Cyber Threat Trends

Summary: 2025/04/17 10:19

First reported date: 2018/05/02
Inquiry period : 2025/04/16 10:19 ~ 2025/04/17 10:19 (1 days), 1 search results

지난 7일 기간대비 동일한 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 AsyncRAT RAT Lumma IoC NetWireRC 입니다.
악성코드 유형 Vawtrak GameoverP2P 도 새롭게 확인됩니다.
공격자 MuddyWater 도 새롭게 확인됩니다.
공격기술 Backdoor Exploit Stealer Campaign Phishing 도 새롭게 확인됩니다.
기관 및 기업 Iran United States 도 새롭게 확인됩니다.
기타 EDR Email ZeroDay Update Windows 등 신규 키워드도 확인됩니다.

Malware with wide range of capabilities ranging from RAT to ransomware. Ref.

* 최근 뉴스기사 Top3:
ㆍ 2025/04/16 How Indicators of Compromise, Attack, and Behavior Help Spot and Stop Cyber Threats

참고로 동일한 그룹의 악성코드 타입은 SmokeLoader GuLoader Zloader 등 47개 종이 확인됩니다.

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	AsyncRAT	1	▲ 1 (100%)
2	EDR	1	▲ new
3	Backdoor	1	▲ new
4	Email	1	▲ new
5	RAT	1	▲ 1 (100%)
6	Exploit	1	▲ new
7	ZeroDay	1	▲ new
8	Update	1	▲ new
9	Windows	1	▲ new
10	Linux	1	▲ new
11	Stealer	1	▲ new
12	Vawtrak	1	▲ new
13	GameoverP2P	1	▲ new
14	XWorm	1	- 0 (0%)
15	Lumma	1	▲ 1 (100%)
16	Cobalt Strike	1	▲ new
17	Iran	1	▲ new
18	powershell	1	▲ new
19	Victim	1	▲ new
20	c&c	1	▲ new
21	IoC	1	▲ 1 (100%)
22	United States	1	▲ new
23	Campaign	1	▲ new
24	Phishing	1	▲ new
25	Malware	1	▲ new
26	Vulnerability	1	▲ new
27	MuddyWater	1	▲ new
28	NetWireRC	1	▲ 1 (100%)
29	intelligence	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
AsyncRAT		1 (14.3%)
RAT		1 (14.3%)
Vawtrak		1 (14.3%)
GameoverP2P		1 (14.3%)
XWorm		1 (14.3%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
MuddyWater		1 (100%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Backdoor		1 (20%)
Exploit		1 (20%)
Stealer		1 (20%)
Campaign		1 (20%)
Phishing		1 (20%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
Iran		1 (50%)
United States		1 (50%)

Malware Family

Top 5

A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.

Threat info

Last 5

SNS

(Total : 0)

No data.

News

(Total : 1)

Total keyword

AsyncRAT EDR Backdoor Email RAT Exploit ZeroDay Update Windows Linux Stealer Vawtrak GameoverP2P XWorm Lumma Cobalt Strike Iran powershell Attacker Victim c&c IoC United States Campaign Phishing Malware Vulnerability MuddyWater NetWireRC intelligence

No	Title	Date
1	How Indicators of Compromise, Attack, and Behavior Help Spot and Stop Cyber Threats - Malware.News	2025.04.16

Additional information

No	Title	Date
1	Hi, robot: Half of all internet traffic now automated - Malware.News	2025.04.17
2	Zoom Sees Outage With 50,000 Users Reporting Availability Issues - Bloomberg Technology	2025.04.17
3	Nude photos and names: KU Health and Kansas hospital sued for data breach - Malware.News	2025.04.17
4	DeepSeek Poses ‘Profound’ Security Threat, US House Panel Claims - Bloomberg Technology	2025.04.17
5	6,000 WordPress Sites Affected by Arbitrary File Move Vulnerability in Drag and Drop Multiple File Upload for WooCommerce WordPress Plugin - Malware.News	2025.04.17
View only the last 5

