Cyber Threat Trends

Summary: 2025/04/29 00:09

First reported date: 2016/08/25
Inquiry period : 2025/04/22 00:09 ~ 2025/04/29 00:09 (7 days), 2 search results

전 기간대비 동일한 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Lumma 입니다.
악성코드 유형 FormBook Stealc Vidar Lobshot BlackSuit Ransomware 도 새롭게 확인됩니다.
공격기술 Social Engineering Phishing 도 새롭게 확인됩니다.
기관 및 기업 CrowdStrike Recorded Future United States Microsoft Germany 도 새롭게 확인됩니다.
기타 IBM EDR Ch neconyd MFA 등 신규 키워드도 확인됩니다.

A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. Ref.

* 최근 뉴스기사 Top3:
ㆍ 2025/04/23 Private: Stealing the Future: Infostealers Power Cybercrime in 2025

참고로 동일한 그룹의 악성코드 타입은 FormBook QakBot RedLine 등 101개 종이 확인됩니다.

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	FormBook	2	▲ new
2	AgentTesla	2	- 0 (0%)
3	Lumma	2	▲ 1 (50%)
4	IBM	1	▲ new
5	AsyncRAT	1	- 0 (0%)
6	EDR	1	▲ new
7	CrowdStrike	1	▲ new
8	Recorded Future	1	▲ new
9	Ch	1	▲ new
10	Tofsee	1	- 0 (0%)
11	XWorm	1	- 0 (0%)
12	neconyd	1	▲ new
13	MFA	1	▲ new
14	snake	1	- 0 (0%)
15	Remcos	1	- 0 (0%)
16	Amadey	1	- 0 (0%)
17	Top	1	- 0 (0%)
18	last	1	- 0 (0%)
19	NetWireRC	1	- 0 (0%)
20	Stealc	1	▲ new
21	DarkWeb	1	▲ new
22	Malware	1	▲ new
23	Cryptocurrency	1	▲ new
24	Social Engineering	1	▲ new
25	Phishing	1	▲ new
26	Report	1	▲ new
27	QRadar Security Suite	1	▲ new
28	Campaign	1	- 0 (0%)
29	United States	1	▲ new
30	Victim	1	▲ new
31	Vidar	1	▲ new
32	Lobshot	1	▲ new
33	Microsoft	1	▲ new
34	Germany	1	▲ new
35	BlackSuit	1	▲ new
36	Ransomware	1	▲ new
37	Advertising	1	- 0 (0%)

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
FormBook		2 (12.5%)
AgentTesla		2 (12.5%)
Lumma		2 (12.5%)
AsyncRAT		1 (6.3%)
XWorm		1 (6.3%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Social Engineering		1 (33.3%)
Phishing		1 (33.3%)
Campaign		1 (33.3%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
CrowdStrike		1 (20%)
Recorded Future		1 (20%)
United States		1 (20%)
Microsoft		1 (20%)
Germany		1 (20%)

Malware Family

Top 5

A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.

Threat info

Last 5

SNS

(Total : 1)

Total keyword

Lumma XWorm AsyncRAT Remcos Amadey FormBook AgentTesla NetWireRC Advertising

No	Title	Date
1	ANY.RUN @anyrun_app Top 10 last week's threats by uploads ???? ⬇️ #Lumma 569 (1077) ⬆️ #Tofsee 363 (263) ⬇️ #Xworm 309 (1099) ⬇️ #Asyncrat 290 (395) ⬆️ #Neconyd 283 (169) ⬇️ #Snake 254 (379) ⬇️ #Remcos 232 (566) ⬇️ #Amadey 156 (380) ⬆️ #Formbook 134 (78) ⬇️ #Agenttesla 114 (271) Track them all: https://t.co/8l4AJmdDCa	2025.04.28

News

(Total : 1)

Total keyword

FormBook Lobshot Recorded Future CrowdStrike EDR Stealc MFA DarkWeb Lumma Ransomware BlackSuit Germany Microsoft Attacker Vidar Victim Cryptocurrency United States Campaign AgentTesla Report Phishing Social Engineering Malware IBM QRadar Security Suite

No	Title	Date
1	Private: Stealing the Future: Infostealers Power Cybercrime in 2025 - Malware.News	2025.04.23

Additional information

No	Title	Date
1	Employee monitoring app exposes users, leaks 21+ million screenshots - Malware.News	2025.04.28
2	Introducing XSIAM 3.0 - Malware.News	2025.04.28
3	Deploy Bravely with Prisma AIRS - Malware.News	2025.04.28
4	2025 Cyber Resilience Research Discovers Speed of AI Advancing Emerging Attack Types - Malware.News	2025.04.28
5	Intel CEO Targets Change in Corporate Culture to Shape Up - Bloomberg Technology	2025.04.28
View only the last 5

