Cyber Threat Trends

Summary: 2025/04/17 12:53

First reported date: 2010/11/26
Inquiry period : 2025/04/16 12:53 ~ 2025/04/17 12:53 (1 days), 8 search results

지난 7일 기간대비 75% 높은 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 Backdoor Update target Malware attack 입니다.
악성코드 유형 TONESHELL Trojan RAT PlugX XWorm Lumma NetWireRC AsyncRAT 도 새롭게 확인됩니다.
공격자 MuddyWater 도 새롭게 확인됩니다.
공격기술 Stealer Dropper Campaign 도 새롭게 확인됩니다.
기관 및 기업 Zscaler Europe Iran 도 새롭게 확인됩니다.
기타 Cobalt Strike c&c MUSTANG PANDA IoC Victim 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/17 Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2
    ㆍ 2025/04/17 Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1
    ㆍ 2025/04/16 How Indicators of Compromise, Attack, and Behavior Help Spot and Stop Cyber Threats

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	Backdoor	8	▲ 6 (75%)
2	Cobalt Strike	4	▲ new
3	Update	4	▲ 3 (75%)
4	target	3	▲ 2 (67%)
5	c&c	3	▲ new
6	MUSTANG PANDA	3	▲ new
7	TONESHELL	3	▲ new
8	Malware	3	▲ 2 (67%)
9	IoC	3	▲ new
10	Zscaler	3	▲ new
11	attack	3	▲ 2 (67%)
12	Victim	3	▲ new
13	EDR	3	▲ 3 (100%)
14	Windows	3	▲ 3 (100%)
15	Trojan	2	▲ new
16	China	2	▲ 2 (100%)
17	Exploit	2	▲ 1 (50%)
18	GitHub	2	▲ new
19	Advertising	2	▲ 2 (100%)
20	hijack	2	▲ 2 (100%)
21	keylogger	2	▲ new
22	Linux	2	▲ new
23	GameoverP2P	2	▲ 2 (100%)
24	Operation	2	▲ 2 (100%)
25	Stealer	1	▲ new
26	intelligence	1	▲ 1 (100%)
27	StarProxy	1	▲ new
28	file	1	▲ new
29	ZeroDay	1	▲ 1 (100%)
30	C2	1	▲ new
31	RAT	1	▲ new
32	Email	1	▲ 1 (100%)
33	Europe	1	▲ new
34	Government	1	▲ 1 (100%)
35	UNIX	1	▲ new
36	Reading	1	▲ new
37	Dark	1	▲ new
38	Dropper	1	▲ new
39	ChinaLinked	1	▲ new
40	Hackers	1	▲ new
41	Lay	1	▲ new
42	driver	1	▲ new
43	Kaspersky	1	▲ 1 (100%)
44	Microsoft	1	▲ 1 (100%)
45	schtasks	1	▲ new
46	PlugX	1	▲ new
47	SplatCloak	1	▲ new
48	Mustan	1	▲ new
49	Supply	1	▲ new
50	Vawtrak	1	▲ 1 (100%)
51	controller	1	▲ 1 (100%)
52	healthcare	1	▲ new
53	retail	1	▲ new
54	energy	1	▲ new
55	Supply chain	1	▲ new
56	ThreatLabz	1	▲ new
57	deep	1	▲ new
58	dive	1	▲ new
59	Mustang	1	▲ new
60	Report	1	- 0 (0%)
61	South Korea	1	▲ 1 (100%)
62	Trend Micro	1	▲ 1 (100%)
63	Egypt	1	▲ 1 (100%)
64	Hong Kong	1	▲ 1 (100%)
65	BPFDoor	1	▲ 1 (100%)
66	Enables	1	▲ new
67	XWorm	1	▲ new
68	Phishing	1	▲ 1 (100%)
69	Lumma	1	▲ new
70	Iran	1	▲ new
71	powershell	1	▲ 1 (100%)
72	chain	1	▲ new
73	United States	1	- 0 (0%)
74	Campaign	1	▲ new
75	Vulnerability	1	▲ 1 (100%)
76	Fortinet	1	▲ 1 (100%)
77	MuddyWater	1	▲ new
78	NetWireRC	1	▲ new
79	AsyncRAT	1	▲ new
80	httpstcoVn	1	▲ new
81	LawrenceAbrams	1	▲ new
82	symlink	1	▲ new
83	server	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
TONESHELL		3 (21.4%)
Trojan		2 (14.3%)
GameoverP2P		2 (14.3%)
RAT		1 (7.1%)
PlugX		1 (7.1%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
MuddyWater		1 (100%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Backdoor		8 (50%)
Exploit		2 (12.5%)
hijack		2 (12.5%)
Stealer		1 (6.3%)
Dropper		1 (6.3%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
Zscaler		3 (18.8%)
China		2 (12.5%)
Europe		1 (6.3%)
Government		1 (6.3%)
Kaspersky		1 (6.3%)

Threat info

Last 5

SNS

(Total : 4)

Total keyword

Backdoor MUSTANG PANDA Fortinet Cobalt Strike TONESHELL Update Zscaler attack Supply chain China

No	Title	Date
1	The Hacker News @TheHackersNews ???? Supply chain cyberattacks are exploding — and hitting where it hurts most: healthcare, retail, energy. ???? One breach = millions exposed. The risk? Vendors are the backdoor. Hackers are walking right in. Learn what’s driving this wave and how to stay ahead: https://t.co/4LGcPEY37W	2025.04.16
2	Zscaler ThreatLabz @Threatlabz Zscaler ThreatLabz has published a deep dive on ????Mustang Panda’s latest arsenal including updates to the ToneShell backdoor and a newly discovered lateral movement tool that we have named StarProxy. Read our full technical analysis here: https://t.co/qTsApYXBTm https://t.co/WJ8bPHRxt7	2025.04.16
3	Kimberly @StopMalvertisin Dark Reading \| China-Linked Hackers Lay Brickstorm Backdoors on Euro Networks https://t.co/mrAffs2sof	2025.04.16
4	BleepingComputer @BleepinComputer Over 16,000 Fortinet devices compromised with symlink backdoor - @LawrenceAbrams https://t.co/Vn6TkIFVk0 https://t.co/Vn6TkIFVk0	2025.04.16

