Cyber Threat Trends

Summary: 2025/04/17 15:38

First reported date: 2019/01/19
Inquiry period : 2025/04/10 15:38 ~ 2025/04/17 15:38 (7 days), 6 search results

전 기간대비 83% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 AsyncRAT NetWireRC XWorm Lumma 입니다.
악성코드 유형 RAT GameoverP2P Vawtrak DCRat ActionRAT ReverseRAT Trojan 도 새롭게 확인됩니다.
공격자 MuddyWater SideCopy 도 새롭게 확인됩니다.
공격기술 Campaign Phishing Stealer Exploit Backdoor hacking 도 새롭게 확인됩니다.
기관 및 기업 United States Iran Microsoft India Brazil 도 새롭게 확인됩니다.
기타 powershell IoC Low Windows Linux 등 신규 키워드도 확인됩니다.

AsyncRAT is a RAT that can monitor and remotely control infected systems. This malware was introduced on Github as a legitimate open-source remote administration software, but hackers use it for its many powerful malicious functions.  Ref.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/16 How Indicators of Compromise, Attack, and Behavior Help Spot and Stop Cyber Threats
    ㆍ 2025/04/14 파키스탄 연계 해킹 그룹, 인도 정부·국방·해양 집중 공격

참고로 동일한 그룹의 악성코드 타입은 Remcos njRAT QuasarRAT 등 110개 종이 확인됩니다.

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	AsyncRAT	6	▲ 5 (83%)
2	NetWireRC	6	▲ 5 (83%)
3	powershell	2	▲ new
4	IoC	2	▲ new
5	XWorm	2	▲ 1 (50%)
6	Low	2	▲ new
7	RAT	2	▲ new
8	Windows	2	▲ new
9	Linux	2	▲ new
10	Lumma	2	▲ 1 (50%)
11	abusech	2	▲ new
12	Campaign	2	▲ new
13	Phishing	2	▲ new
14	Malware	2	▲ new
15	Victim	1	▲ new
16	last	1	- 0 (0%)
17	Advertising	1	- 0 (0%)
18	sample	1	▲ new
19	Cobalt Strike	1	▲ new
20	MuddyWater	1	▲ new
21	Vulnerability	1	▲ new
22	United States	1	▲ new
23	c&c	1	▲ new
24	Iran	1	▲ new
25	Amadey	1	- 0 (0%)
26	EDR	1	▲ new
27	GameoverP2P	1	▲ new
28	Vawtrak	1	▲ new
29	Stealer	1	▲ new
30	Update	1	▲ new
31	ZeroDay	1	▲ new
32	Exploit	1	▲ new
33	Email	1	▲ new
34	Backdoor	1	▲ new
35	Top	1	- 0 (0%)
36	tofsee	1	- 0 (0%)
37	DCRat	1	▲ new
38	SideWinder	1	▲ new
39	Microsoft	1	▲ new
40	India	1	▲ new
41	ActionRAT	1	▲ new
42	hacking	1	▲ new
43	ReverseRAT	1	▲ new
44	Chrome	1	▲ new
45	Firefox	1	▲ new
46	SideCopy	1	▲ new
47	Trojan	1	▲ new
48	공격	1	▲ new
49	sality	1	▲ new
50	파일	1	▲ new
51	사용	1	▲ new
52	amp	1	▲ new
53	httpstcokPcnJbIwA	1	▲ new
54	httpstco	1	▲ new
55	Snake	1	- 0 (0%)
56	Brazil	1	▲ new
57	AgentTesla	1	- 0 (0%)
58	Remcos	1	- 0 (0%)
59	Distribution	1	▲ new
60	intelligence	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
AsyncRAT		6 (22.2%)
NetWireRC		6 (22.2%)
XWorm		2 (7.4%)
RAT		2 (7.4%)
Lumma		2 (7.4%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
MuddyWater		1 (50%)
SideCopy		1 (50%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Campaign		2 (25%)
Phishing		2 (25%)
Stealer		1 (12.5%)
Exploit		1 (12.5%)
Backdoor		1 (12.5%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
United States		1 (20%)
Iran		1 (20%)
Microsoft		1 (20%)
India		1 (20%)
Brazil		1 (20%)

Malware Family

Top 5

A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.

Threat info

Last 5

SNS

(Total : 4)

Total keyword

AsyncRAT NetWireRC Advertising Amadey DCRat XWorm Remcos AgentTesla Lumma Brazil IoC

No	Title	Date
1	Konstantin Nikolenko @K_N1kolenko #AsyncRAT #ioc 23.160.168.165:7097 31.57.97.8:3333 65.108.77.73:3899 101.99.94.33:4449 157.20.182.70:4449 185.158.248.103:4449 196.251.84.29:8848	2025.04.15
2	ANY.RUN @anyrun_app Top 10 last week's threats by uploads ???? ⬆️ #Lumma 644 (630) ⬆️ #Snake 513 (251) ⬆️ #Xworm 341 (305) ⬆️ #Agenttesla 326 (116) ⬆️ #Asyncrat 303 (165) ⬆️ #Remcos 203 (127) ⬇️ #Tofsee 194 (529) ⬆️ #Sality 151 (98) ⬆️ #Dcrat 132 (72) ⬇️ #Amadey 95 (146) Track them all: https://t.co/bNrGjS46DF	2025.04.14
3	Szabolcs Schmidt @smica83 Looks like a low detected #AsyncRAT @abuse_ch https://t.co/kPcnJbIwA9 https://t.co/7gar67fioh	2025.04.14
4	Szabolcs Schmidt @smica83 Low detected #AsyncRAT sample from Brazil @abuse_ch https://t.co/7LSPXYTSVJ @JAMESWT_WT https://t.co/qxySKxVSN8	2025.04.13

