Cyber Threat Trends

Summary: 2025/04/18 11:18

First reported date: 2011/08/10
Inquiry period : 2025/04/11 11:17 ~ 2025/04/18 11:17 (7 days), 6 search results

전 기간대비 -83% 낮은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Exploit Report RCE attack Vulnerability 입니다.
악성코드 유형 DYEPACK IcedID Cryptocurrency Miner CoreDN 도 새롭게 확인됩니다.
공격자 Anonymous 도 새롭게 확인됩니다.
공격기술 XSS Backdoor hijack Hijacking 도 새롭게 확인됩니다.
기관 및 기업 United Kingdom Government 도 새롭게 확인됩니다.
기타 IPv Discord tunneling scans python 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/18 Microsoft’s Secure by Design journey: One year of success
    ㆍ 2025/04/15 Kubernetes Threat Hunting using API Server Audit Logs
    ㆍ 2025/04/12 Dangling DNS Attack Allows Hackers to Take Over Organization’s Subdomain

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	DNS	6	▼ -5 (-83%)
2	Malware	4	▼ -3 (-75%)
3	Exploit	4	▲ 3 (75%)
4	Report	3	▲ 1 (33%)
5	Update	3	- 0 (0%)
6	RCE	3	▲ 2 (67%)
7	attack	3	▲ 1 (33%)
8	Vulnerability	2	▲ 1 (50%)
9	Software	2	- 0 (0%)
10	United States	2	▼ -2 (-100%)
11	Campaign	2	▲ 1 (50%)
12	IPv	2	▲ new
13	Microsoft	2	▲ 1 (50%)
14	DYEPACK	2	▲ new
15	intelligence	2	▲ 1 (50%)
16	c&c	2	▼ -3 (-150%)
17	Phishing	2	▼ -2 (-100%)
18	Discord	1	▲ new
19	tunneling	1	▲ new
20	scans	1	▲ new
21	python	1	▲ new
22	Multiple	1	▲ new
23	Internet	1	▲ new
24	public	1	▲ new
25	Australia	1	▼ -1 (-100%)
26	Telegram	1	- 0 (0%)
27	IcedID	1	▲ new
28	United Kingdom	1	▲ new
29	Zero Trust	1	▲ new
30	Ransomware	1	▼ -1 (-100%)
31	Windows	1	▼ -1 (-100%)
32	little	1	▲ new
33	GitHub	1	▲ new
34	LinkedIn	1	▲ new
35	CISA	1	▼ -4 (-400%)
36	Government	1	▲ new
37	Data Center	1	- 0 (0%)
38	XSS	1	▲ new
39	Firmware	1	▲ new
40	bit	1	▲ new
41	Backdoor	1	▲ new
42	threatactor	1	▲ new
43	Forensics	1	▲ new
44	Google	1	- 0 (0%)
45	AdditionalFields	1	▲ new
46	parsejson	1	▲ new
47	TTLs	1	▲ new
48	Hackers	1	▲ new
49	Subdomain	1	▲ new
50	Allows	1	▲ new
51	Cryptocurrency Miner	1	▲ new
52	CVSS	1	▲ new
53	CoreDN	1	▲ new
54	gt	1	▲ new
55	Anonymous	1	▲ new
56	Linux	1	▲ new
57	Red Hat	1	▲ new
58	Advertising	1	▼ -1 (-100%)
59	hijack	1	▲ new
60	Cloudflare	1	- 0 (0%)
61	Hijacking	1	▲ new
62	target	1	▼ -1 (-100%)
63	Kubernetes	1	▲ new
64	Ope	1	▲ new
65	ta	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
DYEPACK		2 (33.3%)
IcedID		1 (16.7%)
Ransomware		1 (16.7%)
Cryptocurrency Miner		1 (16.7%)
CoreDN		1 (16.7%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
Anonymous		1 (100%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Exploit		4 (26.7%)
RCE		3 (20%)
Campaign		2 (13.3%)
Phishing		2 (13.3%)
XSS		1 (6.7%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
United States		2 (20%)
Microsoft		2 (20%)
Australia		1 (10%)
United Kingdom		1 (10%)
CISA		1 (10%)

