Cyber Threat Trends

Summary: 2025/04/17 12:46

First reported date: 2011/05/25
Inquiry period : 2025/04/16 12:46 ~ 2025/04/17 12:46 (1 days), 5 search results

지난 7일 기간대비 20% 높은 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 Stealer Malware MWNEWS Victim Update 입니다.
악성코드 유형 Trojan Grandoreiro AsyncRAT SectopRAT XWorm NetWireRC Vawtrak RAT 도 새롭게 확인됩니다.
공격자 MuddyWater TraderTraitor 도 새롭게 확인됩니다.
공격기술 RCE ClickFix Backdoor 도 새롭게 확인됩니다.
기관 및 기업 Banking Europe 도 새롭게 확인됩니다.
기타 Cryptocurrency Malicious crypto Attacks RN 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/17 Interlock ransomware evolves tactics with ClickFix, infostealers
    ㆍ 2025/04/16 Infostealer deployed via bogus PDFCandy converter
    ㆍ 2025/04/16 Malicious crypto developer-targeted coding challenges spread infostealers

참고로 동일한 그룹의 악성코드 타입은 FormBook QakBot RedLine 등 101개 종이 확인됩니다.

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	Stealer	5	▲ 1 (20%)
2	Malware	5	▲ 4 (80%)
3	MWNEWS	3	▲ 3 (100%)
4	Victim	2	▲ 2 (100%)
5	Update	2	▲ 2 (100%)
6	attack	2	▲ 2 (100%)
7	intelligence	2	▲ 2 (100%)
8	target	2	▲ 1 (50%)
9	Campaign	2	▲ 1 (50%)
10	Phishing	2	▲ 1 (50%)
11	Trojan	2	▲ new
12	Cryptocurrency	2	▲ new
13	Malicious	1	▲ new
14	crypto	1	▲ new
15	Government	1	▲ 1 (100%)
16	Attacks	1	▲ new
17	Android	1	▲ 1 (100%)
18	Microsoft	1	▲ 1 (100%)
19	China	1	▲ 1 (100%)
20	Grandoreiro	1	▲ new
21	RN	1	▲ new
22	AsyncRAT	1	▲ new
23	RCE	1	▲ new
24	Banking	1	▲ new
25	Snapshot	1	▲ new
26	Threat	1	▲ new
27	Consumer	1	▲ new
28	Report	1	- 0 (0%)
29	SectopRAT	1	▲ new
30	PDFCandy	1	▲ new
31	Infostealer	1	▲ 1 (100%)
32	bogus	1	▲ new
33	converter	1	▲ new
34	Ransomware	1	▲ 1 (100%)
35	ClickFix	1	▲ new
36	Interlock	1	▲ new
37	Europe	1	▲ new
38	hacking	1	▲ 1 (100%)
39	Operation	1	▲ 1 (100%)
40	XWorm	1	▲ new
41	NetWireRC	1	▲ new
42	MuddyWater	1	▲ new
43	Vulnerability	1	▲ 1 (100%)
44	United States	1	▲ 1 (100%)
45	IoC	1	- 0 (0%)
46	c&c	1	▲ 1 (100%)
47	powershell	1	▲ 1 (100%)
48	Iran	1	▲ 1 (100%)
49	Lumma	1	- 0 (0%)
50	EDR	1	▲ new
51	GameoverP2P	1	▲ 1 (100%)
52	TraderTraitor	1	▲ new
53	Vawtrak	1	▲ new
54	Linux	1	▲ 1 (100%)
55	Windows	1	▲ 1 (100%)
56	ZeroDay	1	▲ new
57	Exploit	1	▲ 1 (100%)
58	RAT	1	▲ new
59	Email	1	▲ 1 (100%)
60	Backdoor	1	▲ new
61	North Korea	1	▲ 1 (100%)
62	Cobalt Strike	1	▲ 1 (100%)
63	Advertising	1	▲ 1 (100%)
64	lesserknown	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
Trojan		2 (16.7%)
Grandoreiro		1 (8.3%)
AsyncRAT		1 (8.3%)
SectopRAT		1 (8.3%)
Ransomware		1 (8.3%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
MuddyWater		1 (50%)
TraderTraitor		1 (50%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Stealer		5 (35.7%)
Campaign		2 (14.3%)
Phishing		2 (14.3%)
RCE		1 (7.1%)
ClickFix		1 (7.1%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
Government		1 (12.5%)
Microsoft		1 (12.5%)
China		1 (12.5%)
Banking		1 (12.5%)
Europe		1 (12.5%)

Malware Family

Top 5

A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.

Threat info

Last 5

SNS

(Total : 0)

No data.

