Cyber Threat Trends

Summary: 2025/04/29 00:13

First reported date: 2018/05/02
Inquiry period : 2025/03/30 00:13 ~ 2025/04/29 00:13 (1 months), 21 search results

전 기간대비 -38% 낮은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 abusech FUD last Top AgentTesla 입니다.
악성코드 유형 Vawtrak Rhadamanthys GootLoader Vidar Stealc 도 새롭게 확인됩니다.
공격자 MuddyWater 도 새롭게 확인됩니다.
공격기술 Backdoor 도 새롭게 확인됩니다.
기관 및 기업 Iran 도 새롭게 확인됩니다.
기타 neconyd ThreatProtection NortonLifeLock leak EDR 등 신규 키워드도 확인됩니다.

Malware with wide range of capabilities ranging from RAT to ransomware. Ref.

* 최근 뉴스기사 Top3:
ㆍ 2025/04/16 How Indicators of Compromise, Attack, and Behavior Help Spot and Stop Cyber Threats

참고로 동일한 그룹의 악성코드 타입은 SmokeLoader GuLoader Zloader 등 47개 종이 확인됩니다.

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	XWorm	21	▼ -8 (-38%)
2	abusech	10	▲ 8 (80%)
3	NetWireRC	9	▼ -3 (-33%)
4	AsyncRAT	6	▼ -1 (-17%)
5	FUD	6	▲ 5 (83%)
6	Lumma	6	▼ -1 (-17%)
7	Advertising	5	▼ -2 (-40%)
8	last	5	▲ 2 (40%)
9	Top	5	▲ 2 (40%)
10	AgentTesla	5	▲ 3 (60%)
11	tofsee	5	▲ 3 (60%)
12	snake	5	▲ 2 (40%)
13	Remcos	5	▲ 3 (60%)
14	Amadey	5	▲ 4 (80%)
15	RAT	4	▼ -3 (-75%)
16	c&c	4	▼ -2 (-50%)
17	Low	4	▲ 3 (75%)
18	C2	3	▲ 1 (33%)
19	neconyd	3	▲ new
20	Malware	3	▼ -9 (-300%)
21	Campaign	3	▼ -2 (-67%)
22	IoC	3	▼ -5 (-167%)
23	ThreatProtection	2	▲ new
24	Kaspersky	2	- 0 (0%)
25	Russia	2	- 0 (0%)
26	Phishing	2	▼ -3 (-150%)
27	Windows	2	▼ -3 (-150%)
28	Update	2	▼ -2 (-100%)
29	NortonLifeLock	2	▲ new
30	quasar	2	▲ 1 (50%)
31	Vawtrak	1	▲ new
32	Stealer	1	▼ -4 (-400%)
33	Linux	1	- 0 (0%)
34	ZeroDay	1	- 0 (0%)
35	Exploit	1	▼ -5 (-500%)
36	Email	1	▼ -1 (-100%)
37	Backdoor	1	▲ new
38	leak	1	▲ new
39	intelligence	1	▼ -1 (-100%)
40	EDR	1	▲ new
41	Rhadamanthys	1	▲ new
42	fileless	1	▲ new
43	httpstcoiP	1	▲ new
44	Updaterbat	1	▲ new
45	VT	1	▲ new
46	proton66	1	▲ new
47	cyberthreat	1	▲ new
48	Proton	1	▲ new
49	infrastructure	1	▲ new
50	hub	1	▲ new
51	GootLoader	1	▲ new
52	GameoverP2P	1	▼ -2 (-200%)
53	Iran	1	▲ new
54	sality	1	▲ new
55	Alleged	1	▲ new
56	httpstcor	1	▲ new
57	Vidar	1	▲ new
58	Stealc	1	▲ new
59	httpstcoX	1	▲ new
60	httpstcorApT	1	▲ new
61	httpstcoZTSvD	1	▲ new
62	httpstcoakl	1	▲ new
63	httpstcoDZGTQhz	1	▲ new
64	Eon	1	▲ new
65	DCRat	1	▼ -2 (-200%)
66	powershell	1	▼ -4 (-400%)
67	httpstcoNSPuGHFzwU	1	▲ new
68	nextronresearch	1	▲ new
69	httpstco	1	- 0 (0%)
70	httpstcoj	1	▲ new
71	Cobalt Strike	1	▲ new
72	MuddyWater	1	▲ new
73	Vulnerability	1	▼ -1 (-100%)
74	TPM	1	▲ new
75	United States	1	▼ -2 (-200%)
76	Victim	1	▼ -1 (-100%)
77	V57	1	▲ new
78	FormBook	1	▼ -2 (-200%)

