Cyber Threat Trends

Summary: 2025/04/19 11:31

First reported date: 2011/06/21
Inquiry period : 2025/03/20 11:31 ~ 2025/04/19 11:31 (1 months), 96 search results

전 기간대비 -42% 낮은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 target attack malicious Trojan Operation 입니다.
공격기술 RCE 도 새롭게 확인됩니다.
기타 chain python Multiple Alleged 해커 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/18 Dark Web Market: STYX Market
    ㆍ 2025/04/17 Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers
    ㆍ 2025/04/17 “I sent you an email from your email account,” sextortion scam claims

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	Cryptocurrency	96	▼ -40 (-42%)
2	Malware	56	▼ -17 (-30%)
3	Campaign	34	▼ -17 (-50%)
4	Report	33	▼ -1 (-3%)
5	target	29	▲ 4 (14%)
6	attack	24	▲ 2 (8%)
7	Victim	21	▼ -8 (-38%)
8	Criminal	19	▼ -8 (-42%)
9	Phishing	18	▼ -6 (-33%)
10	United States	17	▼ -7 (-41%)
11	Update	16	▼ -6 (-38%)
12	Advertising	16	- 0 (0%)
13	Software	15	- 0 (0%)
14	malicious	14	▲ 11 (79%)
15	Trojan	14	▲ 2 (14%)
16	North Korea	14	▼ -14 (-100%)
17	Microsoft	14	- 0 (0%)
18	Exploit	14	▼ -14 (-100%)
19	Email	13	▼ -5 (-38%)
20	Operation	12	▲ 5 (42%)
21	Stealer	11	▼ -11 (-100%)
22	Ransomware	11	▼ -7 (-64%)
23	c&c	10	▼ -5 (-50%)
24	intelligence	10	▼ -3 (-30%)
25	Telegram	10	▼ -12 (-120%)
26	Social Engineering	9	▲ 4 (44%)
27	hacking	9	▼ -14 (-156%)
28	Remote Code Execution	9	▼ -7 (-78%)
29	Crypto	9	▼ -13 (-144%)
30	Distribution	8	▼ -5 (-63%)
31	Vulnerability	8	▼ -7 (-88%)
32	Windows	8	▼ -9 (-113%)
33	Russia	8	▼ -17 (-213%)
34	Browser	8	▼ -2 (-25%)
35	Supply chain	8	▲ 6 (75%)
36	Cryptocurrency Miner	8	▲ 3 (38%)
37	Android	8	▲ 2 (25%)
38	Banking	7	- 0 (0%)
39	Java	7	▲ 2 (29%)
40	Lazarus	7	▼ -9 (-129%)
41	hijack	7	▼ -1 (-14%)
42	Kaspersky	7	▼ -21 (-300%)
43	MWNEWS	7	▲ 4 (57%)
44	RCE	6	▲ new
45	DarkWeb	6	▼ -5 (-83%)
46	Password	6	▼ -4 (-67%)
47	supply	6	▲ 5 (83%)
48	payment	6	▲ 1 (17%)
49	package	5	▲ 4 (80%)
50	npm	5	▲ 4 (80%)
51	US	5	▲ 2 (40%)
52	China	5	▼ -7 (-140%)
53	Education	5	▼ -2 (-40%)
54	United Kingdom	5	▲ 2 (40%)
55	NetWireRC	5	▼ -6 (-120%)
56	GitHub	5	▼ -12 (-240%)
57	Government	5	▼ -4 (-80%)
58	chain	5	▲ new
59	Google	5	▼ -4 (-80%)
60	bitcoin	5	▼ -19 (-380%)
61	RATel	5	▲ 2 (40%)
62	Japan	4	▲ 1 (25%)
63	LinkedIn	4	▼ -1 (-25%)
64	IoC	4	▼ -9 (-225%)
65	South Korea	4	▲ 2 (50%)
66	Binance	4	▲ 2 (50%)
67	threat	4	▼ -2 (-50%)
68	Hijacking	4	▼ -2 (-50%)
69	python	4	▲ new
70	MFA	4	▼ -1 (-25%)
71	GameoverP2P	4	▼ -2 (-50%)
72	RAT	4	▼ -2 (-50%)
73	Multiple	3	▲ new
74	Malvertising	3	▲ 2 (67%)
75	TraderTraitor	3	▲ 1 (33%)
76	Alleged	3	▲ new
77	Takedown	3	▲ 1 (33%)
78	DPRK	3	▼ -4 (-133%)
79	북한	3	▼ -2 (-67%)
80	Coinbase	3	▼ -1 (-33%)
81	해커	3	▲ new
82	DDoS	3	▼ -2 (-67%)
83	powershell	3	▼ -5 (-167%)
84	ReversingLabs	3	▲ new
85	Chrome	3	▼ -1 (-33%)
86	Botnet	3	▲ 2 (67%)
87	PyPI	3	▲ new
88	Tornado	3	▲ new
89	Cash	3	▲ new
90	Germany	3	▲ 1 (33%)
91	Italy	3	▲ 2 (67%)
92	arrest	3	▲ 2 (67%)
93	Linux	3	- 0 (0%)
94	Twitter	2	▼ -9 (-450%)
95	heist	2	▼ -1 (-50%)
96	PoisonSeed	2	▲ new
97	Ucraina	2	▼ -4 (-200%)
98	MEXC	2	▲ new
99	Clipbanker	2	▲ new
100	Apple	2	▼ -1 (-50%)

