Cyber Threat Trends

Summary: 2025/04/30 14:53

First reported date: 2013/03/05
Inquiry period : 2025/04/29 14:53 ~ 2025/04/30 14:53 (1 days), 2 search results

지난 7일 기간대비 50% 높은 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 powershell Windows Criminal Stealer Update 입니다.
악성코드 유형 AsyncRAT Stealc 도 새롭게 확인됩니다.
공격자 Anonymous 도 새롭게 확인됩니다.
기관 및 기업 Recorded Future Palo Alto Networks 도 새롭게 확인됩니다.
기타 Browser M ProtectionHighlight cybercrime WMI 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
ㆍ 2025/04/29 Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	powershell	2	▲ 1 (50%)
2	Windows	2	▲ 1 (50%)
3	AsyncRAT	1	▲ new
4	Browser	1	▲ new
5	Criminal	1	▲ 1 (100%)
6	Stealer	1	▲ 1 (100%)
7	Update	1	▲ 1 (100%)
8	Java	1	▲ 1 (100%)
9	Advertising	1	▲ 1 (100%)
10	Recorded Future	1	▲ new
11	M	1	▲ new
12	ThreatProtection	1	▲ 1 (100%)
13	ProtectionHighlight	1	▲ new
14	cybercrime	1	▲ new
15	threat	1	▲ 1 (100%)
16	ZeroDay	1	▲ 1 (100%)
17	NortonLifeLock	1	▲ 1 (100%)
18	Anonymous	1	▲ new
19	Stealc	1	▲ new
20	NetWireRC	1	▲ 1 (100%)
21	Campaign	1	- 0 (0%)
22	Palo Alto Networks	1	▲ new
23	Malware	1	- 0 (0%)
24	Kaspersky	1	▲ 1 (100%)
25	Phishing	1	- 0 (0%)
26	Report	1	▲ 1 (100%)
27	Russia	1	▲ 1 (100%)
28	United States	1	▲ 1 (100%)
29	Italy	1	▲ 1 (100%)
30	IoC	1	▲ 1 (100%)
31	c&c	1	- 0 (0%)
32	Victim	1	▲ 1 (100%)
33	Distribution	1	▲ 1 (100%)
34	WMI	1	▲ new
35	Linux	1	▲ 1 (100%)

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
AsyncRAT		1 (33.3%)
Stealc		1 (33.3%)
NetWireRC		1 (33.3%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
Anonymous		1 (100%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Stealer		1 (33.3%)
Campaign		1 (33.3%)
Phishing		1 (33.3%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
Recorded Future		1 (16.7%)
Palo Alto Networks		1 (16.7%)
Kaspersky		1 (16.7%)
Russia		1 (16.7%)
United States		1 (16.7%)

Threat info

Last 5

SNS

(Total : 1)

Total keyword

PowerShell ZeroDay Windows Linux

No	Title	Date
1	Threat Intelligence @threatintel #ThreatProtection #ProtectionHighlight PowerShell is often abused by cyber threat actors using LOTL techniques. The Symantec DCS Intrusion Prevention default policy provides zero-day protection for windows and Linux servers. https://t.co/jmPVTnPaAw #Cybercrime #CyberSecurity https://t.co/cq6BaZlybo	2025.04.30

News

(Total : 1)

Total keyword

AsyncRAT Distribution Advertising Browser Java Update Windows Stealer Criminal Anonymous Recorded Future Stealc Italy WMI powershell NetWireRC Attacker Victim c&c IoC United States Campaign Russia Report Phishing Kaspersky Malware Palo Alto Networks

No	Title	Date
1	Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting - Malware.News	2025.04.29

Additional information

No	Title	Date
1	중국의 '은밀한 위협', 전기차 배터리가 스파이웨어로? - 시큐리티팩트	2025.04.30
2	Samsung’s Chips Business Beats Estimates After Stockpiling Push - Bloomberg Technology	2025.04.30
3	RSAC 2025 executive interview: Cobalt's Gunter Ollman - Malware.News	2025.04.30
4	White House Calls Out Amazon, SoFi CEO on Earnings \| Bloomberg Technology - Bloomberg Technology	2025.04.30
5	Averted DDoS attacks peak last year, could be surpassed by year-end - Malware.News	2025.04.30
View only the last 5

No	Title	Date
1	Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting - Malware.News	2025.04.29
2	Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting - Malware.News	2025.04.29
3	Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting - Malware.News	2025.04.29
4	IR Trends Q1 2025: Phishing soars as identity-based attacks persist - Malware.News	2025.04.28
5	IR Trends Q1 2025: Phishing soars as identity-based attacks persist - Malware.News	2025.04.28
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	pusy.pdf.lnk Gen1 Generic Malware Antivirus Malicious Packer Malicious Library UPX AntiDebug AntiVM GIF Format Lnk Format PowerShell PE File PE32	dbb230c7a229e3ef9ce3f05e0282ac42	60288	2025.04.30
2	Microsoft.hta Generic Malware Antivirus PowerShell	5a26e41374130ff9d5776d0d1e748e63	60299	2025.04.30
3	Adobe%20PDF.hta Generic Malware Antivirus PowerShell	5caf6a496b1b5ee03fe694309045fbb8	60302	2025.04.30
4	test.pdf.lnk Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM GIF Format Lnk Format PowerShell	3b4cbac8dad90d932e233a89650530a0	60265	2025.04.29
5	test.pdf.lnk Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM GIF Format Lnk Format PowerShell	3b4cbac8dad90d932e233a89650530a0	60266	2025.04.29
View only the last 5

Level	Description
danger	The process powershell.exe wrote an executable file to disk which it then attempted to execute
warning	File has been identified by 20 AntiVirus engines on VirusTotal as malicious
watch	Attempts to create or modify system certificates
watch	Creates a suspicious Powershell process
watch	Disables proxy possibly for traffic interception
watch	One or more non-whitelisted processes were created
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Creates a shortcut to an executable file
notice	Creates a suspicious process
notice	Drops an executable to the user AppData folder
notice	One or more potentially interesting buffers were extracted
notice	Performs some HTTP requests
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	Command line console output was observed
info	Queries for the computername
info	Uses Windows APIs to generate a cryptographic key
Network	ET INFO File Sharing Related Domain in DNS Lookup (4sync .com)
Network	ET INFO Observed File Sharing Related Domain (4sync .com) in TLS SNI
Network	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

No data

No	URL	CC	ASN Co	Reporter	Date
1	https://paste.ee/d/foOP0g8Z/0 ascii powershell ps1			abuse_ch	2025.04.25
2	http://176.65.134.8/metacodings.txt ascii AsyncRAT powershell ps1 rat	DE	Diogelo Ltd.	abuse_ch	2025.04.25
3	https://paste.ee/d/L8tHN98p/0 ascii powershell ps1 xworm			abuse_ch	2025.04.25
4	https://www.wilkinsonbeane.com/css/slider/asclepiadaceaebOet.php ascii opendir powershell ps1	US	UNIFIEDLAYER-AS-1	abuse_ch	2025.04.25
5	https://www.wilkinsonbeane.com/css/slider/sciurineslwWf.php ascii opendir powershell ps1	US	UNIFIEDLAYER-AS-1	abuse_ch	2025.04.25
View only the last 5

Beta Service, If you select keyword, you can check detailed information.