Cyber Threat Trends

Summary: 2025/05/07 21:09

First reported date: 2015/03/11
Inquiry period : 2025/04/07 21:09 ~ 2025/05/07 21:09 (1 months), 29 search results

전 기간대비 59% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 SOC intelligence Operation attack team 입니다.
악성코드 유형 QakBot Ransomware Black Basta 도 새롭게 확인됩니다.
공격기술 RCE hacking 도 새롭게 확인됩니다.
기관 및 기업 Google Qualys Splunk Microsoft Proofpoint 도 새롭게 확인됩니다.
기타 NextGen cuttingedge Discover AIdriven Action 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
    ㆍ 2025/05/01 Webinar on demand: The ROI of SOC
    ㆍ 2025/05/01 Why top SOC teams are shifting to Network Detection and Response
    ㆍ 2025/04/26 Is Detection Engineering just glorified googling?

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	SOC	29	▲ 17 (59%)
2	intelligence	12	▲ 9 (75%)
3	Operation	9	▲ 2 (22%)
4	Malware	7	▼ -1 (-14%)
5	NextGen	5	▲ new
6	cuttingedge	5	▲ new
7	Discover	5	▲ new
8	AIdriven	5	▲ new
9	AI	4	▼ -1 (-25%)
10	attack	4	▲ 1 (25%)
11	Action	4	▲ new
12	Threats	4	▲ new
13	Report	3	- 0 (0%)
14	detection	3	▲ new
15	Takedown	2	▲ new
16	team	2	▲ 1 (50%)
17	Red Team	2	▲ new
18	RCE	2	▲ new
19	Google	2	▲ new
20	Top	2	▲ new
21	time	2	▲ new
22	MDR	2	- 0 (0%)
23	Vulnerability	2	▲ 1 (50%)
24	Response	2	▲ new
25	ANYRUN	2	▲ 1 (50%)
26	Webinar	2	▲ new
27	Threat	2	▲ 1 (50%)
28	target	2	- 0 (0%)
29	Software	2	▲ 1 (50%)
30	Amazon	1	- 0 (0%)
31	automation	1	- 0 (0%)
32	Commandandcontrol	1	▲ new
33	Data Center	1	▲ new
34	hacking	1	▲ new
35	Qualys	1	▲ new
36	Metrics	1	▲ new
37	Approach	1	▲ new
38	ConsensusDriven	1	▲ new
39	Dangerous	1	▲ new
40	efficiency	1	▲ new
41	increased	1	▲ new
42	Intezer	1	- 0 (0%)
43	Analyst	1	▲ new
44	Splunk	1	▲ new
45	Falcon	1	▲ new
46	visibility	1	▲ new
47	Gain	1	▲ new
48	MWNEWS	1	▲ new
49	ROI	1	▲ new
50	demand	1	▲ new
51	Network	1	▲ new
52	Transform	1	▲ new
53	SIEM	1	▲ new
54	pluggedin	1	▲ new
55	Vawtrak	1	▼ -1 (-100%)
56	isnt	1	▲ new
57	Enterprise	1	▲ new
58	Learning	1	▲ new
59	Microsoft	1	▲ new
60	activity	1	▲ new
61	false	1	▲ new
62	query	1	▲ new
63	Blue Team	1	▲ new
64	Sentinel	1	▲ new
65	Development	1	▲ new
66	Adlumins	1	▲ new
67	Sandbox	1	▲ new
68	Distribution	1	▲ new
69	Campaign	1	▼ -1 (-100%)
70	QakBot	1	▲ new
71	alert	1	▲ new
72	United States	1	▼ -3 (-300%)
73	Phishing	1	▼ -1 (-100%)
74	IoC	1	▲ new
75	Autonomous	1	▲ new
76	Ransomware	1	▲ new
77	Interactive	1	▲ new
78	secondleveldomaincommand	1	▲ new
79	evolution	1	▲ new
80	Blog	1	▲ new
81	SEKOIA	1	▲ new
82	domain	1	▲ new
83	SecondLevelDomainCommandandcontrol	1	▲ new
84	Black Basta	1	▲ new
85	Cyber Kill Chain	1	▲ new
86	State	1	▲ new
87	Zynq	1	▲ new
88	Email	1	- 0 (0%)
89	Workbench	1	▲ new
90	Protection	1	▲ new
91	Proofpoint	1	▲ new
92	Board	1	▲ new
93	tree	1	▲ new
94	Custom	1	▲ new
95	YouTube	1	▲ new
96	RATel	1	- 0 (0%)
97	Agentic	1	▲ new
98	Dawn	1	▲ new
99	engineering	1	▲ new
100	rule	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
Vawtrak		1 (20%)
QakBot		1 (20%)
Ransomware		1 (20%)
Black Basta		1 (20%)
RATel		1 (20%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
RCE		2 (40%)
hacking		1 (20%)
Campaign		1 (20%)
Phishing		1 (20%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
Google		2 (25%)
Amazon		1 (12.5%)
Qualys		1 (12.5%)
Splunk		1 (12.5%)
Microsoft		1 (12.5%)