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
XWorm		21 (30.4%)
NetWireRC		9 (13%)
AsyncRAT		6 (8.7%)
Lumma		6 (8.7%)
AgentTesla		5 (7.2%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
MuddyWater		1 (100%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Campaign		3 (37.5%)
Phishing		2 (25%)
Stealer		1 (12.5%)
Exploit		1 (12.5%)
Backdoor		1 (12.5%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
Kaspersky		2 (33.3%)
Russia		2 (33.3%)
Iran		1 (16.7%)
United States		1 (16.7%)

Malware Family

Top 5

A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.

Threat info

Last 5

SNS

(Total : 20)

Total keyword

XWorm NetWireRC AgentTesla AsyncRAT Remcos Lumma Amadey Advertising RAT C2 c&c Malware Kaspersky IoC Russia Campaign Windows Update Phishing GootLoader Rhadamanthys Stealc Vidar DCRat FormBook

No	Title	Date
1	ANY.RUN @anyrun_app Top 10 last week's threats by uploads ???? ⬇️ #Lumma 569 (1077) ⬆️ #Tofsee 363 (263) ⬇️ #Xworm 309 (1099) ⬇️ #Asyncrat 290 (395) ⬆️ #Neconyd 283 (169) ⬇️ #Snake 254 (379) ⬇️ #Remcos 232 (566) ⬇️ #Amadey 156 (380) ⬆️ #Formbook 134 (78) ⬇️ #Agenttesla 114 (271) Track them all: https://t.co/8l4AJmdDCa	2025.04.28
2	Konstantin Nikolenko @K_N1kolenko #XWorm #RAT #ioc 23.137.100.57:55423 27.124.12.33:8000 45.88.186.43:7232 46.8.194.92:7771 51.91.251.234:4782 62.60.157.156:7001 85.203.4.56:8436 88.210.34.51:7007 158.62.198.74:7000 178.128.201.111:8526	2025.04.25
3	Threat Intelligence @threatintel #ThreatProtection #Proton66 infrastructure, a hub for phishing, C2 ops and malware campaigns including GootLoader, SpyNote and XWorm. Read more about Symantec's protection: https://t.co/GeYC3ac1F5 #CyberThreat	2025.04.24
4	ANY.RUN @anyrun_app Top 10 last week's threats by uploads ???? ⬇️ #Lumma 592 (644) ⬇️ #Snake 306 (513) ⬇️ #Xworm 281 (341) ⬇️ #Asyncrat 277 (303) ⬆️ #Tofsee 264 (194) ⬆️ #Remcos 240 (203) ⬇️ #Agenttesla 195 (326) ⬆️ #Neconyd 169 (154) ⬆️ #Amadey 108 (95) ⬆️ #Quasar 91 (82) Track them all: https://t.co/D9Hy7N9Wuh	2025.04.21
5	Szabolcs Schmidt @smica83 FUD #xworm @abuse_ch after manually checked :D '44f5c0ed4c3d35121425ada19118c605' 'Updater.bat' VT: https://t.co/lEBaFbEpnZ Of course @nextronresearch has 5 matching rules again... @cod3nym @cyb3rops https://t.co/fei5K8Pw3H	2025.04.20

News

(Total : 1)

Total keyword

AsyncRAT EDR Backdoor Email RAT Exploit ZeroDay Update Windows Linux Stealer Vawtrak GameoverP2P XWorm Lumma Cobalt Strike Iran powershell Attacker Victim c&c IoC United States Campaign Phishing Malware Vulnerability MuddyWater NetWireRC intelligence

No	Title	Date
1	How Indicators of Compromise, Attack, and Behavior Help Spot and Stop Cyber Threats - Malware.News	2025.04.16

