Cyber Threat Trends

Summary: 2025/04/17 15:53

First reported date: 2010/05/28
Inquiry period : 2025/03/18 15:53 ~ 2025/04/17 15:53 (1 months), 14 search results

전 기간대비 29% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 keylogger Victim ThreatProtection attack Windows 입니다.
악성코드 유형 Trojan TONESHELL GameoverP2P PlugX Amadey Lobshot Lumma 도 새롭게 확인됩니다.
공격기술 MalSpam Stealer Dropper hijack downloader 도 새롭게 확인됩니다.
기관 및 기업 Zscaler Government Kaspersky Europe Microsoft Africa Recorded Future Japan 도 새롭게 확인됩니다.
기타 EDR Cobalt Strike c&c MUSTANG PANDA IoC 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/17 Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2
    ㆍ 2025/04/17 Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1
    ㆍ 2025/04/14 A week in security (April 7 – April 13)

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	keylogger	14	▲ 4 (29%)
2	Malware	6	▼ -1 (-17%)
3	Victim	5	▲ 4 (80%)
4	ThreatProtection	4	▲ 3 (75%)
5	attack	4	▲ 3 (75%)
6	Windows	4	▲ 1 (25%)
7	Campaign	4	▲ 3 (75%)
8	Backdoor	3	▲ 2 (67%)
9	EDR	3	▲ new
10	SnakeKeylogger	3	▲ 1 (33%)
11	Advertising	3	▲ 2 (67%)
12	Update	3	▲ 2 (67%)
13	Cobalt Strike	3	▲ new
14	c&c	3	▲ new
15	Trojan	3	▲ new
16	MUSTANG PANDA	3	▲ new
17	MalSpam	3	▲ new
18	Zscaler	3	▲ new
19	target	3	- 0 (0%)
20	Stealer	3	▲ new
21	IoC	3	▲ new
22	Dropper	2	▲ new
23	Exploit	2	▼ -1 (-50%)
24	TONESHELL	2	▲ new
25	cybercrime	2	▲ new
26	NortonLifeLock	2	▲ 1 (50%)
27	GitHub	2	▲ new
28	China	2	- 0 (0%)
29	Maryland	2	▲ new
30	Government	2	▲ new
31	pharmacist	2	▲ new
32	multistage	2	▲ new
33	Operation	2	▲ new
34	Kaspersky	2	▲ new
35	hijack	2	▲ new
36	Phishing	2	▼ -1 (-50%)
37	Email	2	▼ -1 (-50%)
38	Report	2	▲ new
39	Ransomware	2	▲ 1 (50%)
40	Europe	2	▲ new
41	employment	1	▲ new
42	agency	1	▲ new
43	April	1	▲ new
44	Turkeys	1	▲ new
45	Last	1	▲ new
46	SplatCloak	1	▲ new
47	Google	1	- 0 (0%)
48	ZeroDay	1	▲ new
49	driver	1	▲ new
50	GameoverP2P	1	▲ new
51	İŞKUR	1	▲ new
52	Türkiye	1	- 0 (0%)
53	ThreatLabz	1	▲ new
54	exploration	1	▲ new
55	Mustang	1	▲ new
56	Panda	1	▲ new
57	PlugX	1	▲ new
58	schtasks	1	▲ new
59	Microsoft	1	▲ new
60	server	1	▲ new
61	StarProxy	1	▲ new
62	file	1	▲ new
63	UNIX	1	▲ new
64	C2	1	▲ new
65	WhatsApp	1	▲ new
66	Amadey	1	▲ new
67	Lobshot	1	▲ new
68	malicious	1	▲ new
69	VIPKeyLogger	1	▲ new
70	日本	1	▲ new
71	downloader	1	▲ new
72	JS	1	▲ new
73	Labs	1	▲ new
74	Seqrite	1	- 0 (0%)
75	Q4	1	▲ new
76	percentage	1	▲ new
77	sector	1	▲ new
78	ICS	1	▲ new
79	Africa	1	▲ new
80	Software	1	▼ -4 (-400%)
81	Remote Code Execution	1	- 0 (0%)
82	Browser	1	- 0 (0%)
83	Criminal	1	▼ -1 (-100%)
84	Lumma	1	▲ new
85	corporate	1	▲ new
86	fake	1	▲ new
87	Android	1	▲ new
88	Recorded	1	▲ new
89	recent	1	▲ new
90	home	1	▲ new
91	personal	1	▲ new
92	Man	1	▲ new
93	Magic Kitten	1	▲ new
94	Recorded Future	1	▲ new
95	Future	1	▲ new
96	Record	1	▲ new
97	Japan	1	▲ new
98	decade	1	▲ new
99	variety	1	▲ new
100	notorious	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
SnakeKeylogger		3 (20%)
Trojan		3 (20%)
TONESHELL		2 (13.3%)
Ransomware		2 (13.3%)
GameoverP2P		1 (6.7%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Campaign		4 (17.4%)
Backdoor		3 (13%)
MalSpam		3 (13%)
Stealer		3 (13%)
Dropper		2 (8.7%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
Zscaler		3 (17.6%)
China		2 (11.8%)
Government		2 (11.8%)
Kaspersky		2 (11.8%)
Europe		2 (11.8%)

Threat info

Last 5

SNS

(Total : 8)