Threat info

Last 5

SNS

(Total : 19)

Total keyword

Intelligence Operation MDR Microsoft Malware Takedown IoC Proofpoint Email

No	Title	Date
1	Kaspersky @kaspersky Threats evolve—your SOC must too. ???? Discover how cutting-edge intelligence, AI-driven analytics, and proactive strategies outpace adversaries. Learn to shift from reactive to predictive security with real-time data and integrated tools and elevate your SOC’s speed, precision, https://t.co/jtA3aF	2025.05.07
2	ANY.RUN @anyrun_app ????‍???? Gain better visibility into threats, speed up incident response, and improve team coordination with #ANYRUN Interactive Sandbox Join our FREE #webinar to explore actionable strategies for your #SOC ???? ???? Wed, May 14 Register now: https://t.co/ynpiQAumIR https://t.co/FnXc42vxqZ	2025.05.07
3	Kaspersky @kaspersky Next-Gen SOC: Intelligence in Action ???? Threats evolve fast—shouldn’t your SOC? Join our live webinar (May 15, 10 AM KST) to learn how: ✅ AI + Threat Intelligence slashes detection time ✅ Proactive strategies beat reactive firefighting ✅ Collective defense amplifies security https://t.co/nDrkIhCX	2025.05.05
4	Kaspersky @kaspersky Threats evolve—your SOC must too. ???? Discover how cutting-edge intelligence, AI-driven analytics, and proactive strategies outpace adversaries. Learn to shift from reactive to predictive security with real-time data and integrated tools and elevate your SOC’s speed, precision, https://t.co/wU81Lg	2025.05.05
5	Kaspersky @kaspersky Threats evolve—your SOC must too. ???? Discover how cutting-edge intelligence, AI-driven analytics, and proactive strategies outpace adversaries. Learn to shift from reactive to predictive security with real-time data and integrated tools and elevate your SOC’s speed, precision, https://t.co/NTCRKR	2025.05.01

News

(Total : 10)

Total keyword

Operation Malware attack Report intelligence Google Software Attacker target Vulnerability Red Team RCE hacking MDR Qualys Data Center Amazon Splunk Vawtrak Blue Team Takedown Ransomware Phishing United States QakBot Campaign Distribution Black Basta Cyber Kill Chain RATel Linux Windows Update Advertising YouTube

No	Title	Date
1	Webinar on demand: The ROI of SOC - Malware.News	2025.05.01
2	Why top SOC teams are shifting to Network Detection and Response - The Hacker News	2025.05.01
3	Is Detection Engineering just glorified googling? - Malware.News	2025.04.26
4	The Top 10 SOC Influencers Making Waves - Malware.News	2025.04.25
5	It’s Dangerous to Go Alone: A Consensus-Driven Approach to SOC Metrics - SANS Blog	2025.04.25

Additional information

No	Title	Date
1	Startup SimpleClosure Sees Boom In Giving Fellow Startups ‘Peace of Mind’ to Die - Bloomberg Technology	2025.05.07
2	Nitrogen Ransomware Exposed: How ANY.RUN Helps Uncover Threats to Finance - Malware.News	2025.05.07
3	Uber Posts Quarterly Bookings Miss as Rideshare Growth Slows - Bloomberg Technology	2025.05.07
4	State of the Underground 2025: Key Trends Shaping Cyber Risk Today - Malware.News	2025.05.07
5	State of ransomware in 2025 - Malware.News	2025.05.07
View only the last 5

