Cyber Threat Trends

Summary: 2025/04/17 15:48

First reported date: 2010/05/28
Inquiry period : 2025/04/10 15:48 ~ 2025/04/17 15:48 (7 days), 5 search results

전 기간대비 60% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 keylogger 입니다.
악성코드 유형 TONESHELL Trojan GameoverP2P PlugX Lobshot Ransomware SnakeKeylogger 도 새롭게 확인됩니다.
공격기술 Backdoor hijack Campaign Exploit Dropper Phishing MalSpam 도 새롭게 확인됩니다.
기관 및 기업 Zscaler China Government Microsoft Kaspersky Europe Google Türkiye 도 새롭게 확인됩니다.
기타 Malware Windows target Update EDR 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/17 Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2
    ㆍ 2025/04/17 Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1
    ㆍ 2025/04/14 A week in security (April 7 – April 13)

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	keylogger	5	▲ 3 (60%)
2	Malware	3	▲ new
3	Windows	3	▲ new
4	target	3	▲ new
5	Zscaler	3	▲ new
6	Update	3	▲ new
7	EDR	3	▲ new
8	MUSTANG PANDA	3	▲ new
9	Cobalt Strike	3	▲ new
10	TONESHELL	2	▲ new
11	GitHub	2	▲ new
12	Operation	2	▲ new
13	Advertising	2	▲ new
14	Backdoor	2	▲ new
15	hijack	2	▲ new
16	IoC	2	▲ new
17	Campaign	2	▲ new
18	Trojan	2	▲ new
19	c&c	2	▲ new
20	Victim	2	- 0 (0%)
21	China	2	▲ new
22	attack	2	▲ new
23	Government	2	▲ new
24	Exploit	2	▲ new
25	UNIX	1	▲ new
26	driver	1	▲ new
27	SplatCloak	1	▲ new
28	Dropper	1	▲ new
29	GameoverP2P	1	▲ new
30	schtasks	1	▲ new
31	PlugX	1	▲ new
32	C2	1	▲ new
33	Microsoft	1	▲ new
34	Kaspersky	1	▲ new
35	server	1	▲ new
36	Europe	1	▲ new
37	StarProxy	1	▲ new
38	file	1	▲ new
39	exploration	1	▲ new
40	Panda	1	▲ new
41	ThreatProtection	1	▲ new
42	Phishing	1	▲ new
43	Report	1	▲ new
44	Lobshot	1	▲ new
45	Ransomware	1	▲ new
46	WhatsApp	1	▲ new
47	ZeroDay	1	▲ new
48	Google	1	▲ new
49	April	1	▲ new
50	Last	1	▲ new
51	cybercrime	1	▲ new
52	Mustang	1	▲ new
53	Turkeys	1	▲ new
54	employment	1	▲ new
55	agency	1	▲ new
56	İŞKUR	1	▲ new
57	MalSpam	1	▲ new
58	SnakeKeylogger	1	▲ new
59	Türkiye	1	▲ new
60	ThreatLabz	1	▲ new
61	Android	1	▲ new
62	Mustan	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
TONESHELL		2 (22.2%)
Trojan		2 (22.2%)
GameoverP2P		1 (11.1%)
PlugX		1 (11.1%)
Lobshot		1 (11.1%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Backdoor		2 (18.2%)
hijack		2 (18.2%)
Campaign		2 (18.2%)
Exploit		2 (18.2%)
Dropper		1 (9.1%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
Zscaler		3 (25%)
China		2 (16.7%)
Government		2 (16.7%)
Microsoft		1 (8.3%)
Kaspersky		1 (8.3%)

Threat info

Last 5

SNS

(Total : 2)

Total keyword

Campaign keylogger MUSTANG PANDA EDR Zscaler target Türkiye SnakeKeylogger MalSpam Cobalt Strike

