issuemakerslab - secuinsidesecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9...
TRANSCRIPT
![Page 1: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/1.jpg)
IssueMakersLab
![Page 2: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/2.jpg)
![Page 3: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/3.jpg)
IssueMakersLab
군사 정보 수집
![Page 4: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/4.jpg)
IssueMakersLab
국방 도메인 공격 시도
![Page 5: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/5.jpg)
IssueMakersLab
무기 정보 수집
천마 현무
![Page 6: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/6.jpg)
![Page 7: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/7.jpg)
IssueMakersLab
거대 봇넷 구축 (2009년 5월~7월)
Re-Collection Server C&C Master Server
[NK]
Distributed C&C Server
C&C IP Relay Server
IP Relay
[Victim]
![Page 8: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/8.jpg)
IssueMakersLab
수집 시도한 정보
명령 복호화
작전 계획, 작계 | 5027, 5029, 5030, 3100, 3600 | .hwp, .ppt, .doc
KR, UFG, UFL, 을지, RSOI | .hwp, .ppt
![Page 9: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/9.jpg)
IssueMakersLab
악성코드 유포 방법 #1
[NK]
웹하드 웹사이트
[Victim]
설치 파일 업데이트 파일
파일 교체 웹하드 설치 / 업데이트
![Page 10: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/10.jpg)
IssueMakersLab
서버측 악성코드 수집 방법
• 악성코드 분석 (통신 프로토콜)
• 서버측 프로토콜 예상 (바이너리 검색/수집)
![Page 11: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/11.jpg)
IssueMakersLab
C&C 프로토콜
Length
Length
Length
Length
Auth String
Auth String
C&C IP | PORT
Length
Length
Length
Length
Length
Length
Length
Length
Time - saved in config
Cmdcode Filesize
Cmdcode 00000000
Cmdcode
Cmdcode Filedata
Request file offset
Cmdcode
Cmdcode
Cmdcode
Length
Cmdcode
![Page 12: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/12.jpg)
IssueMakersLab
명령체계 분석
![Page 13: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/13.jpg)
IssueMakersLab
관리자 모드 발견
Command Code 의미 주체
0x1000 관리자 모드 관리자
0x2100 IP 및 명령 요청 Zombie
0x2200 수집한 정보 전송 Zombie
![Page 14: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/14.jpg)
IssueMakersLab
역공격 #1
C&C Master Server
Distributed C&C Server
[Victim]
![Page 15: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/15.jpg)
IssueMakersLab
C&C 서버 확보 방법 #1
![Page 16: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/16.jpg)
IssueMakersLab
거대 봇넷의 실체 (C&C 서버)
![Page 17: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/17.jpg)
IssueMakersLab
백도어 발견
Encryption Protocol Port
X send: + 0x28) ^ 0x47
recv: ^ 0x47) - 0x28
131
143
339
Y send: ^ 0x92) + 0x61
recv: - 0x61) ^ 0x92
112, 125, 133
112, 125, 133
128, 125, 133
Command Code Meaning
0xAAA5 프로세스 실행(CreateProcessA)
0xAAA8 프로세스 실행(cmd.exe /c)
0xAAA3 지정 파일 가져오기
0xAAA4 파일 생성하기
0xAAA9 프로세스 목록 전송
0xAAA0 시스템정보 전송
![Page 18: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/18.jpg)
IssueMakersLab
2010년 (백도어 업그레이드)
Command Code
2009년 Command Code
2010년
0xAAA5 프로세스 실행(CreateProcessA) 0xBBB9 프로세스 실행(CreateProcessA)
0xAAA8 프로세스 실행(cmd.exe /c) 0xBBC4 프로세스 실행(cmd.exe /c)
