Cyber Threat Trends

Summary: 2025/04/19 11:32

First reported date: 2011/06/21
Inquiry period : 2025/04/12 11:32 ~ 2025/04/19 11:32 (7 days), 20 search results

전 기간대비 -20% 낮은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Email Phishing United States Stealer Ransomware 입니다.
악성코드 유형 RAT njRAT Vawtrak Lumma Vidar Raccoon RedLine 도 새롭게 확인됩니다.
공격자 TraderTraitor 도 새롭게 확인됩니다.
공격기술 Malvertising 도 새롭게 확인됩니다.
기관 및 기업 US Apple Deloitte 도 새롭게 확인됩니다.
기타 Crypto Android Alleged MEXC trading 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/18 Dark Web Market: STYX Market
    ㆍ 2025/04/17 Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers
    ㆍ 2025/04/17 “I sent you an email from your email account,” sextortion scam claims

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	Cryptocurrency	20	▼ -4 (-20%)
2	Malware	11	▼ -3 (-27%)
3	Campaign	8	▼ -2 (-25%)
4	Email	5	▲ 3 (60%)
5	attack	5	- 0 (0%)
6	target	5	▼ -1 (-20%)
7	Crypto	5	▲ new
8	Phishing	4	▲ 1 (25%)
9	Microsoft	4	▼ -2 (-50%)
10	United States	4	▲ 1 (25%)
11	Advertising	4	▼ -2 (-50%)
12	Stealer	4	▲ 3 (75%)
13	Trojan	4	- 0 (0%)
14	Ransomware	3	▲ 1 (33%)
15	Report	3	▼ -7 (-233%)
16	malicious	3	▼ -3 (-100%)
17	China	3	▲ 2 (67%)
18	Software	3	▼ -3 (-100%)
19	TraderTraitor	3	▲ new
20	Malvertising	3	▲ new
21	Operation	3	- 0 (0%)
22	Browser	3	▲ 1 (33%)
23	LinkedIn	3	▲ 2 (67%)
24	US	3	▲ new
25	Android	2	▲ new
26	Telegram	2	- 0 (0%)
27	Russia	2	- 0 (0%)
28	Criminal	2	▼ -4 (-200%)
29	Kaspersky	2	▲ 1 (50%)
30	intelligence	2	▼ -2 (-100%)
31	Update	2	▼ -3 (-150%)
32	c&c	2	▼ -2 (-100%)
33	Password	2	▲ 1 (50%)
34	Windows	2	▼ -2 (-100%)
35	RCE	2	▼ -1 (-50%)
36	North Korea	2	▼ -2 (-100%)
37	Social Engineering	2	- 0 (0%)
38	Victim	2	▼ -5 (-250%)
39	GameoverP2P	2	▲ 1 (50%)
40	Binance	2	▲ 1 (50%)
41	Alleged	2	▲ new
42	MEXC	2	▲ new
43	Package	2	- 0 (0%)
44	threat	2	▲ 1 (50%)
45	Java	2	▲ 1 (50%)
46	trading	2	▲ new
47	Pattni	1	▲ new
48	Wha	1	▲ new
49	RAT	1	▲ new
50	NetWireRC	1	- 0 (0%)
51	njRAT	1	▲ new
52	regular	1	▲ new
53	Ways	1	▲ new
54	Modern	1	▲ new
55	Bitcoin	1	▲ new
56	Vawtrak	1	▲ new
57	Apple	1	▲ new
58	Gmail	1	▲ new
59	Kings	1	▲ new
60	arrest	1	- 0 (0%)
61	Heist	1	▲ new
62	Deloitte	1	▲ new
63	Accenture	1	- 0 (0%)
64	Allegedly	1	▲ new
65	Zero Trust	1	▲ new
66	United Kingdom	1	▼ -1 (-100%)
67	payment	1	▼ -1 (-100%)
68	own	1	▲ new
69	account	1	▲ new
70	Lumma	1	▲ new
71	Could	1	▲ new
72	Reading	1	▲ new
73	Dark	1	▲ new
74	Takedown	1	- 0 (0%)
75	Google	1	- 0 (0%)
76	VPN	1	▲ new
77	Exploit	1	▼ -2 (-200%)
78	Kali	1	▲ new
79	DarkWeb	1	▲ new
80	Vidar	1	▲ new
81	access	1	▲ new
82	Raccoon	1	▲ new
83	RedLine	1	▲ new
84	Don	1	▲ new
85	Benefits	1	▲ new
86	Offers	1	▲ new
87	Blockchain	1	▲ new
88	js	1	▲ new
89	Node	1	▲ new
90	address	1	▲ new
91	Germany	1	- 0 (0%)
92	Attacks	1	▲ new
93	YouTube	1	- 0 (0%)
94	Snapshot	1	▲ new
95	powershell	1	▼ -1 (-100%)
96	Sale	1	▲ new
97	VBScript	1	- 0 (0%)
98	Multiple	1	▲ new
99	Bitdeer	1	▲ new
100	Firm	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
Trojan		4 (21.1%)
Ransomware		3 (15.8%)
GameoverP2P		2 (10.5%)
RAT		1 (5.3%)
NetWireRC		1 (5.3%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
TraderTraitor		3 (100%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Campaign		8 (32%)
Phishing		4 (16%)
Stealer		4 (16%)
Malvertising		3 (12%)
RCE		2 (8%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
Microsoft		4 (12.1%)
United States		4 (12.1%)
China		3 (9.1%)
US		3 (9.1%)
Russia		2 (6.1%)

