Cyber Threat Trends

Summary: 2025/04/17 10:56

First reported date: 2011/06/21
Inquiry period : 2025/04/16 10:56 ~ 2025/04/17 10:56 (1 days), 6 search results

지난 7일 기간대비 50% 높은 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 Malware Cryptocurrency Trojan Phishing Campaign 입니다.
악성코드 유형 RAT Grandoreiro njRAT Vawtrak 도 새롭게 확인됩니다.
공격기술 Stealer 도 새롭게 확인됩니다.
기관 및 기업 Europe Chinese Deloitte Apple 도 새롭게 확인됩니다.
기타 Android address access account RN 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/17 “I sent you an email from your email account,” sextortion scam claims
    ㆍ 2025/04/16 Credential theft achieved by malicious MEXC order-hijacking PyPI package
    ㆍ 2025/04/16 Malicious crypto developer-targeted coding challenges spread infostealers

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	Malware	6	▲ 4 (67%)
2	Cryptocurrency	6	▲ 3 (50%)
3	Trojan	4	▲ 4 (100%)
4	Phishing	3	▲ 3 (100%)
5	Campaign	3	▲ 2 (67%)
6	China	3	▲ 3 (100%)
7	target	3	▲ 2 (67%)
8	Stealer	2	▲ new
9	malicious	2	▲ 1 (50%)
10	attack	2	▲ 2 (100%)
11	Advertising	2	▲ 2 (100%)
12	Victim	2	▲ 1 (50%)
13	Report	2	▲ 1 (50%)
14	Microsoft	2	▲ 1 (50%)
15	Android	2	▲ new
16	RAT	1	▲ new
17	Government	1	▲ 1 (100%)
18	address	1	▲ new
19	TraderTraitor	1	▲ 1 (100%)
20	access	1	▲ new
21	account	1	▲ new
22	Operation	1	▲ 1 (100%)
23	RN	1	▲ new
24	MWNEWS	1	▲ new
25	crypto	1	▲ 1 (100%)
26	Attacks	1	▲ new
27	Grandoreiro	1	▲ new
28	intelligence	1	▲ 1 (100%)
29	Email	1	▲ 1 (100%)
30	RCE	1	- 0 (0%)
31	Banking	1	▲ 1 (100%)
32	Europe	1	▲ new
33	Snapshot	1	▲ new
34	Threat	1	▲ 1 (100%)
35	Consumer	1	▲ new
36	North Korea	1	▲ 1 (100%)
37	njRAT	1	▲ new
38	Password	1	▲ 1 (100%)
39	NetWireRC	1	▲ 1 (100%)
40	Browser	1	▲ 1 (100%)
41	payment	1	▲ 1 (100%)
42	hacking	1	▲ 1 (100%)
43	hijack	1	▲ 1 (100%)
44	theft	1	▲ new
45	Ransomware	1	▲ 1 (100%)
46	Russia	1	▲ 1 (100%)
47	Telegram	1	▲ 1 (100%)
48	WhatsApp	1	▲ new
49	Chinese	1	▲ new
50	apps	1	▲ new
51	Vulnerability	1	▲ 1 (100%)
52	Social Engineering	1	▲ 1 (100%)
53	YouTube	1	▲ 1 (100%)
54	United States	1	- 0 (0%)
55	Germany	1	▲ 1 (100%)
56	United Kingdom	1	▲ 1 (100%)
57	Zero Trust	1	▲ new
58	Accenture	1	▲ 1 (100%)
59	Credential	1	▲ new
60	Deloitte	1	▲ new
61	Criminal	1	- 0 (0%)
62	arrest	1	▲ 1 (100%)
63	Vawtrak	1	▲ new
64	Windows	1	▲ 1 (100%)
65	Gmail	1	▲ new
66	LinkedIn	1	▲ 1 (100%)
67	Apple	1	▲ new
68	Wha	1	▲ new
69	Kaspersky	1	▲ 1 (100%)
70	Hijacking	1	▲ 1 (100%)
71	MEXC	1	▲ new
72	package	1	▲ 1 (100%)
73	own	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
Trojan		4 (40%)
RAT		1 (10%)
Grandoreiro		1 (10%)
njRAT		1 (10%)
NetWireRC		1 (10%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
TraderTraitor		1 (100%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Phishing		3 (23.1%)
Campaign		3 (23.1%)
Stealer		2 (15.4%)
RCE		1 (7.7%)
hacking		1 (7.7%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
China		3 (16.7%)
Microsoft		2 (11.1%)
Government		1 (5.6%)
Banking		1 (5.6%)
Europe		1 (5.6%)

Threat info

Last 5

SNS

(Total : 0)

No data.

