Cyber Threat Trends

Summary: 2025/04/28 18:55

First reported date: 2014/08/04
Inquiry period : 2025/03/29 18:55 ~ 2025/04/28 18:55 (1 months), 86 search results

전 기간대비 31% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 C2 c&c NetWireRC njRAT live 입니다.
악성코드 유형 DarkComet DslogdRAT GootLoader 도 새롭게 확인됩니다.
공격자 UNC5221 도 새롭게 확인됩니다.
공격기술 RCE hijack Webshell 도 새롭게 확인됩니다.
기관 및 기업 CISA Europe Government Google 도 새롭게 확인됩니다.
기타 Update DNS keylogger Group Additional 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/24 DslogdRAT Malware Installed in Ivanti Connect Secure
    ㆍ 2025/04/17 Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1
    ㆍ 2025/04/16 Chinese UNC5174 Group Expands Arsenal with New Open Source Tool and C2 Infrastructure

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	C2	86	▲ 27 (31%)
2	c&c	82	▲ 27 (33%)
3	NetWireRC	46	▲ 19 (41%)
4	njRAT	45	▲ 22 (49%)
5	live	15	▲ 7 (47%)
6	Campaign	8	▲ 4 (50%)
7	Nanocore	7	▲ 2 (29%)
8	Malware	6	▼ -4 (-67%)
9	DarkComet	5	▲ new
10	IP	4	▲ 2 (50%)
11	Update	4	▲ new
12	DDNS	3	- 0 (0%)
13	target	3	- 0 (0%)
14	APT	3	- 0 (0%)
15	China	3	▲ 2 (67%)
16	abusech	3	▼ -1 (-33%)
17	XWorm	3	- 0 (0%)
18	RedLine	3	▼ -1 (-33%)
19	IoC	3	▼ -3 (-100%)
20	Low	3	▲ 1 (33%)
21	File	2	- 0 (0%)
22	DNS	2	▲ new
23	keylogger	2	▲ new
24	Group	2	▲ new
25	Additional	2	▲ new
26	same	2	▲ 1 (50%)
27	server	2	▲ 1 (50%)
28	RCE	2	▲ new
29	Advertising	2	▼ -2 (-100%)
30	Operation	2	▲ 1 (50%)
31	Lazarus	2	▲ 1 (50%)
32	CISA	2	▲ new
33	SideWinder	2	- 0 (0%)
34	Phishing	2	▼ -1 (-50%)
35	shell	1	▲ new
36	manufacturerviewingglatplygg	1	▲ new
37	internetsearchviewdnsnet	1	▲ new
38	introductionsatisfyglatplygg	1	▲ new
39	UNC5221	1	▲ new
40	rayishim	1	▲ new
41	httpstcoUrkESIP	1	▲ new
42	DslogdRAT	1	▲ new
43	vpn	1	- 0 (0%)
44	yetcontinentalglatplygg	1	▲ new
45	httpstcoiP	1	▲ new
46	diseaseexpendituresglatplygg	1	▲ new
47	studentwifiglatplygg	1	▲ new
48	photobucksglatplygg	1	▲ new
49	Proxy	1	▲ new
50	time	1	▲ new
51	Grade	1	▲ new
52	evolution	1	▲ new
53	amp	1	▲ new
54	StarProxy	1	▲ new
55	thorscanner	1	▲ new
56	Europe	1	▲ new
57	h4rmsw4yX	1	▲ new
58	Trojan	1	- 0 (0%)
59	hijack	1	▲ new
60	Backdoor	1	- 0 (0%)
61	Government	1	▲ new
62	sample	1	- 0 (0%)
63	GitHub	1	▼ -1 (-100%)
64	Windows	1	▼ -1 (-100%)
65	Promotion	1	▲ new
66	IIIdocx	1	▲ new
67	Report	1	▼ -2 (-200%)
68	intelligence	1	▼ -2 (-200%)
69	Vulnerability	1	▲ new
70	GootLoader	1	▲ new
71	Japan	1	- 0 (0%)
72	ZeroDay	1	▲ new
73	NortonLifeLock	1	▲ new
74	hub	1	▲ new
75	infrastructure	1	▲ new
76	Proton	1	▲ new
77	cyberthreat	1	▲ new
78	Exploit	1	- 0 (0%)
79	proton66	1	▲ new
80	Google	1	▲ new
81	ThreatProtection	1	▲ new
82	Microsoft	1	▼ -1 (-100%)
83	UNIX	1	▲ new
84	hiesa	1	▲ new
85	Webshell	1	▲ new
86	plenoryvantyxeu	1	▲ new
87	attack	1	▼ -6 (-600%)
88	biamiraqorg	1	▲ new
89	Forward	1	▲ new
90	recommendedcollinsglatplygg	1	▲ new
91	Password	1	- 0 (0%)
92	panelthrownglatplygg	1	▲ new
93	paperclip	1	▲ new
94	content	1	▲ new
95	https	1	▲ new
96	httpsfancyhill	1	▲ new
97	naumovax	1	▲ new
98	dl	1	▲ new
99	microsoftftpserveftpcom	1	▲ new
100	UNC	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
NetWireRC		46 (39.3%)
njRAT		45 (38.5%)
Nanocore		7 (6%)
DarkComet		5 (4.3%)
XWorm		3 (2.6%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
Lazarus		2 (66.7%)
UNC5221		1 (33.3%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Campaign		8 (40%)
APT		3 (15%)
RCE		2 (10%)
Phishing		2 (10%)
hijack		1 (5%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
China		3 (17.6%)
CISA		2 (11.8%)
Europe		1 (5.9%)
Government		1 (5.9%)
Japan		1 (5.9%)

