Cyber Threat Trends

Summary: 2025/04/17 12:46

First reported date: 2009/08/05
Inquiry period : 2025/04/16 12:46 ~ 2025/04/17 12:46 (1 days), 11 search results

지난 7일 기간대비 82% 높은 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 Browser Google Chrome target Malware 입니다.
악성코드 유형 NetWireRC njRAT 도 새롭게 확인됩니다.
공격자 Tick APT28 도 새롭게 확인됩니다.
공격기술 hijack Smishing MalSpam 도 새롭게 확인됩니다.
기관 및 기업 Okta Ucraina Europe Government Check Point Türkiye Australia 도 새롭게 확인됩니다.
기타 Education Kritische WhatsApp account payment 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/17 Hi, robot: Half of all internet traffic now automated
    ㆍ 2025/04/17 Exploiting SMS: Threat Actors Use Social Engineering to Target Companies
    ㆍ 2025/04/17 IT Sicherheitsnews taegliche Zusammenfassung 2025-04-16 18h : 7 posts

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	Browser	11	▲ 9 (82%)
2	Google	5	▲ 4 (80%)
3	Chrome	5	▲ 4 (80%)
4	target	5	▲ 5 (100%)
5	Malware	5	▲ 4 (80%)
6	Update	5	▲ 4 (80%)
7	RCE	4	▲ 4 (100%)
8	Email	4	▲ 3 (75%)
9	Exploit	3	▲ 2 (67%)
10	Phishing	3	▲ 3 (100%)
11	Victim	3	▲ 3 (100%)
12	attack	3	▲ 3 (100%)
13	Education	2	▲ new
14	Kritische	2	▲ new
15	Windows	2	▲ 1 (50%)
16	WhatsApp	2	▲ new
17	hijack	2	▲ new
18	United States	2	▲ 2 (100%)
19	account	2	▲ new
20	payment	2	▲ new
21	Password	2	▲ 2 (100%)
22	MFA	2	▲ 2 (100%)
23	Sicherheitslücke	2	▲ new
24	Report	2	▲ 2 (100%)
25	legitimate	1	▲ new
26	Router	1	▲ new
27	Safari	1	▲ 1 (100%)
28	Okta	1	▲ new
29	RATel	1	▲ 1 (100%)
30	intelligence	1	▲ new
31	Software	1	- 0 (0%)
32	web	1	▲ new
33	traffic	1	▲ new
34	Criminal	1	▲ 1 (100%)
35	ChatGPT	1	▲ 1 (100%)
36	dichtet	1	▲ new
37	abgedichtet	1	▲ new
38	bot	1	▲ new
39	human	1	▲ new
40	Firefox	1	▲ 1 (100%)
41	last	1	▲ new
42	Cofense	1	▲ new
43	user	1	▲ new
44	Zusammenfassung	1	▲ new
45	step	1	▲ new
46	operator	1	▲ new
47	taegliche	1	▲ new
48	state	1	▲ new
49	Tick	1	▲ new
50	Sicherheitsnews	1	▲ new
51	Social Engineering	1	▲ 1 (100%)
52	Android	1	▲ 1 (100%)
53	IoC	1	▲ 1 (100%)
54	sense	1	▲ new
55	threat	1	▲ 1 (100%)
56	Figure	1	▲ 1 (100%)
57	Smishing	1	▲ new
58	Trojan	1	▲ 1 (100%)
59	Webbrowser	1	▲ new
60	Nur	1	▲ new
61	Ucraina	1	▲ new
62	Kaspersky	1	▲ 1 (100%)
63	Vulnerability	1	▲ 1 (100%)
64	APT28	1	▲ new
65	TLSZertifikaten	1	▲ new
66	Gültigkeit	1	▲ new
67	Tage	1	▲ new
68	von	1	▲ new
69	Campaign	1	▲ 1 (100%)
70	Apple	1	▲ 1 (100%)
71	httpstcoeKBLwkcgFp	1	▲ new
72	Tor	1	▲ new
73	plugin	1	▲ new
74	code	1	▲ new
75	QR	1	▲ new
76	sherrodim	1	▲ new
77	Russia	1	▲ 1 (100%)
78	SMB	1	▲ 1 (100%)
79	own	1	▲ new
80	Europe	1	▲ new
81	address	1	▲ new
82	access	1	▲ new
83	RAT	1	▲ 1 (100%)
84	Cryptocurrency	1	▲ 1 (100%)
85	NetWireRC	1	▲ new
86	njRAT	1	▲ new
87	Operation	1	▲ new
88	Government	1	▲ new
89	Microsoft	1	- 0 (0%)
90	Advertising	1	- 0 (0%)
91	MalSpam	1	▲ new
92	ZeroDay	1	▲ 1 (100%)
93	GitHub	1	▲ 1 (100%)
94	Check Point	1	▲ new
95	Türkiye	1	▲ new
96	Australia	1	▲ new
97	application	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
RATel		1 (20%)
Trojan		1 (20%)
RAT		1 (20%)
NetWireRC		1 (20%)
njRAT		1 (20%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
Tick		1 (50%)
APT28		1 (50%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
RCE		4 (25%)
Exploit		3 (18.8%)
Phishing		3 (18.8%)
hijack		2 (12.5%)
Social Engineering		1 (6.3%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
Google		5 (27.8%)
United States		2 (11.1%)
Okta		1 (5.6%)
Ucraina		1 (5.6%)
Kaspersky		1 (5.6%)