No	Title	Date
1	Private: Stealing the Future: Infostealers Power Cybercrime in 2025 - Malware.News	2025.04.23
2	Private: Stealing the Future: Infostealers Power Cybercrime in 2025 - Malware.News	2025.04.23
3	Private: Stealing the Future: Infostealers Power Cybercrime in 2025 - Malware.News	2025.04.23
4	Private: Stealing the Future: Infostealers Power Cybercrime in 2025 - Malware.News	2025.04.23
5	What Is The New Steganographic Campaign Distributing Multiple Malware - Malware.News	2025.03.17
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	ori.js AgentTesla Hide_EXE Malicious Library Malicious Packer UPX PE File OS Memory Check .NET EXE PE32 OS Processor Check OS Name Check	01e995c96291c13d4ec3a08ebcdca4f6	58912	2025.04.09
2	singer.exe AgentTesla Malicious Library .NET framework(MSIL) PWS KeyLogger AntiDebug AntiVM PE File .NET EXE PE32	c65f4749e6f2262761814de48341a4ba	58166	2025.03.17
3	singer.exe AgentTesla Malicious Library .NET framework(MSIL) PWS KeyLogger AntiDebug AntiVM PE File .NET EXE PE32	b0a7ffb9d597ceb2ab1b7a8b8e0bd097	58179	2025.03.17
4	BELIEVVE.exe AgentTesla Malicious Library Malicious Packer UPX PE File OS Memory Check .NET EXE PE32 OS Processor Check OS Name Check	2ec0e8114c49cba545e0cfd5e4a12ddf	58088	2025.03.16
5	EMAIL.exe AgentTesla Malicious Library Malicious Packer UPX PE File OS Memory Check .NET EXE PE32 OS Processor Check OS Name Check	1d6485deef98e3e3ffd59ec9e2815771	58091	2025.03.16
View only the last 5

Level	Description
danger	The process wscript.exe wrote an executable file to disk which it then attempted to execute
danger	File has been identified by 30 AntiVirus engines on VirusTotal as malicious
watch	A process attempted to delay the analysis task.
watch	Creates a windows hook that monitors keyboard input (keylogger)
watch	Drops a binary and executes it
watch	Harvests credentials from local email clients
watch	Looks for the Windows Idle Time to determine the uptime
watch	Makes SMTP requests
watch	One or more non-whitelisted processes were created
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Checks adapter addresses which can be used to detect virtual network interfaces
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Connects to smtp.gmail.com
notice	Creates executable files on the filesystem
notice	Drops an executable to the user AppData folder
notice	Steals private information from local Internet browsers
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	One or more processes crashed
info	Queries for the computername
Network	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
Network	SURICATA Applayer Detect protocol only one direction

No	Category	URL	CC	ASN Co	Date
1	c2	http://mail.chinaplasticsac.com/	US	Radware Ltd	2025.03.18
2	c2	http://ftp.concaribe.com/	US	UNIFIEDLAYER-AS-1	2025.03.17
3	c2	http://ftp.antoniomayol.com/	US	UNIFIEDLAYER-AS-1	2024.09.19
4	c2	http://ftp.jeepcommerce.rs/	RS	BeotelNet-ISP d.o.o	2024.09.19
5	c2	http://smtp.coxenregy.com/	US	PUBLIC-DOMAIN-REGISTRY	2024.08.08
View only the last 5

No	URL	CC	ASN Co	Reporter	Date
1	http://185.215.113.117//inc/clsid.exe AgentTesla			abus3reports	2025.04.26
2	https://www.grupodulcemar.pe/RG0987890000.exe 10pluspositivesinVT AgentTesla	PE	Red Cientifica Peruana	abus3reports	2025.04.20
3	https://www.grupodulcemar.pe/FINAL%20REVISED%20PROFORMA%20INVOICE.bat 10pluspositivesinVT AgentTesla	PE	Red Cientifica Peruana	abus3reports	2025.04.20
4	http://213.209.150.89/actuax.exe AgentTesla	DE	Keminet SHPK	abus3reports	2025.04.20
5	http://213.209.150.89/mobix.exe AgentTesla	DE	Keminet SHPK	abus3reports	2025.04.20
View only the last 5

Beta Service, If you select keyword, you can check detailed information.