Cyber Threat Trends

Summary: 2025/05/04 07:27

First reported date: 2007/03/20
Inquiry period : 2025/04/04 07:27 ~ 2025/05/04 07:27 (1 months), 56 search results

전 기간대비 -25% 낮은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 RAT Telegram China GitHub hijack 입니다.
악성코드 유형 TONESHELL Clipbanker 도 새롭게 확인됩니다.
공격기술 RCE Hijacking 도 새롭게 확인됩니다.
기관 및 기업 Chinese India Zscaler United Kingdom 도 새롭게 확인됩니다.
기타 WhatsApp Uyghur Firmware ResolverRAT ThreatProtection 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
    ㆍ 2025/05/02 MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks
    ㆍ 2025/04/30 Threat Actors are Targeting US Tax-Session with new Tactics of Stealerium-infostealer
    ㆍ 2025/04/30 Nebulous Mantis Targets NATO-Linked Entities with Multi-Stage Malware Attacks

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	Trojan	56	▼ -14 (-25%)
2	Malware	38	▼ -13 (-34%)
3	Campaign	23	▼ -1 (-4%)
4	target	23	▼ -3 (-13%)
5	attack	21	▼ -2 (-10%)
6	Phishing	18	▼ -8 (-44%)
7	RAT	17	▲ 2 (12%)
8	Kaspersky	14	▼ -5 (-36%)
9	Advertising	13	▼ -3 (-23%)
10	Report	13	▼ -10 (-77%)
11	NetWireRC	13	▼ -4 (-31%)
12	Update	12	▼ -1 (-8%)
13	Exploit	12	▼ -2 (-17%)
14	Software	11	▼ -3 (-27%)
15	Windows	11	▼ -3 (-27%)
16	Android	11	▼ -6 (-55%)
17	Cryptocurrency	10	▼ -1 (-10%)
18	c&c	10	- 0 (0%)
19	Microsoft	9	- 0 (0%)
20	RCE	9	▲ new
21	Telegram	8	▲ 3 (38%)
22	China	7	▲ 3 (43%)
23	Email	7	▼ -6 (-86%)
24	Victim	7	▼ -13 (-186%)
25	Distribution	7	▼ -1 (-14%)
26	IoC	7	▼ -3 (-43%)
27	Browser	7	▼ -3 (-43%)
28	intelligence	6	▼ -2 (-33%)
29	GitHub	6	▲ 5 (83%)
30	Backdoor	6	▼ -5 (-83%)
31	Operation	6	- 0 (0%)
32	Criminal	6	▼ -7 (-117%)
33	Russia	6	▼ -5 (-83%)
34	powershell	6	▼ -1 (-17%)
35	United States	5	▼ -3 (-60%)
36	hijack	5	▲ 3 (60%)
37	Vulnerability	5	▼ -3 (-60%)
38	file	5	▲ 2 (40%)
39	Stealer	5	▼ -7 (-140%)
40	Government	5	▼ -1 (-20%)
41	Tarot	5	▲ 1 (20%)
42	Hackers	4	▲ 1 (25%)
43	Linux	4	- 0 (0%)
44	Banking	4	▼ -18 (-450%)
45	WhatsApp	4	▲ new
46	Remote	4	▲ 1 (25%)
47	Triada	3	▲ 1 (33%)
48	Chinese	3	▲ new
49	malicious	3	▼ -2 (-67%)
50	Uyghur	3	▲ new
51	hacking	3	▼ -4 (-133%)
52	Password	3	▼ -4 (-133%)
53	ChatGPT	3	▲ 2 (67%)
54	ZeroDay	3	- 0 (0%)
55	Spain	3	▼ -2 (-67%)
56	Java	3	▲ 2 (67%)
57	Ransomware	3	▼ -7 (-233%)
58	Firmware	3	▲ new
59	TROJANS	3	- 0 (0%)
60	Chrome	3	▼ -1 (-33%)
61	payment	3	▲ 2 (67%)
62	GameoverP2P	3	▲ 1 (33%)
63	DDoS	3	▲ 1 (33%)
64	Cisco	3	▼ -1 (-33%)
65	BREAKING	3	- 0 (0%)
66	Threat	3	▼ -1 (-33%)
67	EDR	3	- 0 (0%)
68	ResolverRAT	3	▲ new
69	Cloudflare	2	▲ 1 (50%)
70	India	2	▲ new
71	Zscaler	2	▲ new
72	TONESHELL	2	▲ new
73	RSA Conference	2	▼ -3 (-150%)
74	access	2	▼ -1 (-50%)
75	keylogger	2	▲ 1 (50%)
76	VirusTotal	2	▼ -1 (-50%)
77	Hijacking	2	▲ new
78	Supply chain	2	- 0 (0%)
79	ThreatProtection	2	▲ new
80	Cobalt Strike	2	▼ -2 (-100%)
81	CISA	2	▼ -1 (-50%)
82	Europe	2	▼ -1 (-50%)
83	NortonLifeLock	2	▲ new
84	IoT	2	▲ new
85	United Kingdom	2	▲ new
86	Trojanized	2	▲ new
87	Google	2	▼ -7 (-350%)
88	AsyncRAT	2	- 0 (0%)
89	Targets	2	▲ new
90	Infrastructure	2	▲ new
91	MUSTANG PANDA	2	▲ new
92	World	2	▲ new
93	GhostWeaver	2	▲ new
94	MintsLoader	2	▲ new
95	Clipbanker	2	▲ new
96	North Korea	2	- 0 (0%)
97	Learn	2	▲ new
98	Takedown	2	▲ 1 (50%)
99	supernatural	2	▲ new
100	advanced	2	- 0 (0%)

