µðÁöÅÐÆ÷·»½Ä ¹× ³×Æ®¿öÅ© º¸¾È Àü¹®¾÷üÀÎ Àμ½½ÃÅ¥¸®Æ¼(´ëÇ¥ ±èÁ¾±¤)´Â ¿À´Ã, ¸Ö¿þ¾î ºÐ¼® ¼Ö·ç¼Ç ±â¾÷ÀÎ Á¶½ÃÅ¥¸®Æ¼(JoeSecurity)°¡ ¾Ç¼ºÄÚµå Á¤¹Ð ºÐ¼® ¼Ö·ç¼Ç Á¶»÷µå¹Ú½º(JoeSandbox)ÀÇ ÃֽŠ¹öÀü v33ÀÎ ÈÀÌÆ® ´ÙÀ̾Ƹóµå¸¦ Ãâ½ÃÇÑ´Ù°í ¹àÇû´Ù.
ÄÚµå ³×ÀÓ ÈÀÌÆ® ´ÙÀ̾Ƹóµå(White Diamond)·Î Ãâ½ÃµÈ À̹ø ¸±¸®Áî¿¡´Â 186°³ÀÇ »õ·Î¿î ½Ã±×´Ïó°¡ Ãß°¡µÇ¾î, DBatLoader, ZuRu, Squirrelwaffle, eCh0raix, Kimsuky, REvilLinux, Backstage Stealer, Magniber, BLACKMatter, Lockfile µîÀÇ ÃֽŠ¸Ö¿þ¾î ±×·ìÀ» Á¤¹ÐÇÏ°Ô Å½ÁöÇÒ ¼ö ÀÖµµ·Ï Áö¿øÇÑ´Ù. ¶ÇÇÑ Revil, Arkei Stealer, Djvu, Cyax Sharp Loader, TelegramRAT, 44CaliberStealer, Tofsee, BitRat, MercurialGrabber, sectopRAT, PhantomMiner, SquirrelWaffle, ApolonSpaceXLoader µî 13°³ÀÇ »õ·Î¿î ¸Ö¿þ¾î ±¸¼º ÃßÃâ ÆÄÀÏÀÌ Ãß°¡µÆ´Ù.
Á¶»÷µå¹Ú½ºÀÇ ÇàÀ§ ½Ã±×´Ïó(Behavior Signature)´Â »÷µå¹Ú½º Á¦Ç°¿¡¼ °¡Àå Áß¿äÇÑ µ¿Àû ºÐ¼® ½Ã ¹ß»ýÇÏ´Â ÇàÀ§¿¡ ´ëÇÑ Á¤ÀÇÀÌ´Ù. ¾Ç¼ºÄÚµå ºÐ¼® ½Ã ¾Ç¼ºÄڵ尡 µ¿ÀÛÇÏ´Â ¸ðµç ÇàÀ§¿¡ ´ëÇÑ Á¤º¸¸¦ ½Äº°ÇÏ°í °¢ ÇàÀ§ º° Á¤»ó/ÀǽÉ/¾Ç¼ºÀ¸·Î ÆÇ°áÇÒ ¼ö ÀÖ´Â ½Ã±×´ÏóÀÌ´Ù. Á¶»÷µå¹Ú½º´Â ¾÷°è ÃÖ´Ù ÇàÀ§ ½Ã±×´Ïó¸¦ Á¦°øÇÏ°í ÀÖ´Ù. ¸Ö¿þ¾î ±¸¼º µ¥ÀÌÅÍ¿¡´Â ¸ðµç C&C¸¦ ºñ·ÔÇØ ·£¼¶¿þ¾î Ÿ±ê È®Àå, Æ÷Æ®, ·Î±×ÀÎ µ¥ÀÌÅÍ µî ÁÖ¿ä À§Çù ÀÎÅÚ¸®Àü½º µ¥ÀÌÅÍ°¡ Æ÷ÇԵȴÙ.
Á¶»÷µå¹Ú½º v33 °¡Àå ÁÖ¿äÇÑ ¾÷µ¥ÀÌÆ®´Â ¿ìºÐÅõ(Ubuntu) 20.04 Áö¿øÀÌ´Ù. ±âÁ¸ÀÇ 16.04 ¹× ¼¾Æ®OS(CentOS)¿Í ÇÔ²² ¸®´ª½º ±â¹Ý ¸Ö¿þ¾î¸¦ »ó¼¼ ºÐ¼®ÇÒ ¼ö ÀÖ´Ù. ÀÌ¿Í ÇÔ²² ¸¶ÀÌÅ©·Î¼ÒÇÁÆ® ¿ÀÇǽº(Microsoft Office) ÃֽŠCVE¿¡ ´ëÇÑ Å½Áö ¹üÀ§¸¦ È®´ëÇÏ´Â ÇÑÆí, AbereBot, Vultur, Hydra, FlyTrap, S.O.V.A., TEABot, UBEL/Oscrop µî¿¡ ´ëÇÑ ¾Èµå·ÎÀ̵å ŽÁö ½Ã±×´Ïó¸¦ Ãß°¡Çß´Ù.
ÀÌ¿Í ÇÔ²² pipe_created ¹× module_load µîÀÇ ½Ã±×¸¶ À̺¥Æ®¸¦ Ãß°¡·Î Áö¿øÇÏ¿©, CobaltStrike¿Í °°Àº °ø°Ý µµ±¸¸¦ ŽÁöÇÒ ¼ö ÀÖ´Ù.
|
[´º½º] Àμ½½ÃÅ¥¸®Æ¼, ¸¶±×³Ý ±×·¹ÀÌÅ° ÆнºÆ®Æ®·¢ Ãâ½Ã 