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
Trojan		14 (25%)
Ransomware		11 (19.6%)
Cryptocurrency Miner		8 (14.3%)
NetWireRC		5 (8.9%)
RATel		5 (8.9%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
Lazarus		7 (70%)
TraderTraitor		3 (30%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Campaign		34 (26%)
Phishing		18 (13.7%)
Exploit		14 (10.7%)
Stealer		11 (8.4%)
Social Engineering		9 (6.9%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
United States		17 (13.1%)
North Korea		14 (10.8%)
Microsoft		14 (10.8%)
Russia		8 (6.2%)
Banking		7 (5.4%)

Threat info

Last 5

SNS

(Total : 23)

Total keyword

Cryptocurrency Campaign Malware Report target attack Email US Attacker Trojan DPRK United States North Korea bitcoin Android Java GitHub Advertising Proofpoint Ransomware Exploit Operation Victim Microsoft TraderTraitor LinkedIn Software Malvertising hijack Hijacking nft NetWireRC DarkWeb RAT Banking hacking Phishing ...

No	Title	Date
1	Kimberly @StopMalvertisin Dark Reading \| Could Ransomware Survive Without Cryptocurrency? https://t.co/nFt8s0Qmme	2025.04.18
2	Virus Bulletin @virusbtn Palo Alto's Prashil Pattni looks into a Slow Pisces (aka Jade Sleet, TraderTraitor, PUKCHONG) campaign targeting cryptocurrency developers on LinkedIn, posing as potential employers and sending malware disguised as coding challenges. https://t.co/gAuweiWhrF https://t.co/kFd2mGP7DM	2025.04.15
3	Proofpoint @proofpoint Using a variety of AI-based threat detection techniques and curated threat intel from researchers, Proofpoint identifies attacks that other vendors miss. Here's how our #HumanCentricSecurity approach detected and blocked a widespread bitcoin scam. https://t.co/psXZikI3N6	2025.04.15
4	ThreatMon @MonThreat ???????? ???? Alleged Sale of Multiple Crypto Databases from the US A threat actor has claimed to have put up for sale several databases belonging to US-based cryptocurrency platforms. The leaked data includes personally identifiable information such as names, email addresses, phone https://t.co/Mh	2025.04.15
5	Microsoft Threat Intelligence @MsftSecIntel Recent observed attacks include a malvertising campaign related to cryptocurrency trading, luring users into downloading a malicious installer disguised as legitimate software. Another notable technique involves inline JavaScript execution via Node.js to deploy malware.	2025.04.15

News

(Total : 73)

Total keyword

Cryptocurrency Malware Report Campaign target attack Victim Criminal Phishing Update Advertising United States Attacker Software Exploit Microsoft Trojan North Korea Operation Stealer intelligence Email Telegram c&c Ransomware Remote Code Execution Social Engineering Vulnerability Distribution Browser Supply chain Russia hacking Windows Lazarus Kaspersky Cryptocurrency Miner RCE hijack Android Banking payment Java United Kingdom Password Google China Government RATel Education DarkWeb Japan Binance GameoverP2P South Korea GitHub NetWireRC IoC MFA powershell DDoS LinkedIn RAT Takedown Italy Bitcoin Chrome Botnet Hijacking 북한 Coinbase arrest Germany Linux Gmail Backdoor ClickFix Twitter Spain Akamai Ucraina Türkiye YouTube Europe Grandoreiro ...