News

(Total : 4)

Total keyword

Backdoor Cobalt Strike Victim c&c target IoC Update Windows EDR Malware GitHub Trojan Attacker MUSTANG PANDA Operation keylogger GameoverP2P TONESHELL Advertising attack Exploit Linux Zscaler hijack PlugX schtasks Microsoft Report Dropper China UNIX Government Europe C2 Kaspersky Stealer intelligence Vulnerability Trend Micro Egypt Hong Kong AsyncRAT NetWireRC MuddyWater Phishing Email Campaign United States powershell Iran Lumma XWorm Vawtrak South Korea ZeroDay RAT

No	Title	Date
1	Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak \| P2 - Malware.News	2025.04.17
2	Latest Mustang Panda Arsenal: ToneShell and StarProxy \| P1 - Malware.News	2025.04.17
3	How Indicators of Compromise, Attack, and Behavior Help Spot and Stop Cyber Threats - Malware.News	2025.04.16
4	New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks - The Hacker News	2025.04.16

Additional information

No	Title	Date
1	엔디비아 'AI 심장부' GPU에 보안 구멍.. '즉시 패치' 비상 - 시큐리티팩트	2025.04.17
2	Hi, robot: Half of all internet traffic now automated - Malware.News	2025.04.17
3	Zoom Sees Outage With 50,000 Users Reporting Availability Issues - Bloomberg Technology	2025.04.17
4	Nude photos and names: KU Health and Kansas hospital sued for data breach - Malware.News	2025.04.17
5	DeepSeek Poses ‘Profound’ Security Threat, US House Panel Claims - Bloomberg Technology	2025.04.17
View only the last 5

No	Title	Date
1	Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak \| P2 - Malware.News	2025.04.17
2	Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak \| P2 - Malware.News	2025.04.17
3	Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak \| P2 - Malware.News	2025.04.17
4	Latest Mustang Panda Arsenal: ToneShell and StarProxy \| P1 - Malware.News	2025.04.17
5	New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks - The Hacker News	2025.04.16
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	remcos_a.exe Client SW User Data Stealer Backdoor RemcosRAT Browser Login Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library Malicious Packer UPX Create Service Socket Escalate priviledges PWS Sniff Audio DNS Interne	e3aecc3188eac24edb8e34f5044b3a6a	58998	2025.04.14
2	edocument.exe njRAT backdoor Generic Malware Malicious Library Antivirus UPX PE File CAB MSOffice File PE32 OS Processor Check OS Name Check DLL	445861c5c25defe38d09ae2135230e4b	58925	2025.04.10
3	pdf.ps1 Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Hide_EXE Generic Malware Google Chrome User Data Downloader Malicious Library .NET framework(MSIL) Antivirus Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Inte	642647cf863119977d7bd52e848e0cfe	58395	2025.03.31
4	ZoomInstallerFull.exe njRAT backdoor Generic Malware Malicious Library Antivirus UPX PE File MSOffice File CAB PE32 OS Processor Check OS Name Check DLL	92c3cfc9f25013c5d8f2212fcc04c887	58266	2025.03.24
5	Zoom.ClientSetupv-204827038.ex... njRAT backdoor Generic Malware Malicious Library Antivirus UPX PE File MSOffice File CAB PE32 OS Processor Check OS Name Check DLL	4baa06d13429759cd61da9da0738f8aa	58267	2025.03.24
View only the last 5

Level	Description
danger	File has been identified by 66 AntiVirus engines on VirusTotal as malicious
danger	The process wscript.exe wrote an executable file to disk which it then attempted to execute
danger	Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
danger	Executed a process and injected code into it
warning	Disables Windows Security features
watch	Communicates with host for which no DNS query was performed
watch	Installs itself for autorun at Windows startup
watch	One or more non-whitelisted processes were created
watch	Potential code injection by writing to the memory of another process
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
watch	Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice	A process attempted to delay the analysis task.
notice	A process created a hidden window
notice	Checks whether any human activity is being performed by constantly checking whether the foreground window changed
notice	Creates a suspicious process
notice	Creates executable files on the filesystem
notice	Drops a binary and executes it
notice	Drops an executable to the user AppData folder
notice	One or more potentially interesting buffers were extracted
notice	Terminates another process
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	Command line console output was observed
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)

No data

No	URL	CC	ASN Co	Reporter	Date
1	http://83.224.128.207/sshd backdoor censys elf sshdkit	IT	Vodafone Italia S.p.A.	DaveLikesMalwre	2025.04.17
2	http://188.28.76.180:8082/sshd backdoor censys elf sshdkit	GB	Three	DaveLikesMalwre	2025.04.17
3	http://117.206.137.98:2000/sshd backdoor censys elf sshdkit	IN	National Internet Backbone	DaveLikesMalwre	2025.04.17
4	http://31.216.198.57:8081/sshd backdoor censys elf sshdkit	HR	Hrvatski Telekom d.d.	DaveLikesMalwre	2025.04.17
5	http://31.216.198.57:8082/sshd backdoor censys elf sshdkit	HR	Hrvatski Telekom d.d.	DaveLikesMalwre	2025.04.17
View only the last 5