popup

Cyber Threat Trends

  1. Day Week

Gemelli flickerflypro flickerfly

Summary: 2025/04/29 00:33

First reported date: 2011/08/10
Inquiry period : 2025/03/30 00:33 ~ 2025/04/29 00:33 (1 months), 32 search results

전 기간대비 19% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 DNS Malware Exploit attack Report 입니다.
악성코드 유형 Cryptocurrency Miner CoreDN 도 새롭게 확인됩니다.
공격기술 Smishing 도 새롭게 확인됩니다.
기관 및 기업 NSA FBI Australia VirusTotal Canada China xabyss United Kingdom 도 새롭게 확인됩니다.
기타 Flux Fast Red Team 플럭스 Chrome 등 신규 키워드도 확인됩니다.

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/23 CVE-2025-32955: Security mechanism bypass in Harden-Runner Github Action
    ㆍ 2025/04/22 All Gmail users at risk from clever replay attack
    ㆍ 2025/04/22 Securing our future: April 2025 progress report on Microsoft’s Secure Future Initiative

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1DNS 32 ▲ 6 (19%)
2Malware 20 ▲ 2 (10%)
3Exploit 13 ▲ 5 (38%)
4attack 13 ▲ 4 (31%)
5Report 12 ▲ 3 (25%)
6Phishing 12 ▲ 6 (50%)
7United States 11 ▲ 2 (18%)
8Update 11 ▲ 3 (27%)
9c&c 8 ▲ 7 (88%)
10RCE 8 ▲ 7 (88%)
11target 8 - 0 (0%)
12Vulnerability 8 ▲ 3 (38%)
13Software 7 ▲ 4 (57%)
14intelligence 7 ▲ 1 (14%)
15CISA 7 ▲ 6 (86%)
16GitHub 6 ▲ 2 (33%)
17Flux 6 ▲ new
18Advertising 6 ▼ -1 (-17%)
19Fast 6 ▲ new
20Windows 6 ▲ 1 (17%)
21Remote Code Execution 5 ▼ -7 (-140%)
22Microsoft 5 ▼ -1 (-20%)
23LinkedIn 4 ▲ 2 (50%)
24Campaign 4 ▼ -2 (-50%)
25NSA 4 ▲ new
26Operation 4 ▼ -1 (-25%)
27Email 4 - 0 (0%)
28Google 4 ▲ 2 (50%)
29hacking 3 ▲ 1 (33%)
30Victim 3 ▼ -4 (-133%)
31Ubuntu 3 ▲ 1 (33%)
32DYEPACK 3 ▲ 2 (67%)
33FBI 3 ▲ new
34Ransomware 3 ▲ 1 (33%)
35Education 3 - 0 (0%)
36Linux 3 ▼ -3 (-100%)
37Distribution 3 - 0 (0%)
38Australia 3 ▲ new
39Zero Trust 3 ▲ 1 (33%)
40Telegram 3 - 0 (0%)
41Red Team 3 ▲ new
42플럭스 2 ▲ new
43Chrome 2 ▲ new
44ChatGPT 2 ▲ new
45Kubernetes 2 - 0 (0%)
46Data Center 2 ▲ 1 (50%)
47Criminal 2 ▼ -1 (-50%)
48C2 2 ▲ new
49VirusTotal 2 ▲ new
50Canada 2 ▲ new
51Secure 2 ▲ new
52CVSS 2 ▼ -1 (-50%)
53IoC 2 ▼ -1 (-50%)
54Infoblox 2 ▲ 1 (50%)
55Public 2 ▲ new
56Twitter 2 ▼ -1 (-50%)
57securityaffairs 2 ▲ new
58WMI 2 ▲ new
59YouTube 2 - 0 (0%)
60Meerkat 2 ▲ 1 (50%)
61Morphing 2 - 0 (0%)
62IngressNightmare 2 ▲ new
63Password 2 ▲ 1 (50%)
64Supply chain 2 ▲ new
65Docker 2 - 0 (0%)
66Red Hat 2 ▲ 1 (50%)
67IPv 2 ▲ new
68Firmware 2 ▲ new
69GameoverP2P 2 - 0 (0%)
70MX 2 ▲ 1 (50%)
71Cloudflare 2 ▼ -1 (-50%)
72Backdoor 2 ▲ 1 (50%)
73subdomain 2 ▲ new
74MFA 2 ▲ 1 (50%)
75Hackers 1 ▲ new
76China 1 ▲ new
77Smishing 1 ▲ new
78Allows 1 ▲ new
79threat 1 - 0 (0%)
80Wang 1 ▲ new
81payment 1 ▲ new
82Cryptocurrency Miner 1 ▲ new
83road 1 ▲ new
84Cisco 1 ▼ -1 (-100%)
85xabyss 1 ▲ new
86Forensics 1 ▲ new
87CoreDN 1 ▲ new
88toll 1 ▲ new
89Duo 1 ▲ new
90United Kingdom 1 ▲ new
91Anonymous 1 - 0 (0%)
92ta 1 ▲ new
93blog 1 ▲ new
94plenoryvantyxeu 1 ▲ new
95biamiraqorg 1 ▲ new
96Forward 1 ▲ new
97CVE 1 ▼ -2 (-200%)
98HardenRunner 1 ▲ new
99user 1 ▲ new
100Nick 1 ▲ new
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
DYEPACK
3 (27.3%)
Ransomware
3 (27.3%)
GameoverP2P
2 (18.2%)
Cryptocurrency Miner
1 (9.1%)
CoreDN
1 (9.1%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
Anonymous
1 (100%)
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Exploit
13 (25.5%)
Phishing
12 (23.5%)
RCE
8 (15.7%)
Remote Code Execution
5 (9.8%)
Campaign
4 (7.8%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
United States
11 (22.9%)
CISA
7 (14.6%)
Microsoft
5 (10.4%)
NSA
4 (8.3%)
Google
4 (8.3%)
Threat info
Last 5

