popup

Cyber Threat Trends

  1. Week Month

Gemelli flickerflypro flickerfly

Summary: 2025/04/28 11:30

First reported date: 2011/05/25
Inquiry period : 2025/04/27 11:30 ~ 2025/04/28 11:30 (1 days), 1 search results

지난 7일 기간대비 -400% 낮은 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 Binance Logs 입니다.
기관 및 기업 Coinbase Europe 도 새롭게 확인됩니다.
기타 mixed Alleged 신규 키워드도 확인됩니다.

참고로 동일한 그룹의 악성코드 타입은 FormBook QakBot RedLine 등 101개 종이 확인됩니다.

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1Coinbase 1 ▲ new
2Binance 1 ▲ 1 (100%)
3Logs 1 ▲ 1 (100%)
4mixed 1 ▲ new
5Alleged 1 ▲ new
6Europe 1 ▲ new
7Stealer 1 ▼ -4 (-400%)
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

No data.

Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

No data.

Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Stealer
1 (100%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
Coinbase
1 (33.3%)
Binance
1 (33.3%)
Europe
1 (33.3%)
Threat info
Last 5

SNS

(Total : 1)
  Total keyword

Coinbase Binance Europe Stealer

No Title Date
1Dark Web Informer - Cyber Threat Intelligence @DarkWebInformer
???? Alleged Sale of 5k Coinbase & 5k Binance Stealer Logs A threat actor is offering stealer logs from Coinbase and Binance accounts, primarily from users in Europe and mixed countries. ???? Details:  ???? 5k Coinbase Logs (mainly EU) – 250$  ???? 5k Binance Logs (mixed countries) – https://t		2025.04.27

News

(Total : 0)

No data.

Additional information

No Title Date
1Navigating Through The Fog - Malware.News2025.04.28
2Huawei Set to Test Powerful AI Chip to Rival Nvidia’s, WSJ Says - Bloomberg Technology2025.04.28
3Gamers Beware! New Attack Targets Gamers to Deploy AgeoStealer Malware - Malware.News2025.04.26
4Threat Hunting: For what, when, and how? - Malware.News2025.04.26
5Detection Engineering Fundamentals: What makes a good alert? - Malware.News2025.04.26
View only the last 5
Level Description
danger File has been identified by 59 AntiVirus engines on VirusTotal as malicious
danger Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
danger Executed a process and injected code into it
watch Allocates execute permission to another process indicative of possible code injection
watch Attempts to remove evidence of file being downloaded from the Internet
watch Communicates with host for which no DNS query was performed
watch Potential code injection by writing to the memory of another process
watch Resumed a suspended thread in a remote process potentially indicative of process injection
watch Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice Allocates read-write-execute memory (usually to unpack itself)
notice One or more potentially interesting buffers were extracted
notice Potentially malicious URLs were found in the process memory dump
notice The binary likely contains encrypted or compressed data indicative of a packer
notice Yara rule detected in process memory
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info This executable has a PDB path
No data
No URL CC ASN Co Reporter Date
1https://ellctrum.com/532eee12-b94fas8/NordPass-Desktop-x86.exe
exe infostealer shadowharvest stealer trojan 		BG BGSKAT TV Ltd.ninjacatcher2025.04.26
2https://undo.sg/file.exe
Lumma lummac LummaStealer stealer 		UA UAanonymous2025.04.25
3https://osdugalic.edu.rs/Fhmcvdf.vdf
dll encrypted PureLogs stealer 		RS RSUnited Internet Ltd.dani55772025.04.23
4https://osdugalic.edu.rs/Txhkx.mp4
dll encrypted PureLogs stealer 		RS RSUnited Internet Ltd.dani55772025.04.23
5https://busvalescloud.b-cdn.net/NordPass-Desktop-x86.msix
msix shadowharvest stealer trojan 		ninjacatcher2025.04.23
View only the last 5
Beta Service, If you select keyword, you can check detailed information.