Cyber Threat Trends

Summary: 2025/04/28 22:24

First reported date: 2013/03/05
Inquiry period : 2025/04/21 22:24 ~ 2025/04/28 22:24 (7 days), 6 search results

전 기간대비 -167% 낮은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 Ransomware Social Engineering Education Cobalt Strike Black Basta 입니다.
악성코드 유형 CACTUS RATel Crytox DYEPACK Phobos RMS Anchor LockBit 도 새롭게 확인됩니다.
공격자 Tick LOTUS PANDA Lazarus Kimsuky Sandworm APT28 OilRig 도 새롭게 확인됩니다.
공격기술 Spear Phishing Smishing 도 새롭게 확인됩니다.
기관 및 기업 Cisco Google Mandiant Tenable 도 새롭게 확인됩니다.
기타 Operation Software Forensics PDB Zero Trust 등 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
    ㆍ 2025/04/28 IR Trends Q1 2025: Phishing soars as identity-based attacks persist
    ㆍ 2025/04/23 How Threat Intelligence Feeds Help During Incident Response
    ㆍ 2025/04/23 Introducing ToyMaker, an Initial Access Broker working in cahoots with double extortion gangs

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	powershell	6	▼ -10 (-167%)
2	Malware	6	▼ -3 (-50%)
3	Exploit	4	- 0 (0%)
4	Windows	4	▼ -1 (-25%)
5	Campaign	4	▼ -5 (-125%)
6	Ransomware	4	▲ 2 (50%)
7	c&c	4	▼ -1 (-25%)
8	Phishing	4	▼ -1 (-25%)
9	Social Engineering	4	▲ 2 (50%)
10	Victim	3	- 0 (0%)
11	Update	3	▼ -2 (-67%)
12	Report	3	▼ -1 (-33%)
13	IoC	3	- 0 (0%)
14	Education	3	▲ 2 (67%)
15	Vulnerability	3	▼ -1 (-33%)
16	Email	2	▼ -3 (-150%)
17	Cobalt Strike	2	▲ 1 (50%)
18	Black Basta	2	▲ 1 (50%)
19	Advertising	2	▼ -2 (-100%)
20	Cisco	2	▲ new
21	MFA	2	▲ 1 (50%)
22	attack	2	- 0 (0%)
23	Microsoft	2	▼ -5 (-250%)
24	United States	2	▼ -2 (-100%)
25	CACTUS	2	▲ new
26	Operation	2	▲ new
27	target	2	▼ -1 (-50%)
28	Software	2	▲ new
29	RCE	2	- 0 (0%)
30	Distribution	2	▼ -1 (-50%)
31	RATel	2	▲ new
32	Linux	2	▼ -1 (-50%)
33	Kaspersky	1	▼ -1 (-100%)
34	Crytox	1	▲ new
35	DYEPACK	1	▲ new
36	Forensics	1	▲ new
37	Russia	1	▼ -1 (-100%)
38	MimiKatz	1	- 0 (0%)
39	EDR	1	▼ -2 (-200%)
40	WMI	1	▼ -1 (-100%)
41	PDB	1	▲ new
42	Zero Trust	1	▲ new
43	SMB	1	▲ new
44	schtasks	1	▲ new
45	Phobos	1	▲ new
46	RMS	1	▲ new
47	threat	1	▲ new
48	ANY	1	▲ new
49	Google	1	▲ new
50	Mandiant	1	▲ new
51	TI	1	▲ new
52	Backdo	1	▲ new
53	Feeds	1	▲ new
54	Exploit Kit	1	▲ new
55	ZeroDay	1	▼ -1 (-100%)
56	intelligence	1	▼ -1 (-100%)
57	Spear Phishing	1	▲ new
58	Tick	1	▲ new
59	RedEcho	1	▲ new
60	Watchdog	1	▲ new
61	Discord	1	▲ new
62	ThreatProtection	1	▲ new
63	Blue Tea	1	▲ new
64	Red Team	1	▲ new
65	PoC	1	▲ new
66	Government	1	- 0 (0%)
67	VPN	1	▼ -1 (-100%)
68	GitHub	1	▼ -1 (-100%)
69	Interlock	1	▲ new
70	Kali	1	▲ new
71	UNIX	1	▲ new
72	hacking	1	- 0 (0%)
73	Smishing	1	▲ new
74	Anchor	1	▲ new
75	Tenable	1	▲ new
76	cyberthreat	1	▲ new
77	group	1	▲ new
78	North K	1	▲ new
79	LOTUS PANDA	1	▲ new
80	VMware	1	- 0 (0%)
81	Ucraina	1	- 0 (0%)
82	Android	1	- 0 (0%)
83	LockBit	1	▲ new
84	Lazarus	1	▲ new
85	Sea Turtle	1	▲ new
86	Kimsuky	1	▲ new
87	ClickFix	1	▼ -1 (-100%)
88	Sandworm	1	▲ new
89	APT41	1	▲ new
90	APT28	1	▲ new
91	OilRig	1	▲ new
92	NetWireRC	1	▼ -3 (-300%)
93	NortonLifeLock	1	▲ new
94	Java	1	▼ -1 (-100%)

