Cyber Threat Trends

Summary: 2025/04/30 06:35

First reported date: 2015/03/11
Inquiry period : 2025/03/31 06:35 ~ 2025/04/30 06:35 (1 months), 26 search results

전 기간대비 62% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 SOC intelligence Operation Malware AI 입니다.
악성코드 유형 Black Basta Ransomware QakBot 도 새롭게 확인됩니다.
공격기술 RCE hacking 도 새롭게 확인됩니다.
기관 및 기업 Microsoft Proofpoint Splunk Qualys 도 새롭게 확인됩니다.
기타 NextGen Threats Action Red Team anyrun 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/26 Is Detection Engineering just glorified googling?
    ㆍ 2025/04/25 The Top 10 SOC Influencers Making Waves
    ㆍ 2025/04/24 2025 State of the SOC Report

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	SOC	26	▲ 16 (62%)
2	intelligence	10	▲ 9 (90%)
3	Operation	8	▲ 2 (25%)
4	Malware	7	▲ 1 (14%)
5	AI	6	▲ 4 (67%)
6	NextGen	5	▲ new
7	attack	5	▲ 3 (60%)
8	Threats	4	▲ new
9	Action	4	▲ new
10	Report	3	- 0 (0%)
11	Google	2	▲ 1 (50%)
12	RCE	2	▲ new
13	Red Team	2	▲ new
14	anyrun	2	▲ new
15	AIdriven	2	▲ new
16	time	2	▲ new
17	Vulnerability	2	▲ 1 (50%)
18	Threat	2	▲ 1 (50%)
19	Software	2	▲ 1 (50%)
20	target	2	- 0 (0%)
21	detection	2	▲ new
22	Discover	2	▲ new
23	MDR	2	- 0 (0%)
24	cuttingedge	2	▲ new
25	Intezer	2	▲ new
26	Phishing	2	▲ 1 (50%)
27	Vawtrak	1	▼ -1 (-100%)
28	SIEM	1	▲ new
29	Sentinel	1	▲ new
30	Microsoft	1	▲ new
31	Email	1	- 0 (0%)
32	Workbench	1	▲ new
33	Protection	1	▲ new
34	Board	1	▲ new
35	Proofpoint	1	▲ new
36	Falcon	1	▲ new
37	Development	1	▲ new
38	Transform	1	▲ new
39	Enterprise	1	▲ new
40	Custom	1	▲ new
41	Zynq	1	▲ new
42	isnt	1	▲ new
43	increased	1	▲ new
44	Learning	1	▲ new
45	efficiency	1	▲ new
46	Amazon	1	- 0 (0%)
47	Metrics	1	▲ new
48	Approach	1	▲ new
49	ConsensusDriven	1	▲ new
50	Dangerous	1	▲ new
51	Top	1	▲ new
52	Blue Team	1	▲ new
53	query	1	▲ new
54	Data Center	1	▲ new
55	Splunk	1	▲ new
56	false	1	▲ new
57	hacking	1	▲ new
58	activity	1	▲ new
59	Qualys	1	▲ new
60	Analyst	1	▲ new
61	Adlumins	1	▲ new
62	State	1	▲ new
63	automation	1	- 0 (0%)
64	Linux	1	▲ new
65	YouTube	1	▲ new
66	Agentic	1	▲ new
67	domain	1	- 0 (0%)
68	SecondLevelDomainCommandandcontrol	1	- 0 (0%)
69	tree	1	- 0 (0%)
70	Commandandcontrol	1	- 0 (0%)
71	secondleveldomaincommand	1	- 0 (0%)
72	Autonomous	1	- 0 (0%)
73	Dawn	1	▲ new
74	Rise	1	▲ new
75	Sandbox	1	▲ new
76	HumanX	1	▲ new
77	Itai	1	▲ new
78	Education	1	- 0 (0%)
79	Exploit	1	- 0 (0%)
80	Criminal	1	▲ new
81	Minimize	1	▲ new
82	Strengthen	1	▲ new
83	Detect	1	▲ new
84	Interactive	1	▲ new
85	Takedown	1	▲ new
86	engineering	1	▲ new
87	Black Basta	1	▲ new
88	rule	1	▲ new
89	Advertising	1	- 0 (0%)
90	Update	1	▼ -1 (-100%)
91	Windows	1	- 0 (0%)
92	evasion	1	▲ new
93	RATel	1	- 0 (0%)
94	Cyber Kill Chain	1	▲ new
95	Ransomware	1	▲ new
96	Distribution	1	▲ new
97	IoC	1	▲ new
98	Campaign	1	▼ -1 (-100%)
99	QakBot	1	▲ new
100	alert	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
Vawtrak		1 (20%)
Black Basta		1 (20%)
RATel		1 (20%)
Ransomware		1 (20%)
QakBot		1 (20%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
RCE		2 (28.6%)
Phishing		2 (28.6%)
hacking		1 (14.3%)
Exploit		1 (14.3%)
Campaign		1 (14.3%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
Google		2 (25%)
Microsoft		1 (12.5%)
Proofpoint		1 (12.5%)
Amazon		1 (12.5%)
Splunk		1 (12.5%)

