Cyber Threat Trends

Summary: 2025/04/28 20:19

First reported date: 2011/06/21
Inquiry period : 2025/04/27 20:19 ~ 2025/04/28 20:19 (1 days), 1 search results

지난 7일 기간대비 -300% 낮은 트렌드를 보이고 있습니다.
지난 7일 기간대비 상승한 Top5 연관 키워드는 Microsoft Education Chrome ZeroDay RATel 입니다.
악성코드 유형 Clop 도 새롭게 확인됩니다.
공격자 LOTUS PANDA 도 새롭게 확인됩니다.
기관 및 기업 Check Point Ucraina 도 새롭게 확인됩니다.
기타 WhatsApp CVSS 신규 키워드도 확인됩니다.

* 최근 뉴스기사 Top3:
ㆍ 2025/04/28 28th April – Threat Intelligence Report

Date range button:

First seen:

Last seen:

Keyword

Trend graph by period

Related keyword cloud

Top 100

#	Trend	Count	Comparison
1	LOTUS PANDA	1	▲ new
2	Microsoft	1	▲ 1 (100%)
3	Education	1	▲ 1 (100%)
4	Browser	1	- 0 (0%)
5	Chrome	1	▲ 1 (100%)
6	Exploit	1	- 0 (0%)
7	ZeroDay	1	▲ 1 (100%)
8	Update	1	- 0 (0%)
9	WhatsApp	1	▲ new
10	Check Point	1	▲ new
11	RATel	1	▲ 1 (100%)
12	DarkWeb	1	▲ 1 (100%)
13	Ransomware	1	- 0 (0%)
14	China	1	▲ 1 (100%)
15	Lobshot	1	▲ 1 (100%)
16	Vulnerability	1	- 0 (0%)
17	Victim	1	- 0 (0%)
18	Cryptocurrency	1	▼ -3 (-300%)
19	Campaign	1	▼ -1 (-100%)
20	Russia	1	▲ 1 (100%)
21	Ucraina	1	▲ new
22	Report	1	▼ -1 (-100%)
23	Phishing	1	- 0 (0%)
24	Kaspersky	1	- 0 (0%)
25	CVSS	1	▲ new
26	Malware	1	▼ -2 (-200%)
27	Clop	1	▲ new
28	Advertising	1	▲ 1 (100%)

Special keyword group

Top 5

Malware Type

This is the type of malware that is becoming an issue.

Keyword	Average	Label
RATel		1 (25%)
Ransomware		1 (25%)
Lobshot		1 (25%)
Clop		1 (25%)

Attacker & Actors

The status of the attacker or attack group being issued.

Keyword	Average	Label
LOTUS PANDA		1 (100%)

Technique

This is an attack technique that is becoming an issue.

Keyword	Average	Label
Exploit		1 (33.3%)
Campaign		1 (33.3%)
Phishing		1 (33.3%)

Country & Company

This is a country or company that is an issue.

Keyword	Average	Label
Microsoft		1 (16.7%)
Check Point		1 (16.7%)
China		1 (16.7%)
Russia		1 (16.7%)
Ucraina		1 (16.7%)

Threat info

Last 5

SNS

(Total : 0)

No data.

News

(Total : 1)

Total keyword

LOTUS PANDA Microsoft Education Browser Chrome Exploit ZeroDay Update WhatsApp Check Point RATel DarkWeb Ransomware China Lobshot Vulnerability Attacker Victim Cryptocurrency Campaign Russia Ucraina Report Phishing Kaspersky CVSS Malware Clop Advertising

No	Title	Date
1	28th April – Threat Intelligence Report - Malware.News	2025.04.28

Additional information

No	Title	Date
1	Top Tier Target \| What It Takes to Defend a Cybersecurity Company from Today’s Adversaries - Malware.News	2025.04.28
2	28th April – Threat Intelligence Report - Malware.News	2025.04.28
3	Navigating Through The Fog - Malware.News	2025.04.28
4	Huawei Set to Test Powerful AI Chip to Rival Nvidia’s, WSJ Says - Bloomberg Technology	2025.04.28
5	Gamers Beware! New Attack Targets Gamers to Deploy AgeoStealer Malware - Malware.News	2025.04.26
View only the last 5

