Cyber Threat Trends

Summary: 2025/04/17 10:49

First reported date: 2013/03/05
Inquiry period : 2025/04/16 10:49 ~ 2025/04/17 10:49 (1 days), 2 search results

지난 7일 기간대비 동일한 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 Vulnerability United States Victim c&c IoC 입니다.
악성코드 유형 XWorm 도 새롭게 확인됩니다.
공격자 MuddyWater 도 새롭게 확인됩니다.
기관 및 기업 Iran Japan German South Korea Taiwan Australia 도 새롭게 확인됩니다.
기타 Malicious Traffic 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
ㆍ 2025/04/16 How Indicators of Compromise, Attack, and Behavior Help Spot and Stop Cyber Threats
ㆍ 2025/04/16 Monthly Threat Actor Group Intelligence Report, February 2025 (ENG)

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	Vulnerability	2	▲ 2 (100%)
2	United States	2	▲ 1 (50%)
3	Malware	2	- 0 (0%)
4	powershell	2	- 0 (0%)
5	Victim	2	▲ 1 (50%)
6	c&c	2	▲ 1 (50%)
7	IoC	2	▲ 1 (50%)
8	Campaign	2	▲ 1 (50%)
9	Phishing	2	▲ 1 (50%)
10	Vawtrak	1	▲ 1 (100%)
11	MuddyWater	1	▲ new
12	Iran	1	▲ new
13	Backdoor	1	▲ 1 (100%)
14	Lumma	1	▲ 1 (100%)
15	EDR	1	▲ 1 (100%)
16	XWorm	1	▲ new
17	GameoverP2P	1	- 0 (0%)
18	Stealer	1	▲ 1 (100%)
19	ZeroDay	1	▲ 1 (100%)
20	Linux	1	▲ 1 (100%)
21	Windows	1	- 0 (0%)
22	Email	1	- 0 (0%)
23	Cobalt Strike	1	▲ 1 (100%)
24	Update	1	- 0 (0%)
25	RAT	1	▲ 1 (100%)
26	Exploit	1	- 0 (0%)
27	NetWireRC	1	▲ 1 (100%)
28	Japan	1	▲ new
29	AsyncRAT	1	▲ 1 (100%)
30	Microsoft	1	- 0 (0%)
31	Kaspersky	1	- 0 (0%)
32	Android	1	▲ 1 (100%)
33	Report	1	- 0 (0%)
34	Ucraina	1	▲ 1 (100%)
35	Russia	1	- 0 (0%)
36	VBScript	1	▲ 1 (100%)
37	Distribution	1	▲ 1 (100%)
38	Telegram	1	▲ 1 (100%)
39	German	1	▲ new
40	Malicious Traffic	1	▲ new
41	WMI	1	▲ 1 (100%)
42	North Korea	1	▲ 1 (100%)
43	South Korea	1	▲ new
44	China	1	▲ 1 (100%)
45	Taiwan	1	▲ new
46	Australia	1	▲ new
47	intelligence	1	- 0 (0%)

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
Vawtrak		1 (14.3%)
Lumma		1 (14.3%)
XWorm		1 (14.3%)
GameoverP2P		1 (14.3%)
RAT		1 (14.3%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
MuddyWater		1 (100%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Campaign		2 (28.6%)
Phishing		2 (28.6%)
Backdoor		1 (14.3%)
Stealer		1 (14.3%)
Exploit		1 (14.3%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
United States		2 (14.3%)
Iran		1 (7.1%)
Japan		1 (7.1%)
Microsoft		1 (7.1%)
Kaspersky		1 (7.1%)

Threat info

Last 5

SNS

(Total : 0)

No data.

