Cyber Threat Trends

Summary: 2025/04/28 23:21

First reported date: 2015/01/23
Inquiry period : 2025/03/29 23:21 ~ 2025/04/28 23:21 (1 months), 48 search results

전 기간대비 42% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 njRAT NetWireRC c&c C2 DDNS 입니다.
악성코드 유형 RAT Trojan 도 새롭게 확인됩니다.
기타 account Email photobucksglatplygg payment Password 등 신규 키워드도 확인됩니다.

njRAT is a remote access trojan. It is one of the most widely accessible RATs on the market that features an abundance of educational information.
Interested attackers can even find tutorials on YouTube.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/28 Decoding njRAT traffic with NetworkMiner
    ㆍ 2025/04/17 “I sent you an email from your email account,” sextortion scam claims
    ㆍ 2025/04/16 “I sent you an email from your email account,” sextortion scam claims

참고로 동일한 그룹의 악성코드 타입은 Remcos njRAT QuasarRAT 등 112개 종이 확인됩니다.

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	njRAT	48	▲ 20 (42%)
2	NetWireRC	48	▲ 21 (44%)
3	c&c	45	▲ 20 (44%)
4	C2	45	▲ 22 (49%)
5	DDNS	2	▲ 1 (50%)
6	account	2	▲ new
7	Email	2	▲ new
8	Victim	2	- 0 (0%)
9	photobucksglatplygg	1	▲ new
10	payment	1	▲ new
11	Password	1	▲ new
12	access	1	▲ new
13	address	1	▲ new
14	own	1	▲ new
15	yetcontinentalglatplygg	1	▲ new
16	studentwifiglatplygg	1	▲ new
17	diseaseexpendituresglatplygg	1	▲ new
18	RAT	1	▲ new
19	vpn	1	- 0 (0%)
20	introductionsatisfyglatplygg	1	▲ new
21	rayishim	1	▲ new
22	hiesa	1	▲ new
23	panelthrownglatplygg	1	▲ new
24	recommendedcollinsglatplygg	1	▲ new
25	teamevaluatingglatplygg	1	▲ new
26	traffic	1	▲ new
27	Trojan	1	▲ new
28	Malware	1	▼ -3 (-300%)
29	Browser	1	▲ new
30	jajaovhduckdnsorg	1	▲ new
31	animalpremiumglatplygg	1	▲ new
32	fuckfrance	1	▲ new
33	France	1	- 0 (0%)
34	hydrat	1	▲ new
35	serveonet	1	▲ new
36	lakeobservationglatplygg	1	▲ new
37	lesbianstereoglatplygg	1	▲ new
38	packamberglatplygg	1	▲ new
39	Cryptocurrency	1	- 0 (0%)
40	getmetglatplygg	1	▲ new
41	overallwhomglatplygg	1	▲ new
42	arquivehacksddnsnet	1	▲ new
43	teachingintegrateglatplygg	1	▲ new
44	target	1	- 0 (0%)
45	sextortion	1	▲ new
46	scam	1	▲ new
47	Phishing	1	- 0 (0%)
48	NetworkMiner	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
njRAT		48 (49%)
NetWireRC		48 (49%)
RAT		1 (1%)
Trojan		1 (1%)

Attacker & Actors

The status of the attacker or attack group being issued.

No data.

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Phishing		1 (100%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
France		1 (100%)

Malware Family

Top 5

A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.

Threat info

Last 5

SNS

(Total : 45)

Total keyword

njRAT c&c NetWireRC C2 DDNS vpn France

No	Title	Date
1	SarlackLab @SarlackLab #njrat #C2 server 94.26.90.81:6666 confirmed 2025-04-26	2025.04.27
2	SarlackLab @SarlackLab #njrat #C2 server 147.185.221.27:31185 team-evaluating.gl.at.ply.gg confirmed 2025-04-26	2025.04.26
3	SarlackLab @SarlackLab #njrat #C2 server 193.161.193.99:56152 hiesa-56152.portmap.host confirmed 2025-04-23	2025.04.23
4	SarlackLab @SarlackLab #njrat #C2 server 147.185.221.27:52684 recommended-collins.gl.at.ply.gg confirmed 2025-04-23	2025.04.23
5	SarlackLab @SarlackLab #njrat #C2 server 147.185.221.27:57016 panel-thrown.gl.at.ply.gg confirmed 2025-04-23	2025.04.23

News

(Total : 3)

