (33%) |
| 33 | Android | 3 | ▲ 1 (33%) |
| 34 | Government | 3 | ▲ 2 (67%) |
| 35 | Windows | 3 | ▲ 1 (33%) |
| 36 | Chrome | 2 | ▲ new |
| 37 | payment | 2 | ▲ 1 (50%) |
| 38 | Web | 2 | ▲ new |
| 39 | Operation | 2 | ▼ -1 (-50%) |
| 40 | Supply chain | 2 | ▲ new |
| 41 | China | 2 | ▼ -1 (-50%) |
| 42 | Lobshot | 2 | ▲ new |
| 43 | Cantor | 2 | ▲ new |
| 44 | Lumma | 2 | ▲ 1 (50%) |
| 45 | Criminal | 2 | - 0 (0%) |
| 46 | MFA | 2 | ▲ new |
| 47 | Mandiant | 2 | ▲ new |
| 48 | Research | 2 | ▲ new |
| 49 | EDR | 2 | ▲ 1 (50%) |
| 50 | Distribution | 2 | ▲ new |
| 51 | Recorded Future | 2 | ▲ new |
| 52 | South Korea | 2 | ▲ new |
| 53 | Interview | 2 | ▲ new |
| 54 | Ripple | 2 | ▲ new |
| 55 | RATel | 2 | ▲ new |
| 56 | Social Engineering | 2 | - 0 (0%) |
| 57 | SocGholish | 1 | ▲ new |
| 58 | Rhysid | 1 | ▲ new |
| 59 | TraderTraitor | 1 | ▼ -3 (-300%) |
| 60 | Maze | 1 | ▲ new |
| 61 | Bankshot | 1 | ▲ new |
| 62 | RSA Conference | 1 | ▲ new |
| 63 | United Kingdom | 1 | - 0 (0%) |
| 64 | UNIX | 1 | ▲ new |
| 65 | Ex | 1 | ▲ new |
| 66 | SoftBank | 1 | ▲ new |
| 67 | Bloomberg | 1 | ▲ new |
| 68 | Teslas | 1 | ▲ new |
| 69 | Volgmer | 1 | ▲ new |
| 70 | LPEClient | 1 | ▲ new |
| 71 | Malicious Traffic | 1 | ▲ new |
| 72 | IoC | 1 | ▲ new |
| 73 | Earnings | 1 | ▲ new |
| 74 | UNC4736 | 1 | ▲ new |
| 75 | Palo Alto Networks | 1 | ▲ new |
| 76 | Telegram | 1 | ▼ -1 (-100%) |
| 77 | Linux | 1 | ▲ new |
| 78 | CryptoCore | 1 | ▲ new |
| 79 | c&c | 1 | ▼ -1 (-100%) |
| 80 | MacOS | 1 | ▲ new |
| 81 | PLATINUM | 1 | ▲ new |
| 82 | 암호 | 1 | ▲ new |
| 83 | remote | 1 | ▲ new |
| 84 | front | 1 | ▲ new |
| 85 | LLC | 1 | ▲ new |
| 86 | YouTube | 1 | - 0 (0%) |
| 87 | Gmail | 1 | - 0 (0%) |
| 88 | 1 | - 0 (0%) | |
| 89 | Booking | 1 | ▲ new |
| 90 | Zoom | 1 | ▲ new |
| 91 | control | 1 | ▲ new |
| 92 | call | 1 | ▲ new |
| 93 | Koreas | 1 | ▲ new |
| 94 | system | 1 | ▲ new |
| 95 | Silent | 1 | ▲ new |
| 96 | Push | 1 | ▲ new |
| 97 | LOTUS PANDA | 1 | ▲ new |
| 98 | Clop | 1 | ▲ new |
| 99 | CVSS | 1 | ▲ new |
| 100 | Ucraina | 1 | ▲ new |
Special keyword group
Top 5
Malware Type
This is the type of malware that is becoming an issue.
| Keyword | Average | Label |
|---|---|---|
| Ransomware |
|
4 (26.7%) |
| Lobshot |
|
2 (13.3%) |
| Lumma |
|
2 (13.3%) |
| RATel |
|
2 (13.3%) |
| Bankshot |
|
1 (6.7%) |
Attacker & Actors
The status of the attacker or attack group being issued.
| Keyword | Average | Label |
|---|---|---|
| Lazarus |
|
3 (42.9%) |
| TraderTraitor |
|
1 (14.3%) |
| CryptoCore |
|
1 (14.3%) |
| PLATINUM |
|
1 (14.3%) |
| LOTUS PANDA |
|
1 (14.3%) |
Technique
This is an attack technique that is becoming an issue.