No	Title	Date
1	Zscaler ThreatLabz @Threatlabz Zscaler ThreatLabz continues its exploration of Mustang Panda tools by analyzing two new keyloggers that we have named PAKLOG & CorKLOG, and an EDR tampering tool that we have named SplatCloak. Learn how this APT evades detection: https://t.co/xpSVDVTATu https://t.co/FNu1FmqIzd	2025.04.16
2	Threat Intelligence @threatintel #ThreatProtection Turkey’s employment agency (İŞKUR) impersonated in a Snake Keylogger malspam campaign targeting organizations across the country. https://t.co/MobFkRu6Ev #Cybercrime #Cybersecurity	2025.04.15

News

(Total : 3)

Total keyword

Malware Update keylogger Windows Zscaler IoC c&c Victim EDR TONESHELL Cobalt Strike GitHub Advertising Backdoor hijack Trojan MUSTANG PANDA target Operation China attack Government Exploit C2 Dropper PlugX GameoverP2P Kaspersky schtasks Microsoft Attacker Europe UNIX Android Google ZeroDay WhatsApp Ransomware Lobshot Report Phishing

No	Title	Date
1	Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak \| P2 - Malware.News	2025.04.17
2	Latest Mustang Panda Arsenal: ToneShell and StarProxy \| P1 - Malware.News	2025.04.17
3	A week in security (April 7 – April 13) - Malware.News	2025.04.14

Additional information

No	Title	Date
1	엔디비아 'AI 심장부' GPU에 보안 구멍.. '즉시 패치' 비상 - 시큐리티팩트	2025.04.17
2	Hi, robot: Half of all internet traffic now automated - Malware.News	2025.04.17
3	Zoom Sees Outage With 50,000 Users Reporting Availability Issues - Bloomberg Technology	2025.04.17
4	Nude photos and names: KU Health and Kansas hospital sued for data breach - Malware.News	2025.04.17
5	DeepSeek Poses ‘Profound’ Security Threat, US House Panel Claims - Bloomberg Technology	2025.04.17
View only the last 5

No	Title	Date
1	Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak \| P2 - Malware.News	2025.04.17
2	Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak \| P2 - Malware.News	2025.04.17
3	Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak \| P2 - Malware.News	2025.04.17
4	Latest Mustang Panda Arsenal: ToneShell and StarProxy \| P1 - Malware.News	2025.04.17
5	A week in security (April 7 – April 13) - Malware.News	2025.04.14
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	layout.bin Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File	72c582ab7db10af86a90608f98e5e614	59058	2025.04.17
2	os.dat Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File	af1d8d9435cb10fe2f4b4215eaf6bec4	59059	2025.04.17
3	setup.bmp Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM BMP Format MSOffice File	f1874e4041a511771e01e079227ca8ca	59060	2025.04.17
4	SETUP.INI Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File	ac9d9386a57420db9299eb1be1fa82de	59062	2025.04.17
5	setup.ins Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File	89ab96b20f7b472b91e8a0660054394c	59063	2025.04.17
View only the last 5

Level	Description
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	Potentially malicious URLs were found in the process memory dump
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
Network	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

No data

No	URL	CC	ASN Co	Reporter	Date
1	https://tinyfilemanagerdemo.alwaysdata.net/user/files/b.exe alwaysdata exe keylogger	FR	Alwaysdata Sarl	user1222	2025.02.23
2	http://141.147.43.219:3000/ftp/EmmetPROD.exe exe keylogger lazy	SE		Riordz	2025.01.31
3	http://107.172.148.212/260/cvss.exe exe keylogger snake	US	AS-COLOCROSSING	Riordz	2025.01.30
4	http://caca.vercel.app/file.exe keylogger	US		abus3reports	2024.12.06
5	https://raw.githubusercontent.com/cheetz/nishang/master/Gather/Keylogger.ps1 keylogger	US	FASTLY	abus3reports	2024.12.06
View only the last 5

Beta Service, If you select keyword, you can check detailed information.