Cyber Threat Trends

Summary: 2025/04/29 21:01

First reported date: 2011/03/24
Inquiry period : 2025/04/22 21:00 ~ 2025/04/29 21:00 (7 days), 23 search results

전 기간대비 -30% 낮은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Stealer attack Exploit threat Education 입니다.
악성코드 유형 CACTUS RATel FormBook RedLine IcedID Phobos DYEPACK Remcos 도 새롭게 확인됩니다.
공격자 APT43 도 새롭게 확인됩니다.
기관 및 기업 CISA Spain Splunk 도 새롭게 확인됩니다.
기타 query Java RSA Conference Open id66nn 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/28 IR Trends Q1 2025: Phishing soars as identity-based attacks persist
    ㆍ 2025/04/26 Threat Hunting: For what, when, and how?
    ㆍ 2025/04/25 Lessons from Ted Lasso for cybersecurity success

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	IoC	23	▼ -7 (-30%)
2	Malware	11	▼ -4 (-36%)
3	Campaign	8	▼ -1 (-13%)
4	Stealer	7	▲ 1 (14%)
5	attack	7	▲ 1 (14%)
6	Exploit	6	▲ 1 (17%)
7	Update	6	▼ -2 (-33%)
8	Victim	6	▼ -3 (-50%)
9	Microsoft	6	▼ -2 (-33%)
10	Windows	5	▼ -2 (-40%)
11	Vulnerability	5	- 0 (0%)
12	Email	5	- 0 (0%)
13	Advertising	5	- 0 (0%)
14	Report	5	▼ -3 (-60%)
15	United States	4	▼ -4 (-100%)
16	threat	4	▲ 1 (25%)
17	Phishing	4	▼ -4 (-100%)
18	Education	4	▲ 3 (75%)
19	c&c	4	▼ -6 (-150%)
20	RCE	4	▲ 2 (50%)
21	target	4	▼ -1 (-25%)
22	powershell	3	- 0 (0%)
23	CACTUS	3	▲ new
24	Ransomware	3	▲ 2 (67%)
25	MFA	3	▲ 1 (33%)
26	Cisco	3	- 0 (0%)
27	Kaspersky	3	▼ -1 (-33%)
28	Social Engineering	3	- 0 (0%)
29	ZeroDay	3	▲ 1 (33%)
30	intelligence	3	▼ -1 (-33%)
31	RATel	3	▲ new
32	Operation	3	▲ 1 (33%)
33	FormBook	3	▲ new
34	France	2	▲ 1 (50%)
35	South Korea	2	- 0 (0%)
36	Google	2	▲ 1 (50%)
37	VirusTotal	2	- 0 (0%)
38	Browser	2	- 0 (0%)
39	Russia	2	▼ -1 (-50%)
40	NetWireRC	2	▼ -3 (-150%)
41	Government	2	▼ -1 (-50%)
42	CISA	2	▲ new
43	EDR	2	▼ -1 (-50%)
44	United Kingdom	2	- 0 (0%)
45	Linux	2	▼ -3 (-150%)
46	query	2	▲ new
47	ANY	2	▲ 1 (50%)
48	Java	2	▲ new
49	Software	2	▲ 1 (50%)
50	APT	2	- 0 (0%)
51	RSA Conference	2	▲ new
52	Distribution	1	▼ -2 (-200%)
53	Apple	1	- 0 (0%)
54	Open	1	▲ new
55	DDoS	1	- 0 (0%)
56	id66nn	1	▲ new
57	biosphxeredigital	1	▲ new
58	cartograhphytop	1	▲ new
59	clarmodqtop	1	▲ new
60	Lumma	1	▼ -2 (-200%)
61	RedLine	1	▲ new
62	idcheat	1	▲ new
63	id	1	▲ new
64	RAT	1	▼ -2 (-200%)
65	Amos	1	▼ -1 (-100%)
66	amosstealer	1	▼ -1 (-100%)
67	Setup	1	- 0 (0%)
68	updatescript	1	▲ new
69	AsyncRAT	1	▼ -1 (-100%)
70	XWorm	1	- 0 (0%)
71	Backdoor	1	▼ -4 (-400%)
72	IcedID	1	▲ new
73	Trojan	1	▼ -1 (-100%)
74	Phobos	1	▲ new
75	aqbtkjtop	1	▲ new
76	ambitiouswomennet	1	▲ new
77	Fofa	1	▲ new
78	VelvetChollima	1	▲ new
79	APT43	1	▲ new
80	Kimsuky	1	- 0 (0%)
81	Crytox	1	▲ new
82	DYEPACK	1	▲ new
83	MimiKatz	1	▲ new
84	Black Basta	1	- 0 (0%)
85	WMI	1	- 0 (0%)
86	SMB	1	▲ new
87	NORMALDAKI	1	▲ new
88	Spain	1	▲ new
89	detection	1	▲ new
90	activity	1	▲ new
91	hunt	1	▲ new
92	GitHub	1	▼ -5 (-500%)
93	PaloNetworkFilesFG	1	▲ new
94	Splunk	1	▲ new
95	ChatGPT	1	▲ new
96	Remcos	1	▲ new
97	sec	1	▲ new
98	Lasso	1	▲ new
99	Talos	1	▲ new
100	Ted	1	▲ new

