Cyber Threat Trends

Summary: 2025/04/17 10:34

First reported date: 2011/05/25
Inquiry period : 2025/04/16 10:34 ~ 2025/04/17 10:34 (1 days), 6 search results

지난 7일 기간대비 33% 높은 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 Stealer Malware MWNEWS target attack 입니다.
악성코드 유형 Trojan SectopRAT Grandoreiro AsyncRAT NetWireRC XWorm Vawtrak RAT 도 새롭게 확인됩니다.
공격자 TraderTraitor MuddyWater 도 새롭게 확인됩니다.
공격기술 ClickFix RCE Backdoor 도 새롭게 확인됩니다.
기관 및 기업 Banking Europe 도 새롭게 확인됩니다.
기타 Cryptocurrency Interlock RN converter Malicious 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/17 Interlock ransomware evolves tactics with ClickFix, infostealers
    ㆍ 2025/04/16 Infostealer deployed via bogus PDFCandy converter
    ㆍ 2025/04/16 Malicious crypto developer-targeted coding challenges spread infostealers

참고로 동일한 그룹의 악성코드 타입은 FormBook QakBot RedLine 등 101개 종이 확인됩니다.

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	Stealer	6	▲ 2 (33%)
2	Malware	5	▲ 4 (80%)
3	MWNEWS	3	▲ 3 (100%)
4	Cryptocurrency	2	▲ new
5	target	2	▲ 1 (50%)
6	attack	2	▲ 2 (100%)
7	intelligence	2	▲ 2 (100%)
8	Update	2	▲ 2 (100%)
9	Victim	2	▲ 2 (100%)
10	Campaign	2	▲ 1 (50%)
11	Phishing	2	▲ 1 (50%)
12	Trojan	2	▲ new
13	SectopRAT	1	▲ new
14	Android	1	▲ 1 (100%)
15	Interlock	1	▲ new
16	ClickFix	1	▲ new
17	Ransomware	1	▲ 1 (100%)
18	Operation	1	▲ 1 (100%)
19	RN	1	▲ new
20	converter	1	▲ new
21	Malicious	1	▲ new
22	crypto	1	▲ new
23	bogus	1	▲ new
24	Attacks	1	▲ new
25	Microsoft	1	▲ 1 (100%)
26	PDFCandy	1	▲ new
27	China	1	▲ 1 (100%)
28	Grandoreiro	1	▲ new
29	Government	1	▲ 1 (100%)
30	RCE	1	▲ new
31	Banking	1	▲ new
32	TraderTraitor	1	▲ new
33	Snapshot	1	▲ new
34	Infostealer	1	▲ 1 (100%)
35	Threat	1	▲ new
36	Consumer	1	▲ new
37	Report	1	- 0 (0%)
38	Europe	1	▲ new
39	Check	1	▲ new
40	Advertising	1	▲ 1 (100%)
41	Iran	1	▲ 1 (100%)
42	Software	1	▲ new
43	price	1	▲ new
44	Miner	1	▲ new
45	AsyncRAT	1	▲ new
46	Cobalt Strike	1	▲ 1 (100%)
47	NetWireRC	1	▲ new
48	MuddyWater	1	▲ new
49	Vulnerability	1	▲ 1 (100%)
50	United States	1	▲ 1 (100%)
51	IoC	1	- 0 (0%)
52	c&c	1	▲ 1 (100%)
53	powershell	1	▲ 1 (100%)
54	Lumma	1	- 0 (0%)
55	hacking	1	▲ 1 (100%)
56	EDR	1	▲ new
57	XWorm	1	▲ new
58	GameoverP2P	1	▲ 1 (100%)
59	Vawtrak	1	▲ new
60	Linux	1	▲ 1 (100%)
61	Windows	1	▲ 1 (100%)
62	ZeroDay	1	▲ new
63	Exploit	1	▲ 1 (100%)
64	RAT	1	▲ new
65	Email	1	▲ 1 (100%)
66	Backdoor	1	▲ new
67	free	1	▲ new
68	North Korea	1	▲ 1 (100%)
69	lesserknown	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
Trojan		2 (16.7%)
SectopRAT		1 (8.3%)
Ransomware		1 (8.3%)
Grandoreiro		1 (8.3%)
AsyncRAT		1 (8.3%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
TraderTraitor		1 (50%)
MuddyWater		1 (50%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Stealer		6 (40%)
Campaign		2 (13.3%)
Phishing		2 (13.3%)
ClickFix		1 (6.7%)
RCE		1 (6.7%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
Microsoft		1 (12.5%)
China		1 (12.5%)
Government		1 (12.5%)
Banking		1 (12.5%)
Europe		1 (12.5%)

Malware Family

Top 5

A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.

