{"id":140506,"date":"2025-04-14T08:48:43","date_gmt":"2025-04-14T15:48:43","guid":{"rendered":"https:\/\/unit42.paloaltonetworks.com\/?p=140506"},"modified":"2025-06-19T11:04:42","modified_gmt":"2025-06-19T18:04:42","slug":"slow-pisces-new-custom-malware","status":"publish","type":"post","link":"https:\/\/origin-unit42.paloaltonetworks.com\/ko\/slow-pisces-new-custom-malware\/","title":{"rendered":"\ucf54\ub529\uc5d0 \ub3c4\uc804\ud558\ub294 \uac1c\ubc1c\uc790\ub97c \ub178\ub9ac\ub294 Slow Pisces, \uc0c8\ub85c\uc6b4 \ub9de\ucda4\ud615 Python \uba40\uc6e8\uc5b4 \ub3c4\uc785"},"content":{"rendered":"<h2><a id=\"post-140506-_heading=h.ajgzvuipielg\"><\/a>\uac1c\uc694<\/h2>\n<p>Slow Pisces (\ubcc4\uce6d: Jade Sleet, TraderTraitor, PUKCHONG)\ub294 \ubd81\ud55c \uc815\ubd80\uac00 \ud6c4\uc6d0\ud558\ub294 \uc0ac\uc774\ubc84 \uc704\ud611 \uadf8\ub8f9\uc73c\ub85c, \uc8fc\ub85c \uc554\ud638\ud654\ud3d0 \ubd84\uc57c\uc758 \ub300\uaddc\ubaa8 \uc870\uc9c1\uc744 \ub300\uc0c1\uc73c\ub85c \uacf5\uaca9\uc744 \uac10\ud589\ud558\uc5ec \ubd81\ud55c \uc815\uad8c\uc5d0 \uc218\uc775\uc744 \ucc3d\ucd9c\ud558\ub294 \ub370 \uc9d1\uc911\ud558\uace0 \uc788\uc2b5\ub2c8\ub2e4. \ubcf8 \ubcf4\uace0\uc11c\ub294 \uc774 \uadf8\ub8f9\uc774 \ucd5c\uadfc \ubc8c\uc778 \uc554\ud638\ud654\ud3d0 \ud0c8\ucde8 \uc0ac\uac74\ub4e4\uacfc \uc5f0\uad00\ub418\uc5b4 \uc788\ub2e4\uace0 \ud310\ub2e8\ub418\ub294 \ucea0\ud398\uc778\uc744 \ubd84\uc11d\ud569\ub2c8\ub2e4.<\/p>\n<p>\uc774\ubc88 \ucea0\ud398\uc778\uc5d0\uc11c <a href=\"https:\/\/unit42.paloaltonetworks.com\/threat-actor-groups-tracked-by-palo-alto-networks-unit-42\/#:~:text=Slow%20Pisces%20is%20North%20Korea%27s%20nation%20state%20threat%20group%20under%20Reconnaissance%20General%20Bureau%20(RGB)%20of%20DPRK.%20It%27s%20believed%20to%20be%20a%20spin%2Doff%20from%20the%20Lazarus%20group%20with%20focus%20on%20financial%20gathering%20and%20crypto%20industry%20targeting%20goals\" target=\"_blank\" rel=\"noopener\">Slow Pisces<\/a>\ub294 LinkedIn\uc5d0\uc11c \uc554\ud638\ud654\ud3d0 \uac1c\ubc1c\uc790\ub4e4\uc5d0\uac8c \uc811\uadfc\ud558\uc5ec \uac00\uc9dc \uace0\uc6a9\uc8fc\ub85c \uc704\uc7a5\ud558\uace0, \ucf54\ub529 \uacfc\uc81c\ub85c \uac00\uc7a5\ud55c \uc545\uc131\ucf54\ub4dc\ub97c \uc804\ub2ec\ud588\uc2b5\ub2c8\ub2e4. \uac1c\ubc1c\uc790\ub4e4\uc740 \uc774 \uacfc\uc81c\ub97c \uc2e4\ud589\ud568\uc73c\ub85c\uc368 \uc2dc\uc2a4\ud15c\uc774 \uac10\uc5fc\ub418\uba70, \uc774\ub54c \uc0ac\uc6a9\ub41c \uc545\uc131\ucf54\ub4dc\ub294 RN Loader \ubc0f RN Stealer\ub85c \uba85\uba85\ub418\uc5c8\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uc774 \uadf8\ub8f9\uc740 <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/security-insider\/microsoft-digital-defense-report-2023\" target=\"_blank\" rel=\"noopener\">2023\ub144 \ud55c \ud574\uc5d0\ub9cc \uc554\ud638\ud654\ud3d0 \ubd84\uc57c\uc5d0\uc11c 10\uc5b5 \ub2ec\ub7ec \uc774\uc0c1<\/a>\uc744 \ud0c8\ucde8\ud55c \uac83\uc73c\ub85c \uc54c\ub824\uc838 \uc788\uc2b5\ub2c8\ub2e4. <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa22-108a\" target=\"_blank\" rel=\"noopener\">\uadf8\ub4e4\uc740 \uac00\uc9dc \ud2b8\ub808\uc774\ub529 \uc560\ud50c\ub9ac\ucf00\uc774\uc158<\/a>, <a href=\"https:\/\/github.blog\/security\/vulnerability-research\/security-alert-social-engineering-campaign-targets-technology-industry-employees\/\" target=\"_blank\" rel=\"noopener\">Node Package Manager(NPM)\ub97c \ud1b5\ud55c \uc545\uc131\ucf54\ub4dc \ubc30\ud3ec<\/a>, <a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/north-korea-supply-chain\" target=\"_blank\" rel=\"noopener\">\uacf5\uae09\ub9dd \uacf5\uaca9 \ub4f1<\/a> \ub2e4\uc591\ud55c \uc218\ub2e8\uc744 \ud65c\uc6a9\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<p>2024\ub144 12\uc6d4, \ubbf8\uad6d <a href=\"https:\/\/www.fbi.gov\/news\/press-releases\/fbi-dc3-and-npa-identification-of-north-korean-cyber-actors-tracked-as-tradertraitor-responsible-for-theft-of-308-million-from-bitcoindmmcom\" target=\"_blank\" rel=\"noopener\">FBI\ub294<\/a> \uc77c\ubcf8\uc758 \ud55c \uc554\ud638\ud654\ud3d0 \uae30\uc5c5\uc5d0\uc11c 3\uc5b5 800\ub9cc \ub2ec\ub7ec\uac00 \ud0c8\ucde8\ub41c \uc0ac\uac74\uc744 Slow Pisces\uc758 \uc18c\ud589\uc73c\ub85c \uc9c0\ubaa9\ud588\uc2b5\ub2c8\ub2e4. \ucd5c\uadfc\uc5d0\ub294 \ub450\ubc14\uc774 \uc554\ud638\ud654\ud3d0 \uac70\ub798\uc18c <a href=\"https:\/\/www.ic3.gov\/PSA\/2025\/PSA250226\" target=\"_blank\" rel=\"noopener\">15\uc5b5 \ub2ec\ub7ec \ud0c8\ucde8 \uc0ac\uac74\uc5d0<\/a>\ub3c4 \uc5f0\ub8e8\ub41c \uac83\uc73c\ub85c \ubcf4\ub3c4\ub418\uace0 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\ud314\ub85c\uc54c\ud1a0\ub124\ud2b8\uc6cd\uc2a4\ub294 \uad00\ub828 GitHub \ubc0f LinkedIn \uacc4\uc815\uacfc \ub9ac\ud3ec\uc9c0\ud1a0\ub9ac \uc81c\uac70\ub97c \uc704\ud574 \uac01 \ud50c\ub7ab\ud3fc \ubd84\uc11d\uac00\ub4e4\uacfc \uc704\ud611 \uc778\ud154\ub9ac\uc804\uc2a4\ub97c \uacf5\uc720\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uc591\uc0ac\ub294 \ub2e4\uc74c\uacfc \uac19\uc740 \uc785\uc7a5\uc744 \ubc1d\ud614\uc2b5\ub2c8\ub2e4:<\/p>\n<p style=\"padding-left: 40px;\"><em>GitHub\uc640 LinkedIn\uc740 \ud574\ub2f9 \uc545\uc131 \uacc4\uc815\uc774 \uc790\uc0ac \uc11c\ube44\uc2a4 \uc57d\uad00\uc744 \uc704\ubc18\ud55c \uac83\uc73c\ub85c \ud310\ub2e8\ud574 \uc0ad\uc81c \uc870\uce58\ub97c \ucde8\ud588\uc2b5\ub2c8\ub2e4. \uc6b0\ub9ac\ub294 \uc790\ub3d9\ud654 \uae30\uc220, \uc804\ubb38 \uc870\uc0ac\ud300, \uc0ac\uc6a9\uc790 \uc2e0\uace0 \uc2dc\uc2a4\ud15c\uc744 \ud65c\uc6a9\ud558\uc5ec \uc545\uc131 \ud589\uc704\uc790\ub4e4\uc744 \ud0d0\uc9c0\ud558\uace0 \uc57d\uad00\uc744 \uc9d1\ud589\ud569\ub2c8\ub2e4. \ub610\ud55c \uc2dc\uc2a4\ud15c\uc744 \uc9c0\uc18d\uc801\uc73c\ub85c \uac1c\uc120\ud558\uace0 \uc788\uc73c\uba70, \uc0ac\uc6a9\uc790\ub4e4\uc5d0\uac8c \uc758\uc2ec\uc2a4\ub7ec\uc6b4 \ud65c\ub3d9\uc744 \uc2e0\uace0\ud560 \uac83\uc744 \uad8c\uc7a5\ud569\ub2c8\ub2e4.