Kimsuky의 지속적인 KimJongRAT 변종 개발과 그 너머의 위협
Contents
import sys
table = {
'!': '-', '#': ')', '$': ';', '%': '+', '&': '=', '(': ':', ')': '#',
'*': '_', '+': '%', ',': '/', '-': '!', '.': '?', '/': ',', ':': '(',
';': '$', '<': ']', '=': '&', '>': '^', '?': '.', '@': '}', '[': '{',
']': '<', '^': '>', '_': '*',
'a': 'm', 'b': 'q', 'c': 'f', 'd': 'h', 'e': 'x', 'f': 'c', 'g': 'l',
'h': 'd', 'i': 'p', 'j': 's', 'k': 't', 'l': 'g', 'm': 'a', 'n': 'z',
'o': 'r', 'p': 'i', 'q': 'b', 'r': 'o', 's': 'j', 't': 'k', 'u': 'y',
'v': 'w', 'w': 'v', 'x': 'e', 'y': 'u', 'z': 'n',
'{': '[', '}': '@',
}
TRANS = str.maketrans({ord(k): v for k, v in table.items()})
def substitute_preserve_case(s):
is_upper = [ch.isalpha() and ch.isupper() for ch in s]
lower_s = ''.join(ch.lower() if ch.isalpha() else ch for ch in s)
sub = lower_s.translate(TRANS)
out_chars = []
for ch, up in zip(sub, is_upper):
…
table = {
'!': '-', '#': ')', '$': ';', '%': '+', '&': '=', '(': ':', ')': '#',
'*': '_', '+': '%', ',': '/', '-': '!', '.': '?', '/': ',', ':': '(',
';': '$', '<': ']', '=': '&', '>': '^', '?': '.', '@': '}', '[': '{',
']': '<', '^': '>', '_': '*',
'a': 'm', 'b': 'q', 'c': 'f', 'd': 'h', 'e': 'x', 'f': 'c', 'g': 'l',
'h': 'd', 'i': 'p', 'j': 's', 'k': 't', 'l': 'g', 'm': 'a', 'n': 'z',
'o': 'r', 'p': 'i', 'q': 'b', 'r': 'o', 's': 'j', 't': 'k', 'u': 'y',
'v': 'w', 'w': 'v', 'x': 'e', 'y': 'u', 'z': 'n',
'{': '[', '}': '@',
}
TRANS = str.maketrans({ord(k): v for k, v in table.items()})
def substitute_preserve_case(s):
is_upper = [ch.isalpha() and ch.isupper() for ch in s]
lower_s = ''.join(ch.lower() if ch.isalpha() else ch for ch in s)
sub = lower_s.translate(TRANS)
out_chars = []
for ch, up in zip(sub, is_upper):
…
IoC
http://daumcyd.ddns.net
https://drive.google.com/uc?export=download&id=14J3_AavuDYmvlf32nqUQbNwz63Ym9Ph3
https://drive.google.com/uc?export=download&id=12V4yQfKNkeA1W_FIkCpirhSO3dnA52Ni
http://nid-naverbpk.onthewifi.com
https://natezlx.myvnc.com/?nxnx=change&m=[base64
http://gmail.com
http://183.111.226.13
http://kzloly.nmailhub.com
http://142.11.248.98
http://27.102.113.107
http://cdn.glitch.global
https://link24.kr/HSXrWzV
https://drive.google.com/uc?export=download&id=1PpxH3N-s87LZVCX7IBvLMpx56ABQ6CGn
https://drive.google.com/uc?export=download&id=1dWsR1EkV_oxaIrJhXiAmmzvJY8SDgNnu
https://drive.google.com/ucexport=download&id=1uhHhgt4EMMhWZr9b94dxll0aphOg7PYi
http://27.102.113.170
https://natezlx.myvnc.com/docs/?ru=https://github.com/microstrategy743/dev/releases/download/v1.0/sexoffender.zip&m=[base64
http://âbuly.kr
http://natezlx.myvnc.com
http://27.102.113.209
http://27.102.113.20
https://drive.google.com/uc?export=download&id=1Mx-A2CPcotb_DDcKmIs9d3DCSjbLwLhM
http://160.202.160.248
http://quemr.mailhubsec.com
http://61.97.243.9
http://103.249.28.34
https://natezlx.myvnc.com/docs/?ru=https://github.com/microstrategy743/dev/releases/download/v1.0/tax_bill.zip&m=[base64
https://drive.google.com/uc?export=download&id=1J__fMPHg-imAvg6BTenO0AmZCNa-lOys