| Keyword | Average | Label |
|---|---|---|
| Campaign |
|
13 (37.1%) |
| Phishing |
|
7 (20%) |
| hacking |
|
6 (17.1%) |
| Exploit |
|
5 (14.3%) |
| Social Engineering |
|
2 (5.7%) |
Country & Company
This is a country or company that is an issue.
| Keyword | Average | Label |
|---|---|---|
| North Korea |
|
9 (16.4%) |
| United States |
|
8 (14.5%) |
|
|
6 (10.9%) | |
| Kaspersky |
|
4 (7.3%) |
| 북한 |
|
3 (5.5%) |
Threat info
Last 5SNS
(Total : 7)Cryptocurrency Malware hacking North Korea Campaign Supply chain Android Trojan Firmware Kaspersky Exploit attack Email Trellix Browser Lumma Social Engineering Stealer Report
News
(Total : 20)Cryptocurrency Malware Report Campaign United States Victim Phishing Attacker North Korea attack Google target Vulnerability Update Advertising Browser Exploit Education hacking ZeroDay Ransomware 북한 Microsoft Software DarkWeb Kaspersky Russia Government Windows Lazarus China Lobshot MFA Mandiant EDR Recorded Future South Korea Email Distribution payment Android Chrome Criminal Operation RATel UNC4736 Palo Alto Networks c&c TraderTraitor Malicious Traffic United Kingdom Linux MacOS LPEClient CryptoCore Volgmer Bankshot Telegram UNIX PLATINUM YouTube Gmail Twitter Booking LOTUS PANDA Clop CVSS Ucraina Check Point DPRK 피싱 RSA Conference Zscaler US Zero Trust ...
| No | Title | Date |
|---|---|---|
| 1 | 28th April – Threat Intelligence Report - Malware.News | 2025.04.28 |
| 2 | North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures - The Hacker News | 2025.04.25 |
| 3 | North Korean cyberespionage facilitated by bogus US firms, crackdown underway - Malware.News | 2025.04.25 |
| 4 | Beyond the Inbox: ThreatLabz 2025 Phishing Report Reveals How Phishing Is Evolving in the Age of GenAI - Malware.News | 2025.04.25 |
| 5 | Zoom attack tricks victims into allowing remote access to install malware and steal money - Malware.News | 2025.04.25 |
Additional information
| No | Title | Date |
|---|---|---|
| 1 | Employee monitoring app exposes users, leaks 21+ million screenshots - Malware.News | 2025.04.28 |
| 2 | Introducing XSIAM 3.0 - Malware.News | 2025.04.28 |
| 3 | Deploy Bravely with Prisma AIRS - Malware.News | 2025.04.28 |
| 4 | 2025 Cyber Resilience Research Discovers Speed of AI Advancing Emerging Attack Types - Malware.News | 2025.04.28 |
| 5 | Intel CEO Targets Change in Corporate Culture to Shape Up - Bloomberg Technology | 2025.04.28 |
| View only the last 5 | ||
| No | Title | Date |
|---|---|---|
| 1 | 28th April – Threat Intelligence Report - Malware.News | 2025.04.28 |
| 2 | 28th April – Threat Intelligence Report - Malware.News | 2025.04.28 |
| 3 | 28th April – Threat Intelligence Report - Malware.News | 2025.04.28 |
| 4 | Beyond the Inbox: ThreatLabz 2025 Phishing Report Reveals How Phishing Is Evolving in the Age of GenAI - Malware.News | 2025.04.25 |
| 5 | Beyond the Inbox: ThreatLabz 2025 Phishing Report Reveals How Phishing Is Evolving in the Age of GenAI - Malware.News | 2025.04.25 |
| View only the last 5 | ||
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| watch | A process attempted to delay the analysis task. |
| watch | Attempts to create or modify system certificates |
| watch | Communicates with host for which no DNS query was performed |
| watch | Connects to an IRC server |
| watch | Installs itself for autorun at Windows startup |
| watch | Looks for the Windows Idle Time to determine the uptime |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| notice | A process created a hidden window |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks adapter addresses which can be used to detect virtual network interfaces |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
| notice | Creates a shortcut to an executable file |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Creates hidden or system file |
| notice | Drops a binary and executes it |
| notice | Drops an executable to the user AppData folder |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | One or more potentially interesting buffers were extracted |
| notice | Performs some HTTP requests |
| notice | Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation |
| notice | Terminates another process |
| notice | Uses Windows utilities for basic Windows functionality |
| notice | Yara rule detected in process memory |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | Command line console output was observed |
| info | Queries for the computername |
| info | The executable uses a known packer |
| info | Uses Windows APIs to generate a cryptographic key |
| Network | ET DROP Spamhaus DROP Listed Traffic Inbound group 23 |
| Network | ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response |
| Network | ET INFO Executable Download from dotted-quad Host |
| Network | ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download |
| Network | ET POLICY PE EXE or DLL Windows file download HTTP |
| Network | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) |