<\/em><\/p>\n<p style=\"padding-left: 40px;\"><strong><em>\ucd94\uac00 \uc815\ubcf4<\/em><\/strong><\/p>\n<p style=\"padding-left: 40px;\"><em><a href=\"https:\/\/docs.github.com\/en\/communities\/maintaining-your-safety-on-github\/reporting-abuse-or-spam\" target=\"_blank\" rel=\"noopener\">GitHub \uc0ac\uc6a9\uc790\ub294 Acceptable Use Policy<\/a> \ubc0f \uc545\uc6a9 \ubc0f \uc2a4\ud338 \uc2e0\uace0 \ud398\uc774\uc9c0\uc5d0\uc11c \ub354 \ub9ce\uc740 \uc815\ubcf4\ub97c \ud655\uc778\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/em><\/p>\n<p style=\"padding-left: 40px;\"><em>LinkedIn \uc0ac\uc6a9\uc790\ub294 \uc2a4\ud338, <a href=\"https:\/\/www.linkedin.com\/help\/linkedin\/answer\/a1344213\" target=\"_blank\" rel=\"noopener\">\ubd80\uc801\uc808\ud55c \ucf58\ud150\uce20 \ubc0f \ud559\ub300 \ud589\uc704 \uc2dd\ubcc4 \ubc0f \uc2e0\uace0 \ubc29\ubc95\uc744 \ucc38\uace0\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4<\/a>.<\/em><\/p>\n<p>\ubcf8 \ubcf4\uace0\uc11c\ub294 Slow Pisces\uac00 \uc5b4\ub5bb\uac8c \ucf54\ub529 \uacfc\uc81c\uc5d0 \uc545\uc131\ucf54\ub4dc\ub97c \uc740\ub2c9\ud558\uace0, \uc774\ud6c4 \uc5b4\ub5a4 \ud234\uc744 \uc0ac\uc6a9\ud558\ub294\uc9c0\ub97c \uc0c1\uc138\ud788 \uc124\uba85\ud568\uc73c\ub85c\uc368, \ubcf4\uc548 \ucee4\ubba4\ub2c8\ud2f0 \uc804\uccb4\uc5d0 \uc774 \uc704\ud611\uc5d0 \ub300\ud55c \ub354 \uae4a\uc740 \uc774\ud574\ub97c \uc81c\uacf5\ud558\ub294 \uac83\uc744 \ubaa9\ud45c\ub85c \ud569\ub2c8\ub2e4.<\/p>\n<p>\ud314\ub85c\uc54c\ud1a0\ub124\ud2b8\uc6cd\uc2a4 \uace0\uac1d\uc740 \ucc28\uc138\ub300 \ubc29\ud654\ubcbd\uc758 <a href=\"https:\/\/docs.paloaltonetworks.com\/ngfw\" target=\"_blank\" rel=\"noopener\">Advanced URL Filtering<\/a> \ubc0f <a href=\"https:\/\/docs.paloaltonetworks.com\/dns-security\" target=\"_blank\" rel=\"noopener\">Advanced DNS Security<\/a> \uc11c\ube44\uc2a4\ub97c \ud1b5\ud574 \uc774 \uae00\uc5d0\uc11c \uc124\uba85\ud55c \uc704\ud611\uc73c\ub85c\ubd80\ud130 \ub354\uc6b1 \ud655\uc2e4\ud558\uac8c \ubcf4\ud638\ubc1b\uc744 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\ub9cc\uc57d \uc2dc\uc2a4\ud15c \uce68\ud574\uac00 \uc758\uc2ec\ub418\uac70\ub098 \uae34\uae09\ud55c \ubcf4\uc548 \uc774\uc288\uac00 \uc788\ub2e4\uba74, <a href=\"https:\/\/start.paloaltonetworks.com\/contact-unit42.html\">Unit 42 \uc0ac\uace0 \ub300\uc751\ud300<\/a>\uc5d0 \ubb38\uc758\ud574 \uc8fc\uc2dc\uae30 \ubc14\ub78d\ub2c8\ub2e4.