Total keyword

keylogger Campaign SnakeKeylogger MalSpam Stealer Recorded Future Victim Türkiye target Zscaler EDR MUSTANG PANDA Email downloader Malware Advertising IoC Japan attack iocs Cobalt Strike

No	Title	Date
1	Zscaler ThreatLabz @Threatlabz Zscaler ThreatLabz continues its exploration of Mustang Panda tools by analyzing two new keyloggers that we have named PAKLOG & CorKLOG, and an EDR tampering tool that we have named SplatCloak. Learn how this APT evades detection: https://t.co/xpSVDVTATu https://t.co/FNu1FmqIzd	2025.04.16
2	Threat Intelligence @threatintel #ThreatProtection Turkey’s employment agency (İŞKUR) impersonated in a Snake Keylogger malspam campaign targeting organizations across the country. https://t.co/MobFkRu6Ev #Cybercrime #Cybersecurity	2025.04.15
3	Kimberly @StopMalvertisin The Record by Recorded Future \| Maryland pharmacist used keyloggers to spy on coworkers for a decade, victim alleges https://t.co/5LajQxpHNL	2025.04.05
4	ANY.RUN @anyrun_app ???? #MassLogger is a stealer and #keylogger notorious for its variety of infection and evasion techniques. As low-cost #MaaS, it is accessible by a wide audience of malefactors. Learn more & collect #IOCs to strengthen company's security: https://t.co/in4O7tpo27 https://t.co/lXfgoicFvM	2025.03.31
5	Threat Intelligence @threatintel #ThreatProtection #SnakeKeylogger - new multistage info-stealer campaign. Read more about Symantec's protection: https://t.co/6ywCIelzbV	2025.03.31

News

(Total : 6)

Total keyword

keylogger Malware Victim Windows Trojan Update Backdoor c&c attack Government Dropper IoC target hijack Advertising GitHub EDR Operation MUSTANG PANDA Zscaler Europe TONESHELL China Cobalt Strike Exploit Ransomware Attacker Report Phishing Kaspersky Amadey UNIX C2 Microsoft schtasks PlugX GameoverP2P Google Lumma Criminal Stealer Browser Email Remote Code Execution Software Africa ZeroDay Magic Kitten Android Lobshot WhatsApp

No	Title	Date
1	Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak \| P2 - Malware.News	2025.04.17
2	Latest Mustang Panda Arsenal: ToneShell and StarProxy \| P1 - Malware.News	2025.04.17
3	A week in security (April 7 – April 13) - Malware.News	2025.04.14
4	Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home - Malwarebytes Labs	2025.04.09
5	Maryland pharmacist used keyloggers to spy on coworkers for a decade, victim alleges - The Record / James Reddick / malpedia	2025.04.05

Additional information

No	Title	Date
1	엔디비아 'AI 심장부' GPU에 보안 구멍.. '즉시 패치' 비상 - 시큐리티팩트	2025.04.17
2	Hi, robot: Half of all internet traffic now automated - Malware.News	2025.04.17
3	Zoom Sees Outage With 50,000 Users Reporting Availability Issues - Bloomberg Technology	2025.04.17
4	Nude photos and names: KU Health and Kansas hospital sued for data breach - Malware.News	2025.04.17
5	DeepSeek Poses ‘Profound’ Security Threat, US House Panel Claims - Bloomberg Technology	2025.04.17
View only the last 5

No	Title	Date
1	Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak \| P2 - Malware.News	2025.04.17
2	Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak \| P2 - Malware.News	2025.04.17
3	Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak \| P2 - Malware.News	2025.04.17
4	Latest Mustang Panda Arsenal: ToneShell and StarProxy \| P1 - Malware.News	2025.04.17
5	A week in security (April 7 – April 13) - Malware.News	2025.04.14
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	layout.bin Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File	72c582ab7db10af86a90608f98e5e614	59058	2025.04.17
2	os.dat Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File	af1d8d9435cb10fe2f4b4215eaf6bec4	59059	2025.04.17
3	setup.bmp Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM BMP Format MSOffice File	f1874e4041a511771e01e079227ca8ca	59060	2025.04.17
4	SETUP.INI Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File	ac9d9386a57420db9299eb1be1fa82de	59062	2025.04.17
5	setup.ins Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File	89ab96b20f7b472b91e8a0660054394c	59063	2025.04.17
View only the last 5

Level	Description
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	Potentially malicious URLs were found in the process memory dump
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
Network	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

No data

No	URL	CC	ASN Co	Reporter	Date
1	https://tinyfilemanagerdemo.alwaysdata.net/user/files/b.exe alwaysdata exe keylogger	FR	Alwaysdata Sarl	user1222	2025.02.23
2	http://141.147.43.219:3000/ftp/EmmetPROD.exe exe keylogger lazy	SE		Riordz	2025.01.31
3	http://107.172.148.212/260/cvss.exe exe keylogger snake	US	AS-COLOCROSSING	Riordz	2025.01.30
4	http://caca.vercel.app/file.exe keylogger	US		abus3reports	2024.12.06
5	https://raw.githubusercontent.com/cheetz/nishang/master/Gather/Keylogger.ps1 keylogger	US	FASTLY	abus3reports	2024.12.06
View only the last 5

Beta Service, If you select keyword, you can check detailed information.