News

(Total : 5)

Total keyword

Stealer Malware Victim Update attack intelligence target Campaign Phishing Trojan Cryptocurrency Government Attacks Android Microsoft China Grandoreiro AsyncRAT RCE Banking Report SectopRAT Ransomware ClickFix Europe hacking Operation XWorm NetWireRC MuddyWater Vulnerability United States IoC c&c Attacker powershell Iran Lumma EDR GameoverP2P TraderTraitor Vawtrak Linux Windows ZeroDay Exploit RAT Email Backdoor North Korea Cobalt Strike Advertising

No	Title	Date
1	Interlock ransomware evolves tactics with ClickFix, infostealers - Malware.News	2025.04.17
2	Malicious crypto developer-targeted coding challenges spread infostealers - Malware.News	2025.04.16
3	Infostealer deployed via bogus PDFCandy converter - Malware.News	2025.04.16
4	Threat Intelligence Snapshot: Week 14, 2025 - Malware.News	2025.04.16
5	How Indicators of Compromise, Attack, and Behavior Help Spot and Stop Cyber Threats - Malware.News	2025.04.16

Additional information

No	Title	Date
1	엔디비아 'AI 심장부' GPU에 보안 구멍.. '즉시 패치' 비상 - 시큐리티팩트	2025.04.17
2	Hi, robot: Half of all internet traffic now automated - Malware.News	2025.04.17
3	Zoom Sees Outage With 50,000 Users Reporting Availability Issues - Bloomberg Technology	2025.04.17
4	Nude photos and names: KU Health and Kansas hospital sued for data breach - Malware.News	2025.04.17
5	DeepSeek Poses ‘Profound’ Security Threat, US House Panel Claims - Bloomberg Technology	2025.04.17
View only the last 5

No	Title	Date
1	Threat Intelligence Snapshot: Week 14, 2025 - Malware.News	2025.04.16
2	Threat Intelligence Snapshot: Week 14, 2025 - Malware.News	2025.04.16
3	Threat actors misuse Node.js to deliver malware and other malicious payloads - Malware.News	2025.04.16
4	Threat actors misuse Node.js to deliver malware and other malicious payloads - Malware.News	2025.04.16
5	Crypto Developers Targeted by Python Malware Disguised as Coding Challenges - The Hacker News	2025.04.15
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	111_2023-04-07_08-22.exe email stealer Downloader Malicious Library Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Code injection persistence KeyLogger AntiDebug AntiVM PE File PE32	b1c1243d05e33560bfbda42ce515db8f	54563	2024.10.09
2	download.ics email stealer DGA Http API ScreenShot Escalate priviledges PWS HTTP Internet API KeyLogger AntiDebug AntiVM	7be2232d72dff43cf090b194542cf229	51915	2024.07.23
3	xnnwljxxbbawjwlmac.exe email stealer Generic Malware Possible Infostealer Activity Downloader .NET framework(MSIL) Antivirus Socket Escalate priviledges PWS DNS Code injection Internet API persistence KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE	0c74bc9529b8d9f96fc7e1b47559abd1	48467	2024.02.13
4	conhost.exe Gen1 email stealer Downloader .NET framework(MSIL) UPX Malicious Packer Malicious Library Escalate priviledges PWS DNS Code injection persistence KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check DLL	d1ebfffb918cb931ae8e6ef5546b9efa	47762	2024.01.31
5	a.exe email stealer Downloader .NET framework(MSIL) Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Code injection persistence KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE	248fdd80b574b1379fe4f6f1cee40091	46404	2023.11.07
View only the last 5

Level	Description
danger	File has been identified by 59 AntiVirus engines on VirusTotal as malicious
danger	Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually)
danger	Executed a process and injected code into it
watch	Allocates execute permission to another process indicative of possible code injection
watch	Attempts to remove evidence of file being downloaded from the Internet
watch	Communicates with host for which no DNS query was performed
watch	Potential code injection by writing to the memory of another process
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
watch	Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	One or more potentially interesting buffers were extracted
notice	Potentially malicious URLs were found in the process memory dump
notice	The binary likely contains encrypted or compressed data indicative of a packer
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	This executable has a PDB path

No data

No	URL	CC	ASN Co	Reporter	Date
1	http://80.66.84.133/YJTURMRG.mp4 hta stealer	BY	...	DaveLikesMalwre	2025.04.15
2	https://www.dropbox.com/scl/fi/xfme3jj5rgt6u5ig7he70/CapCut-Pro.rar?rlkey=ndad0985or8n5rokxmb0pz5k0&... Lumma LummaStealer stealer	US	DROPBOX	iLikeMalware	2025.04.13
3	https://sites.google.com/view/robloxfree2025/roblox-free-hack Lumma LummaStealer stealer	US	GOOGLE	iLikeMalware	2025.04.13
4	https://drive.google.com/file/d/11SRBeq-5b2C7gf5Z24SzNiSxCTSHONLJ/view Lumma LummaStealer stealer	US	GOOGLE	iLikeMalware	2025.04.13
5	https://github.com/Fortnite-Wallhacks-2025/.github/releases/tag/files Lumma LummaStealer stealer	US	MICROSOFT-CORP-MSN-AS-BLOCK	iLikeMalware	2025.04.13
View only the last 5

Beta Service, If you select keyword, you can check detailed information.