News

(Total : 6)

Total keyword

Malware Cryptocurrency Trojan Phishing Campaign China target Stealer attack Advertising Victim Report Microsoft Android RAT Government TraderTraitor Operation Attacks Grandoreiro intelligence Email RCE Banking Europe North Korea njRAT Password NetWireRC Browser payment hacking hijack Ransomware Russia Telegram WhatsApp Chinese Vulnerability Social Engineering YouTube United States Attacker Germany United Kingdom Zero Trust Accenture Deloitte Criminal arrest Vawtrak Windows Gmail LinkedIn Apple Kaspersky Hijacking

No	Title	Date
1	“I sent you an email from your email account,” sextortion scam claims - Malware.News	2025.04.17
2	Malicious crypto developer-targeted coding challenges spread infostealers - Malware.News	2025.04.16
3	Credential theft achieved by malicious MEXC order-hijacking PyPI package - Malware.News	2025.04.16
4	Threat Intelligence Snapshot: Week 14, 2025 - Malware.News	2025.04.16
5	Cyber Signals Issue 9 \| AI-powered deception: Emerging fraud threats and countermeasures - Malware.News	2025.04.16

Additional information

No	Title	Date
1	엔디비아 'AI 심장부' GPU에 보안 구멍.. '즉시 패치' 비상 - 시큐리티팩트	2025.04.17
2	Hi, robot: Half of all internet traffic now automated - Malware.News	2025.04.17
3	Zoom Sees Outage With 50,000 Users Reporting Availability Issues - Bloomberg Technology	2025.04.17
4	Nude photos and names: KU Health and Kansas hospital sued for data breach - Malware.News	2025.04.17
5	DeepSeek Poses ‘Profound’ Security Threat, US House Panel Claims - Bloomberg Technology	2025.04.17
View only the last 5

No	Title	Date
1	Threat Intelligence Snapshot: Week 14, 2025 - Malware.News	2025.04.16
2	Threat Intelligence Snapshot: Week 14, 2025 - Malware.News	2025.04.16
3	Cyber Signals Issue 9 \| AI-powered deception: Emerging fraud threats and countermeasures - Malware.News	2025.04.16
4	Cyber Signals Issue 9 \| AI-powered deception: Emerging fraud threats and countermeasures - Malware.News	2025.04.16
5	Cyber Signals Issue 9 \| AI-powered deception: Emerging fraud threats and countermeasures - Malware.News	2025.04.16
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	conhost.exe XMRig Miner Emotet Cryptocurrency Miner Suspicious_Script_Bin Generic Malware CoinHive Cryptocurrency task schedule Downloader Malicious Library UPX Malicious Packer Antivirus .NET framework(MSIL) Create Service Socket DGA Http API ScreenShot Escalate pri	8378455f7c8a30d74b355adaf576a10b	50845	2024.06.11
2	conhost.exe XMRig Miner Emotet Cryptocurrency Miner Generic Malware Suspicious_Script_Bin CoinHive Cryptocurrency task schedule Downloader Malicious Library UPX Antivirus Malicious Packer .NET framework(MSIL) Create Service Socket DGA Http API ScreenShot Escalate pri	0c648321522607509014810fa9850703	46656	2023.11.20
3	IE.exe PWS[m] Gen1 RAT Cryptocurrency Miner Generic Malware task schedule CoinHive Cryptocurrency UPX WinRAR Malicious Library Malicious Packer Antivirus Anti_VM Create Service DGA Socket ScreenShot DNS Internet API Code injection Sniff Audio HTTP Steal credenti	d55af7419949eb1630bf0e6b3684166e	26373	2022.05.02
4	64a1.com PWS[m] Cryptocurrency Miner Generic Malware CoinHive Cryptocurrency UPX WinRAR Malicious Library Malicious Packer Create Service DGA Socket ScreenShot DNS BitCoin Internet API Code injection Sniff Audio HTTP Steal credential KeyLogger P2P Downloader Esca	def5558538f028028677e6118b46009d	26377	2022.05.02
5	http://regalosfreaks.blogspot.... AgentTesla CoinHive Cryptocurrency Http API Internet API ScreenShot DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Steal credential Downloader P2P persistence AntiDebug AntiVM PNG Format JPE	d808b4bbb918207dd54b242b2339afec	12072	2021.06.08
View only the last 5

Level	Description
danger	File has been identified by 35 AntiVirus engines on VirusTotal as malicious
watch	A process attempted to delay the analysis task.
watch	Attempts to create or modify system certificates
watch	Communicates with host for which no DNS query was performed
watch	Connects to an IRC server
watch	Installs itself for autorun at Windows startup
watch	Looks for the Windows Idle Time to determine the uptime
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	A process created a hidden window
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Checks adapter addresses which can be used to detect virtual network interfaces
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Creates a shortcut to an executable file
notice	Creates a suspicious process
notice	Creates executable files on the filesystem
notice	Creates hidden or system file
notice	Drops a binary and executes it
notice	Drops an executable to the user AppData folder
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	One or more potentially interesting buffers were extracted
notice	Performs some HTTP requests
notice	Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
notice	Terminates another process
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	Command line console output was observed
info	Queries for the computername
info	The executable uses a known packer
info	Uses Windows APIs to generate a cryptographic key
Network	ET DROP Spamhaus DROP Listed Traffic Inbound group 23
Network	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
Network	ET INFO Executable Download from dotted-quad Host
Network	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
Network	ET POLICY PE EXE or DLL Windows file download HTTP
Network	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

No data

Beta Service, If you select keyword, you can check detailed information.