Threat info

Last 5

SNS

(Total : 2)

Total keyword

DNS Telegram Discord

No	Title	Date
1	Unit 42 @Unit42_Intel Multiple domains leveraging #DNS #tunneling have been probing the Internet for public IPv4/IPv6 resolvers. Lacking TXT/PTR records, the associated DNS traffic is highly suspicious. These #scans began in Jan 2025 and peaked earlier this week. More info at https://t.co/Zve4RHnSt9 https://t.co/L2LKHJ0D	2025.04.17
2	Dark Web Informer - Cyber Threat Intelligence @DarkWebInformer With a little bit of python, I'm running a threat_actor lookup command with my own data on Discord and sending it back to Telegram all in 2 seconds. /dns_lookup -> DNS details /ip -> IP details /threat_actor -> Provides the last 3 claims (screenshots) /whois -> Whois details https://t.c	2025.04.17

News

(Total : 4)

Total keyword

DNS Exploit Malware attack Report Attacker Update RCE Vulnerability United States Microsoft DYEPACK Software c&c intelligence Phishing Campaign Kubernetes Australia United Kingdom target IcedID Zero Trust Ransomware Windows GitHub Hijacking CISA Government Data Center XSS Firmware LinkedIn CoreDN Cloudflare Google Cryptocurrency Miner hijack CVSS Forensics Anonymous Linux Red Hat Advertising Backdoor

No	Title	Date
1	Microsoft’s Secure by Design journey: One year of success - Malware.News	2025.04.18
2	Kubernetes Threat Hunting using API Server Audit Logs - Malware.News	2025.04.15
3	Dangling DNS Attack Allows Hackers to Take Over Organization’s Subdomain - Malware.News	2025.04.12
4	DNS Response analysis with KQL: queries, answers, TTL, RTT & more - Malware.News	2025.04.11

Additional information

No	Title	Date
1	Japan FSA Says Hacked Online Trading Reaches About $700 Million - Bloomberg Technology	2025.04.18
2	Secure legacy Oracle cloud credentials amid leak reports, CISA warns - Malware.News	2025.04.18
3	가짜 돈·위조품 '꼼짝마!'.. 보안 잉크 아세요? - 시큐리티팩트	2025.04.18
4	Care what you share - Malware.News	2025.04.18
5	Inside Black Basta: Ransomware Resilience and Evolution After the Leak - Malware.News	2025.04.18
View only the last 5

No	Title	Date
1	Microsoft’s Secure by Design journey: One year of success - Malware.News	2025.04.18
2	Microsoft’s Secure by Design journey: One year of success - Malware.News	2025.04.18
3	Kubernetes Threat Hunting using API Server Audit Logs - Malware.News	2025.04.15
4	Kubernetes Threat Hunting using API Server Audit Logs - Malware.News	2025.04.15
5	DNS Response analysis with KQL: queries, answers, TTL, RTT & more - Malware.News	2025.04.11
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	http://www.cipd.org/globalasse... Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File PNG Format JPEG Format	4e58a191b515eed2a9894dc8698bc5c0	59078	2025.04.18
2	1 Podgląd wpisu po zmianie _ C... Client SW User Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection BitCoin Internet API persistenc	0b0afec69e7d62568ab3bfdadc92c631	59177	2025.04.18
3	1 Podgląd wpisu po zmianie _ C... Client SW User Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection BitCoin Internet API persistenc	0b0afec69e7d62568ab3bfdadc92c631	59174	2025.04.18
4	layout.bin Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File	72c582ab7db10af86a90608f98e5e614	59058	2025.04.17
5	os.dat Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File	af1d8d9435cb10fe2f4b4215eaf6bec4	59059	2025.04.17
View only the last 5

Level	Description
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	Performs some HTTP requests
notice	Potentially malicious URLs were found in the process memory dump
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
Network	ET INFO TLS Handshake Failure
Network	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

No data

Beta Service, If you select keyword, you can check detailed information.