Cyber Threat Trends

Summary: 2025/04/17 10:43

First reported date: 2010/05/28
Inquiry period : 2025/04/16 10:43 ~ 2025/04/17 10:43 (1 days), 3 search results

지난 7일 기간대비 100% 높은 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 keylogger Windows Malware target Update 입니다.
악성코드 유형 TONESHELL Trojan GameoverP2P PlugX 도 새롭게 확인됩니다.
공격기술 Backdoor hijack 도 새롭게 확인됩니다.
기관 및 기업 Zscaler Microsoft Kaspersky Europe 도 새롭게 확인됩니다.
기타 EDR MUSTANG PANDA Cobalt Strike Victim GitHub 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
ㆍ 2025/04/17 Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2
ㆍ 2025/04/17 Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	keylogger	3	▲ 3 (100%)
2	Zscaler	3	▲ new
3	EDR	3	▲ new
4	MUSTANG PANDA	3	▲ new
5	Cobalt Strike	3	▲ new
6	Victim	2	▲ new
7	GitHub	2	▲ new
8	Windows	2	▲ 2 (100%)
9	TONESHELL	2	▲ new
10	Backdoor	2	▲ new
11	hijack	2	▲ new
12	Malware	2	▲ 2 (100%)
13	c&c	2	▲ new
14	IoC	2	▲ new
15	Advertising	2	▲ new
16	Trojan	2	▲ new
17	target	2	▲ 2 (100%)
18	Operation	2	▲ new
19	Update	2	▲ 2 (100%)
20	Microsoft	1	▲ new
21	schtasks	1	▲ new
22	GameoverP2P	1	▲ new
23	PlugX	1	▲ new
24	server	1	▲ new
25	Exploit	1	▲ 1 (100%)
26	attack	1	▲ 1 (100%)
27	Dropper	1	▲ 1 (100%)
28	SplatCloak	1	▲ new
29	driver	1	▲ new
30	Kaspersky	1	▲ new
31	Government	1	▲ 1 (100%)
32	StarProxy	1	▲ new
33	file	1	▲ new
34	C2	1	▲ new
35	Europe	1	▲ new
36	ThreatLabz	1	▲ new
37	UNIX	1	▲ new
38	China	1	▲ 1 (100%)
39	Campaign	1	▲ 1 (100%)
40	Panda	1	▲ new
41	Mustang	1	▲ new
42	exploration	1	▲ new
43	Mustan	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
TONESHELL		2 (33.3%)
Trojan		2 (33.3%)
GameoverP2P		1 (16.7%)
PlugX		1 (16.7%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Backdoor		2 (28.6%)
hijack		2 (28.6%)
Exploit		1 (14.3%)
Dropper		1 (14.3%)
Campaign		1 (14.3%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
Zscaler		3 (37.5%)
Microsoft		1 (12.5%)
Kaspersky		1 (12.5%)
Government		1 (12.5%)
Europe		1 (12.5%)

Threat info

Last 5

SNS

(Total : 1)

Total keyword

Zscaler Campaign keylogger EDR MUSTANG PANDA Cobalt Strike

No	Title	Date
1	Zscaler ThreatLabz @Threatlabz Zscaler ThreatLabz continues its exploration of Mustang Panda tools by analyzing two new keyloggers that we have named PAKLOG & CorKLOG, and an EDR tampering tool that we have named SplatCloak. Learn how this APT evades detection: https://t.co/xpSVDVTATu https://t.co/FNu1FmqIzd	2025.04.16

News

(Total : 2)

Total keyword

Cobalt Strike Windows Operation keylogger target MUSTANG PANDA hijack Backdoor Advertising Update GitHub Trojan Victim EDR c&c IoC Zscaler Malware TONESHELL UNIX schtasks Dropper attack Exploit GameoverP2P PlugX Microsoft Kaspersky C2 Europe Attacker Government China

No	Title	Date
1	Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak \| P2 - Malware.News	2025.04.17
2	Latest Mustang Panda Arsenal: ToneShell and StarProxy \| P1 - Malware.News	2025.04.17

Additional information

No	Title	Date
1	엔디비아 'AI 심장부' GPU에 보안 구멍.. '즉시 패치' 비상 - 시큐리티팩트	2025.04.17
2	Hi, robot: Half of all internet traffic now automated - Malware.News	2025.04.17
3	Zoom Sees Outage With 50,000 Users Reporting Availability Issues - Bloomberg Technology	2025.04.17
4	Nude photos and names: KU Health and Kansas hospital sued for data breach - Malware.News	2025.04.17
5	DeepSeek Poses ‘Profound’ Security Threat, US House Panel Claims - Bloomberg Technology	2025.04.17
View only the last 5

No	Title	Date
1	Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak \| P2 - Malware.News	2025.04.17
2	Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak \| P2 - Malware.News	2025.04.17
3	Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak \| P2 - Malware.News	2025.04.17
4	Latest Mustang Panda Arsenal: ToneShell and StarProxy \| P1 - Malware.News	2025.04.17
5	A week in security (April 7 – April 13) - Malware.News	2025.04.14
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	layout.bin Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File	72c582ab7db10af86a90608f98e5e614	59058	2025.04.17
2	os.dat Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File	af1d8d9435cb10fe2f4b4215eaf6bec4	59059	2025.04.17
3	setup.bmp Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM BMP Format MSOffice File	f1874e4041a511771e01e079227ca8ca	59060	2025.04.17
4	SETUP.INI Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File	ac9d9386a57420db9299eb1be1fa82de	59062	2025.04.17
5	setup.ins Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File	89ab96b20f7b472b91e8a0660054394c	59063	2025.04.17
View only the last 5

Level	Description
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	Potentially malicious URLs were found in the process memory dump
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
Network	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

No data

No	URL	CC	ASN Co	Reporter	Date
1	https://tinyfilemanagerdemo.alwaysdata.net/user/files/b.exe alwaysdata exe keylogger	FR	Alwaysdata Sarl	user1222	2025.02.23
2	http://141.147.43.219:3000/ftp/EmmetPROD.exe exe keylogger lazy	SE		Riordz	2025.01.31
3	http://107.172.148.212/260/cvss.exe exe keylogger snake	US	AS-COLOCROSSING	Riordz	2025.01.30
4	http://caca.vercel.app/file.exe keylogger	US		abus3reports	2024.12.06
5	https://raw.githubusercontent.com/cheetz/nishang/master/Gather/Keylogger.ps1 keylogger	US	FASTLY	abus3reports	2024.12.06
View only the last 5

Beta Service, If you select keyword, you can check detailed information.