4월 2024 - Allmnet

<style>/*<meta name='google-adsense-platform-account' content='ca-host-pub-1556223355139109'/>
<meta name='google-adsense-platform-domain' content='blogspot.com'/>

<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4485133676266638&host=ca-host-pub-1556223355139109" crossorigin="anonymous"></script>

<!-- data-ad-client=ca-pub-4485133676266638 -->

</head><body>*/</style>

스포트라이트의 아세안 엔티티 : 중국 apt 그룹 타겟팅 관련 IOC 25개 발견

Impotant : http://123[.]253[.]32[.]71/EACore[.]dll http://ai[.]nerdnooks[.]com 103[.]27[.]109[.]157 192[.]153[.]57[.]98 5cd4003ccaa479734c7f...

allmnet 4 4월, 2024

Earth Freybug는 치명적인 API를 풀기 위해 Unapimon을 사용트렌드 마이크로 (미국) 관련 IOC 3개 발견

Impotant : 127[.]0[.]0[.]1 62ad0407a9cce34afb428dee972292d2aa23c78cbc1a44627cb2e8b945195bc2 요약 : 지난 달, 우리는 Earth Freybug(APT41의 서브 세트라고도 함)...

allmnet 4 4월, 2024

Yara Rule - 백도어 XZ 라이브러리 (Xzutil) CVE-2024-3094에서 사용하는 주입 된 코드를 감지

Impotant : 8fa641c454c3e0f76de73b7cc3446096b9c8b9d33d406d38b8ac76090b0344fd b418bfd34aa246b2e7b5cb5d263a640e5d080810f767370c4d2c24662a274963...

allmnet 4 4월, 2024

Yara Rule - 이항은 gobfuscate로 난독 화 된 것을 식별

Impotant : https://github[.]com/unixpickle/gobfuscate 요약 : Yara 정의. Open New Windows Yara Rule - 이항은 gobfuscate로 난독 화 된 것을 식별 : https://git...