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
Ransomware		4 (23.5%)
Black Basta		2 (11.8%)
CACTUS		2 (11.8%)
RATel		2 (11.8%)
Crytox		1 (5.9%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
Tick		1 (14.3%)
LOTUS PANDA		1 (14.3%)
Lazarus		1 (14.3%)
Kimsuky		1 (14.3%)
Sandworm		1 (14.3%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Exploit		4 (18.2%)
Campaign		4 (18.2%)
Phishing		4 (18.2%)
Social Engineering		4 (18.2%)
RCE		2 (9.1%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
Cisco		2 (15.4%)
Microsoft		2 (15.4%)
United States		2 (15.4%)
Kaspersky		1 (7.7%)
Russia		1 (7.7%)

Threat info

Last 5

SNS

(Total : 1)

Total keyword

Ransomware ClickFix powershell Malware Social Engineering

No	Title	Date
1	Threat Intelligence @threatintel #ThreatProtection Interlock ransomware group uses ClickFix social engineering, fake CAPTCHAs & PowerShell to deploy malware payloads. Read more about Symantec's protection: https://t.co/JGooj4A0XI #CyberThreat #Ransomware	2025.04.22

News

(Total : 5)

Total keyword

powershell Malware Campaign Windows Attacker Exploit Phishing c&c Vulnerability Update Report Victim Education IoC Social Engineering Ransomware Cobalt Strike Advertising Email Microsoft Cisco MFA United States Black Basta CACTUS Operation attack target RCE Distribution RATel Linux Software SMB PDB Crytox Zero Trust DYEPACK MimiKatz EDR schtasks WMI Phobos RMS Google Mandiant Exploit Kit ZeroDay intelligence Spear Phishing Tick Android Russia NetWireRC Tenable Anchor Smishing hacking UNIX Kali GitHub Discord VPN Government PoC Red Team OilRig Forensics APT28 APT41 Sandworm Kimsuky LOTUS PANDA RedEcho Sea Turtle Lazarus LockBit Ucraina VMware Watchdog Kaspersky Java

No	Title	Date
1	IR Trends Q1 2025: Phishing soars as identity-based attacks persist - Malware.News	2025.04.28
2	How Threat Intelligence Feeds Help During Incident Response - Malware.News	2025.04.23
3	Introducing ToyMaker, an Initial Access Broker working in cahoots with double extortion gangs - Malware.News	2025.04.23
4	ATT&CK v17: New Platform (ESXi), Collection Optimization, & More Countermeasures - Malware.News	2025.04.23
5	Getting the Most Value Out of the OSCP: The Exam - Malware.News	2025.04.22