No	Title	Date
1	ClickFix: How to Infect Your PC in Three Easy Steps - Malware.News	2025.03.15
2	ClickFix: How to Infect Your PC in Three Easy Steps - Malware.News	2025.03.15
3	ClickFix: How to Infect Your PC in Three Easy Steps - Malware.News	2025.03.15
4	Microsoft Research Reveals – Phishing Campaign Impersonates Booking(.)com, Delivers a Suite of Credential-Stealing Malware - Malware.News	2025.03.14
5	Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware - Malware.News	2025.03.14
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	dsl.exe XWorm Generic Malware WebCam Malicious Library Antivirus AntiDebug AntiVM PE File .NET EXE PE32	ca3c89c340a55b727fba1a1009cd0c0c	58284	2025.03.24
2	brain.ps1 XWorm Formbook Hide_EXE Generic Malware WebCam Antivirus Malicious Library Confuser .NET Code injection KeyLogger AntiDebug AntiVM PE File DLL PE32 .NET DLL .NET EXE	62f57d817459bd722949f54a03302b88	58062	2025.03.13
3	we.exe XWorm Hide_EXE WebCam Antivirus UPX AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check .NET DLL	918f83cd6d935bd729990142f8e276e0	57981	2025.03.08
4	rt.exe XWorm Hide_EXE WebCam Antivirus UPX AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check .NET DLL	47db83a48f4ce42a918802f20de2728f	57986	2025.03.08
5	yr.exe XWorm Hide_EXE WebCam Antivirus UPX AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check .NET DLL	b29aa8460bf0b60c342b00e1e1003e0e	57853	2025.02.28
View only the last 5

Level	Description
danger	File has been identified by 54 AntiVirus engines on VirusTotal as malicious
danger	Executed a process and injected code into it
watch	A process performed obfuscation on information about the computer or sent it to a remote location indicative of CnC Traffic/Preperations.
watch	Allocates execute permission to another process indicative of possible code injection
watch	Code injection by writing an executable or DLL to the memory of another process
watch	Potential code injection by writing to the memory of another process
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
watch	Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice	A process created a hidden window
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Creates a shortcut to an executable file
notice	Creates a suspicious process
notice	One or more potentially interesting buffers were extracted
notice	Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
notice	The binary likely contains encrypted or compressed data indicative of a packer
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	Command line console output was observed
info	Queries for the computername
info	This executable has a PDB path
info	Uses Windows APIs to generate a cryptographic key

No	Category	URL	CC	ASN Co	Date
1	c2	http://92.255.85.2:4372/	RU	Comfortel Ltd.	2025.04.04
2	c2	http://92.255.85.2:7777/	RU	Comfortel Ltd.	2025.04.04
3	c2	https://pastebin.com/raw/jxfGm9Pc	US	CLOUDFLARENET	2024.09.02
4	c2	http://85.209.133.150:6677/	DE	Cloud Computing Ltd.	2024.09.02
5	c2	http://91.92.240.41:7000/	BG	Natskovi & Sie Ltd.	2024.08.12
View only the last 5

No	URL	CC	ASN Co	Reporter	Date
1	https://paste.ee/r/V1aImIIe/0 base64 Encoded exe xworm			DaveLikesMalwre	2025.04.15
2	http://92.255.85.2/pixel.exe booking ClickFix FakeCaptcha xworm	RU	Comfortel Ltd.	JAMESWT_WT	2025.04.14
3	http://92.255.85.2/rc.mp4 booking ClickFix FakeCaptcha xworm	RU	Comfortel Ltd.	JAMESWT_WT	2025.04.14
4	https://lumiraseo.com/download/main.bat xworm	DE	...	abus3reports	2025.04.13
5	https://lumiraseo.com/download/installer.exe xworm	DE	...	abus3reports	2025.04.13
View only the last 5

Beta Service, If you select keyword, you can check detailed information.