allmnet 4 4월, 2024

<style>/*
<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/523887051-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY4QuuHtkwJzqCtqCUJyig6d7Qx6tw:1716101802106';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d3995775846638285364','//www.allmnet.com/2024/04/','3995775846638285364');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '3995775846638285364', 'title': 'Allmnet', 'url': 'https://www.allmnet.com/2024/04/', 'canonicalUrl': 'https://www.allmnet.com/2024/04/', 'homepageUrl': 'https://www.allmnet.com/', 'searchUrl': 'https://www.allmnet.com/search', 'canonicalHomepageUrl': 'https://www.allmnet.com/', 'blogspotFaviconUrl': 'https://www.allmnet.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': true, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': 'UA-79665776-3', 'encoding': 'UTF-8', 'locale': 'ko', 'localeUnderscoreDelimited': 'ko', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Allmnet - Atom\x22 href\x3d\x22https://www.allmnet.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22Allmnet - RSS\x22 href\x3d\x22https://www.allmnet.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Allmnet - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/3995775846638285364/posts/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-4485133676266638', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': true, 'adsenseAutoAds': true, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/8a8c39e8754b0ef7', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': '\uacf5\uc720 \ub9c1\ud06c \ub9cc\ub4e4\uae30', 'key': 'link', 'shareMessage': '\uacf5\uc720 \ub9c1\ud06c \ub9cc\ub4e4\uae30', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Facebook\uc5d0 \uacf5\uc720', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'Twitter', 'key': 'twitter', 'shareMessage': 'Twitter\uc5d0 \uacf5\uc720', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Pinterest\uc5d0 \uacf5\uc720', 'target': 'pinterest'}, {'name': '\uc774\uba54\uc77c', 'key': 'email', 'shareMessage': '\uc774\uba54\uc77c', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27ko\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': true, 'jumpLinkMessage': 'Read more \xbb', 'pageType': 'archive', 'pageName': '4\uc6d4 2024', 'pageTitle': 'Allmnet: 4\uc6d4 2024'}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': '\uc218\uc815', 'linkCopiedToClipboard': '\ub9c1\ud06c\ub97c \ud074\ub9bd\ubcf4\ub4dc\uc5d0 \ubcf5\uc0ac\ud588\uc2b5\ub2c8\ub2e4.', 'ok': '\ud655\uc778', 'postLink': '\uae00 \ub9c1\ud06c'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': '\uc0ac\uc6a9\uc790 \uc9c0\uc815', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'Allmnet', 'description': 'IT/Game\uacfc \uac1c\ubc1c \uad00\ub828 \uc815\ubcf4\ub97c \uc5c5\ub370\uc774\ud2b8\ud569\ub2c8\ub2e4.', 'url': 'https://www.allmnet.com/2024/04/', 'type': 'feed', 'isSingleItem': false, 'isMultipleItems': true, 'isError': false, 'isPage': false, 'isPost': false, 'isHomepage': false, 'isArchive': true, 'isLabelSearch': false, 'archive': {'year': 2024, 'month': 4, 'rangeMessage': '4\uc6d4, 2024\uc758 \uac8c\uc2dc\ubb3c \ud45c\uc2dc'}}}, {'name': 'widgets', 'data': [{'title': 'Asecurity', 'type': 'HTML', 'sectionId': 'header-main', 'id': 'HTML10'}, {'title': 'Icons, Dark, Search', 'type': 'LinkList', 'sectionId': 'header-main', 'id': 'LinkList10'}, {'title': 'Menu', 'type': 'LinkList', 'sectionId': 'header-main', 'id': 'LinkList11'}, {'title': '#Advertisement', 'type': 'HTML', 'sectionId': 'before-blog', 'id': 'HTML11'}, {'title': '#Advertisement', 'type': 'HTML', 'sectionId': 'before-post', 'id': 'HTML12'}, {'title': '\ube14\ub85c\uadf8 \uac8c\uc2dc\ubb3c', 'type': 'Blog', 'sectionId': 'blog-post', 'id': 'Blog1', 'posts': [{'id': '7161123479104853138', 'title': '\uc2a4\ud3ec\ud2b8\ub77c\uc774\ud2b8\uc758 \uc544\uc138\uc548 \uc5d4\ud2f0\ud2f0 : \uc911\uad6d apt \uadf8\ub8f9 \ud0c0\uac9f\ud305 \uad00\ub828 IOC 25\uac1c \ubc1c\uacac', 'showInlineAds': false}, {'id': '3751078326553274252', 'title': 'Earth Freybug\ub294 \uce58\uba85\uc801\uc778 API\ub97c \ud480\uae30 \uc704\ud574 Unapimon\uc744 \uc0ac\uc6a9\ud2b8\ub80c\ub4dc \ub9c8\uc774\ud06c\ub85c (\ubbf8\uad6d) \uad00\ub828 IOC 3\uac1c \ubc1c\uacac', 'showInlineAds': false}, {'id': '7183676590257411087', 'title': 'Yara Rule - \ubc31\ub3c4\uc5b4 XZ \ub77c\uc774\ube0c\ub7ec\ub9ac (Xzutil) CVE-2024-3094\uc5d0\uc11c \uc0ac\uc6a9\ud558\ub294 \uc8fc\uc785 \ub41c \ucf54\ub4dc\ub97c \uac10\uc9c0', 'showInlineAds': false}, {'id': '6433300575461199094', 'title': 'Yara Rule - \uc774\ud56d\uc740 gobfuscate\ub85c \ub09c\ub3c5 \ud654 \ub41c \uac83\uc744 \uc2dd\ubcc4', 'showInlineAds': false}], 'headerByline': {'regionName': 'header1', 'items': [{'name': 'author', 'label': 'by'}, {'name': 'timestamp', 'label': 'd MMM, yyyy'}]}, 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'share', 'label': ''}, {'name': 'comments', 'label': 'Comment'}, {'name': 'labels', 'label': 'Tags'}]}], 'allBylineItems': [{'name': 'author', 'label': 'by'}, {'name': 'timestamp', 'label': 'd MMM, yyyy'}, {'name': 'share', 'label': ''}, {'name': 'comments', 'label': 'Comment'}, {'name': 'labels', 'label': 'Tags'}]}, {'title': '#You may also like', 'type': 'HTML', 'sectionId': 'ads-post', 'id': 'HTML15'}, {'title': '#Advertisement', 'type': 'HTML', 'sectionId': 'ads-post', 'id': 'HTML17'}, {'title': 'Popular Posts', 'type': 'PopularPosts', 'sectionId': 'sidebar-static', 'id': 'PopularPosts10', 'posts': [{'title': '\uc2a4\ud0c0\ub808\uc77c - \uc790\uac00 \ubcc0\ud615\uc131 \ub808\uc9c4 \uc6a9\ub3c4\uc640 \uc0ac\uc6a9\ubc95', 'id': 2238525346933569607}, {'title': '\uc2a4\ud0c0\ub808\uc77c 1.6 - Dr. \ub808\uc774\uc2dc\uc624 \uc885\uacb0 \uc721\uc131 \ubc0f \uc720\ubb3c, \ud30c\ud2f0 \ubd84\uc11d\ud558\uae30', 'id': 4425540732119494156}, {'title': '\uc2a4\ud0c0\ub808\uc77c - \uc740\ub791 \uc721\uc131 \ubc0f \uc885\uacb0 \uc721\uc131 \ubc0f \uc720\ubb3c, \ud30c\ud2f0 \ubd84\uc11d\ud558\uae30', 'id': 6868499368848284795}, {'title': '\ubcf4\uc548 \ud504\ub85c\uadf8\ub7a8 \uc124\uce58 \uacfc\uc815\uc5d0\uc11c \uac10\uc5fc\ub418\ub294 TrollAgent (Kimsuky \uadf8\ub8f9) - ASEC BLOG \uad00\ub828 IOC 48\uac1c \ubc1c\uacac', 'id': 1758039909906122227}, {'title': '\uc6d0\uc2e0 \uc784\ubb34 - [\uce68\uc625 \ud611\uace1] \uc625\uace0\ub9ac \uc870\uac01 \uc88c/\uc6b0, \ud5a5\ub098\ubb34 \uc801\uc7a5\uacfc \ud669\uc885', 'id': 816057799528025566}]}, {'title': 'Categories', 'type': 'Label', 'sectionId': 'sidebar-static', 'id': 'Label10'}, {'title': 'Blog Archive', 'type': 'BlogArchive', 'sectionId': 'sidebar-static', 'id': 'BlogArchive10'}, {'title': '#Recent Post', 'type': 'HTML', 'sectionId': 'sidebar-static', 'id': 'HTML19'}, {'title': '#Advertisement', 'type': 'HTML', 'sectionId': 'sidebar-sticky', 'id': 'HTML20'}, {'title': 'SVG Icons', 'type': 'HTML', 'sectionId': 'jet-options', 'id': 'HTML24'}]}]);
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML10', 'header-main', document.getElementById('HTML10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList10', 'header-main', document.getElementById('LinkList10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList11', 'header-main', document.getElementById('LinkList11'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML11', 'before-blog', document.getElementById('HTML11'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML12', 'before-post', document.getElementById('HTML12'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'blog-post', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/3440210577-lbx__ko.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/13464135-lightbox_bundle.css'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML15', 'ads-post', document.getElementById('HTML15'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML17', 'ads-post', document.getElementById('HTML17'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts10', 'sidebar-static', document.getElementById('PopularPosts10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LabelView', new _WidgetInfo('Label10', 'sidebar-static', document.getElementById('Label10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogArchiveView', new _WidgetInfo('BlogArchive10', 'sidebar-static', document.getElementById('BlogArchive10'), {'languageDirection': 'ltr', 'loadingMessage': '\ub85c\ub4dc \uc911\x26hellip;'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML19', 'sidebar-static', document.getElementById('HTML19'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML20', 'sidebar-sticky', document.getElementById('HTML20'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML24', 'jet-options', document.getElementById('HTML24'), {}, 'displayModeFull'));
</script>
</body>*/</style>