Red Eyes Hacking Group 상세 분석
Contents
2018.04.03
Red Eyes Hacking Group 상세 분석
안랩 시큐리티대응센터(ASEC) 분석연구팀
경기도 성남시 분당구 판교역로 220 (우) 13493 | 대표전화 : 031-722-8000 | 팩스 : 031-722-8901 | www.ahnlab.com
© AhnLab, Inc. All rights reserved.
[분석보고서]Red Eyes Hacking Group
목차
개요 ............................................................................................................................................................................................ 3
레드아이즈 공격 그룹 활동 현황 ................................................................................................................................ 4
1. 악성코드 특징 및 현황 .......................................................................................................................................... 4
2. 주요 공격 사례 및 공격 방식............................................................................................................................. 5
레드아이즈 공격 그룹 악성코드 상세 분석............................................................................................................ 9
1. Reloader (DocPrint)................................................................................................................................................... 9
2. Reloaderx ..................................................................................................................................................................... 10
3. Redoor (DogCall) ..................................................................................................................................................... 10
4. Wiper ............................................................................................................................................................................. 10
다른 공격 그룹과의 연관 가능성 .............................................................................................................................. 11
1. 오퍼레이션 프로감스바이미 (Operation ProgamsByMe, 2015 년) ................................................. 12
2. Pad-1 사용자 제작 악성코드(2016 년) ....................................................................................................... 17
안랩 제품의 대응 현황 ................................................................................................................................................... 19
결론 .......................................................................................................................................................................................... 19
Appendix ............................................................................................................................................................................... 20
참고자료 ............................................................................................................................................................................ 20
추가 정보.......................................................................................................................................................................... 20
© AhnLab, Inc. All rights reserved.
2
[분석보고서]Red Eyes Hacking Group
개요
‘레드아이즈(Red Eyes)’ 공격 그룹은 금성121(Geumseong121), 그룹 123(Group 123), 스카크러프트(ScarCrurf),
APT37, 리퍼(Reaper), 물수제비 천리마(Ricochet Chollima) 등으로도 알려져 있다. 지금까지 확인된 공격 대
상과 관련 파일의 내용으로 미루어 볼 때 이 해킹 그룹의 주요 공격 대상은 탈북자, 북한 인권 …
Red Eyes Hacking Group 상세 분석
안랩 시큐리티대응센터(ASEC) 분석연구팀
경기도 성남시 분당구 판교역로 220 (우) 13493 | 대표전화 : 031-722-8000 | 팩스 : 031-722-8901 | www.ahnlab.com
© AhnLab, Inc. All rights reserved.
[분석보고서]Red Eyes Hacking Group
목차
개요 ............................................................................................................................................................................................ 3
레드아이즈 공격 그룹 활동 현황 ................................................................................................................................ 4
1. 악성코드 특징 및 현황 .......................................................................................................................................... 4
2. 주요 공격 사례 및 공격 방식............................................................................................................................. 5
레드아이즈 공격 그룹 악성코드 상세 분석............................................................................................................ 9
1. Reloader (DocPrint)................................................................................................................................................... 9
2. Reloaderx ..................................................................................................................................................................... 10
3. Redoor (DogCall) ..................................................................................................................................................... 10
4. Wiper ............................................................................................................................................................................. 10
다른 공격 그룹과의 연관 가능성 .............................................................................................................................. 11
1. 오퍼레이션 프로감스바이미 (Operation ProgamsByMe, 2015 년) ................................................. 12
2. Pad-1 사용자 제작 악성코드(2016 년) ....................................................................................................... 17
안랩 제품의 대응 현황 ................................................................................................................................................... 19
결론 .......................................................................................................................................................................................... 19
Appendix ............................................................................................................................................................................... 20
참고자료 ............................................................................................................................................................................ 20
추가 정보.......................................................................................................................................................................... 20
© AhnLab, Inc. All rights reserved.
2
[분석보고서]Red Eyes Hacking Group
개요
‘레드아이즈(Red Eyes)’ 공격 그룹은 금성121(Geumseong121), 그룹 123(Group 123), 스카크러프트(ScarCrurf),
APT37, 리퍼(Reaper), 물수제비 천리마(Ricochet Chollima) 등으로도 알려져 있다. 지금까지 확인된 공격 대
상과 관련 파일의 내용으로 미루어 볼 때 이 해킹 그룹의 주요 공격 대상은 탈북자, 북한 인권 …
IoC
06ae5d62d56f21cd2676989743b9626c
0ff0f3f0722dd122a0f5c3d4c7752675
192.168.100.22
2f0492f53d348bea993b7ae5983508a6
2fdbb9a500143a2dd3d226a1cc3e45b5
42f216cc32cf2b14e6daea0816da8c50
44bdeb6c0af7c36a08c64e31ceadc63c
49d30adaab769fbea2ef69e09c6598c5
5ef03b48b4ae68c572028c72572444d2
6cec7de9d4797895775e2add9d6855ba
7ca1e08fc07166a440576d1af0a15bb1
89c3254aa577d3788f0f402fe6e5a855
8b55d52b12cf319d9785ad8eeeade5ea
9ac2ffd3f1cea2e01ed77c2e7b4a29e7
9cd11aa7872f9cba98264113d3d72893
9f1e60e0c794aa3f3bdf8a6645ccabdc
d00e3196bc847e63fc4b255e8ab06d1c
f0a5385d0d9f7c546b25a7448ca5b1c9
f613c9276d0deb19d0959aa2fbfc737c
f793deeee9dc4235d228e68d27057dcc
fc0a9850f7b6a91f7757d64c86cfc141
0ff0f3f0722dd122a0f5c3d4c7752675
192.168.100.22
2f0492f53d348bea993b7ae5983508a6
2fdbb9a500143a2dd3d226a1cc3e45b5
42f216cc32cf2b14e6daea0816da8c50
44bdeb6c0af7c36a08c64e31ceadc63c
49d30adaab769fbea2ef69e09c6598c5
5ef03b48b4ae68c572028c72572444d2
6cec7de9d4797895775e2add9d6855ba
7ca1e08fc07166a440576d1af0a15bb1
89c3254aa577d3788f0f402fe6e5a855
8b55d52b12cf319d9785ad8eeeade5ea
9ac2ffd3f1cea2e01ed77c2e7b4a29e7
9cd11aa7872f9cba98264113d3d72893
9f1e60e0c794aa3f3bdf8a6645ccabdc
d00e3196bc847e63fc4b255e8ab06d1c
f0a5385d0d9f7c546b25a7448ca5b1c9
f613c9276d0deb19d0959aa2fbfc737c
f793deeee9dc4235d228e68d27057dcc
fc0a9850f7b6a91f7757d64c86cfc141