Threat info

Last 5

SNS

(Total : 6)

Total keyword

Cryptocurrency attack Campaign US Email Malware Software TraderTraitor LinkedIn target Ransomware Java Malvertising Proofpoint United States

No	Title	Date
1	Kimberly @StopMalvertisin Dark Reading \| Could Ransomware Survive Without Cryptocurrency? https://t.co/nFt8s0Qmme	2025.04.18
2	Virus Bulletin @virusbtn Palo Alto's Prashil Pattni looks into a Slow Pisces (aka Jade Sleet, TraderTraitor, PUKCHONG) campaign targeting cryptocurrency developers on LinkedIn, posing as potential employers and sending malware disguised as coding challenges. https://t.co/gAuweiWhrF https://t.co/kFd2mGP7DM	2025.04.15
3	Proofpoint @proofpoint Using a variety of AI-based threat detection techniques and curated threat intel from researchers, Proofpoint identifies attacks that other vendors miss. Here's how our #HumanCentricSecurity approach detected and blocked a widespread bitcoin scam. https://t.co/psXZikI3N6	2025.04.15
4	ThreatMon @MonThreat ???????? ???? Alleged Sale of Multiple Crypto Databases from the US A threat actor has claimed to have put up for sale several databases belonging to US-based cryptocurrency platforms. The leaked data includes personally identifiable information such as names, email addresses, phone https://t.co/Mh	2025.04.15
5	Microsoft Threat Intelligence @MsftSecIntel Recent observed attacks include a malvertising campaign related to cryptocurrency trading, luring users into downloading a malicious installer disguised as legitimate software. Another notable technique involves inline JavaScript execution via Node.js to deploy malware.	2025.04.15

News

(Total : 14)

Total keyword

Cryptocurrency Malware Campaign Advertising target Trojan Stealer Microsoft Phishing Report China Browser Email Operation United States attack North Korea Windows Kaspersky Software LinkedIn Malvertising Binance Telegram GameoverP2P Password Attacker Update c&c Criminal Victim Russia Social Engineering Ransomware Android TraderTraitor RCE intelligence Kali Exploit VPN Bitcoin Apple DarkWeb Gmail Vawtrak arrest Google Deloitte Accenture njRAT Zero Trust Lumma payment RAT RedLine NetWireRC Raccoon Vidar hijack United Kingdom Europe Banking Government Grandoreiro VBScript US IcedID powershell Germany Chinese YouTube ...

