º¸¾È´º½º â°£ 17ÁÖ³âÀ» ÃàÇÏÇÕ´Ï´Ù!!

Home > Àüü±â»ç

8¿ù ù° ÁÖ, ¼ÛÀ塤¼±Àû¼­·ù¡¤±¸¸ÅÁÖ¹®¼­ À§ÀåÇÑ Á¤º¸Å»Ãë¿ë ¾Ç¼ºÄÚµå ±â½Â

ÀÔ·Â : 2022-08-12 10:58
ÆäÀ̽ººÏ º¸³»±â Æ®À§ÅÍ º¸³»±â ³×À̹ö ¹êµå º¸³»±â Ä«Ä«¿À ½ºÅ丮 º¸³»±â ³×À̹ö ºí·Î±× º¸³»±â
Á¤º¸Å»Ãë ¾Ç¼ºÄÚµå ÀÎÆ÷½ºÆ¿·¯ 1À§, ¹éµµ¾î ¾Ç¼ºÄÚµå 2À§, ´Ù¿î·Î´õ ¾Ç¼ºÄÚµå 3À§
ÀÎÆ÷½ºÆ¿·¯ ¾Ç¼ºÄÚµåÀÇ °æ¿ì ¼ÛÀå, ¼±Àû¼­·ù, ±¸¸ÅÁÖ¹®¼­ µîÀ¸·Î À§ÀåÇÑ ½ºÆÔ ¸ÞÀÏ ÅëÇØ À¯Æ÷


[º¸¾È´º½º ±âȹÃëÀçÆÀ] »ç¿ëÀÚ Á¤º¸¸¦ Å»ÃëÇÏ´Â ÀÎÆ÷½ºÆ¿·¯ ¾Ç¼ºÄڵ尡 ºÎµ¿ÀÇ 1À§·Î ±»°ÇÈ÷ ÀÚ¸®¸¦ ÁöÅ°¸ç 8¿ù ù° ÁÖ¿¡µµ ±â½ÂÀ» ºÎ·È´Ù. ¼ÛÀå, ¼±Àû¼­·ù, ±¸¸ÅÁÖ¹®¼­ µîÀ¸·Î À§ÀåÇÑ ½ºÆÔ ¸ÞÀÏÀ» ÅëÇØ À¯Æ÷µÇ°í ÀÖ´Â ¸¸Å­ °ü·Ã ÀÌ¿ëÀÚµéÀÇ °¢º°ÇÑ ÁÖÀÇ°¡ ¿ä±¸µÈ´Ù.

¡ã8¿ù ù° ÁÖ ¾Ç¼ºÄÚµå Åë°è °á°ú[ÀÚ·á=¾È·¦ ASEC ºÐ¼®ÆÀ]


¾È·¦ ASEC ºÐ¼®ÆÀ¿¡ µû¸£¸é 2022³â 8¿ù 1ÀÏ ¿ù¿äÀϺÎÅÍ 8¿ù 7ÀÏ ÀÏ¿äÀϱîÁö ÇÑ ÁÖ°£ ¼öÁýµÈ ¾Ç¼ºÄÚµåÀÇ Åë°è °á°ú, ´ëºÐ·ù »óÀ¸·Î´Â ÀÎÆ÷½ºÆ¿·¯°¡ 47.4%·Î 1À§¸¦ Â÷ÁöÇß´Ù°í ¹àÇû´Ù. ±× ´ÙÀ½À¸·Î´Â ¹éµµ¾î ¾Ç¼ºÄڵ尡 22.6%, ´Ù¿î·Î´õ 20.0%, ·£¼¶¿þ¾î 6.8%, ¹ðÅ· 2.6%, ÄÚÀθ¶ÀÌ³Ê ¾Ç¼ºÄڵ尡 0.5%·Î Áý°èµÆ´Ù.