Additional information

No	Title	Date
1	Employee monitoring app exposes users, leaks 21+ million screenshots - Malware.News	2025.04.28
2	Introducing XSIAM 3.0 - Malware.News	2025.04.28
3	Deploy Bravely with Prisma AIRS - Malware.News	2025.04.28
4	2025 Cyber Resilience Research Discovers Speed of AI Advancing Emerging Attack Types - Malware.News	2025.04.28
5	Intel CEO Targets Change in Corporate Culture to Shape Up - Bloomberg Technology	2025.04.28
View only the last 5

No	Title	Date
1	ClickFix: How to Infect Your PC in Three Easy Steps - Malware.News	2025.03.15
2	ClickFix: How to Infect Your PC in Three Easy Steps - Malware.News	2025.03.15
3	ClickFix: How to Infect Your PC in Three Easy Steps - Malware.News	2025.03.15
4	Microsoft Research Reveals – Phishing Campaign Impersonates Booking(.)com, Delivers a Suite of Credential-Stealing Malware - Malware.News	2025.03.14
5	Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware - Malware.News	2025.03.14
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	dsl.exe XWorm Generic Malware WebCam Malicious Library Antivirus AntiDebug AntiVM PE File .NET EXE PE32	ca3c89c340a55b727fba1a1009cd0c0c	58284	2025.03.24
2	brain.ps1 XWorm Formbook Hide_EXE Generic Malware WebCam Antivirus Malicious Library Confuser .NET Code injection KeyLogger AntiDebug AntiVM PE File DLL PE32 .NET DLL .NET EXE	62f57d817459bd722949f54a03302b88	58062	2025.03.13
3	we.exe XWorm Hide_EXE WebCam Antivirus UPX AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check .NET DLL	918f83cd6d935bd729990142f8e276e0	57981	2025.03.08
4	rt.exe XWorm Hide_EXE WebCam Antivirus UPX AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check .NET DLL	47db83a48f4ce42a918802f20de2728f	57986	2025.03.08
5	yr.exe XWorm Hide_EXE WebCam Antivirus UPX AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check .NET DLL	b29aa8460bf0b60c342b00e1e1003e0e	57853	2025.02.28
View only the last 5

Level	Description
danger	File has been identified by 54 AntiVirus engines on VirusTotal as malicious
danger	Executed a process and injected code into it
watch	A process performed obfuscation on information about the computer or sent it to a remote location indicative of CnC Traffic/Preperations.
watch	Allocates execute permission to another process indicative of possible code injection
watch	Code injection by writing an executable or DLL to the memory of another process
watch	Potential code injection by writing to the memory of another process
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
watch	Used NtSetContextThread to modify a thread in a remote process indicative of process injection
notice	A process created a hidden window
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Creates a shortcut to an executable file
notice	Creates a suspicious process
notice	One or more potentially interesting buffers were extracted
notice	Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
notice	The binary likely contains encrypted or compressed data indicative of a packer
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	Command line console output was observed
info	Queries for the computername
info	This executable has a PDB path
info	Uses Windows APIs to generate a cryptographic key

No	Category	URL	CC	ASN Co	Date
1	c2	http://92.255.85.2:4372/	RU	Comfortel Ltd.	2025.04.04
2	c2	http://92.255.85.2:7777/	RU	Comfortel Ltd.	2025.04.04
3	c2	https://pastebin.com/raw/jxfGm9Pc	US	CLOUDFLARENET	2024.09.02
4	c2	http://85.209.133.150:6677/	DE	Cloud Computing Ltd.	2024.09.02
5	c2	http://91.92.240.41:7000/	BG	Natskovi & Sie Ltd.	2024.08.12
View only the last 5

No	URL	Reporter	Date
1	http://185.215.113.19//inc/WindowsUI.exe xworm	anonymous	2025.04.26
2	http://185.215.113.19//inc/rstxdhuj.exe xworm	anonymous	2025.04.26
3	http://185.215.113.19//inc/BaddStore.exe xworm	anonymous	2025.04.26
4	http://185.215.113.19//inc/1.exe xworm	anonymous	2025.04.26
5	http://185.215.113.19//inc/DiskUtility.exe xworm	anonymous	2025.04.26
View only the last 5

Beta Service, If you select keyword, you can check detailed information.