Cyber Threat Trends

Summary: 2025/04/28 22:50

First reported date: 2014/05/07
Inquiry period : 2025/03/29 22:50 ~ 2025/04/28 22:50 (1 months), 28 search results

전 기간대비 4% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 key Report attack Exploit Ransomware 입니다.
악성코드 유형 Vawtrak Astasia Entropy 도 새롭게 확인됩니다.
공격기술 RCE APT hijack 도 새롭게 확인됩니다.
기관 및 기업 Rapid7 FBI 도 새롭게 확인됩니다.
기타 incident real detection api triggered 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/28 Navigating Through The Fog
    ㆍ 2025/04/24 10 key numbers from the 2024 FBI IC3 report
    ㆍ 2025/04/16 API Security Is Key to Cyber Resilience in Media and Entertainment

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	key	28	▲ 1 (4%)
2	Report	9	▲ 5 (56%)
3	attack	7	▲ 4 (57%)
4	Malware	4	▼ -4 (-100%)
5	Exploit	4	▲ 3 (75%)
6	Ransomware	3	▲ 1 (33%)
7	incident	3	▲ new
8	real	3	▲ new
9	RCE	3	▲ new
10	detection	3	▲ new
11	api	3	▲ new
12	triggered	3	▲ new
13	Server	2	▲ new
14	c&c	2	▲ new
15	Operation	2	- 0 (0%)
16	Email	2	▲ 1 (50%)
17	Review	2	▲ new
18	AI	2	- 0 (0%)
19	Vawtrak	2	▲ new
20	Windows	2	▲ 1 (50%)
21	Update	2	▲ 1 (50%)
22	target	2	- 0 (0%)
23	APT	2	▲ new
24	Software	2	▲ new
25	market	2	▲ 1 (50%)
26	Campaign	2	- 0 (0%)
27	job	2	▲ 1 (50%)
28	Google	2	▲ 1 (50%)
29	CybelAngel	1	▲ new
30	Rapid7	1	▲ new
31	Q1	1	▲ new
32	Labs	1	▲ new
33	Rapid	1	▲ new
34	Harvest	1	▲ new
35	LOTUS PANDA	1	- 0 (0%)
36	Chrome	1	- 0 (0%)
37	youve	1	▲ new
38	hijack	1	▲ new
39	Chinalinked	1	▲ new
40	Panda	1	- 0 (0%)
41	Passwort	1	▲ new
42	Lotus	1	- 0 (0%)
43	Is	1	▲ new
44	Kaspersky	1	- 0 (0%)
45	China	1	▼ -1 (-100%)
46	BreachForumsST	1	▲ new
47	Takeaways	1	- 0 (0%)
48	MWNEWS	1	▼ -3 (-300%)
49	Fog	1	▲ new
50	MTrends	1	▲ new
51	Join	1	▲ new
52	arrest	1	▲ new
53	Astasia	1	▲ new
54	Forum	1	▲ new
55	Shiny	1	▲ new
56	IntelBroker	1	▲ new
57	breachforums	1	▲ new
58	OT	1	▲ new
59	unifying	1	▲ new
60	product	1	▲ new
61	Proofpoint	1	- 0 (0%)
62	datasecurity	1	▲ new
63	threatprotection	1	▲ new
64	yearly	1	▲ new
65	IC3	1	▲ new
66	FBI	1	▲ new
67	Infrastructure	1	▲ new
68	GITEX	1	▲ new
69	Challenges	1	▲ new
70	Authentifizierung	1	▲ new
71	result	1	▲ new
72	Public	1	- 0 (0%)
73	internal	1	▲ new
74	Vulnerability	1	- 0 (0%)
75	Phishing	1	- 0 (0%)
76	Blog	1	▲ new
77	Talos	1	▲ new
78	Shaped	1	▲ new
79	Roles	1	▲ new
80	intelligence	1	▼ -3 (-300%)
81	grep	1	▲ new
82	Rey	1	▲ new
83	httpstcobbh	1	▲ new
84	Microsoft	1	▼ -1 (-100%)
85	ra	1	▲ new
86	Mentoring	1	▲ new
87	Intergenerational	1	▲ new
88	Reading	1	▲ new
89	Dark	1	▲ new
90	CICD	1	▲ new
91	Misconfigurations	1	▲ new
92	OHMYDC	1	▲ new
93	OIDC	1	▲ new
94	Data Center	1	▲ new
95	United States	1	- 0 (0%)
96	Entropy	1	▲ new
97	demos	1	▲ new
98	Blue Team	1	▲ new
99	handson	1	▲ new
100	Day	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
Ransomware		3 (37.5%)
Vawtrak		2 (25%)
Astasia		1 (12.5%)
Entropy		1 (12.5%)
Konni		1 (12.5%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
LOTUS PANDA		1 (100%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Exploit		4 (26.7%)
RCE		3 (20%)
APT		2 (13.3%)
Campaign		2 (13.3%)
hijack		1 (6.7%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
Google		2 (20%)
Rapid7		1 (10%)
Kaspersky		1 (10%)
China		1 (10%)
Proofpoint		1 (10%)

Threat info

Last 5

SNS

(Total : 17)

Total keyword

Report attack Attacker Ransomware Exploit APT China arrest RCE LOTUS PANDA Chrome hijack Software Astasia Kaspersky Proofpoint Email Campaign Vawtrak Update Google Konni Rapid7