0xAAA3 지정 파일 가져오기 0xBBB2 지정 파일 가져오기
0xAAA4 파일 생성하기 0xBBB3 파일 생성하기
0xAAA9 프로세스 목록 전송
0xAAA0 시스템정보 전송 0xBBBF 네트워크 어댑터 정보 전송
0xBBD0 컴퓨터이름 정보 전송
0xBBC1 디스크의 남은 공간 전송
0xBBD1 윈도우 설정 국가 정보 전송
0xBBD2 윈도우 버전 정보 전송
0xBBB8 지정 디렉토리 생성
![Page 19: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/19.jpg)
![Page 20: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/20.jpg)
IssueMakersLab
두번째 거대 봇넷 구축 (2011년)
Re-Collection Server
[NK]
Distributed C&C Server
C&C IP Relay Server
IP Relay
[Victim]
![Page 21: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/21.jpg)
IssueMakersLab
국방 사이트 디도스 공격
Site Description Category Site Description Category
1 korea.go.kr Korea E-Government Government 21 dapa.go.kr Defense Acquisition Program Administration Military
2 cwd.go.kr OFFICE OF THE PRESIDENT Government 22 assembly.go.kr National Assembly of the Republic of Korea Congress
3 mopas.go.kr Ministry of Public Administration and Security Government 23 khnp.co.kr
KOREA HYDRO & NUCLEAR POWER Infrastructures
4 mofat.go.kr Ministry of Foreign Affairs and Trade Government 24 korail.com KOREA RAILROAD Infrastructures
5 unikorea.go.kr Ministry of Unification Government 25 kbstar.com Kookmin Bank Financial
6 kcc.go.kr KOREA COMMUNICATIONS COMMISION Government 26 keb.co.kr KOREA EXCHANGE BANK Financial
7 fsc.go.kr FINANCIAL SERVICES COMMISSION Government 27 shinhan.com Shinhan Bank Financial
8 police.go.kr National Police Agency Government 28 wooribank.com Woori Bank Financial
9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial
10 nts.go.kr National Tax Service Government 30 nonghyup.com Nonghyup Bank Financial
11 nis.go.kr National Intelligence Service Government 31 jeilbank.co.kr JEIL SAVINGS BANK Financial
12 kisa.or.kr KOREA INTERNET SECURITY AGENCY Government 32 daishin.co.kr Daishin Securities Financial
13 mnd.mil.kr Ministry of National Defense Military 33 kiwoom.com KIWOOM SECURITIES Financial
14 jcs.mil.kr R.O.K Joint Chiefs of Staff Military 34 naver.com NHN Corp. (Naver) Portal
15 army.mil.kr Republic of Korea Army Military 35 daum.net Daum Communications Portal
16 navy.mil.kr REPUBLIC OF KOREA NAVY Military 36 auction.co.kr eBay Korea (Auction) Shopping
17 airforce.mil.kr REPUBLIC OF KOREA AIR FORCE Military 37 gmarket.co.kr eBay Korea (Gmarket) Shopping
18 dema.mil.kr Defense Media Agency Military 38 hangame.com NHN Corp. (Hangame) Game
19 usfk.mil United States Forces Korea Military 39 ahnlab.com AhnLab, Inc. IT Company
20 kunsan.af.mil U.S.AIR FORCE (Kunsan Air Base) Military 40 dcinside.com dcinside IT Company
![Page 22: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/22.jpg)
IssueMakersLab
코드 암호화 적용
2011년 2009년
Encrypted Non-Encrypted
발전: 코드 암호화 (분석 및 탐지 방해)
![Page 23: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/23.jpg)
IssueMakersLab
봇넷 구조의 발전
C&C 관리 서버
[NK]
Distributed C&C Server
2009년
[NK]
Distributed P2P C&C Server (Synchronized)
2011년 계층형 구조 P2P 구조
발전 : 어떤 서버든 전체 동기화 가능 관리 서버 조치 시 명령 하달 불가
![Page 24: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/24.jpg)