Top 1. Agent Tesla
ÀÎÆ÷½ºÆ¿·¯ ¾Ç¼ºÄÚµåÀÎ AgentTesla°¡ 25.8%·Î 1À§¸¦ ±â·ÏÇß´Ù. AgentTesla´Â À¥ ºê¶ó¿ìÀú, ¸ÞÀÏ ¹× FTP Ŭ¶óÀ̾ðÆ® µî¿¡ ÀúÀåµÈ »ç¿ëÀÚ Á¤º¸¸¦ À¯ÃâÇÏ´Â ÀÎÆ÷½ºÆ¿·¯ À¯ÇüÀÇ ¾Ç¼ºÄÚµåÀÌ´Ù.

¼öÁýÇÑ Á¤º¸ À¯Ã⠽à ¸ÞÀÏÀ» È°¿ëÇϸç FTP³ª Discord API µîÀ» »ç¿ëÇÏ´Â »ùÇõµ Á¸ÀçÇÑ´Ù. ÃÖ±Ù »ùÇõéÀÇ C&C Á¤º¸´Â ¾Æ·¡¿Í °°´Ù.

server : mail.activandalucia[.]com (185.162.171[.]75)
sender : marketing9@activandalucia[.]com
receiver : sales9@activandalucia[].com
user : marketing9@activandalucia[.]com
pw : iyke****89@$
server : smtp.dhavaldistilevap[.]cam (208.91.198[.]143)
sender : sendrc@dhavaldistilevap[.]cam
receiver : norc2@dhavaldistilevap[.]cam
user : sendrc@dhavaldistilevap[.]cam
pw : 0b@****Oi?#e
server : mail.enmark.com[.]my (110.4.45[.]145)
sender : finance@enmark.com[.]my
receiver : finance@enmark.com[.]my
user : finance@enmark.com[.]my
pw : 08J****63

´ëºÎºÐ ¼ÛÀå(Invoice), ¼±Àû ¼­·ù(Shipment Document), ±¸¸Å ÁÖ¹®¼­(P.O. – Purchase Order) µîÀ¸·Î À§ÀåÇÑ ½ºÆÔ ¸ÞÀÏÀ» ÅëÇØ À¯Æ÷µÇ±â ¶§¹®¿¡ ÆÄÀÏ¸íµµ ÀÌ¿Í °ü·ÃµÈ ´Ü¾î ¶Ç´Â ¹®ÀåÀÌ »ç¿ëµÈ´Ù. È®ÀåÀÚÀÇ °æ¿ì pdf, xlsx¿Í °°Àº ¹®¼­ ÆÄÀÏ·Î À§ÀåÇÑ »ùÇõµ ´Ù¼ö Á¸ÀçÇÑ´Ù.

URGENT REQUIREMENT.exe
AWD 0926317468 DHL SHIPPING DOCUMENTS.exe
Doc_6000019430_AUGUST2022.exe
Bank Slip #eo0012it90019999prt0001.exe
SWIFT TRANSFER-00298760.exe
Swift – 21,700 – 060296.exe
E700 quotation20111209.exe
CR4356789023.PDF.exe
DECLARATIE EXPORT UK1RO-0108DSV_0381.exe
PO 2220802-031A.exe

Top 2. Formbook
Formbook ¾Ç¼ºÄÚµå´Â 15.3%·Î 2À§¸¦ ±â·ÏÇß´Ù. ´Ù¸¥ ÀÎÆ÷½ºÆ¿·¯ ¾Ç¼ºÄÚµåµé°ú µ¿ÀÏÇÏ°Ô ´ëºÎºÐ ½ºÆÔ ¸ÞÀÏÀ» ÅëÇØ À¯Æ÷µÇ¸ç À¯Æ÷ ÆÄÀÏ¸íµµ À¯»çÇÏ´Ù.