SNS

(Total : 12)
  Total keyword

DNS CISA Phishing Exploit hacking Discord Telegram C2 c&c NSA Report Victim FBI Ransomware Kubernetes

No Title Date
1blackorbird @blackorbird
APT34 C2 : Forward DNS include biam-iraq.org ⬇️ plenoryvantyx.eu ⬇️ banner_hash="-3604737501683454749" https://t.co/MT1TAreTny https://t.co/V6noaJZLde https://t.co/IN9DMdunra		2025.04.24
2Mandiant (part of Google Cloud) @Mandiant
Detecting IngressNightmare just got easier! ???? Our new blog shares a non-intrusive technique using DNS directive injection to identify vulnerable Kubernetes Ingress Nginx Controllers. No agents, no disruption, just accurate results. ???? https://t.co/wAaj94Q5xY https://t.co/JZOjBvtaMa		2025.04.24
3Unit 42 @Unit42_Intel
Multiple domains leveraging #DNS #tunneling have been probing the Internet for public IPv4/IPv6 resolvers. Lacking TXT/PTR records, the associated DNS traffic is highly suspicious. These #scans began in Jan 2025 and peaked earlier this week. More info at https://t.co/Zve4RHnSt9 https://t.co/L2LKHJ0D		2025.04.17
4Dark Web Informer - Cyber Threat Intelligence @DarkWebInformer
With a little bit of python, I'm running a threat_actor lookup command with my own data on Discord and sending it back to Telegram all in 2 seconds. /dns_lookup -> DNS details /ip -> IP details /threat_actor -> Provides the last 3 claims (screenshots) /whois -> Whois details https://t.c		2025.04.17
5Dark Web Informer - Cyber Threat Intelligence @DarkWebInformer
????Public DNS Comparison https://t.co/H1rFYhAszT		2025.04.10

News

(Total : 20)
  Total keyword

DNS Malware attack Attacker United States Report Update Exploit Phishing Vulnerability RCE target intelligence c&c Software Advertising Windows GitHub Remote Code Execution Microsoft CISA Operation Campaign Google Email LinkedIn Zero Trust Red Team Education Australia DYEPACK NSA Ubuntu Linux Distribution CVSS FBI Canada MFA Criminal Telegram IoC WMI Data Center Victim YouTube VirusTotal Chrome Ransomware ChatGPT Cloudflare Backdoor GameoverP2P Firmware Password Twitter Red Hat Docker Supply chain Cisco Smishing China xabyss IcedID payment hijack United Kingdom Facebook Gmail XSS Government Kubernetes Hijacking Anonymous CoreDN Forensics Cryptocurrency Miner ...

No Title Date
1CVE-2025-32955: Security mechanism bypass in Harden-Runner Github Action - Malware.News2025.04.23
2All Gmail users at risk from clever replay attack - Malware.News2025.04.22
3Securing our future: April 2025 progress report on Microsoft’s Secure Future Initiative - Malware.News2025.04.22
4Microsoft’s Secure by Design journey: One year of success - Malware.News2025.04.18
5Kubernetes Threat Hunting using API Server Audit Logs - Malware.News2025.04.15

Additional information

Level Description
danger File has been identified by 33 AntiVirus engines on VirusTotal as malicious
watch Attempts to stop active services
watch Creates known SpyNet files
watch Resumed a suspended thread in a remote process potentially indicative of process injection
notice Allocates read-write-execute memory (usually to unpack itself)
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice Creates a suspicious process
notice Creates executable files on the filesystem
notice Drops a binary and executes it
notice Drops an executable to the user AppData folder
notice Executes one or more WMI queries
notice The binary likely contains encrypted or compressed data indicative of a packer
notice Uses Windows utilities for basic Windows functionality
notice Yara rule detected in process memory
info Checks amount of memory in system
info Command line console output was observed
info One or more processes crashed
info Queries for the computername
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
No data
No data
Beta Service, If you select keyword, you can check detailed information.