Threat info

Last 5

SNS

(Total : 1)

Total keyword

Software Stealer

No	Title	Date
1	Kaspersky @kaspersky That 'free' cracked software? It comes with a price. ????️ Miner? Check. Credential stealer? Check. Working program? Not so much. Learn more: https://t.co/GspIi8Hrad https://t.co/DNkCR8Eq78	2025.04.16

News

(Total : 5)

Total keyword

Stealer Malware Victim Update attack intelligence target Campaign Phishing Trojan Cryptocurrency Government Attacks Android Microsoft China Grandoreiro AsyncRAT RCE Banking Report SectopRAT Ransomware ClickFix Europe hacking Operation XWorm NetWireRC MuddyWater Vulnerability United States IoC c&c Attacker powershell Iran Lumma EDR GameoverP2P TraderTraitor Vawtrak Linux Windows ZeroDay Exploit RAT Email Backdoor North Korea Cobalt Strike Advertising

No	Title	Date
1	Interlock ransomware evolves tactics with ClickFix, infostealers - Malware.News	2025.04.17
2	Malicious crypto developer-targeted coding challenges spread infostealers - Malware.News	2025.04.16
3	Infostealer deployed via bogus PDFCandy converter - Malware.News	2025.04.16
4	Threat Intelligence Snapshot: Week 14, 2025 - Malware.News	2025.04.16
5	How Indicators of Compromise, Attack, and Behavior Help Spot and Stop Cyber Threats - Malware.News	2025.04.16

Additional information

No	Title	Date
1	Hi, robot: Half of all internet traffic now automated - Malware.News	2025.04.17
2	Zoom Sees Outage With 50,000 Users Reporting Availability Issues - Bloomberg Technology	2025.04.17
3	Nude photos and names: KU Health and Kansas hospital sued for data breach - Malware.News	2025.04.17
4	DeepSeek Poses ‘Profound’ Security Threat, US House Panel Claims - Bloomberg Technology	2025.04.17
5	6,000 WordPress Sites Affected by Arbitrary File Move Vulnerability in Drag and Drop Multiple File Upload for WooCommerce WordPress Plugin - Malware.News	2025.04.17
View only the last 5

No	Title	Date
1	Threat Intelligence Snapshot: Week 14, 2025 - Malware.News	2025.04.16
2	Threat Intelligence Snapshot: Week 14, 2025 - Malware.News	2025.04.16
3	Threat actors misuse Node.js to deliver malware and other malicious payloads - Malware.News	2025.04.16
4	Threat actors misuse Node.js to deliver malware and other malicious payloads - Malware.News	2025.04.16
5	Crypto Developers Targeted by Python Malware Disguised as Coding Challenges - The Hacker News	2025.04.15
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	111_2023-04-07_08-22.exe email stealer Downloader Malicious Library Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Code injection persistence KeyLogger AntiDebug AntiVM PE File PE32	b1c1243d05e33560bfbda42ce515db8f	54563	2024.10.09
2	download.ics email stealer DGA Http API ScreenShot Escalate priviledges PWS HTTP Internet API KeyLogger AntiDebug AntiVM	7be2232d72dff43cf090b194542cf229	51915	2024.07.23
3	xnnwljxxbbawjwlmac.exe email stealer Generic Malware Possible Infostealer Activity Downloader .NET framework(MSIL) Antivirus Socket Escalate priviledges PWS DNS Code injection Internet API persistence KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE	0c74bc9529b8d9f96fc7e1b47559abd1	48467	2024.02.13
4	conhost.exe Gen1 email stealer Downloader .NET framework(MSIL) UPX Malicious Packer Malicious Library Escalate priviledges PWS DNS Code injection persistence KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check DLL	d1ebfffb918cb931ae8e6ef5546b9efa	47762	2024.01.31
5	a.exe email stealer Downloader .NET framework(MSIL) Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Code injection persistence KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE	248fdd80b574b1379fe4f6f1cee40091	46404	2023.11.07
View only the last 5

Level	Description
danger	File has been identified by 59 AntiVirus engines on VirusTotal as malicious
danger	Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
danger	Executed a process and injected code into it
watch	Allocates execute permission to another process indicative of possible code injection
watch	Attempts to remove evidence of file being downloaded from the Internet
watch	Communicates with host for which no DNS query was performed
watch	Potential code injection by writing to the memory of another process
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
watch	Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	One or more potentially interesting buffers were extracted
notice	Potentially malicious URLs were found in the process memory dump
notice	The binary likely contains encrypted or compressed data indicative of a packer
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	This executable has a PDB path

No data

No	URL	CC	ASN Co	Reporter	Date
1	http://80.66.84.133/YJTURMRG.mp4 hta stealer	BY	...	DaveLikesMalwre	2025.04.15
2	https://www.dropbox.com/scl/fi/xfme3jj5rgt6u5ig7he70/CapCut-Pro.rar?rlkey=ndad0985or8n5rokxmb0pz5k0&... Lumma LummaStealer stealer	US	DROPBOX	iLikeMalware	2025.04.13
3	https://sites.google.com/view/robloxfree2025/roblox-free-hack Lumma LummaStealer stealer	US	GOOGLE	iLikeMalware	2025.04.13
4	https://drive.google.com/file/d/11SRBeq-5b2C7gf5Z24SzNiSxCTSHONLJ/view Lumma LummaStealer stealer	US	GOOGLE	iLikeMalware	2025.04.13
5	https://github.com/Fortnite-Wallhacks-2025/.github/releases/tag/files Lumma LummaStealer stealer	US	MICROSOFT-CORP-MSN-AS-BLOCK	iLikeMalware	2025.04.13
View only the last 5

Beta Service, If you select keyword, you can check detailed information.