Pre Alert Docs.exe
ZB_1997e758e3.exe
¬³¬Ñ¬ä¬í¬á ¬Ñ¬Ý¬åғ¬Ñ ¬ä¬Ñ¬á¬ã¬í¬â¬í¬ã.exe
DEM12GF803.exe
PRE-ALERT IOF22-23BLB1399.exe

Formbook ¾Ç¼ºÄÚµå´Â ÇöÀç ½ÇÇà ÁßÀÎ Á¤»ó ÇÁ·Î¼¼½ºÀÎ explorer.exe ¹× system32 °æ·Î¿¡ ÀÖ´Â ¶Ç ´Ù¸¥ Á¤»ó ÇÁ·Î¼¼½º¿¡ ÀÎÁ§¼ÇÇÔ¿¡ µû¶ó ¾Ç¼º ÇàÀ§´Â µÎ Á¤»ó ÇÁ·Î¼¼½º¿¡ ÀÇÇØ ¼öÇàµÈ´Ù. À¥ ºê¶ó¿ìÀúÀÇ »ç¿ëÀÚ °èÁ¤ Á¤º¸ ¿Ü¿¡µµ Å°·Î±ë, Clipboard Grabbing, À¥ ºê¶ó¿ìÀúÀÇ Form Grabbing µî ´Ù¾çÇÑ Á¤º¸¸¦ Å»ÃëÇÒ ¼ö ÀÖ´Ù.

´ÙÀ½Àº È®ÀÎµÈ FormbookÀÇ C&C ¼­¹ö ÁÖ¼ÒÀÌ´Ù.
hxxp://www.hocseohanoi[.]com/o85a/
hxxp://www.ifair[.]ltd/ermr/
hxxp://www.holyfamilysports[.]com/nt19/
hxxp://www.northpierangling[.]info/mh76/
hxxp://www.commandersconclave[.]com/bd26/
hxxp://www.holyfamilysports[.]com/nt19/
hxxp://www.730me[.]world/qs08/
hxxp://www.mpmidea[.]com/be3s/
hxxp://www.ruichuo888[.]com/g2i8/
hxxp://www.secure-id6793-chase[.]com/zzun/

Top 3 . Guloader
9.5%¸¦ Â÷ÁöÇÑ GuLoader´Â Ãß°¡ ¾Ç¼ºÄڵ带 ´Ù¿î·ÎµåÇÏ¿© ½ÇÇà½ÃÅ°´Â ´Ù¿î·Î´õ ¾Ç¼ºÄÚµåÀÌ´Ù. °ú°Å¿¡´Â Áø´ÜÀ» ¿ìȸÇϱâ À§ÇØ Visual Basic ¾ð¾î·Î ÆÐÅ·µÇ¾î ÀÖ¾úÀ¸³ª ÃÖ±Ù¿¡´Â NSIS ÀνºÅç·¯ ¿ÜÇüÀ¸·Î À¯Æ÷µÈ´Ù. ¿ø·¡ À̸§Àº CloudEye·Î ¾Ë·ÁÁ® ÀÖÀ¸¸ç GuLoader·Î À̸§ºÙ¿©Áø ÀÌÀ¯´Â ´Ù¿î·Îµå ÁÖ¼Ò·Î ±¸±Û µå¶óÀ̺갡 ÀÚÁÖ »ç¿ëµÇ±â ¶§¹®ÀÌ´Ù. ¹°·Ð ±¸±Û µå¶óÀÌºê ¿Ü¿¡µµ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®ÀÇ ¿ø µå¶óÀ̺ê, µð½ºÄÚµå µî ´Ù¾çÇÑ ÁÖ¼Ò°¡ »ç¿ëµÉ ¼ö ÀÖ´Ù.

hxxp://185.225.73[.]165/download/01_bxyonnRcE220.bin
hxxp://3sixtyd[.]nl/bin_oEaDFVu142.bin
hxxp://gamersoffuture[.]com/new_evBbvnIQ97.bin
hxxp://lansol[.]com/TX_0/babaC_NYiddsrK143.bin
hxxp://3sixtyd[.]nl/bin_oEaDFVu142.bin
hxxps://cdn.discordapp[.]com/attachments/963535165500588126/1003939899570917376/WARRANT_EaPxSneLbj229.bin
hxxps://cdn.discordapp[.]com/attachments/963535165500588126/1004107105533448263/WARRANT_Eqawb254.bin

