Cyber Threat Trends

Summary: 2025/04/17 13:09

First reported date: 2014/05/13
Inquiry period : 2025/03/18 13:09 ~ 2025/04/17 13:09 (1 months), 14 search results

전 기간대비 43% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 HTTP Next stage 입니다.
기타 Remote Request Vulnerability CVE Alert 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
ㆍ 2025/03/26 [UPDATE] [mittel] Varnish HTTP Cache: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
ㆍ 2025/03/19 [NEU] [mittel] Varnish HTTP Cache: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	HTTP	14	▲ 6 (43%)
2	Next	3	▲ 1 (33%)
3	stage	3	▲ 1 (33%)
4	Remote	3	▲ new
5	Request	2	▲ new
6	Vulnerability	2	▲ new
7	CVE	2	▲ new
8	Alert	2	▲ new
9	Varnish	2	▲ new
10	Cache	2	▲ new
11	Schwachstelle	2	▲ new
12	von	2	▲ new
13	crond	1	▲ new
14	AV	1	▲ new
15	opendir	1	▲ new
16	httpstcoZOUNJmYwkc	1	▲ new
17	Open Directory	1	▲ new
18	VT	1	▲ new
19	openwinsys	1	▲ new
20	Token	1	▲ new
21	Status	1	▲ new
22	Codes	1	▲ new
23	Vite	1	▲ new
24	FUD	1	▲ new
25	emacsbin	1	▲ new
26	QRadar Security Suite	1	▲ new
27	IBMi	1	▲ new
28	Navigator	1	▲ new
29	target	1	▲ new
30	NetWeaver	1	▲ new
31	Remote Code Execution	1	▼ -1 (-100%)
32	Malware	1	▼ -1 (-100%)
33	sign	1	▲ new
34	MWNEWS	1	▲ new
35	Headers	1	▲ new
36	Sun	1	▲ new
37	Update	1	▼ -1 (-100%)
38	Rejetto	1	▲ new
39	SAP	1	▲ new
40	File	1	▲ new
41	Server	1	▲ new
42	Panel	1	▲ new
43	English	1	▲ new
44	Polish	1	▲ new
45	available	1	▲ new
46	unauthenticated	1	▲ new
47	thorscanner	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

No data.

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Remote Code Execution		1 (100%)

Country & Company

This is a country or company that is an issue.

No data.

Threat info

Last 5

SNS

(Total : 8)

Total keyword

CVE Vulnerability target Open Directory opendir Attacker

No	Title	Date
1	MalwareHunterTeam @malwrhunterteam "2.bat": 3d6683feef58cffa20cd20011edae2f246349716c78ab695dda49ee9467ac13b From: http://46.101.106.166/makina/2.bat FUD by the AV engines on VT, but there are 5 @thor_scanner comments... ???? ????‍♂️ https://t.co/P7nwIQ6x1m	2025.04.16
2	MalwareHunterTeam @malwrhunterteam Next stage samples: "emacs-bin": 6166cb1efea2c4e6695e59eccc9e4722759405f5d175732d6f7569c40a07ccce From: http://165.232.114.63/emacs-bin "crond-98": ae66a9a04166eeb0df5a6ccf6f4208e10a522c5576243b5d726f63b8b81969d5 From: http://165.22.251.224/crond-98	2025.04.16
3	Hunter @HunterMapping ????Alert???? CVE-2025-32395: Vite HTTP Request Target Denial of Service ????PoC：https://t.co/bzUltBnylZ ????286K+ Services are found on the https://t.co/ysWb28Crld yearly. ????Hunter Link:https://t.co/qafv4mcEr6 ????Query HUNTER : https://t.co/q9rtuGgxk7="Vite" FOFA : body="/@vite/client" https://t	2025.04.11
4	Dark Web Informer - Cyber Threat Intelligence @DarkWebInformer ????HTTP Status Codes https://t.co/LeXgnj9aSX	2025.04.10
5	MalwareHunterTeam @malwrhunterteam Next stage files are in this opendir: http://185.241.61.14/21esr/ https://t.co/ZOUNJmYwkc	2025.04.04

News

(Total : 6)

Total keyword

QRadar Security Suite Remote Code Execution Update Malware

No	Title	Date
1	[webapps] IBMi Navigator 7.5 - HTTP Security Token Bypass - Exploit-DB.com	2025.04.15
2	[remote] SAP NetWeaver - 7.53 - HTTP Request Smuggling - Exploit-DB.com	2025.04.02
3	[webapps] Rejetto HTTP File Server 2.3m - Remote Code Execution (RCE) - Exploit-DB.com	2025.03.28
4	[UPDATE] [mittel] Varnish HTTP Cache: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen - IT Sicherheitsnews	2025.03.26
5	Let's Talk About HTTP Headers., (Sun, Mar 23rd) - Malware.News	2025.03.24

Additional information

No	Title	Date
1	엔디비아 'AI 심장부' GPU에 보안 구멍.. '즉시 패치' 비상 - 시큐리티팩트	2025.04.17
2	Hi, robot: Half of all internet traffic now automated - Malware.News	2025.04.17
3	Zoom Sees Outage With 50,000 Users Reporting Availability Issues - Bloomberg Technology	2025.04.17
4	Nude photos and names: KU Health and Kansas hospital sued for data breach - Malware.News	2025.04.17
5	DeepSeek Poses ‘Profound’ Security Threat, US House Panel Claims - Bloomberg Technology	2025.04.17
View only the last 5

No	Title	Date
1	HTTP/3 is everywhere but nowhere - Malware.News	2025.03.13
2	HTTP/3 is everywhere but nowhere - Malware.News	2025.03.13
3	HTTP/3 is everywhere but nowhere - Malware.News	2025.03.13
4	HTTP/3 is everywhere but nowhere - Malware.News	2025.03.13
5	HTTP/3 is everywhere but nowhere - Malware.News	2025.03.13
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	layout.bin Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File	72c582ab7db10af86a90608f98e5e614	59058	2025.04.17
2	os.dat Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File	af1d8d9435cb10fe2f4b4215eaf6bec4	59059	2025.04.17
3	setup.bmp Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM BMP Format MSOffice File	f1874e4041a511771e01e079227ca8ca	59060	2025.04.17
4	SETUP.INI Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File	ac9d9386a57420db9299eb1be1fa82de	59062	2025.04.17
5	setup.ins Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File	89ab96b20f7b472b91e8a0660054394c	59063	2025.04.17
View only the last 5

Level	Description
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	Potentially malicious URLs were found in the process memory dump
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
Network	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

No data

Beta Service, If you select keyword, you can check detailed information.