Cyber Threat Trends

Summary: 2025/04/17 12:37

First reported date: 2012/01/05
Inquiry period : 2025/04/16 12:36 ~ 2025/04/17 12:36 (1 days), 9 search results

지난 7일 기간대비 동일한 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 Malware Update target Victim Exploit 입니다.
악성코드 유형 njRAT XWorm AsyncRAT 도 새롭게 확인됩니다.
공격자 MuddyWater APT28 도 새롭게 확인됩니다.
공격기술 MalSpam 도 새롭게 확인됩니다.
기관 및 기업 Iran Türkiye 도 새롭게 확인됩니다.
기타 Android own WhatsApp Krebs Trump 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/17 Former cyber official Chris Krebs to leave SentinelOne in bid to fight Trump pressure
    ㆍ 2025/04/17 Hi, robot: Half of all internet traffic now automated
    ㆍ 2025/04/17 Exploiting SMS: Threat Actors Use Social Engineering to Target Companies

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	Email	9	- 0 (0%)
2	Malware	6	▲ 2 (33%)
3	Update	5	▲ 3 (60%)
4	target	5	▲ 3 (60%)
5	Victim	5	▲ 3 (60%)
6	Exploit	4	▲ 2 (50%)
7	Phishing	4	▲ 1 (25%)
8	Browser	4	▲ 3 (75%)
9	Kaspersky	3	▲ 2 (67%)
10	Report	3	- 0 (0%)
11	NetWireRC	3	▲ 3 (100%)
12	Campaign	3	▲ 1 (33%)
13	Russia	3	▲ 3 (100%)
14	United States	3	- 0 (0%)
15	RCE	3	▲ 2 (67%)
16	attack	3	▲ 1 (33%)
17	intelligence	3	▲ 2 (67%)
18	payment	2	▲ 2 (100%)
19	account	2	▲ 2 (100%)
20	RAT	2	▲ 2 (100%)
21	Advertising	2	- 0 (0%)
22	njRAT	2	▲ new
23	Education	2	▲ 1 (50%)
24	Windows	2	▲ 1 (50%)
25	Government	2	▲ 1 (50%)
26	Password	2	▲ 2 (100%)
27	ZeroDay	2	▲ 2 (100%)
28	IoC	2	▲ 1 (50%)
29	Vulnerability	2	▲ 1 (50%)
30	threat	2	▲ 1 (50%)
31	LinkedIn	1	▲ 1 (100%)
32	MFA	1	- 0 (0%)
33	Android	1	▲ new
34	Social Engineering	1	▲ 1 (100%)
35	Tick	1	▲ 1 (100%)
36	own	1	▲ new
37	CISA	1	▲ 1 (100%)
38	WhatsApp	1	▲ new
39	Krebs	1	▲ new
40	address	1	▲ 1 (100%)
41	Trump	1	▲ new
42	ltpgt	1	▲ new
43	access	1	▲ new
44	Smishing	1	▲ 1 (100%)
45	Software	1	- 0 (0%)
46	hijack	1	▲ 1 (100%)
47	application	1	▲ new
48	Router	1	▲ new
49	traffic	1	▲ new
50	web	1	▲ new
51	bot	1	▲ 1 (100%)
52	human	1	▲ new
53	Firefox	1	▲ new
54	Chrome	1	▲ 1 (100%)
55	Google	1	- 0 (0%)
56	Criminal	1	- 0 (0%)
57	sense	1	▲ new
58	Figure	1	▲ 1 (100%)
59	legitimate	1	▲ new
60	RATel	1	▲ 1 (100%)
61	SentinelOne	1	▲ 1 (100%)
62	Cofense	1	▲ 1 (100%)
63	actor	1	▲ 1 (100%)
64	GitHub	1	▲ 1 (100%)
65	Trojan	1	▲ 1 (100%)
66	Lumma	1	▲ 1 (100%)
67	Linux	1	▲ 1 (100%)
68	Stealer	1	▲ 1 (100%)
69	Vawtrak	1	▲ 1 (100%)
70	GameoverP2P	1	- 0 (0%)
71	XWorm	1	▲ new
72	EDR	1	▲ 1 (100%)
73	Iran	1	▲ new
74	Portugal	1	▲ new
75	powershell	1	- 0 (0%)
76	c&c	1	▲ 1 (100%)
77	MuddyWater	1	▲ new
78	Cobalt Strike	1	▲ new
79	AsyncRAT	1	▲ new
80	Russian	1	▲ new
81	case	1	▲ new
82	Backdoor	1	▲ 1 (100%)
83	store	1	▲ new
84	Cryptocurrency	1	▲ 1 (100%)
85	Check Point	1	▲ 1 (100%)
86	scam	1	▲ 1 (100%)
87	sextortion	1	▲ new
88	Operation	1	- 0 (0%)
89	Europe	1	▲ 1 (100%)
90	MalSpam	1	▲ new
91	sherrodim	1	▲ new
92	Türkiye	1	▲ new
93	SQL	1	▲ new
94	Australia	1	▲ 1 (100%)
95	Microsoft	1	- 0 (0%)
96	SMB	1	▲ 1 (100%)
97	Ucraina	1	▲ 1 (100%)
98	APT28	1	▲ new
99	Alleged	1	- 0 (0%)
100	format	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
NetWireRC		3 (21.4%)
RAT		2 (14.3%)
njRAT		2 (14.3%)
RATel		1 (7.1%)
Trojan		1 (7.1%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
Tick		1 (33.3%)
MuddyWater		1 (33.3%)
APT28		1 (33.3%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Exploit		4 (20%)
Phishing		4 (20%)
Campaign		3 (15%)
RCE		3 (15%)
Social Engineering		1 (5%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
Kaspersky		3 (14.3%)
Russia		3 (14.3%)
United States		3 (14.3%)
Government		2 (9.5%)
CISA		1 (4.8%)