News

(Total : 2)

Total keyword

Vulnerability United States Malware powershell Victim c&c IoC Attacker Campaign Phishing Vawtrak MuddyWater Iran Backdoor Lumma EDR XWorm GameoverP2P Stealer ZeroDay Linux Windows Email Cobalt Strike Update RAT Exploit NetWireRC Japan AsyncRAT Microsoft Kaspersky Android Report Ucraina Russia VBScript Distribution Telegram German Malicious Traffic WMI North Korea South Korea China Taiwan Australia intelligence

No	Title	Date
1	How Indicators of Compromise, Attack, and Behavior Help Spot and Stop Cyber Threats - Malware.News	2025.04.16
2	Monthly Threat Actor Group Intelligence Report, February 2025 (ENG) - Malware.News	2025.04.16

Additional information

No	Title	Date
1	엔디비아 'AI 심장부' GPU에 보안 구멍.. '즉시 패치' 비상 - 시큐리티팩트	2025.04.17
2	Hi, robot: Half of all internet traffic now automated - Malware.News	2025.04.17
3	Zoom Sees Outage With 50,000 Users Reporting Availability Issues - Bloomberg Technology	2025.04.17
4	Nude photos and names: KU Health and Kansas hospital sued for data breach - Malware.News	2025.04.17
5	DeepSeek Poses ‘Profound’ Security Threat, US House Panel Claims - Bloomberg Technology	2025.04.17
View only the last 5

No	Title	Date
1	Monthly Threat Actor Group Intelligence Report, February 2025 (ENG) - Malware.News	2025.04.16
2	Monthly Threat Actor Group Intelligence Report, February 2025 (ENG) - Malware.News	2025.04.16
3	Threat actors misuse Node.js to deliver malware and other malicious payloads - Malware.News	2025.04.16
4	Threat actors misuse Node.js to deliver malware and other malicious payloads - Malware.News	2025.04.16
5	파키스탄 연계 해킹 그룹, 인도 정부·국방·해양 집중 공격 - 시큐리티팩트	2025.04.14
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	DKM-39902004.pdf.lnk Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM Lnk Format GIF Format PowerShell PNG Format MS	bfe2f106c5a937a00509f9ba9f6c916e	59044	2025.04.16
2	doc01585520250114102531.pdf.ln... Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM Lnk Format GIF Format PowerShell PNG Format JP	bfe2f106c5a937a00509f9ba9f6c916e	59045	2025.04.16
3	wecashourdrgoodnewthingsgoodbu... Generic Malware Downloader Antivirus AntiDebug AntiVM PowerShell PE File DLL PE32 .NET DLL	49a635b773f1351cdb4e4fb457e5008b	58969	2025.04.11
4	제안서.pdf.lnk Generic Malware Suspicious_Script_Bin Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell	777b6a02f7a44582c40ddadb82e60ddb	58970	2025.04.11
5	20250410_70404.xls.lnk Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell	95289ac289db6ad1fd9175992f498cd3	58971	2025.04.11
View only the last 5

Level	Description
danger	The processes wscript.exe
watch	A potential heapspray has been detected. 64 megabytes was sprayed onto the heap of the powershell.exe process
watch	Creates a suspicious Powershell process
watch	Creates an Alternate Data Stream (ADS)
watch	One or more non-whitelisted processes were created
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	A process created a hidden window
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	Checks adapter addresses which can be used to detect virtual network interfaces
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Creates a shortcut to an executable file
notice	Creates a suspicious process
notice	File has been identified by 3 AntiVirus engines on VirusTotal as malicious
notice	Performs some HTTP requests
notice	Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	Command line console output was observed
info	Queries for the computername
info	Uses Windows APIs to generate a cryptographic key
Network	ET HUNTING TryCloudFlare Domain in TLS SNI
Network	ET INFO Observed trycloudflare .com Domain in TLS SNI
Network	ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)
Network	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

No data

No	URL	CC	ASN Co	Reporter	Date
1	https://paste.ee/d/gkS5S6ML AgentTesla ascii powershell			abuse_ch	2025.04.15
2	https://paste.ee/d/sq6Rzu29 ascii powershell ps1			abuse_ch	2025.04.11
3	https://paste.ee/d/eoBdgCd4 ascii powershell ps1			abuse_ch	2025.04.11
4	https://paste.ee/d/fhqt6v94 ascii powershell			abuse_ch	2025.04.11
5	https://raw.githubusercontent.com/citraadvertising/X/refs/heads/main/pl-st1 ascii powershell ps1	US	FASTLY	abuse_ch	2025.04.11
View only the last 5

Beta Service, If you select keyword, you can check detailed information.