No	Title	Date
1	Dark Web Market: STYX Market - Malware.News	2025.04.18
2	Blockchain Offers Security Benefits – But Don't Neglect Your Passwords - The Hacker News	2025.04.17
3	Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers - The Hacker News	2025.04.17
4	“I sent you an email from your email account,” sextortion scam claims - Malware.News	2025.04.17
5	Malicious crypto developer-targeted coding challenges spread infostealers - Malware.News	2025.04.16

Additional information

No	Title	Date
1	Tesla to Delay Production of Cheaper EVs, Reuters Reports - Bloomberg Technology	2025.04.19
2	When Vulnerability Information Flows are Vulnerable Themselves - Malware.News	2025.04.19
3	CISA warns threat hunting staff of end to Google, Censys contracts as agency cuts set in - Malware.News	2025.04.19
4	Radiology practice reportedly working with FBI after ‘data security incident’ - Malware.News	2025.04.19
5	Text scams grow to steal hundreds of millions of dollars - Malware.News	2025.04.19
View only the last 5

No	Title	Date
1	Dark Web Market: STYX Market - Malware.News	2025.04.18
2	Dark Web Market: STYX Market - Malware.News	2025.04.18
3	Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers - The Hacker News	2025.04.17
4	Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers - The Hacker News	2025.04.17
5	Threat Intelligence Snapshot: Week 14, 2025 - Malware.News	2025.04.16
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	conhost.exe XMRig Miner Emotet Cryptocurrency Miner Suspicious_Script_Bin Generic Malware CoinHive Cryptocurrency task schedule Downloader Malicious Library UPX Malicious Packer Antivirus .NET framework(MSIL) Create Service Socket DGA Http API ScreenShot Escalate pri	8378455f7c8a30d74b355adaf576a10b	50845	2024.06.11
2	conhost.exe XMRig Miner Emotet Cryptocurrency Miner Generic Malware Suspicious_Script_Bin CoinHive Cryptocurrency task schedule Downloader Malicious Library UPX Antivirus Malicious Packer .NET framework(MSIL) Create Service Socket DGA Http API ScreenShot Escalate pri	0c648321522607509014810fa9850703	46656	2023.11.20
3	IE.exe PWS[m] Gen1 RAT Cryptocurrency Miner Generic Malware task schedule CoinHive Cryptocurrency UPX WinRAR Malicious Library Malicious Packer Antivirus Anti_VM Create Service DGA Socket ScreenShot DNS Internet API Code injection Sniff Audio HTTP Steal credenti	d55af7419949eb1630bf0e6b3684166e	26373	2022.05.02
4	64a1.com PWS[m] Cryptocurrency Miner Generic Malware CoinHive Cryptocurrency UPX WinRAR Malicious Library Malicious Packer Create Service DGA Socket ScreenShot DNS BitCoin Internet API Code injection Sniff Audio HTTP Steal credential KeyLogger P2P Downloader Esca	def5558538f028028677e6118b46009d	26377	2022.05.02
5	http://regalosfreaks.blogspot.... AgentTesla CoinHive Cryptocurrency Http API Internet API ScreenShot DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Steal credential Downloader P2P persistence AntiDebug AntiVM PNG Format JPE	d808b4bbb918207dd54b242b2339afec	12072	2021.06.08
View only the last 5

Level	Description
danger	File has been identified by 35 AntiVirus engines on VirusTotal as malicious
watch	A process attempted to delay the analysis task.
watch	Attempts to create or modify system certificates
watch	Communicates with host for which no DNS query was performed
watch	Connects to an IRC server
watch	Installs itself for autorun at Windows startup
watch	Looks for the Windows Idle Time to determine the uptime
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	A process created a hidden window
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Checks adapter addresses which can be used to detect virtual network interfaces
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Creates a shortcut to an executable file
notice	Creates a suspicious process
notice	Creates executable files on the filesystem
notice	Creates hidden or system file
notice	Drops a binary and executes it
notice	Drops an executable to the user AppData folder
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	One or more potentially interesting buffers were extracted
notice	Performs some HTTP requests
notice	Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
notice	Terminates another process
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	Command line console output was observed
info	Queries for the computername
info	The executable uses a known packer
info	Uses Windows APIs to generate a cryptographic key
Network	ET DROP Spamhaus DROP Listed Traffic Inbound group 23
Network	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
Network	ET INFO Executable Download from dotted-quad Host
Network	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
Network	ET POLICY PE EXE or DLL Windows file download HTTP
Network	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

No data

Beta Service, If you select keyword, you can check detailed information.