GuLoader´Â ŽÁö¸¦ ȸÇÇÇϱâ À§ÇØ ÆÄÀÏ ÇüÅ°¡ ¾Æ´Ï¶ó ¸Þ¸ð¸® »ó¿¡ ´Ù¿î·ÎµåÇϸç, ´Ù¿î·ÎµåµÈ ÆÄÀϵµ PE°¡ ¾Æ´Ñ ÀÎÄÚµùµÈ ÇüÅÂÀÌ´Ù. ÀÌÈÄ ¸Þ¸ð¸® »ó¿¡¼­ µðÄÚµùµÇ¾î ½ÇÇàµÇ´Âµ¥, ´Ù¿î·ÎµåµÇ´Â ¾Ç¼ºÄÚµå·Î´Â Formbook, AgentTesla °°Àº ÀÎÆ÷½ºÆ¿·¯ ¾Ç¼ºÄÚµå ¹× Remcos, NanoCore¿Í °°Àº RAT ¾Ç¼ºÄÚµåµéÀÌ ÀÖ´Ù.

´ëºÎºÐ ¼ÛÀå(Invoice), ¼±Àû¼­·ù(Shipment Document), ±¸¸ÅÁÖ¹®¼­(P.O. – Purchase Order) µîÀ¸·Î À§ÀåÇÑ ½ºÆÔ ¸ÞÀÏÀ» ÅëÇØ À¯Æ÷µÇ±â ¶§¹®¿¡ ÆÄÀÏ À̸§µµ µ¿ÀÏÇÏ°Ô À§¿Í °°Àº À̸§ÀÌ »ç¿ëµÈ´Ù. ¶ÇÇÑ È®ÀåÀÚÀÇ °æ¿ì pdf, xlsx¿Í °°Àº ¹®¼­ ÆÄÀÏÀ̳ª .dwg Áï Auto CAD µµ¸é ÆÄÀÏ·Î À§ÀåÇÑ °Íµéµµ ´Ù¼ö Á¸ÀçÇÑ´Ù.

ANVA-BL-PMURLV1.2/b1.exe
DHL_229140 documento de recebimento,pdf.exe
Hexes.exe
INV#0011009230011008766998_PDF.exe
Lithoprint.exe
order samples.bat
Purchase Order – 12994-.exe
SKM_20220108.exe

Top 4. RedLine
RedLine ¾Ç¼ºÄÚµå´Â 9.5%·Î 4À§¸¦ ±â·ÏÇß´Ù. RedLine ¾Ç¼ºÄÚµå´Â À¥ ºê¶ó¿ìÀú, FTP Ŭ¶óÀ̾ðÆ®, ¾ÏȣȭÆó Áö°©, PC ¼³Á¤ µî ´Ù¾çÇÑ Á¤º¸¸¦ Å»ÃëÇϸç C&C ¼­¹ö·Î ºÎÅÍ ¸í·ÉÀ» ¹Þ¾Æ Ãß°¡ ¾Ç¼ºÄڵ带 ´Ù¿î·Îµå ÇÒ ¼ö ÀÖ´Ù. BeamWinHTTP¿Í ¸¶Âù°¡Áö·Î S/W Å©·¢ ´Ù¿î·Îµå·Î À§ÀåÇØ À¯Æ÷µÇ´Â °æ¿ì°¡ ¸¹´Ù. ´ÙÀ½Àº È®ÀÎµÈ RedLineÀÇ C&C ¼­¹ö µµ¸ÞÀÎÀÌ´Ù.

hxxp://77.73.132[.]84
hxxp://185.106.92[.]128:16509
hxxp://62.204.41[.]139:25190
hxxp://62.204.41[.]144:14096
hxxp://163.123.143[.]229:50230
hxxp://193.43.147[.]242
hxxp://195.54.170[.]157:16525