No	Title	Date
1	Is Detection Engineering just glorified googling? - Malware.News	2025.04.26
2	Is Detection Engineering just glorified googling? - Malware.News	2025.04.26
3	The Top 10 SOC Influencers Making Waves - Malware.News	2025.04.25
4	The Top 10 SOC Influencers Making Waves - Malware.News	2025.04.25
5	The Top 10 SOC Influencers Making Waves - Malware.News	2025.04.25
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	bugai.exe Client SW User Data Stealer browser info stealer Generic Malware EnigmaProtector Themida Packer Google Chrome User Data Downloader UPX Malicious Packer Admin Tool (Sysinternals etc ...) Malicious Library Http API PWS Code injection Create Service Soc	04354f40a9b6cd2f8f76d1dd35c798c8	48522	2024.02.16
2	UMM.exe SmokeLoader HermeticWiper Emotet Gen1 njRAT Generic Malware UltraVNC PhysicalDrive Suspicious_Script_Bin Buhtrap Group Downloader Malicious Library UPX Malicious Packer Antivirus Admin Tool (Sysinternals etc ...) ASPack Confuser .NET Create Service Soc	3240f8928a130bb155571570c563200a	44981	2023.09.22

Level	Description
danger	Disables Windows Security features
danger	Executed a process and injected code into it
danger	File has been identified by 30 AntiVirus engines on VirusTotal as malicious
watch	Allocates execute permission to another process indicative of possible code injection
watch	Appends a known multi-family ransomware file extension to files that have been encrypted
watch	Attempts to access Bitcoin/ALTCoin wallets
watch	Attempts to disable Windows Auto Updates
watch	Attempts to stop active services
watch	Checks for the presence of known devices from debuggers and forensic tools
watch	Checks for the presence of known windows from debuggers and forensic tools
watch	Checks the CPU name from registry
watch	Checks the version of Bios
watch	Collects information about installed applications
watch	Communicates with host for which no DNS query was performed
watch	Detects the presence of Wine emulator
watch	Detects VirtualBox through the presence of a registry key
watch	Detects VMWare through the in instruction feature
watch	Found URLs in memory pointing to an IP address rather than a domain (potentially indicative of Command & Control traffic)
watch	Harvests credentials from local email clients
watch	Harvests credentials from local FTP client softwares
watch	Installs itself for autorun at Windows startup
watch	Network activity contains more than one unique useragent
watch	One or more non-whitelisted processes were created
watch	Potential code injection by writing to the memory of another process
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
watch	Uses Sysinternals tools in order to add additional command line functionality
notice	A process attempted to delay the analysis task.
notice	A process created a hidden window
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	An application raised an exception which may be indicative of an exploit crash
notice	An executable file was downloaded by the process bugai.exe
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Creates a suspicious process
notice	Creates executable files on the filesystem
notice	Creates hidden or system file
notice	Drops a binary and executes it
notice	Drops an executable to the user AppData folder
notice	Expresses interest in specific running processes
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	Looks up the external IP address
notice	One or more potentially interesting buffers were extracted
notice	Performs some HTTP requests
notice	Potentially malicious URLs were found in the process memory dump
notice	Queries for potentially installed applications
notice	Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
notice	Searches running processes potentially to identify processes for sandbox evasion
notice	Steals private information from local Internet browsers
notice	The binary likely contains encrypted or compressed data indicative of a packer
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	Collects information to fingerprint the system (MachineGuid
info	Command line console output was observed
info	One or more processes crashed
info	Queries for the computername
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)
info	Tries to locate where the browsers are installed
Network	ET DROP Spamhaus DROP Listed Traffic Inbound group 22
Network	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
Network	ET INFO Executable Download from dotted-quad Host
Network	ET INFO Packed Executable Download
Network	ET MALWARE [ANY.RUN] RisePro TCP (Activity)
Network	ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration)
Network	ET MALWARE [ANY.RUN] RisePro TCP (Token)
Network	ET MALWARE RisePro CnC Activity (Inbound)
Network	ET MALWARE RisePro TCP Heartbeat Packet
Network	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
Network	ET POLICY PE EXE or DLL Windows file download HTTP
Network	ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
Network	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

No data

Beta Service, If you select keyword, you can check detailed information.