https://buly.kr/EooX5dX
https://drive.google.com/uc?export=download&id=1_Z9I0D8M31-q7BKp_hs2TuY-kvlQH9D_
https://drive.google.com/uc?export=download&id=1kFyBMQdmMvhiu3j9-rTjgV2nVeYGr_fZ
160.202.160.248
142.11.248.98
183.111.226.13
27.102.113.107
27.102.113.209
103.249.28.34
27.102.113.20
27.102.113.170
61.97.243.9
76d2cbad8502dce9e70e501c2378d3ff
2e8bf657d0301fb4c61e29f455d9058e
172dc997ca6022ec8dff0842e4c7b887
d69fbf23e7492618cadc63d171010cd8
c69909ea3c131181fa7ae12155bcae17
5441d8a79411a261546beb1021cb5052
66c4e2dd235c4d8d31abaf96e051585e
f000df00a424cefcd8efff48ab167169
677e77265c7ba52e825fc62023942213
8b6580e14b8164e28e684d48691ddf4d
7d098f0f41601216ffd2e7f06da56c70f1e671da
d9ecf148c88bfd9791758b3be1a9f459
003ea91e9f52ecfdc3aadb2732e9b54c
77f131bc8f660f85812c0d2e0da8e77e
e3a937869322cc4cd765fcbf16d5b9ea
c0ee9a9046d82b294b3bf3bec997fc45
https://drive.google.com/uc?export=download&id=14J3_AavuDYmvlf32nqUQbNwz63Ym9Ph3
https://drive.google.com/uc?export=download&id=12V4yQfKNkeA1W_FIkCpirhSO3dnA52Ni
http://nid-naverbpk.onthewifi.com
https://natezlx.myvnc.com/?nxnx=change&m=[base64
http://gmail.com
http://183.111.226.13
http://kzloly.nmailhub.com
http://142.11.248.98
http://27.102.113.107
http://cdn.glitch.global
https://link24.kr/HSXrWzV
https://drive.google.com/uc?export=download&id=1PpxH3N-s87LZVCX7IBvLMpx56ABQ6CGn
https://drive.google.com/uc?export=download&id=1dWsR1EkV_oxaIrJhXiAmmzvJY8SDgNnu
https://drive.google.com/ucexport=download&id=1uhHhgt4EMMhWZr9b94dxll0aphOg7PYi
http://27.102.113.170
https://natezlx.myvnc.com/docs/?ru=https://github.com/microstrategy743/dev/releases/download/v1.0/sexoffender.zip&m=[base64
http://âbuly.kr
http://natezlx.myvnc.com
http://27.102.113.209
http://27.102.113.20
https://drive.google.com/uc?export=download&id=1Mx-A2CPcotb_DDcKmIs9d3DCSjbLwLhM
http://160.202.160.248
http://quemr.mailhubsec.com
http://61.97.243.9
http://103.249.28.34
https://natezlx.myvnc.com/docs/?ru=https://github.com/microstrategy743/dev/releases/download/v1.0/tax_bill.zip&m=[base64
https://drive.google.com/uc?export=download&id=1J__fMPHg-imAvg6BTenO0AmZCNa-lOys
https://buly.kr/EooX5dX
https://drive.google.com/uc?export=download&id=1_Z9I0D8M31-q7BKp_hs2TuY-kvlQH9D_
https://drive.google.com/uc?export=download&id=1kFyBMQdmMvhiu3j9-rTjgV2nVeYGr_fZ
160.202.160.248
142.11.248.98
183.111.226.13
27.102.113.107
27.102.113.209
103.249.28.34
27.102.113.20
27.102.113.170
61.97.243.9
76d2cbad8502dce9e70e501c2378d3ff
2e8bf657d0301fb4c61e29f455d9058e
172dc997ca6022ec8dff0842e4c7b887
d69fbf23e7492618cadc63d171010cd8
c69909ea3c131181fa7ae12155bcae17
5441d8a79411a261546beb1021cb5052
66c4e2dd235c4d8d31abaf96e051585e
f000df00a424cefcd8efff48ab167169
677e77265c7ba52e825fc62023942213
8b6580e14b8164e28e684d48691ddf4d
7d098f0f41601216ffd2e7f06da56c70f1e671da
d9ecf148c88bfd9791758b3be1a9f459
003ea91e9f52ecfdc3aadb2732e9b54c
77f131bc8f660f85812c0d2e0da8e77e
e3a937869322cc4cd765fcbf16d5b9ea
c0ee9a9046d82b294b3bf3bec997fc45