Kimsuky泄露文件简单分析
Contents
朝鲜黑客组织Kimsuky APT一名成员遭遇重大数据泄露,泄露了一些内部文件和工具。
入侵大概发生在2025年6月初,此次泄露暴露了该组织后门、网络钓鱼框架和侦察行动。
公网泄露链接为:
https[:]//data[.]ddosecrets[.]com/APT%20Down%20-%20The%20North%20Korea%20Files/
我这里简要下载了 zip 目录下的 work.zip 压缩包,所以仅分析里面的比较好玩的文件。
test.py:
使用第三方库 xtermgui 来创建一个终端图形用户界面。
xtermgui 这个库允许开发者在纯文本的终端(命令行窗口)中,创建出具有图层、颜色和精确定位等特性的、更丰富的交互界面。
from xtermgui import Colour, RGBs, LayeredGUI, Coordinate
Colour.configure_default_background(RGBs.DEFAULT_BACKGROUND_WSL.value)
classMyGUI(LayeredGUI):
def__init__(self) -> None:
super().__init__() # self.base_layer is created automatically
self.second_layer = self.add_layer("Layer Name", z=1) # z-index is the same as that of the existing layer with the greatest z-index by default
defmain() -> None:
gui = MyGUI()
text_base_layer = "This text will be printed in the console, on the base layer."
text_1_second_layer = "This text will be printed in the console, on the second layer."
text_2_second_layer = "This text will also be printed in the console, on the second layer."
coordinates = Coordinate(10, 5)
with gui.start():
gui.print(text_base_layer, at=coordinates) # Prints on the active layer by default - this is initially the base layer
gui.print(text_1_second_layer, at=coordinates, layer=gui.second_layer) # Prints over the text on the base layer
with gui.as_active(gui.second_layer): # Second layer is set as active within this scope only
gui.print(text_2_second_layer, at=coordinates) # Overwrites the existing text
gui.clear(layer=gui.second_layer) # Only the content printed to the base layer now shows
if __name__ == "__main__":
main()
运行结果:
clean.bat:
通过一系列的 …
入侵大概发生在2025年6月初,此次泄露暴露了该组织后门、网络钓鱼框架和侦察行动。
公网泄露链接为:
https[:]//data[.]ddosecrets[.]com/APT%20Down%20-%20The%20North%20Korea%20Files/
我这里简要下载了 zip 目录下的 work.zip 压缩包,所以仅分析里面的比较好玩的文件。
test.py:
使用第三方库 xtermgui 来创建一个终端图形用户界面。
xtermgui 这个库允许开发者在纯文本的终端(命令行窗口)中,创建出具有图层、颜色和精确定位等特性的、更丰富的交互界面。
from xtermgui import Colour, RGBs, LayeredGUI, Coordinate
Colour.configure_default_background(RGBs.DEFAULT_BACKGROUND_WSL.value)
classMyGUI(LayeredGUI):
def__init__(self) -> None:
super().__init__() # self.base_layer is created automatically
self.second_layer = self.add_layer("Layer Name", z=1) # z-index is the same as that of the existing layer with the greatest z-index by default
defmain() -> None:
gui = MyGUI()
text_base_layer = "This text will be printed in the console, on the base layer."
text_1_second_layer = "This text will be printed in the console, on the second layer."
text_2_second_layer = "This text will also be printed in the console, on the second layer."
coordinates = Coordinate(10, 5)
with gui.start():
gui.print(text_base_layer, at=coordinates) # Prints on the active layer by default - this is initially the base layer
gui.print(text_1_second_layer, at=coordinates, layer=gui.second_layer) # Prints over the text on the base layer
with gui.as_active(gui.second_layer): # Second layer is set as active within this scope only
gui.print(text_2_second_layer, at=coordinates) # Overwrites the existing text
gui.clear(layer=gui.second_layer) # Only the content printed to the base layer now shows
if __name__ == "__main__":
main()
运行结果:
clean.bat:
通过一系列的 …