Top 5. Stop Ransomware
¸¶Áö¸·À¸·Î 6.8%·Î 5À§¸¦ Â÷ÁöÇÑ Stop Ransomware´Â ÁÖ·Î ÀͽºÇ÷ÎÀÕ Å¶À» ÅëÇØ À¯Æ÷µÇ´Â ·£¼¶¿þ¾î ¾Ç¼ºÄÚµåÀÌ´Ù. ÇØ´ç ¾Ç¼ºÄÚµå´Â »ç¿ëÀÚ PC ³» ƯÁ¤ ÆÄÀϵéÀ» ¾ÏȣȭÇϸç, ÀÌÀüºÎÅÍ ´Ù¾çÇÑ ÇüÅ·Πº¯ÇüµÇ¾î Áö¼ÓÀûÀ¸·Î À¯Æ÷µÇ°í ÀÖ´Ù. ÃÖ±Ù À¯Æ÷µÈ »ùÇõéÀº Á¤º¸Å»ÃëÇü ¾Ç¼ºÄÚµåÀÎ Vidar ¾Ç¼ºÄڵ带 ¼³Ä¡ ÈÄ ·£¼¶¿þ¾î ÇàÀ§¸¦ ÇÑ´Ù. ´ÙÀ½Àº Stop ·£¼¶¿þ¾îÀÇ C&C ¼­¹öÁÖ¼ÒÀÌ´Ù.

hxxp://rgyui[.]top/dl/build2.exe
hxxp://acacaca[.]org/files/1/build3.exe
hxxp://acacaca[.]org/fhsgtsspen6/get.php
[±âȹÃëÀçÆÀ(boan3@boannews.com)]

<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>

  •  
  • 0
  • ÆäÀ̽ººÏ º¸³»±â Æ®À§ÅÍ º¸³»±â ³×À̹ö ¹êµå º¸³»±â Ä«Ä«¿À ½ºÅ丮 º¸³»±â ³×À̹ö ºí·Î±× º¸³»±â

  • ¡°
  •  SNS¿¡¼­µµ º¸¾È´º½º¸¦ ¹Þ¾Æº¸¼¼¿ä!! 
  • ¡±
 ÇÏÀÌÁ¨ ÆÄ¿öºñÁî 23³â 11¿ù 16ÀÏ~2024³â 11¿ù 15ÀϱîÁö ¾Æ½ºÆ®·Ð½ÃÅ¥¸®Æ¼ ÆÄ¿öºñÁî 2023³â2¿ù23ÀÏ ½ÃÀÛ À§Áîµð¿£¿¡½º 2018 ³Ý¾Øµå ÆÄ¿öºñÁî ÁøÇà 2020³â1¿ù8ÀÏ ½ÃÀÛ~2021³â 1¿ù8ÀϱîÁö
¼³¹®Á¶»ç
<º¸¾È´º½º>ÀÇ º¸¾ÈÀü¹® ±âÀÚµéÀÌ ¼±Á¤ÇÑ 2024³â ÁÖ¿ä º¸¾È Å°¿öµå °¡¿îµ¥ °¡Àå Æı޷ÂÀÌ Å¬ °ÍÀ¸·Î º¸´Â À̽´´Â?
Á¡Á¡ ´õ Áö´ÉÈ­µÇ´Â AI º¸¾È À§Çù
¼±°ÅÀÇ ÇØ ¸ÂÀº ÇÙƼºñÁò °ø°Ý
´õ¿í °­·ÂÇØÁø ·£¼¶¿þ¾î »ýÅ°è
Á¡Á¡ ´õ ´Ù¾çÇØÁö´Â ½ÅÁ¾ ÇÇ½Ì °ø°Ý
»çȸ±â¹Ý½Ã¼³ °ø°Ý°ú OT º¸¾È À§Çù
´õ¿í ½ÉÇØÁö´Â º¸¾ÈÀη ºÎÁ· ¹®Á¦
Á¦·ÎÆ®·¯½ºÆ®¿Í °ø±Þ¸Á º¸¾È
°¡¼ÓÈ­µÇ´Â Ŭ¶ó¿ìµå·ÎÀÇ Àüȯ°ú ÀÌ¿¡ µû¸¥ º¸¾ÈÀ§Çù
¸ð¹ÙÀÏ È°¿ëÇÑ º¸ÀÎÀÎÁõ È°¼ºÈ­¿Í ÀÎÁõº¸¾È À̽´
AI CCTVÀÇ ¿ªÇÒ È®´ë