Threat info

Last 5

SNS

(Total : 2)

Total keyword

Email Russia Campaign Kaspersky Report Advertising

No	Title	Date
1	Microsoft Threat Intelligence @MsftSecIntel @sherrod_im In the case of the Russian threat actor Star Blizzard, while their campaigns have always been focused on email credential theft, the actor has persistently introduced new techniques to avoid detection, and either modified or abandoned them once they become publicly known.	2025.04.16
2	Dark Web Informer - Cyber Threat Intelligence @DarkWebInformer ???????????? Alleged Sale of 180,000 Portugal Leads – $3,000 A threat actor is allegedly selling 180K personal records from Portugal, reportedly extracted from online store databases in SQL format. ???? Record count: 180,000 ???? Data format: Email, Name, Phone ???? Source: Online store SQL https:	2025.04.16

News

(Total : 7)

Total keyword

Email Malware Update Victim target Browser Phishing Exploit Attacker NetWireRC RCE United States attack intelligence ZeroDay Kaspersky RAT Report Russia Government Windows njRAT Campaign Education payment Vulnerability Password IoC Google Android MFA Smishing WhatsApp AsyncRAT Router CISA LinkedIn SentinelOne RATel Criminal Tick Software hijack Firefox Chrome Social Engineering Europe Ucraina MuddyWater c&c powershell Iran Lumma EDR XWorm GameoverP2P Vawtrak Stealer Linux Backdoor APT28 SMB Microsoft Australia Türkiye Check Point GitHub MalSpam Advertising Cobalt Strike Operation Cryptocurrency Trojan

No	Title	Date
1	Former cyber official Chris Krebs to leave SentinelOne in bid to fight Trump pressure - Malware.News	2025.04.17
2	Hi, robot: Half of all internet traffic now automated - Malware.News	2025.04.17
3	Exploiting SMS: Threat Actors Use Social Engineering to Target Companies - Malware.News	2025.04.17
4	“I sent you an email from your email account,” sextortion scam claims - Malware.News	2025.04.17
5	“I sent you an email from your email account,” sextortion scam claims - Malwarebytes Labs	2025.04.16

Additional information

No	Title	Date
1	엔디비아 'AI 심장부' GPU에 보안 구멍.. '즉시 패치' 비상 - 시큐리티팩트	2025.04.17
2	Hi, robot: Half of all internet traffic now automated - Malware.News	2025.04.17
3	Zoom Sees Outage With 50,000 Users Reporting Availability Issues - Bloomberg Technology	2025.04.17
4	Nude photos and names: KU Health and Kansas hospital sued for data breach - Malware.News	2025.04.17
5	DeepSeek Poses ‘Profound’ Security Threat, US House Panel Claims - Bloomberg Technology	2025.04.17
View only the last 5

No	Title	Date
1	Former cyber official Chris Krebs to leave SentinelOne in bid to fight Trump pressure - Malware.News	2025.04.17
2	Former cyber official Chris Krebs to leave SentinelOne in bid to fight Trump pressure - Malware.News	2025.04.17
3	Former cyber official Chris Krebs to leave SentinelOne in bid to fight Trump pressure - Malware.News	2025.04.17
4	Exploiting SMS: Threat Actors Use Social Engineering to Target Companies - Malware.News	2025.04.17
5	CVE-2025-24054, NTLM Exploit in the Wild - Malware.News	2025.04.16
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	111_2023-04-07_08-22.exe email stealer Downloader Malicious Library Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Code injection persistence KeyLogger AntiDebug AntiVM PE File PE32	b1c1243d05e33560bfbda42ce515db8f	54563	2024.10.09
2	download.ics email stealer DGA Http API ScreenShot Escalate priviledges PWS HTTP Internet API KeyLogger AntiDebug AntiVM	7be2232d72dff43cf090b194542cf229	51915	2024.07.23
3	xnnwljxxbbawjwlmac.exe email stealer Generic Malware Possible Infostealer Activity Downloader .NET framework(MSIL) Antivirus Socket Escalate priviledges PWS DNS Code injection Internet API persistence KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE	0c74bc9529b8d9f96fc7e1b47559abd1	48467	2024.02.13
4	conhost.exe Gen1 email stealer Downloader .NET framework(MSIL) UPX Malicious Packer Malicious Library Escalate priviledges PWS DNS Code injection persistence KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check DLL	d1ebfffb918cb931ae8e6ef5546b9efa	47762	2024.01.31
5	a.exe email stealer Downloader .NET framework(MSIL) Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Code injection persistence KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE	248fdd80b574b1379fe4f6f1cee40091	46404	2023.11.07
View only the last 5

Level	Description
danger	File has been identified by 59 AntiVirus engines on VirusTotal as malicious
danger	Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
danger	Executed a process and injected code into it
watch	Allocates execute permission to another process indicative of possible code injection
watch	Attempts to remove evidence of file being downloaded from the Internet
watch	Communicates with host for which no DNS query was performed
watch	Potential code injection by writing to the memory of another process
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
watch	Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	One or more potentially interesting buffers were extracted
notice	Potentially malicious URLs were found in the process memory dump
notice	The binary likely contains encrypted or compressed data indicative of a packer
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	This executable has a PDB path

No data

Beta Service, If you select keyword, you can check detailed information.