Cyber Threat Trends

Summary: 2025/05/03 01:04

First reported date: 2012/03/26
Inquiry period : 2025/04/26 01:04 ~ 2025/05/03 01:04 (7 days), 26 search results

전 기간대비 8% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 APT Campaign Malware Government Kaspersky 입니다.
악성코드 유형 ROMCOMRAT CrimsonRAT ROMCOM RAT RAT Konni 도 새롭게 확인됩니다.
공격자 APT28 APT43 도 새롭게 확인됩니다.
공격기술 Phishing Spear Phishing 도 새롭게 확인됩니다.
기관 및 기업 France Iranian ESET Iran NATO 도 새롭게 확인됩니다.
기타 target Asia French TransparentTribe Earth 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
    ㆍ 2025/05/02 IPv6 SLAAC exploited by Chinese APT for AitM attacks
    ㆍ 2025/05/02 Multi-stage malware attacks launched by Nebulous Mantis APT
    ㆍ 2025/04/30 Tracking APT SideWinder Domains By Combining Regex Patterns, Whois Records and Domain Registrars

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	APT	26	▲ 2 (8%)
2	Campaign	22	▲ 2 (9%)
3	Malware	9	▲ 5 (56%)
4	target	8	▲ new
5	attack	7	▼ -1 (-14%)
6	Government	4	▲ 3 (75%)
7	dprk	4	▼ -1 (-25%)
8	North Korea	4	▼ -1 (-25%)
9	Kaspersky	4	▲ 1 (25%)
10	Russia	4	▲ 2 (50%)
11	Asia	3	▲ new
12	French	3	▲ new
13	TransparentTribe	3	▲ new
14	Earth	3	▲ new
15	Kurma	3	▲ new
16	APT28	3	▲ new
17	Operation	3	▲ new
18	France	3	▲ new
19	hacking	3	▼ -2 (-67%)
20	NetWireRC	3	▲ 2 (67%)
21	Report	3	- 0 (0%)
22	ROMCOMRAT	3	▲ new
23	amp	2	▲ 1 (50%)
24	File	2	▲ new
25	CrimsonRAT	2	▲ new
26	apt36	2	▲ new
27	ThreatProtection	2	▲ new
28	Multistage	2	▲ new
29	March	2	▲ new
30	TheWizards	2	▲ new
31	Chinese	2	▲ 1 (50%)
32	가상	2	▲ new
33	자산	2	▲ new
34	관련	2	▲ new
35	China	2	▼ -2 (-100%)
36	외부	2	▲ new
37	Cryptocurrency	2	▲ new
38	Update	2	▼ -2 (-100%)
39	SLAAC	2	▲ new
40	Russian	2	▲ new
41	sample	2	▲ 1 (50%)
42	Phishing	2	▲ new
43	NSFOCUS	2	▲ new
44	securityaffairs	2	▼ -3 (-150%)
45	IoC	2	▼ -4 (-200%)
46	Southeast	2	▲ new
47	South Korea	2	▼ -2 (-100%)
48	Lazarus	2	▲ 1 (50%)
49	critical	1	▲ new
50	Iranian	1	▲ new
51	ROMCOM RAT	1	▲ new
52	RAT	1	▲ new
53	Alert	1	- 0 (0%)
54	Russianspeaking	1	▲ new
55	Espionage	1	▼ -1 (-100%)
56	Kimsuky	1	▼ -5 (-500%)
57	group	1	▼ -1 (-100%)
58	ESET	1	▲ new
59	Patterns	1	▲ new
60	Middle	1	▲ new
61	TrendMicro	1	▲ new
62	Iran	1	▲ new
63	server	1	▲ new
64	IPv	1	▲ new
65	Software	1	- 0 (0%)
66	Advertising	1	▲ new
67	Exploit	1	▼ -3 (-300%)
68	httpsexpressholidayscoinupsrphp	1	▲ new
69	securenesstcom	1	▲ new
70	Infra	1	▼ -1 (-100%)
71	Domains	1	▲ new
72	Mantis	1	▲ new
73	Nebulous	1	▲ new
74	NATO	1	▲ new
75	script	1	▲ new
76	VBA	1	▲ new
77	Spear Phishing	1	▲ new
78	Regex	1	▲ new
79	httpstcoqiL	1	▲ new
80	SideWinder	1	▼ -2 (-200%)
81	Hash	1	▲ new
82	TrendMicroRSRCH	1	▲ new
83	httpstco	1	▲ new
84	d48032d835c95af816fbcea6e659cdbe	1	▲ new
85	Decoy	1	▲ new
86	Compromise	1	▲ new
87	httpstcowCBsLIQolK	1	▲ new
88	Entities	1	▲ new
89	Using	1	▲ new
90	httpproximalsilverpawpawglitchmeexamplecompanycokr	1	▲ new
91	httpsgofinanciallycomimagesupload	1	- 0 (0%)
92	NortonLifeLock	1	▲ new
93	Konni	1	▲ new
94	URL	1	▲ new
95	orgs	1	▲ new
96	Briefing	1	▲ new
97	APT43	1	▲ new
98	Monthly	1	▲ new
99	cti	1	▼ -2 (-200%)
100	trend	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
NetWireRC		3 (25%)
ROMCOMRAT		3 (25%)
CrimsonRAT		2 (16.7%)
ROMCOM RAT		1 (8.3%)
RAT		1 (8.3%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
APT28		3 (37.5%)
Lazarus		2 (25%)
Kimsuky		1 (12.5%)
APT43		1 (12.5%)
APT37		1 (12.5%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
APT		26 (44.8%)
Campaign		22 (37.9%)
hacking		3 (5.2%)
Phishing		2 (3.4%)
Exploit		1 (1.7%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
Government		4 (12.1%)
dprk		4 (12.1%)
North Korea		4 (12.1%)
Kaspersky		4 (12.1%)
Russia		4 (12.1%)