News

(Total : 2)

Total keyword

AsyncRAT powershell NetWireRC RAT Windows Linux Campaign Malware Phishing c&c Victim Backdoor Attacker Iran Lumma EDR XWorm Email GameoverP2P United States Vawtrak Stealer Update ZeroDay Exploit IoC Vulnerability ReverseRAT SideCopy Distribution Microsoft India ActionRAT hacking Chrome MuddyWater Firefox Trojan SideWinder Cobalt Strike intelligence

No	Title	Date
1	How Indicators of Compromise, Attack, and Behavior Help Spot and Stop Cyber Threats - Malware.News	2025.04.16
2	파키스탄 연계 해킹 그룹, 인도 정부·국방·해양 집중 공격 - 시큐리티팩트	2025.04.14

Additional information

No	Title	Date
1	엔디비아 'AI 심장부' GPU에 보안 구멍.. '즉시 패치' 비상 - 시큐리티팩트	2025.04.17
2	Hi, robot: Half of all internet traffic now automated - Malware.News	2025.04.17
3	Zoom Sees Outage With 50,000 Users Reporting Availability Issues - Bloomberg Technology	2025.04.17
4	Nude photos and names: KU Health and Kansas hospital sued for data breach - Malware.News	2025.04.17
5	DeepSeek Poses ‘Profound’ Security Threat, US House Panel Claims - Bloomberg Technology	2025.04.17
View only the last 5

No	Title	Date
1	파키스탄 연계 해킹 그룹, 인도 정부·국방·해양 집중 공격 - 시큐리티팩트	2025.04.14
2	Operation HollowQuill: Malware delivered into Russian R&D Networks via Research Decoy PDFs - Malware.News	2025.03.31
3	Operation HollowQuill: Malware delivered into Russian R&D Networks via Research Decoy PDFs - Malware.News	2025.03.31
4	ClickFix: Another Deceptive Social Engineering Technique - Malware.News	2025.03.28
5	ClickFix: Another Deceptive Social Engineering Technique - Malware.News	2025.03.28
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	payload1.exe AsyncRAT .NET framework(MSIL) Malicious Packer UPX PE File .NET EXE PE32 OS Processor Check	7c9043f988eaf0a9698783c9f8e199d7	59001	2025.04.14
2	niceclient.exe AsyncRAT Malicious Library .NET framework(MSIL) Malicious Packer UPX PE File .NET EXE PE32 OS Processor Check	2c5bd84fc6963be41a892a1ad21bf7e4	59005	2025.04.14
3	1.exe AsyncRAT Malicious Library .NET framework(MSIL) Malicious Packer UPX PE File .NET EXE PE32 OS Processor Check	0b9fd78ef6d6bd52a6d581a05956d2b7	59002	2025.04.14
4	RuntimeBrokerSvc.exe AsyncRAT .NET framework(MSIL) Malicious Packer UPX PE File .NET EXE PE32 OS Processor Check	ee9bd2b3d64511b880fcbd8ad23c71fa	58379	2025.03.30
5	we.exe AsyncRAT task schedule Downloader Malicious Library .NET framework(MSIL) Malicious Packer UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDe	7e54eec2d10957178e6410ba1c899c21	58307	2025.03.26
View only the last 5

Level	Description
danger	File has been identified by 55 AntiVirus engines on VirusTotal as malicious

No	Category	URL	CC	ASN Co	Date
1	c2	http://45.81.115.40:1951/	UA	meerfarbig GmbH & Co. KG	2025.04.14
2	c2	http://185.7.214.181:1414/	FR	Qual.it S.a.s.	2025.04.11
3	c2	http://92.255.85.66:1414/	RU	Comfortel Ltd.	2025.04.07
4	c2	http://92.255.85.2:1414/	RU	Comfortel Ltd.	2025.04.07
5	c2	http://chyanarc.twilightparadox.com/			2025.04.04
View only the last 5

No	URL	CC	ASN Co	Reporter	Date
1	http://147.45.221.109/Wcjeaqxsil.dat AsyncRAT	RU	OOO FREEnet Group	James_inthe_box	2025.04.14
2	https://deft-sherbet-caf052.netlify.app/spoofer.exe AsyncRAT XwormRAT	SG	AMAZON-02	abus3reports	2025.04.13
3	https://lumiraseo.com/download/payload.exe AsyncRAT XwormRAT	DE	...	abus3reports	2025.04.13
4	http://github.com/naruto3213213/111/raw/refs/heads/main/Host.exe AsyncRAT XwormRAT	US	MICROSOFT-CORP-MSN-AS-BLOCK	abus3reports	2025.04.13
5	http://github.com/naruto3213213/111/raw/refs/heads/main/Fix.exe AsyncRAT XwormRAT	US	MICROSOFT-CORP-MSN-AS-BLOCK	abus3reports	2025.04.13
View only the last 5

Beta Service, If you select keyword, you can check detailed information.