No	Title	Date
1	Dark Web Market: STYX Market - Malware.News	2025.04.18
2	Blockchain Offers Security Benefits – But Don't Neglect Your Passwords - The Hacker News	2025.04.17
3	Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers - The Hacker News	2025.04.17
4	“I sent you an email from your email account,” sextortion scam claims - Malware.News	2025.04.17
5	Malicious crypto developer-targeted coding challenges spread infostealers - Malware.News	2025.04.16

Additional information

No	Title	Date
1	Tesla to Delay Production of Cheaper EVs, Reuters Reports - Bloomberg Technology	2025.04.19
2	When Vulnerability Information Flows are Vulnerable Themselves - Malware.News	2025.04.19
3	CISA warns threat hunting staff of end to Google, Censys contracts as agency cuts set in - Malware.News	2025.04.19
4	Radiology practice reportedly working with FBI after ‘data security incident’ - Malware.News	2025.04.19
5	Text scams grow to steal hundreds of millions of dollars - Malware.News	2025.04.19
View only the last 5

No	Title	Date
1	Dark Web Market: STYX Market - Malware.News	2025.04.18
2	Dark Web Market: STYX Market - Malware.News	2025.04.18
3	Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers - The Hacker News	2025.04.17
4	Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers - The Hacker News	2025.04.17
5	Threat Intelligence Snapshot: Week 14, 2025 - Malware.News	2025.04.16
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	conhost.exe XMRig Miner Emotet Cryptocurrency Miner Suspicious_Script_Bin Generic Malware CoinHive Cryptocurrency task schedule Downloader Malicious Library UPX Malicious Packer Antivirus .NET framework(MSIL) Create Service Socket DGA Http API ScreenShot Escalate pri	8378455f7c8a30d74b355adaf576a10b	50845	2024.06.11
2	conhost.exe XMRig Miner Emotet Cryptocurrency Miner Generic Malware Suspicious_Script_Bin CoinHive Cryptocurrency task schedule Downloader Malicious Library UPX Antivirus Malicious Packer .NET framework(MSIL) Create Service Socket DGA Http API ScreenShot Escalate pri	0c648321522607509014810fa9850703	46656	2023.11.20
3	IE.exe PWS[m] Gen1 RAT Cryptocurrency Miner Generic Malware task schedule CoinHive Cryptocurrency UPX WinRAR Malicious Library Malicious Packer Antivirus Anti_VM Create Service DGA Socket ScreenShot DNS Internet API Code injection Sniff Audio HTTP Steal credenti	d55af7419949eb1630bf0e6b3684166e	26373	2022.05.02
4	64a1.com PWS[m] Cryptocurrency Miner Generic Malware CoinHive Cryptocurrency UPX WinRAR Malicious Library Malicious Packer Create Service DGA Socket ScreenShot DNS BitCoin Internet API Code injection Sniff Audio HTTP Steal credential KeyLogger P2P Downloader Esca	def5558538f028028677e6118b46009d	26377	2022.05.02
5	http://regalosfreaks.blogspot.... AgentTesla CoinHive Cryptocurrency Http API Internet API ScreenShot DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Steal credential Downloader P2P persistence AntiDebug AntiVM PNG Format JPE	d808b4bbb918207dd54b242b2339afec	12072	2021.06.08
View only the last 5

Level	Description
danger	File has been identified by 35 AntiVirus engines on VirusTotal as malicious
watch	A process attempted to delay the analysis task.
watch	Attempts to create or modify system certificates
watch	Communicates with host for which no DNS query was performed
watch	Connects to an IRC server
watch	Installs itself for autorun at Windows startup
watch	Looks for the Windows Idle Time to determine the uptime
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	A process created a hidden window
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Checks adapter addresses which can be used to detect virtual network interfaces
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Creates a shortcut to an executable file
notice	Creates a suspicious process
notice	Creates executable files on the filesystem
notice	Creates hidden or system file
notice	Drops a binary and executes it
notice	Drops an executable to the user AppData folder
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	One or more potentially interesting buffers were extracted
notice	Performs some HTTP requests
notice	Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
notice	Terminates another process
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	Command line console output was observed
info	Queries for the computername
info	The executable uses a known packer
info	Uses Windows APIs to generate a cryptographic key
Network	ET DROP Spamhaus DROP Listed Traffic Inbound group 23
Network	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
Network	ET INFO Executable Download from dotted-quad Host
Network	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
Network	ET POLICY PE EXE or DLL Windows file download HTTP
Network	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

No data

Beta Service, If you select keyword, you can check detailed information.