Threat info

Last 5

SNS

(Total : 21)

Total keyword

APT Campaign Malware target North Korea dprk attack Kaspersky NetWireRC France Russia ROMCOMRAT hacking APT28 Cryptocurrency CrimsonRAT Lazarus IoC South Korea Phishing Government hijack Backdoor Update RAT China ROMCOM RAT RomCom Iran ESET Iranian Hijacking Report Spear Phishing Kimsuky APT43 APT37 Chinese Konni

No	Title	Date
1	Cyber Team @Cyberteam008 [2/2] Infra: 185.235.137.195:3311 185.235.137.195:3309 server1.securenesst.com securenesst.com https://expressholidays.co.in/ups/r.php @500mk500 #APT36 #TransparentTribe #CrimsonRAT #Malware #ioc	2025.05.02
2	Cyber Team @Cyberteam008 [1/2] #APT36 / #TransparentTribe 's #CrimsonRAT Campaign through HTML Frame attack File: presentation.accdb (it executes a VBA script) 30908d3c69dc8aaa0368b3a3593eb66c File: Syssm.exe (dropped by VBA script from "expressholidays.co.in") e948aa916d1f9f9b5bba72ad7de7e27f https://t.co/SdxeBrj6a7	2025.05.02
3	acosador @adqewrsf #APT #DPRK file name: 공문_가상자산관련 외부평가위원 위촉 안내.hwp.lnk sha256: 09b0aba40f1da5f3455a6f4097f5a9c88d80a51f2b5f9505370d323b6a78b6f0 https://www.sitisrlweb.com/wp-includes/js/src/get.php, list.php ,upload.php same decoy file vt: https://t.co/oe2J0iFSHU https://t.co/4cXufo6AD2 https://t.co/AIN319qNH4	2025.05.02
4	Threat Intelligence @threatintel #ThreatProtection Iranian #APT targeted critical Middle Eastern infrastructure, read more: https://t.co/tezDS3IBSZ	2025.05.01
5	JangPro @JangPr0 #APT #DPRK f9f3b762ed1719bf141c38f8c4f21d76cd65c5ac6c62a4b94ce68569ce87178c Decoy: 가상자산 관련 외부평가위원 위촉 안내.hwp.lnk https://www.seacura.com/wp-includes/js/src/list.php & upload.php & get.php https://t.co/thEJwGxvI2	2025.04.30

News

(Total : 5)

Total keyword

APT Malware Campaign attack target Operation Government Report China NATO APT28 Update Exploit Advertising Software Chinese Russia Kaspersky ROMCOMRAT SideWinder hacking