Threat info

Last 5

SNS

(Total : 17)

Total keyword

Intelligence Operation Microsoft Proofpoint Email MDR IoC Attacker Malware Takedown

No	Title	Date
1	Kaspersky @kaspersky Next-Gen SOC: Intelligence in Action ???? Threats evolve fast—shouldn’t your SOC? Join our live webinar (May 15, 10 AM KST) to learn how: ✅ AI + Threat Intelligence slashes detection time ✅ Proactive strategies beat reactive firefighting ✅ Collective defense amplifies security https://t.co/NWNb2JfW	2025.04.28
2	CrowdStrike @CrowdStrike ???? Falcon Next-Gen SIEM: Transform your SOC with context-rich UEBA and streamlined case management to enhance threat detection, investigation, and response. Combining automation and AI to operate at high speed with greater efficiency and precision. All on one platform. https://t.co/qQl696qPuA	2025.04.28
3	Rapid7 @rapid7 MDR for Enterprise isn't just another plugged-in SOC—it's a strategic extension of your security program With your team and ours operating as one, context is never lost, alerts are actionable, and response is always aligned to your priorities. Learn more: https://t.co/QlNTMrQHWu	2025.04.28
4	Dark Web Informer - Cyber Threat Intelligence @DarkWebInformer ????SOC Analyst Learning https://t.co/wP38wSVjf1	2025.04.26
5	Kimberly @StopMalvertisin Intezer \| The Top 10 SOC Influencers Making Waves https://t.co/b6JNq2B6LD	2025.04.25

News

(Total : 9)

Total keyword

Operation Malware attack Attacker intelligence Report Phishing Red Team RCE Vulnerability Google Software target Qualys hacking Data Center Amazon MDR Splunk Vawtrak Blue Team Update YouTube Criminal Exploit Education United States QakBot Campaign Distribution Black Basta Ransomware Cyber Kill Chain RATel Linux Windows Advertising

No	Title	Date
1	Is Detection Engineering just glorified googling? - Malware.News	2025.04.26
2	The Top 10 SOC Influencers Making Waves - Malware.News	2025.04.25
3	It’s Dangerous to Go Alone: A Consensus-Driven Approach to SOC Metrics - SANS Blog	2025.04.25
4	2025 State of the SOC Report - Malware.News	2025.04.24
5	Building a Custom Zynq-7000 SoC Development Board from the Ground Up - Hackaday	2025.04.20

Additional information

No	Title	Date
1	White House Calls Out Amazon, SoFi CEO on Earnings \| Bloomberg Technology - Bloomberg Technology	2025.04.30
2	Averted DDoS attacks peak last year, could be surpassed by year-end - Malware.News	2025.04.30
3	Zero-day intrusion purportedly thwarts BreachForums comeback - Malware.News	2025.04.30
4	WooCommerce users subjected to widespread fake security phishing campaign - Malware.News	2025.04.30
5	Scattered Spider suspected to be behind Marks & Spencer compromise - Malware.News	2025.04.30
View only the last 5