No	Title	Date
1	28th April – Threat Intelligence Report - Malware.News	2025.04.28
2	28th April – Threat Intelligence Report - Malware.News	2025.04.28
3	28th April – Threat Intelligence Report - Malware.News	2025.04.28
4	Beyond the Inbox: ThreatLabz 2025 Phishing Report Reveals How Phishing Is Evolving in the Age of GenAI - Malware.News	2025.04.25
5	Beyond the Inbox: ThreatLabz 2025 Phishing Report Reveals How Phishing Is Evolving in the Age of GenAI - Malware.News	2025.04.25
View only the last 5

No	Request	Hash(md5)	Report No	Date
1	conhost.exe XMRig Miner Emotet Cryptocurrency Miner Suspicious_Script_Bin Generic Malware CoinHive Cryptocurrency task schedule Downloader Malicious Library UPX Malicious Packer Antivirus .NET framework(MSIL) Create Service Socket DGA Http API ScreenShot Escalate pri	8378455f7c8a30d74b355adaf576a10b	50845	2024.06.11
2	conhost.exe XMRig Miner Emotet Cryptocurrency Miner Generic Malware Suspicious_Script_Bin CoinHive Cryptocurrency task schedule Downloader Malicious Library UPX Antivirus Malicious Packer .NET framework(MSIL) Create Service Socket DGA Http API ScreenShot Escalate pri	0c648321522607509014810fa9850703	46656	2023.11.20
3	IE.exe PWS[m] Gen1 RAT Cryptocurrency Miner Generic Malware task schedule CoinHive Cryptocurrency UPX WinRAR Malicious Library Malicious Packer Antivirus Anti_VM Create Service DGA Socket ScreenShot DNS Internet API Code injection Sniff Audio HTTP Steal credenti	d55af7419949eb1630bf0e6b3684166e	26373	2022.05.02
4	64a1.com PWS[m] Cryptocurrency Miner Generic Malware CoinHive Cryptocurrency UPX WinRAR Malicious Library Malicious Packer Create Service DGA Socket ScreenShot DNS BitCoin Internet API Code injection Sniff Audio HTTP Steal credential KeyLogger P2P Downloader Esca	def5558538f028028677e6118b46009d	26377	2022.05.02
5	http://regalosfreaks.blogspot.... AgentTesla CoinHive Cryptocurrency Http API Internet API ScreenShot DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Steal credential Downloader P2P persistence AntiDebug AntiVM PNG Format JPE	d808b4bbb918207dd54b242b2339afec	12072	2021.06.08
View only the last 5

Level	Description
danger	File has been identified by 35 AntiVirus engines on VirusTotal as malicious
watch	A process attempted to delay the analysis task.
watch	Attempts to create or modify system certificates
watch	Communicates with host for which no DNS query was performed
watch	Connects to an IRC server
watch	Installs itself for autorun at Windows startup
watch	Looks for the Windows Idle Time to determine the uptime
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	A process created a hidden window
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Checks adapter addresses which can be used to detect virtual network interfaces
notice	Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice	Creates a shortcut to an executable file
notice	Creates a suspicious process
notice	Creates executable files on the filesystem
notice	Creates hidden or system file
notice	Drops a binary and executes it
notice	Drops an executable to the user AppData folder
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	One or more potentially interesting buffers were extracted
notice	Performs some HTTP requests
notice	Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation
notice	Terminates another process
notice	Uses Windows utilities for basic Windows functionality
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Checks if process is being debugged by a debugger
info	Command line console output was observed
info	Queries for the computername
info	The executable uses a known packer
info	Uses Windows APIs to generate a cryptographic key
Network	ET DROP Spamhaus DROP Listed Traffic Inbound group 23
Network	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
Network	ET INFO Executable Download from dotted-quad Host
Network	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
Network	ET POLICY PE EXE or DLL Windows file download HTTP
Network	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

No data

Beta Service, If you select keyword, you can check detailed information.