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
CACTUS		3 (9.7%)
Ransomware		3 (9.7%)
RATel		3 (9.7%)
FormBook		3 (9.7%)
NetWireRC		2 (6.5%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
APT43		1 (33.3%)
Kimsuky		1 (33.3%)
SideCopy		1 (33.3%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Campaign		8 (21.1%)
Stealer		7 (18.4%)
Exploit		6 (15.8%)
Phishing		4 (10.5%)
RCE		4 (10.5%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
Microsoft		6 (15.4%)
United States		4 (10.3%)
Cisco		3 (7.7%)
Kaspersky		3 (7.7%)
France		2 (5.1%)

Threat info

Last 5

SNS

(Total : 14)

Total keyword

IoC Stealer FormBook Campaign NetWireRC APT Malware XWorm Update AsyncRAT SideCopy RAT Remcos RedLine Kimsuky APT43 France South Korea Lumma India Education attack LummaStealer

No	Title	Date
1	Konstantin Nikolenko @K_N1kolenko #FormBook #Stealer #ioc 031234440.xyz ambitiouswomen.net aqbtkj.top auradesigns.xyz coininsight.tech efcoin.live eternalethereum.xyz guiasservicos.shop holorush.live kissjav.pics newshunt.biz nicheremedies.xyz rciede.info royalbond.xyz rtvs-sk.sbs	2025.04.29
2	Cyber Team @Cyberteam008 Fofa Query for #Kimsuky #APT / #APT43 / #VelvetChollima Query: icon_hash="-545893547" && os!="" Link: https://t.co/vEtLb2NhFv Infra: https://t.co/QONfEyjyUl Note: Most of the infra hosted in South Korea (AS135377, AS4766, AS20473), France & USA. @500mk500 #Malware #ioc https://t.co/	2025.04.28
3	Yogesh Londhe @suyog41 NORMALDAKI Stealer cdfdc1fde47a5d2899cf09d4c01e00e9 #NORMALDAKI #Stealer #IOC https://t.co/MrYXp8Jjef	2025.04.28
4	Yogesh Londhe @suyog41 Amos Stealer Setup 62d7d138b50a2875d08012c56a3198ae update-script 366e9e8978edb924e998d7a7c156782b Open Gatekeeper friendly[.app[.zip 2305d8e0e527ddb7cc7591a55c31ffcf OGF 34259547171d840973bce9ddd2d87bbf #Amos #AmosStealer #Stealer #IOC	2025.04.25
5	Konstantin Nikolenko @K_N1kolenko #AsyncRAT #ioc 85.203.4.56:1834 114.66.58.133:8995 176.65.144.121:4449	2025.04.25

News

(Total : 9)

Total keyword

IoC Malware Attacker Campaign Exploit Microsoft Victim attack Vulnerability Report Update Windows Advertising Email target Phishing c&c United States RCE Cisco powershell Operation CACTUS Education Ransomware ZeroDay RATel MFA intelligence Kaspersky Social Engineering VirusTotal Linux Google Software EDR RSA Conference Java Government United Kingdom Russia Browser CISA Distribution DDoS Backdoor France Trojan UNIX Apple IcedID Spain DYEPACK MimiKatz Black Basta WMI SMB Phobos IoT GitHub Bankshot ChatGPT Splunk Volgmer Mandiant Ucraina WhatsApp Europe conference Cobalt Strike Watchdog Forensics PDB Zero Trust schtasks RMS LPEClient Exploit Kit Spear Phishing Criminal Vawtrak Quishing ...

No	Title	Date
1	IR Trends Q1 2025: Phishing soars as identity-based attacks persist - Malware.News	2025.04.28
2	Threat Hunting: For what, when, and how? - Malware.News	2025.04.26
3	Lessons from Ted Lasso for cybersecurity success - Malware.News	2025.04.25
4	ANY.RUN Becomes a Gold Winner in Threat Intelligence at Globee Awards 2025 - Malware.News	2025.04.24
5	Operation SyncHole: Lazarus APT goes back to the well - Malware.News	2025.04.24

Additional information

No	Title	Date
1	What privacy? Perplexity wants your data, builds browser to track you and serve ads - Malware.News	2025.04.29
2	Foldable Phones Need Better Software to Drive Wider Interest - Bloomberg Technology	2025.04.29
3	Year in Review: AI based threats - Malware.News	2025.04.29
4	Spotify’s Subscriber Count Climbs 12%, Beating Forecast - Bloomberg Technology	2025.04.29
5	Microsoft and Amazon Capex in Focus Amid Potential AI Pullback - Bloomberg Technology	2025.04.29
View only the last 5

No	Title	Date
1	IR Trends Q1 2025: Phishing soars as identity-based attacks persist - Malware.News	2025.04.28
2	IR Trends Q1 2025: Phishing soars as identity-based attacks persist - Malware.News	2025.04.28
3	Threat Hunting: For what, when, and how? - Malware.News	2025.04.26
4	Threat Hunting: For what, when, and how? - Malware.News	2025.04.26
5	Threat Hunting: For what, when, and how? - Malware.News	2025.04.26
View only the last 5

No data

No	URL	Reporter	Date
1	http://185.215.113.93/tdrpload.exe exe GandCrab IOC Ransomware	Try0	2024.07.27
2	http://185.215.113.93/r.exe exe GandCrab IOC Ransomware	Try0	2024.07.27
3	http://185.215.113.93/a.exe exe GandCrab IOC Ransomware	Try0	2024.07.27
4	http://185.215.113.93/t2.exe exe GandCrab IOC Ransomware	Try0	2024.07.27
5	http://185.215.113.93/s.exe exe GandCrab IOC Ransomware	Try0	2024.07.27
View only the last 5

Beta Service, If you select keyword, you can check detailed information.