IOC:
http://213.180.180.154/editor/session/aaa000/support.php
http://yoshinorihirano.net/wp-includes/feed-xml.php
https://github.com/JPCERTCC/Lazarus-research/
192.168.1.1
6db57bbc2d07343dd6ceba0f53c73756af78f09fe1cb5ce8e8008e5e7242eae1
f226086b5959eb96bd30dec0ffcbf0f09186cd11721507f416f1c39901addafb
213.180.180.154
http://www.karin-store.com/recaptcha.php
요약:
JPCERT/CC는 멀티 플랫폼을 위해 만드는 라자루스라는 그룹의 활동을 조사하고 있습니다. YamaBot은 Windows OS를 타겟으로 하는 라자루스가 만든 멀웨어 중 하나입니다. YamaBot은 HTTP 요청을 사용하여 C2 서버와 통신합니다. Windows OS를 타겟으로 하는 샘플에 포함된 함수 중에는 Mutex를 생성하고 확인하는 것, IP 주소를 가져오는 것, OS 이름과 버전을 가져오는 것, 문자열을 암호화하는 것 등이 있습니다.
내용:
Struct).handleMarketPrice
_/D_/Bot/YamaBot/engine.(*FileStruct).handleEggPrice
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func1
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func2
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func3
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func4
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func5
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func6
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func7
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func8
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func9
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func10
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func11
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func12
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func13
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func14
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func15
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func16
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func17
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func18
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func19
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func20
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func21
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func22
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func23
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func24
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func25
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func26
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func27
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func28
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func29
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func30
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func31
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func32
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func33
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func34
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func35
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func36
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func37
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func38
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func39
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func40
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func41
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func42
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func43
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func44
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func45
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func46
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func47
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func48
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func49
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func50
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func51
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func52
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func53
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func54
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func55
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func56
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func57
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func58
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func59
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func60
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func61
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func62
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func63
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func64
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func65
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func66
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func67
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func68
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func69
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func70
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func71
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func72
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func73
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func74
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func75
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func76
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func77
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func78
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func79
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func80
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func81
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.func82
_/D_/Bot/YamaBot/engine.(*FileStruct).handleMiner.....
'야마봇' 마스터링 바이러스 사용 - JPCERT / CC 눈 | JPCERT 종합 센터 공식 블로그:
https://blogs.jpcert.or.jp/en/2022/07/yamabot
'Security > News' 카테고리의 다른 글
| 공인 인증 솔루션(VestCert) 취약점 주의 및 업데이트 권고 - ASEC BLOG 관련 IOC 4개 발견 (0) | 2023.03.18 |
|---|---|
| 자산 관리 솔루션(TCO!Stream) 취약점 주의 및 업데이트 권고 - ASEC BLOG 관련 IOC 5개 발견 (0) | 2023.03.18 |
| 오와사스 전자 거래소 익스플로잇을 관찰하고 있으며... 아직도 관련 IOC 21개 발견 (0) | 2023.03.17 |
| 주의 Xdr33, CIA의 HIVE 공격 키트의 변종이 등장 관련 IOC 10개 발견 (0) | 2023.03.17 |
| 헤드크랩 : 글로벌 캠페인에서 최첨단 레디스 메일웨어 관련 IOC 6개 발견 (0) | 2023.03.17 |
댓글0