No	Title	Date
1	Mandiant (part of Google Cloud) @Mandiant ???? Join the experts unpacking the M-Trends 2025 Report and get the latest on evolving cyber threats! From key trends to real-world insights, hear directly from the authors and expert analysts. ???? https://t.co/S4WtJBDz5R https://t.co/Cfm7BTKITt	2025.04.27
2	FalconFeeds.io @FalconFeedsio ???? #BreachForums.ST reportedly seized. Rumors circulating about arrests of key members "IntelBroker" and "Shiny." Forum admin "Anastasia" claims to have resigned and says the site is down for good. There are also unverified reports that a full backup database & source code https://t.co/9sr	2025.04.25
3	Kaspersky @kaspersky Key OT Cybersecurity Challenges Revealed at GITEX Asia! ???? New research by Kaspersky & VDC Research shows 46.6% of industrial firms cite inadequate security measures, while 42.7% struggle with compliance in their OT environments. Yet 63.6% aim for full digital transformation https://t.co/xk3s	2025.04.24
4	Proofpoint @proofpoint This week, Proofpoint made two key product announcements focused on unifying #threatprotection and #datasecurity across multiple digital channels and organizational environments. @techday_ca covered the news. https://t.co/40lTnoEEzz	2025.04.24
5	Kaspersky @kaspersky Behind the attacks: breaking down real incident tactics & key detections in 2024 From exploited gaps to the most triggered detection rules, we’re unpacking how attackers operated in 2024—and what your defenses need to stop them. Swipe through ⬇️ #Cybersecurity https://t.co/YC1vsBvlab	2025.04.23

News

(Total : 11)

Total keyword

Malware Report attack RCE target Operation c&c Windows Exploit Blue Team Red Team Advertising Education Linux FBI GitHub hacking intelligence Phishing Campaign Attacker Email Vulnerability Victim United States Microsoft Entropy Vawtrak Update Google Remote Code Execution Software Password Data Center VirusTotal

No	Title	Date
1	Navigating Through The Fog - Malware.News	2025.04.28
2	10 key numbers from the 2024 FBI IC3 report - CyberScoop	2025.04.24
3	API Security Is Key to Cyber Resilience in Media and Entertainment - Akamai	2025.04.16
4	The cybersecurity job market is complicated: 3 key insights - ReversingLabs Blog	2025.04.16
5	Public Key Infrastructure: Authentifizierung ohne Passwort - IT Sicherheitsnews	2025.04.14

Additional information

No	Title	Date
1	Employee monitoring app exposes users, leaks 21+ million screenshots - Malware.News	2025.04.28
2	Introducing XSIAM 3.0 - Malware.News	2025.04.28
3	Deploy Bravely with Prisma AIRS - Malware.News	2025.04.28
4	2025 Cyber Resilience Research Discovers Speed of AI Advancing Emerging Attack Types - Malware.News	2025.04.28
5	Intel CEO Targets Change in Corporate Culture to Shape Up - Bloomberg Technology	2025.04.28
View only the last 5

No	Title	Date
1	10 key numbers from the 2024 FBI IC3 report - CyberScoop	2025.04.24
2	Malware and cryptography 41 - encrypt/decrypt payload via TEA. Simple Nim example - Malware.News	2025.04.10
3	The SQL Server Crypto Detour - Malware.News	2025.04.09
4	The SQL Server Crypto Detour - Malware.News	2025.04.09
5	SnakeKeylogger: A Multistage Info Stealer Malware Campaign - Malware.News	2025.03.25
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	bild6.exe RedLine stealer[m] PWS .NET framework RAT Generic Malware Downloader UPX Malicious Library Antivirus Confuser .NET Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP Key	21eab81729333b160786a2de1b1e621d	41093	2023.05.15
2	HalogenSySCheck.exe RedLine stealer[m] RAT PWS .NET framework Generic Malware Downloader UPX Malicious Library Antivirus Confuser .NET Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP Key	ee0da89ff62475fe63a8cd12c7134c5e	41076	2023.05.14

Level	Description
danger	File has been identified by 52 AntiVirus engines on VirusTotal as malicious
warning	Generates some ICMP traffic
watch	Appends a known multi-family ransomware file extension to files that have been encrypted
watch	Attempts to access Bitcoin/ALTCoin wallets
watch	Attempts to create or modify system certificates
watch	Collects information about installed applications
watch	Communicates with host for which no DNS query was performed
watch	Installs itself for autorun at Windows startup
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	A process created a hidden window
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Checks adapter addresses which can be used to detect virtual network interfaces
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Creates a shortcut to an executable file
notice	Creates a suspicious process
notice	Creates executable files on the filesystem
notice	Drops a binary and executes it
notice	Drops an executable to the user AppData folder
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	Looks up the external IP address
notice	One or more potentially interesting buffers were extracted
notice	Performs some HTTP requests
notice	Queries for potentially installed applications
notice	Steals private information from local Internet browsers
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	Collects information to fingerprint the system (MachineGuid
info	Command line console output was observed
info	One or more processes crashed
info	Queries for the computername
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)
info	Tries to locate where the browsers are installed
info	Uses Windows APIs to generate a cryptographic key
Network	ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)
Network	ET HUNTING Telegram API Domain in DNS Lookup
Network	ET INFO TLS Handshake Failure
Network	ET POLICY External IP Lookup ip-api.com
Network	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

No data

Beta Service, If you select keyword, you can check detailed information.