No	Title	Date
1	Multi-stage malware attacks launched by Nebulous Mantis APT - Malware.News	2025.05.02
2	IPv6 SLAAC exploited by Chinese APT for AitM attacks - Malware.News	2025.05.02
3	Tracking APT SideWinder Domains By Combining Regex Patterns, Whois Records and Domain Registrars - Malware.News	2025.04.30
4	Southeast Asia targeted by Earth Kurma APT attacks - Malware.News	2025.04.30
5	Targeting and Compromise of French Entities Using the APT28 Intrusion Set / CERT-FR / malpedia	2025.04.29

Additional information

No	Title	Date
1	Pro-Russian hacktivists intensify DDoS attacks on Dutch orgs - Malware.News	2025.05.03
2	Malware gains persistence by mimicking WordPress security plugin - Malware.News	2025.05.03
3	Malicious PyPi, npm packages found abusing trusted services for data theft - Malware.News	2025.05.03
4	Harrods discloses cyberattack following targeting of other UK retailers - Malware.News	2025.05.03
5	Cyber attack disrupts Bartlesville school systems in Oklahoma - Malware.News	2025.05.03
View only the last 5

No	Title	Date
1	Multi-stage malware attacks launched by Nebulous Mantis APT - Malware.News	2025.05.02
2	Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors - Malware.News	2025.04.25
3	APT Group Profiles – Larva-24005 - ASEC BLOG	2025.04.14
4	March 2025 APT Group Trends (South Korea) - Malware.News	2025.04.10
5	March 2025 APT Group Trends (South Korea) - ASEC BLOG	2025.04.09
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	x64.exe Emotet Swrort Generic Malware Armageddon APT [C] All Process Malicious Library UPX Malicious Packer Antivirus Anti_VM PE File PE32 OS Processor Check DLL PE64 ftp MZP Format	e4b9f59c60edde996ac3c2d2b133dbf7	52359	2024.08.05
2	NINJA.exe Generic Malware Armageddon APT [C] All Process UPX PE32 PE File GIF Format	9e870f801dd759298a34be67b104d930	36555	2023.01.28
3	sheet.exe Formbook RAT PWS .NET framework Generic Malware Hide_EXE [C] All Process Armageddon APT Malicious Library UPX Malicious Packer AntiDebug AntiVM PE32 PE File OS Processor Check .NET EXE	1451ed9b5629e22afbde901d932f4bfc	32641	2022.09.26
4	采购订单要求 & 绘图样本..exe RAT Generic Malware [C] All Process Armageddon APT task schedule Malicious Library UPX Malicious Packer AntiDebug AntiVM PE32 OS Processor Check PE File .NET EXE GIF Format	c56268bd887cf060acae169c64e60a49	32131	2022.09.20
5	t-d.exe Armageddon APT WinRAR AntiDebug AntiVM PE File OS Processor Check PE32	95939e9f316d9e5d38e453b5f6095fcd	12579	2021.06.24
View only the last 5

Level	Description
danger	File has been identified by 56 AntiVirus engines on VirusTotal as malicious
notice	Creates executable files on the filesystem
notice	Drops an executable to the user AppData folder
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)
info	The file contains an unknown PE resource name possibly indicative of a packer
info	This executable has a PDB path

No	Category	URL	CC	ASN Co	Date
1	c2	http://00701111.000webhostapp.com/wp-extra/show.php	US	...	2023.09.18

No	URL	CC	ASN Co	Reporter	Date
1	https://jpkinki.com/fjugm APT Kimsuky	US	CLOUDFLARENET	IdaNotPro	2025.03.26
2	https://www.dropbox.com/scl/fi/cnfhxf0nc3qxfklznh5na/zzJG_2.zip?rlkey=7t1et81enar4uvbb7nnk58m9b&st=2... APT Kimsuky zip	US	DROPBOX	abuse_ch	2025.02.12
3	https://www.dropbox.com/scl/fi/icvpzbx4vn6lcthva168z/zzJG.zip?rlkey=kntc36792grkm64xriqputbdq&st=px5... APT Kimsuky	US	DROPBOX	JAMESWT_MHT	2025.02.05
4	https://liuyi.neectar.info/hsdverd_3ed5d/mdswsourt_4rfs APT decoy Patchwork PDF	GB		abuse_ch	2025.01.22
5	https://liuyi.neectar.info/lksderdd_4dferd/jhdfer3s_jh3de APT exe Patchwork rustystealer	GB		abuse_ch	2025.01.22
View only the last 5

Beta Service, If you select keyword, you can check detailed information.