Threat info

Last 5

SNS

(Total : 2)

Total keyword

Browser WhatsApp target plugin Tor Update

No	Title	Date
1	Microsoft Threat Intelligence @MsftSecIntel @sherrod_im However, the QR code is used by WhatsApp to connect an account to a linked device and/or the WhatsApp Web portal. If the target follows the instructions on the page, the threat actor could gain access to messages in their WhatsApp account & exfiltrate data using browser plugins.	2025.04.16
2	Dark Web Informer - Cyber Threat Intelligence @DarkWebInformer ????Tor Browser 14.5 has been released! Update!???? https://t.co/eKBLwkcgFp	2025.04.16

News

(Total : 9)

Total keyword

Browser Google Chrome Malware Update Email RCE target attack Attacker Victim Exploit Phishing Windows Password hijack Education United States payment MFA Report RATel Okta Safari Router Software intelligence Firefox Tick Social Engineering Android Criminal IoC Smishing WhatsApp Apple ChatGPT Kaspersky Australia Microsoft SMB Campaign Russia Ucraina Vulnerability Check Point APT28 Türkiye GitHub RAT Trojan Cryptocurrency ZeroDay NetWireRC njRAT Operation Europe Government Advertising MalSpam

No	Title	Date
1	Hi, robot: Half of all internet traffic now automated - Malware.News	2025.04.17
2	IT Sicherheitsnews taegliche Zusammenfassung 2025-04-16 18h : 7 posts - IT Sicherheitsnews	2025.04.17
3	Exploiting SMS: Threat Actors Use Social Engineering to Target Companies - Malware.News	2025.04.17
4	Advanced KQL Deep Dive: User State Change Tracking - Malware.News	2025.04.17
5	Webbrowser: Kritische Sicherheitslücke in Chrome abgedichtet - IT Sicherheitsnews	2025.04.17

Additional information

No	Title	Date
1	엔디비아 'AI 심장부' GPU에 보안 구멍.. '즉시 패치' 비상 - 시큐리티팩트	2025.04.17
2	Hi, robot: Half of all internet traffic now automated - Malware.News	2025.04.17
3	Zoom Sees Outage With 50,000 Users Reporting Availability Issues - Bloomberg Technology	2025.04.17
4	Nude photos and names: KU Health and Kansas hospital sued for data breach - Malware.News	2025.04.17
5	DeepSeek Poses ‘Profound’ Security Threat, US House Panel Claims - Bloomberg Technology	2025.04.17
View only the last 5

No	Title	Date
1	IT Sicherheitsnews taegliche Zusammenfassung 2025-04-16 18h : 7 posts - IT Sicherheitsnews	2025.04.17
2	Exploiting SMS: Threat Actors Use Social Engineering to Target Companies - Malware.News	2025.04.17
3	Advanced KQL Deep Dive: User State Change Tracking - Malware.News	2025.04.17
4	Advanced KQL Deep Dive: User State Change Tracking - Malware.News	2025.04.17
5	Webbrowser: Kritische Sicherheitslücke in Chrome abgedichtet - IT Sicherheitsnews	2025.04.17
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	remcos_a.exe Client SW User Data Stealer Backdoor RemcosRAT Browser Login Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library Malicious Packer UPX Create Service Socket Escalate priviledges PWS Sniff Audio DNS Interne	e3aecc3188eac24edb8e34f5044b3a6a	58998	2025.04.14
2	pdf.ps1 Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Hide_EXE Generic Malware Google Chrome User Data Downloader Malicious Library .NET framework(MSIL) Antivirus Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Inte	642647cf863119977d7bd52e848e0cfe	58395	2025.03.31
3	kent.ps1 Client SW User Data Stealer Backdoor RemcosRAT Formbook browser info stealer Hide_EXE Generic Malware Google Chrome User Data Downloader Malicious Library Confuser .NET Antivirus Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Co	432719ce1459add67ebe4c01b47310f2	58059	2025.03.13
4	nyoilsafkjawd.exe Client SW User Data Stealer Backdoor RemcosRAT Browser Login Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library Malicious Packer UPX Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio	0bea38a3f664f5c8d72ab74db022aacd	58045	2025.03.12
5	crossings.exe Client SW User Data Stealer Backdoor RemcosRAT Browser Login Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library Malicious Packer UPX Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio	db59bfef32bc15d53bdf499dd1ae62c4	58044	2025.03.12
View only the last 5

Level	Description
danger	File has been identified by 66 AntiVirus engines on VirusTotal as malicious
danger	The process wscript.exe wrote an executable file to disk which it then attempted to execute
danger	Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
danger	Executed a process and injected code into it
warning	Disables Windows Security features
watch	Communicates with host for which no DNS query was performed
watch	Installs itself for autorun at Windows startup
watch	One or more non-whitelisted processes were created
watch	Potential code injection by writing to the memory of another process
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
watch	Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice	A process attempted to delay the analysis task.
notice	A process created a hidden window
notice	Checks whether any human activity is being performed by constantly checking whether the foreground window changed
notice	Creates a suspicious process
notice	Creates executable files on the filesystem
notice	Drops a binary and executes it
notice	Drops an executable to the user AppData folder
notice	One or more potentially interesting buffers were extracted
notice	Terminates another process
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	Command line console output was observed
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)

No data

Beta Service, If you select keyword, you can check detailed information.