IssueMakersLab
백도어 동일
Command Code
2010년 Command Code
2011년
0xBBB9 프로세스 실행(CreateProcessA) 0xBBB9 프로세스 실행(CreateProcessA)
0xBBC4 프로세스 실행(cmd.exe /c) 0xBBC4 프로세스 실행(cmd.exe /c)
0xBBB2 지정 파일 가져오기 0xBBB2 지정 파일 가져오기
0xBBB3 파일 생성하기 0xBBB3 파일 생성하기
0xBBBF 네트워크 어댑터 정보 전송 0xBBBF 네트워크 어댑터 정보 전송
0xBBD0 컴퓨터이름 정보 전송 0xBBD0 컴퓨터이름 정보 전송
0xBBC1 디스크의 남은 공간 전송 0xBBC1 디스크의 남은 공간 전송
0xBBD1 윈도우 설정 국가 정보 전송 0xBBD1 윈도우 설정 국가 정보 전송
0xBBD2 윈도우 버전 정보 전송 0xBBD2 윈도우 버전 정보 전송
0xBBB8 지정 디렉토리 생성 0xBBB8 지정 디렉토리 생성
![Page 25: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/25.jpg)
IssueMakersLab
역공격 #2
Distributed P2P C&C Server (Synchronized)
![Page 26: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/26.jpg)
IssueMakersLab
역공격 #2
![Page 27: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/27.jpg)
![Page 28: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/28.jpg)
IssueMakersLab
키리졸브 훈련 (2013년)
![Page 29: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/29.jpg)
IssueMakersLab
군사정보 수집
![Page 30: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/30.jpg)
IssueMakersLab
7년간 군사정보 수집
2007 2013
수년간 동일한 감염 PC 식별 생성코드 사용
![Page 31: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/31.jpg)
IssueMakersLab
한국어 개발 환경
![Page 32: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/32.jpg)
IssueMakersLab
C&C 명령 프로토콜 분석
[NK]
A 개인키
B 공개키
A 공개키
B 개인키
2쌍의 RSA 암호키 사용
C&C 명령 암/복호화
수집 데이터 암/복호화 해커만 보유
동일한 RSA 공개키 암호 6년간 사용
![Page 33: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/33.jpg)
IssueMakersLab
C&C 서버 확보 방법 #2
![Page 34: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/34.jpg)
IssueMakersLab
악성코드 유포 방법 #2
![Page 35: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/35.jpg)
IssueMakersLab
2014년 여름 (봇넷 형성)
![Page 36: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/36.jpg)
IssueMakersLab
다수 버전의 악성코드 유포
Zombie ID OS Version Zombie Version
Windows XP 0x191
Windows XP 0x131
Windows XP 0x190
Windows XP 0x190
Windows XP 0x190
Windows Vista 0x190
Windows XP 0x133
Windows Vista 0x192
Windows XP 0x131
Windows XP 0x12f
Windows XP 0x190
Windows XP 0x12d
Windows 7 0x191
Windows XP 0x131
Windows XP 0x190
![Page 37: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/37.jpg)
IssueMakersLab
역공격 #3
Control Code Meaning Description
XXX0 SendAuthfile 전체 Zombie PC 리스트 확인
XXX1+Zombie PC’s ID SaveCommand Zombie PC에게 명령 전송
XXX2+Zombie PC’s ID SendCommand Zombie PC의 명령 수신 여부 확인
XXX3+Zombie PC’s ID SendResult Zombie PC에게 내린 명령에 대한 결과 확인
공격자 좀비 ID 확보
![Page 38: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/38.jpg)
IssueMakersLab
역공격 #3
![Page 39: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/39.jpg)
IssueMakersLab
역공격 #4
10.10.1.x
![Page 40: IssueMakersLab - SECUINSIDEsecuinside.com/archive/2015/2015-2-5.pdf · 2015-07-26 · 9 customs.go.kr KOREA CUSTOMS SERVICE Government 29 hanabank.com Hana Bank Financial 10 nts.go.kr](https://reader031.vdocuments.net/reader031/viewer/2022011817/5e7bf462e98051172843698e/html5/thumbnails/40.jpg)