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
Trojan		56 (53.8%)
RAT		17 (16.3%)
NetWireRC		13 (12.5%)
Ransomware		3 (2.9%)
GameoverP2P		3 (2.9%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Campaign		23 (25.3%)
Phishing		18 (19.8%)
Exploit		12 (13.2%)
RCE		9 (9.9%)
Backdoor		6 (6.6%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
Kaspersky		14 (18.2%)
Microsoft		9 (11.7%)
China		7 (9.1%)
Russia		6 (7.8%)
United States		5 (6.5%)

Threat info

Last 5

SNS

(Total : 24)

Total keyword

Trojan Malware Phishing Kaspersky RAT Android target Report Campaign NetWireRC China Telegram WhatsApp Chinese Attacker attack Cryptocurrency Banking Firmware ClickFix Browser ClearFake Hijacking powershell c&c Backdoor Update Stealer Clipbanker Exploit Russia IoC iocs ValleyRAT RCE Distribution ...

No	Title	Date
1	The Hacker News @TheHackersNews ???? New Threat Unpacked: MintsLoader + GhostWeaver! A stealthy loader (MintsLoader) is being used in real-world phishing attacks to silently drop GhostWeaver—a persistent PowerShell-based trojan stealing browser data & hijacking systems. ⚠️ Tactics include: — ClickFix social https://t.co/qB5O	2025.05.02
2	Threat Intelligence @threatintel #ThreatProtection Trojanized Uyghur text editor used to spy on World Uyghur Congress via spoofed C2 domains. Read more about Symantec's protection: https://t.co/dhBDRSplRX #WUC #Backdoor #Phishing	2025.05.01
3	Cyber_OSINT @Cyber_O51NT A sophisticated remote access trojan named ResolverRAT is reportedly targeting the healthcare and pharmaceutical sectors globally through localized phishing, employing advanced techniques to steal sensitive data. #cybersecurity #malware https://t.co/DA0CJC0X02	2025.04.29
4	The Hacker News @TheHackersNews ????️ UPDATE: Kaspersky details a new Triada malware variant, a potent Android trojan. Stealthier, it hides in system processes, gains root access, and secretly installs apps without user consent. Read: https://t.co/a5AwBxIQTZ	2025.04.29
5	Cyber_OSINT @Cyber_O51NT A report reveals that in March 2025, senior members of the World Uyghur Congress were targeted by a spearphishing campaign delivering malware via a trojanized Uyghur language tool, exposing ongoing digital repression faced by the Uyghur diaspora. #Uyghur… https://t.co/JpZiS8cVGe	2025.04.28

News

(Total : 32)

Total keyword

Trojan Malware target attack Campaign Attacker Advertising Software Windows RAT Exploit Update Phishing Microsoft c&c Report NetWireRC Cryptocurrency Kaspersky RCE Email Victim GitHub Operation Android intelligence Distribution Browser Criminal IoC Russia Telegram United States powershell Vulnerability Backdoor Government Linux Stealer hijack China Banking Spain Ransomware Cisco ZeroDay Java ChatGPT DDoS hacking Password GameoverP2P Chrome EDR payment keylogger Cobalt Strike Firmware North Korea MUSTANG PANDA Discord VirusTotal Firefox Zscaler RSA Conference United Kingdom CISA Grandoreiro Takedown WhatsApp AsyncRAT Cloudflare TONESHELL Google Europe India IoT Supply chain DYEPACK Education MFA LockBit C2 schtasks PlugX Docker UNIX Dropper ...