Additional information

No	Title	Date
1	Introducing XSIAM 3.0 - Malware.News	2025.04.28
2	Deploy Bravely with Prisma AIRS - Malware.News	2025.04.28
3	2025 Cyber Resilience Research Discovers Speed of AI Advancing Emerging Attack Types - Malware.News	2025.04.28
4	Intel CEO Targets Change in Corporate Culture to Shape Up - Bloomberg Technology	2025.04.28
5	IR Trends Q1 2025: Phishing soars as identity-based attacks persist - Malware.News	2025.04.28
View only the last 5

No	Title	Date
1	IR Trends Q1 2025: Phishing soars as identity-based attacks persist - Malware.News	2025.04.28
2	IR Trends Q1 2025: Phishing soars as identity-based attacks persist - Malware.News	2025.04.28
3	Introducing ToyMaker, an Initial Access Broker working in cahoots with double extortion gangs - Malware.News	2025.04.23
4	Introducing ToyMaker, an Initial Access Broker working in cahoots with double extortion gangs - Malware.News	2025.04.23
5	Introducing ToyMaker, an Initial Access Broker working in cahoots with double extortion gangs - Malware.News	2025.04.23
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	nums.vbs Generic Malware Antivirus PowerShell	fe71e84d826e568fb59858c87d53d966	60252	2025.04.28
2	nums.vbs Generic Malware Antivirus PowerShell	99478b4bbce91c6b394be55e1b9df39d	59870	2025.04.23
3	prevenue.hta AntiDebug AntiVM PowerShell MSOffice File	a3353ea094f45915408065d03ae157c4	59871	2025.04.23
4	wsoj.hta AntiDebug AntiVM PowerShell MSOffice File	0dd2d15b3a13e7c7728997084bd6fb65	59873	2025.04.23
5	sfmw.hta AntiDebug AntiVM PowerShell MSOffice File	f32e7891e2cfc58230057a506325c3c8	59872	2025.04.23
View only the last 5

Level	Description
danger	The process wscript.exe wrote an executable file to disk which it then attempted to execute
watch	A potential heapspray has been detected. 58 megabytes was sprayed onto the heap of the powershell.exe process
watch	Communicates with host for which no DNS query was performed
watch	Network communications indicative of a potential document or script payload download was initiated by the process powershell.exe
watch	One or more non-whitelisted processes were created
notice	A process created a hidden window
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Checks adapter addresses which can be used to detect virtual network interfaces
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Creates a shortcut to an executable file
notice	Creates a suspicious process
notice	File has been identified by 8 AntiVirus engines on VirusTotal as malicious
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	One or more potentially interesting buffers were extracted
notice	Performs some HTTP requests
notice	Poweshell is sending data to a remote host
notice	URL downloaded by powershell script
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	Command line console output was observed
info	Powershell script has download & invoke calls
info	Queries for the computername
info	Uses Windows APIs to generate a cryptographic key
Network	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
Network	ET INFO Executable Download from dotted-quad Host
Network	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
Network	ET INFO PS1 Powershell File Request
Network	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
Network	ET POLICY PE EXE or DLL Windows file download HTTP

No data

No	URL	CC	ASN Co	Reporter	Date
1	https://paste.ee/d/foOP0g8Z/0 ascii powershell ps1			abuse_ch	2025.04.25
2	http://176.65.134.8/metacodings.txt ascii AsyncRAT powershell ps1 rat	DE	Diogelo Ltd.	abuse_ch	2025.04.25
3	https://paste.ee/d/L8tHN98p/0 ascii powershell ps1 xworm			abuse_ch	2025.04.25
4	https://www.wilkinsonbeane.com/css/slider/asclepiadaceaebOet.php ascii opendir powershell ps1	US	UNIFIEDLAYER-AS-1	abuse_ch	2025.04.25
5	https://www.wilkinsonbeane.com/css/slider/sciurineslwWf.php ascii opendir powershell ps1	US	UNIFIEDLAYER-AS-1	abuse_ch	2025.04.25
View only the last 5

Beta Service, If you select keyword, you can check detailed information.