No	Title	Date
1	Is Detection Engineering just glorified googling? - Malware.News	2025.04.26
2	Is Detection Engineering just glorified googling? - Malware.News	2025.04.26
3	The Top 10 SOC Influencers Making Waves - Malware.News	2025.04.25
4	The Top 10 SOC Influencers Making Waves - Malware.News	2025.04.25
5	The Top 10 SOC Influencers Making Waves - Malware.News	2025.04.25
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	bugai.exe Client SW User Data Stealer browser info stealer Generic Malware EnigmaProtector Themida Packer Google Chrome User Data Downloader UPX Malicious Packer Admin Tool (Sysinternals etc ...) Malicious Library Http API PWS Code injection Create Service Soc	04354f40a9b6cd2f8f76d1dd35c798c8	48522	2024.02.16
2	UMM.exe SmokeLoader HermeticWiper Emotet Gen1 njRAT Generic Malware UltraVNC PhysicalDrive Suspicious_Script_Bin Buhtrap Group Downloader Malicious Library UPX Malicious Packer Antivirus Admin Tool (Sysinternals etc ...) ASPack Confuser .NET Create Service Soc	3240f8928a130bb155571570c563200a	44981	2023.09.22

Level	Description
danger	Disables Windows Security features
danger	Executed a process and injected code into it
danger	File has been identified by 30 AntiVirus engines on VirusTotal as malicious
watch	Allocates execute permission to another process indicative of possible code injection
watch	Appends a known multi-family ransomware file extension to files that have been encrypted
watch	Attempts to access Bitcoin/ALTCoin wallets
watch	Attempts to disable Windows Auto Updates
watch	Attempts to stop active services
watch	Checks for the presence of known devices from debuggers and forensic tools
watch	Checks for the presence of known windows from debuggers and forensic tools
watch	Checks the CPU name from registry
watch	Checks the version of Bios
watch	Collects information about installed applications
watch	Communicates with host for which no DNS query was performed
watch	Detects the presence of Wine emulator
watch	Detects VirtualBox through the presence of a registry key
watch	Detects VMWare through the in instruction feature
watch	Found URLs in memory pointing to an IP address rather than a domain (potentially indicative of Command & Control traffic)
watch	Harvests credentials from local email clients
watch	Harvests credentials from local FTP client softwares
watch	Installs itself for autorun at Windows startup
watch	Network activity contains more than one unique useragent
watch	One or more non-whitelisted processes were created
watch	Potential code injection by writing to the memory of another process
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
watch	Uses Sysinternals tools in order to add additional command line functionality
notice	A process attempted to delay the analysis task.
notice	A process created a hidden window
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	An application raised an exception which may be indicative of an exploit crash
notice	An executable file was downloaded by the process bugai.exe
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Creates a suspicious process
notice	Creates executable files on the filesystem
notice	Creates hidden or system file
notice	Drops a binary and executes it
notice	Drops an executable to the user AppData folder
notice	Expresses interest in specific running processes
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	Looks up the external IP address
notice	One or more potentially interesting buffers were extracted
notice	Performs some HTTP requests
notice	Potentially malicious URLs were found in the process memory dump
notice	Queries for potentially installed applications
notice	Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
notice	Searches running processes potentially to identify processes for sandbox evasion
notice	Steals private information from local Internet browsers
notice	The binary likely contains encrypted or compressed data indicative of a packer
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	Collects information to fingerprint the system (MachineGuid
info	Command line console output was observed
info	One or more processes crashed
info	Queries for the computername
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)
info	Tries to locate where the browsers are installed
Network	ET DROP Spamhaus DROP Listed Traffic Inbound group 22
Network	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
Network	ET INFO Executable Download from dotted-quad Host
Network	ET INFO Packed Executable Download
Network	ET MALWARE [ANY.RUN] RisePro TCP (Activity)
Network	ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration)
Network	ET MALWARE [ANY.RUN] RisePro TCP (Token)
Network	ET MALWARE RisePro CnC Activity (Inbound)
Network	ET MALWARE RisePro TCP Heartbeat Packet
Network	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
Network	ET POLICY PE EXE or DLL Windows file download HTTP
Network	ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
Network	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

No data

Beta Service, If you select keyword, you can check detailed information.