Total keyword

NetWireRC njRAT Victim Email Trojan Password payment Cryptocurrency RAT Browser Phishing Malware target

No	Title	Date
1	Decoding njRAT traffic with NetworkMiner - Netresec / Erik Hjelmvik / malpedia	2025.04.28
2	“I sent you an email from your email account,” sextortion scam claims - Malware.News	2025.04.17
3	“I sent you an email from your email account,” sextortion scam claims - Malwarebytes Labs	2025.04.16

Additional information

No	Title	Date
1	Employee monitoring app exposes users, leaks 21+ million screenshots - Malware.News	2025.04.28
2	Introducing XSIAM 3.0 - Malware.News	2025.04.28
3	Deploy Bravely with Prisma AIRS - Malware.News	2025.04.28
4	2025 Cyber Resilience Research Discovers Speed of AI Advancing Emerging Attack Types - Malware.News	2025.04.28
5	Intel CEO Targets Change in Corporate Culture to Shape Up - Bloomberg Technology	2025.04.28
View only the last 5

No	Title	Date
1	Blind Eagle: …And Justice for All - Malware.News	2025.03.10
2	Blind Eagle: …And Justice for All - Malware.News	2025.03.10
3	Blind Eagle: …And Justice for All - Malware.News	2025.03.10
4	Blind Eagle: …And Justice for All - Malware.News	2025.03.10
5	Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool - Malware.News	2025.03.05
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	PropertyFiles_2025-04-21.exe njRAT backdoor Generic Malware Antivirus Malicious Library UPX PE File CAB OS Name Check MSOffice File PE32 OS Processor Check DLL	b4f9c6f50cc331920c86a36e83e6b9f6	59888	2025.04.24
2	Explerer.exe njRAT backdoor PE File .NET EXE PE32	7c27b7369ddd2a6e528b1103d6c252e3	59853	2025.04.22
3	njntos.exe njRAT backdoor PE File .NET EXE PE32	b510120966ae2b95f96e34dffb58f277	59854	2025.04.22
4	VPN-Installer.exe njRAT backdoor Generic Malware Malicious Library Antivirus UPX PE File CAB PE32 MSOffice File OS Processor Check OS Name Check DLL	5188e0fd775892a2bdd22429988ab955	59727	2025.04.21
5	BTC-Flasher.exe njRAT backdoor Generic Malware Malicious Library Antivirus UPX PE File CAB PE32 MSOffice File OS Processor Check OS Name Check DLL	cdc608f2170924fa6849c50369bf0ff9	59808	2025.04.21
View only the last 5

Level	Description
warning	File has been identified by 21 AntiVirus engines on VirusTotal as malicious
watch	Creates known Upatre files
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Creates executable files on the filesystem
notice	Drops an executable to the user AppData folder
notice	One or more potentially interesting buffers were extracted
notice	Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
notice	Resolves a suspicious Top Level Domain (TLD)
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	Queries for the computername
info	The file contains an unknown PE resource name possibly indicative of a packer
info	This executable has a PDB path
info	Uses Windows APIs to generate a cryptographic key
Network	ET DNS Query to a *.top domain - Likely Hostile

No	Category	URL	CC	ASN Co	Date
1	c2	http://45.83.207.17:6522/	GB	Clouvider Limited	2025.04.22
2	c2	http://jvjv2044duck33.duckdns.org/	TR	Turk Telekom	2025.04.22
3	c2	http://45.83.207.17:3158/	GB	Clouvider Limited	2025.04.21
4	c2	http://abolhb.com/	RU		2025.04.21
5	c2	http://54.169.93.143:10549/	SG	AMAZON-02	2025.04.11
View only the last 5

No	URL	CC	ASN Co	Reporter	Date
1	https://raw.githubusercontent.com/virusstudiov64/rat/main/sdc.exe njRAT	US	FASTLY	DaveLikesMalwre	2025.04.28
2	http://github.com/sohpierainxz/Fnaf-1/raw/refs/heads/main/fusca%20game.exe njRAT	US	MICROSOFT-CORP-MSN-AS-BLOCK	DaveLikesMalwre	2025.04.28
3	http://185.215.113.19//inc/OneDrive.exe njRAT			anonymous	2025.04.26
4	http://185.215.113.19//inc/Client_protected.exe njRAT			anonymous	2025.04.26
5	http://185.215.113.19//inc/PkContent.exe njRAT			anonymous	2025.04.26
View only the last 5

Beta Service, If you select keyword, you can check detailed information.