Threat info

Last 5

SNS

(Total : 82)

Total keyword

C2 c&c njRAT NetWireRC Nanocore Campaign DarkComet XWorm DDNS RedLine APT Lazarus Malware Update IoC SideWinder Phishing vpn keylogger SnakeKeylogger Microsoft DNS GootLoader SectopRAT ShadowPad Downloader ArechClient France Targeting target ...

No	Title	Date
1	SarlackLab @SarlackLab #njrat #C2 server 94.26.90.81:6666 confirmed 2025-04-26	2025.04.27
2	MalwareHunterTeam @malwrhunterteam @elslahaty @3onine @thor_scanner @h4rmsw4yX This sample is related to the 85.239.62.36 C2 IP: 236ff897dee7d21319482cd67815bd22391523e37e0452fa230813b30884a86f From: http://154.91.0.103:27017/download/tyu/3cev.py https://t.co/pEjvFhDxpr	2025.04.26
3	SarlackLab @SarlackLab #njrat #C2 server 147.185.221.27:31185 team-evaluating.gl.at.ply.gg confirmed 2025-04-26	2025.04.26
4	blackorbird @blackorbird The evolution of Lazarus malware & C2 Infrastructure Update https://t.co/30TBuYQsxA https://t.co/AKtTQ1r9Yp	2025.04.25
5	Threat Intelligence @threatintel #ThreatProtection #Proton66 infrastructure, a hub for phishing, C2 ops and malware campaigns including GootLoader, SpyNote and XWorm. Read more about Symantec's protection: https://t.co/GeYC3ac1F5 #CyberThreat	2025.04.24

News

(Total : 4)

Total keyword

Malware C2 c&c China RCE Campaign Attacker Operation target CISA Update Advertising keylogger Vulnerability Europe NetWireRC Exploit Report Japan ZeroDay hijack Google intelligence Webshell attack Password UNC5221 DslogdRAT Trojan GitHub Backdoor United States Australia Canada DNS FBI Chinese Government Cobalt Strike MUSTANG PANDA Zscaler IoC Victim EDR TONESHELL UNIX Windows Phishing

No	Title	Date
1	DslogdRAT Malware Installed in Ivanti Connect Secure - Malware.News	2025.04.24
2	Latest Mustang Panda Arsenal: ToneShell and StarProxy \| P1 - Malware.News	2025.04.17
3	Chinese UNC5174 Group Expands Arsenal with New Open Source Tool and C2 Infrastructure - Malware.News	2025.04.16
4	CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks - The Hacker News	2025.04.07

Additional information

No	Title	Date
1	28th April – Threat Intelligence Report - Malware.News	2025.04.28
2	Navigating Through The Fog - Malware.News	2025.04.28
3	Huawei Set to Test Powerful AI Chip to Rival Nvidia’s, WSJ Says - Bloomberg Technology	2025.04.28
4	Gamers Beware! New Attack Targets Gamers to Deploy AgeoStealer Malware - Malware.News	2025.04.26
5	Threat Hunting: For what, when, and how? - Malware.News	2025.04.26
View only the last 5

No	Title	Date
1	DslogdRAT Malware Installed in Ivanti Connect Secure - Malware.News	2025.04.24
2	DslogdRAT Malware Installed in Ivanti Connect Secure - Malware.News	2025.04.24
3	Latest Mustang Panda Arsenal: ToneShell and StarProxy \| P1 - Malware.News	2025.04.17
4	CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks - The Hacker News	2025.04.07
5	CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks - The Hacker News	2025.04.07
View only the last 5

No data

No	Category	URL	CC	ASN Co	Date
1	malware	https://mira-store.com/runday			2020.07.03

No	URL	CC	ASN Co	Reporter	Date
1	http://59.88.23.194:49027/Mozi.m c2 Mozi	IN	National Internet Backbone	stopransom	2025.03.27
2	http://cobolrationumelawrtewarms.com/3ofn3jf3e2ljk/Plugins/cred.dll Amadey c2 dll	US	PONYNET	abus3reports	2025.03.02
3	http://cobolrationumelawrtewarms.com/3ofn3jf3e2ljk/Plugins/cred64.dll Amadey c2 dll	US	PONYNET	abus3reports	2025.03.02
4	http://cobolrationumelawrtewarms.com/3ofn3jf3e2ljk/Plugins/clip64.dll Amadey c2 dll	US	PONYNET	abus3reports	2025.03.02
5	http://cobolrationumelawrtewarms.com/3ofn3jf3e2ljk/Plugins/clip.dll Amadey c2 dll	US	PONYNET	abus3reports	2025.03.02
View only the last 5

Beta Service, If you select keyword, you can check detailed information.