Cyber Threat Trends

Summary: 2025/04/28 21:24

First reported date: 2014/05/13
Inquiry period : 2025/03/29 21:24 ~ 2025/04/28 21:24 (1 months), 16 search results

전 기간대비 31% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 HTTP Next stage Remote 입니다.
공격자 Kimsuky 도 새롭게 확인됩니다.
기관 및 기업 DPRK North Korea 도 새롭게 확인됩니다.
기타 Alert CVE Navigator IBMi QRadar Security Suite 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
ㆍ 2025/04/17 [webapps] IBMi Navigator 7.5 - HTTP Security Token Bypass
ㆍ 2025/04/15 [webapps] IBMi Navigator 7.5 - HTTP Security Token Bypass

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	HTTP	16	▲ 5 (31%)
2	Next	4	▲ 2 (50%)
3	stage	4	▲ 2 (50%)
4	Alert	2	▲ new
5	CVE	2	▲ new
6	Navigator	2	▲ new
7	IBMi	2	▲ new
8	QRadar Security Suite	2	▲ new
9	Token	2	▲ new
10	Request	2	▲ new
11	Remote	2	▲ 1 (50%)
12	Vulnerability	2	▲ new
13	Related	1	▲ new
14	DPRK	1	▲ new
15	vstAdphpnewpacomlineampwpnaaa	1	▲ new
16	North Korea	1	▲ new
17	same	1	▲ new
18	error	1	▲ new
19	PaloNetworkFilesJL	1	▲ new
20	emacsbin	1	▲ new
21	httpstcoTpRg	1	▲ new
22	archive	1	▼ -1 (-100%)
23	Password	1	▲ new
24	Panel	1	▲ new
25	httpswinrarnet	1	▲ new
26	copy	1	▲ new
27	official	1	▲ new
28	Kimsuky	1	▲ new
29	thorscanner	1	▲ new
30	crond	1	▲ new
31	Codes	1	▲ new
32	SAP	1	▲ new
33	opendir	1	▲ new
34	httpstcoZOUNJmYwkc	1	▲ new
35	Open Directory	1	▲ new
36	openwinsys	1	▲ new
37	Status	1	▲ new
38	Vite	1	▲ new
39	NetWeaver	1	▲ new
40	target	1	▲ new
41	unauthenticated	1	▲ new
42	FUD	1	▲ new
43	AV	1	▲ new
44	VT	1	▲ new
45	WinRAR	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

No data.

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
Kimsuky		1 (100%)

Technique

This is an attack technique that is becoming an issue.

No data.

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
DPRK		1 (50%)
North Korea		1 (50%)

Threat info

Last 5

SNS

(Total : 13)

Total keyword

CVE Vulnerability DPRK North Korea Password Kimsuky Attacker opendir Open Directory target WinRAR

No	Title	Date
1	MalwareHunterTeam @malwrhunterteam Panel locations: https://win-rar.net/3fa7f5a9e0a248be8c79/login.php http://185.126.66.215/3fa7f5a9e0a248be8c79/login.php And at https://win-rar.net/ is a copy of the official @WinRAR_RARLAB site... https://t.co/mM4YmY4GHy	2025.04.28
2	MalwareHunterTeam @malwrhunterteam Next stage archive: http://92.119.114.128/ov4_dd_p.rar Password: "uVtjpNSgTmwoK3gh" https://t.co/LPdvfJaGtf	2025.04.25
3	MalwareHunterTeam @malwrhunterteam Also there's this one: 132e8903ef150974686d054499720a65226bd2bf4428d3264dac442e16dfb39c http://193.149.129.136/HtmlFiles/Index-JLwlsdfx02.html	2025.04.24
4	MalwareHunterTeam @malwrhunterteam Related: 3c9d179d6c8061fb921285c59259e53129f7dcd6c02a685276908d28504c8a8c http://65.38.120.193/PaloNetwork/Files/JL01.html ???? https://t.co/ngg8FOlOQW https://t.co/TpRg4aInVN	2025.04.24
5	Dark Web Informer - Cyber Threat Intelligence @DarkWebInformer http://72qsaxh7zurdhttakrjp6trnhgwozb6oszk7rzyfl6twrfzjxzazdzqd.onion redirects to breached.fi with the same error. ????	2025.04.24

News

(Total : 3)

Total keyword

QRadar Security Suite

No	Title	Date
1	[webapps] IBMi Navigator 7.5 - HTTP Security Token Bypass - Exploit-DB.com	2025.04.17
2	[webapps] IBMi Navigator 7.5 - HTTP Security Token Bypass - Exploit-DB.com	2025.04.15
3	[remote] SAP NetWeaver - 7.53 - HTTP Request Smuggling - Exploit-DB.com	2025.04.02

Additional information

No	Title	Date
1	2025 Cyber Resilience Research Discovers Speed of AI Advancing Emerging Attack Types - Malware.News	2025.04.28
2	Intel CEO Targets Change in Corporate Culture to Shape Up - Bloomberg Technology	2025.04.28
3	IR Trends Q1 2025: Phishing soars as identity-based attacks persist - Malware.News	2025.04.28
4	Top Tier Target \| What It Takes to Defend a Cybersecurity Company from Today’s Adversaries - Malware.News	2025.04.28
5	28th April – Threat Intelligence Report - Malware.News	2025.04.28
View only the last 5

No	Title	Date
1	HTTP/3 is everywhere but nowhere - Malware.News	2025.03.13
2	HTTP/3 is everywhere but nowhere - Malware.News	2025.03.13
3	HTTP/3 is everywhere but nowhere - Malware.News	2025.03.13
4	HTTP/3 is everywhere but nowhere - Malware.News	2025.03.13
5	HTTP/3 is everywhere but nowhere - Malware.News	2025.03.13
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	random.exe Gen1 Themida Generic Malware PhysicalDrive Downloader UPX Malicious Packer Malicious Library Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P	bfd4ad6d57c086d2e64ccd39398a908e	60244	2025.04.28
2	inv.bat Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM	503ef2150bd7a60b399fe4b9723cd967	59864	2025.04.23
3	inv.bat Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM	78c51b8bd0e0671fe91e9f56154cef4a	59866	2025.04.23
4	sch.bat Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM	fcbebab50efe0c09cafacca4f008e31d	59865	2025.04.23
5	Check.bat Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM	aafec75f6933aa0f9c26ac43155f6818	59855	2025.04.22
View only the last 5

Level	Description
danger	File has been identified by 33 AntiVirus engines on VirusTotal as malicious
watch	Attempts to stop active services
watch	Creates known SpyNet files
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Creates a suspicious process
notice	Creates executable files on the filesystem
notice	Drops a binary and executes it
notice	Drops an executable to the user AppData folder
notice	Executes one or more WMI queries
notice	The binary likely contains encrypted or compressed data indicative of a packer
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Command line console output was observed
info	One or more processes crashed
info	Queries for the computername
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)

No data

Beta Service, If you select keyword, you can check detailed information.