No	Title	Date
1	MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks - The Hacker News	2025.05.02
2	Triada: ein Trojaner, der auf Android-Smartphones vorinstalliert und sofort einsatzbereit ist \| Offizieller Blog von Kaspersky - IT Sicherheitsnews	2025.05.01
3	Threat Actors are Targeting US Tax-Session with new Tactics of Stealerium-infostealer - Malware.News	2025.04.30
4	Nebulous Mantis Targets NATO-Linked Entities with Multi-Stage Malware Attacks - The Hacker News	2025.04.30
5	Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool - The Hacker News	2025.04.29

Additional information

No	Title	Date
1	틱톡, 유럽 사용자 데이터 중국 전송.. 8000억대 벌금 - 시큐리티팩트	2025.05.03
2	Saskatoon children’s hospital nurse unlawfully snooped on records of 314 patients: privacy report - Malware.News	2025.05.03
3	Dating app Raw exposed users’ location data and personal information - Malware.News	2025.05.03
4	Hacker hired Telangana man to courier threats to Star Health Insurance MD - Malware.News	2025.05.03
5	Acadian Ambulance Seeks Dismissal of Data Breach Lawsuit - Malware.News	2025.05.03
View only the last 5

No	Title	Date
1	MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks - The Hacker News	2025.05.02
2	Triada: ein Trojaner, der auf Android-Smartphones vorinstalliert und sofort einsatzbereit ist \| Offizieller Blog von Kaspersky - IT Sicherheitsnews	2025.05.01
3	Threat Actors are Targeting US Tax-Session with new Tactics of Stealerium-infostealer - Malware.News	2025.04.30
4	Nebulous Mantis Targets NATO-Linked Entities with Multi-Stage Malware Attacks - The Hacker News	2025.04.30
5	Lessons from Ted Lasso for cybersecurity success - Malware.News	2025.04.25
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	PO_107658_200.pdf ftp Client info stealer email stealer Win Trojan agentTesla browser Antivirus Google Chrome User Data AsyncRAT backdoor	4ac557f524400a9007c6c8e6912e9e1f	9472	2021.03.22
2	tmt.exe ftp Client info stealer email stealer Win Trojan agentTesla browser Google Chrome User Data Download management AsyncRAT backdoor	c7a6d988c938e4f251cdcd967dc97cfc	9423	2021.03.21
3	xckex.exe ftp Client info stealer email stealer Win Trojan agentTesla browser Google Chrome User Data Download management	8446eb1134ac6b049b65eead1d545b59	9446	2021.03.21
4	IMG_724_Scanned_603.pdf ftp Client info stealer email stealer Win Trojan agentTesla browser Antivirus Google Chrome User Data AsyncRAT backdoor	5c2cd6d19381ac5a4a517c2165b29813	9470	2021.03.21
5	ndena.exe Azorult .NET framework ftp Client info stealer email stealer Win Trojan agentTesla browser Google Chrome User Data Download management	d4b31689b01301f90ce578d418a74231	9413	2021.03.19
View only the last 5

Level	Description
danger	Executed a process and injected code into it
warning	File has been identified by 22 AntiVirus engines on VirusTotal as malicious
watch	Allocates execute permission to another process indicative of possible code injection
watch	Attempts to identify installed AV products by installation directory
watch	Code injection by writing an executable or DLL to the memory of another process
watch	Detects VirtualBox through the presence of a file
watch	Detects VMWare through the presence of various files
watch	Harvests credentials from local email clients
watch	Harvests credentials from local FTP client softwares
watch	Harvests information related to installed instant messenger clients
watch	Installs itself for autorun at Windows startup
watch	Potential code injection by writing to the memory of another process
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
watch	The process powershell.exe wrote an executable file to disk
watch	Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice	A process created a hidden window
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Checks adapter addresses which can be used to detect virtual network interfaces
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Connects to a Dynamic DNS Domain
notice	Creates a shortcut to an executable file
notice	Creates a suspicious process
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	Looks up the external IP address
notice	Moves the original executable to a new location
notice	One or more potentially interesting buffers were extracted
notice	Performs some HTTP requests
notice	Potentially malicious URLs were found in the process memory dump
notice	Steals private information from local Internet browsers
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	Command line console output was observed
info	One or more processes crashed
info	Queries for the computername
info	Uses Windows APIs to generate a cryptographic key
Network	ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
Network	ET POLICY DynDNS CheckIp External IP Address Server Response
Network	ET POLICY External IP Lookup - checkip.dyndns.org
Network	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

No data

No	URL	CC	ASN Co	Reporter	Date
1	https://salmesados.com/98713521/tangem-setup-x64.exe infostealer shadowharvest stealer trojan	LT	Hydra Communications Ltd	ninjacatcher	2025.04.30
2	https://salmesados.com/98713521/NordPass-Desktop-Setup.exe infostealer shadowharvest stealer trojan	LT	Hydra Communications Ltd	ninjacatcher	2025.04.30
3	https://salmesados.com/98713521/trustwallet-desktop-x64.exe infostealer shadowharvest stealer trojan	LT	Hydra Communications Ltd	ninjacatcher	2025.04.30
4	https://nasalcloud.com/4ebc219d-2a4b/tangem-setup-x64.exe infostealer shadowharvest stealer trojan	LT	Hydra Communications Ltd	ninjacatcher	2025.04.30
5	https://nasalcloud.com/4ebc219d-2a4b/NordPass-Desktop-Setup.exe exe infostealer shadowharvest signed stealer trojan			ninjacatcher	2025.04.29
View only the last 5

Beta Service, If you select keyword, you can check detailed information.