<\/p>\n<h2><a id=\"post-140506-_heading=h.z452t3v0mifb\"><\/a>\uae30\uc220\uc801 \ubd84\uc11d<\/h2>\n<p>\uc774 \ucea0\ud398\uc778\uc740 \uadf8\ub9bc 1\uacfc \uac19\uc774 \ud06c\uac8c 3\ub2e8\uacc4\ub85c \ub098\ub20c \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<figure id=\"attachment_140998\" aria-describedby=\"caption-attachment-140998\" style=\"width: 1000px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-140998 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-511933-140506-1.png\" alt=\"Diagram illustrating cybersecurity threats involving PDF lures, GitHub repositories, and a C2 server. It shows: 1) PDF files like job descriptions and question sheets acting as lures, 2) GitHub JavaScript and Python repositories with multiple external APIs, potentially fetching malicious data, and 3) a C2 server configured to send benign data or a malicious payload under certain conditions. Palo Alto Networks and UNIT 42 logos are included.\" width=\"1000\" height=\"628\" srcset=\"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-511933-140506-1.png 2048w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-511933-140506-1-701x440.png 701w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-511933-140506-1-1115x700.png 1115w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-511933-140506-1-768x482.png 768w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-511933-140506-1-1536x965.png 1536w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><figcaption id=\"caption-attachment-140998\" class=\"wp-caption-text\">\uadf8\ub9bc 1. Slow Pisces '\ucf54\ub529 \ucc4c\ub9b0\uc9c0'\ucea0\ud398\uc778 \uac1c\uc694.<\/figcaption><\/figure>\n<h3><a id=\"post-140506-_heading=h.tmx3ywj2o4o\"><\/a>1\ub2e8\uacc4 - PDF \ub8e8\uc5b4<\/h3>\n<p>Slow Pisces\ub294 \uba3c\uc800 LinkedIn\uc5d0\uc11c \ucc44\uc6a9 \ub2f4\ub2f9\uc790\ub97c \uc0ac\uce6d\ud558\uc5ec \uc7a0\uc7ac\uc801 \ud0c0\uae43\uacfc \uad00\uacc4\ub97c \ub9fa\uace0 \uadf8\ub9bc 2\uc640 \uac19\uc740 \ucc44\uc6a9 \uc815\ubcf4 PDF\ub97c \ubcf4\ub0c8\uc2b5\ub2c8\ub2e4. \uacf5\uaca9\uc790\ub294 \uc7a0\uc7ac\uc801 \ud0c0\uae43\uc774 \uc2e0\uccad\ud558\uba74 \uc9c8\ubb38 \uc2dc\ud2b8\uc5d0 \uc124\uba85\ub41c \uc2ec\uac01\ub3c4 \uc791\uc5c5\uc73c\ub85c \uad6c\uc131\ub41c \ucf54\ub529 \uacfc\uc81c\ub97c \uc81c\uc2dc\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<figure id=\"attachment_141009\" aria-describedby=\"caption-attachment-141009\" style=\"width: 1000px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-141009 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-516424-140506-2.png\" alt=\"Image displaying two documents side by side. On the left is a 'Job Description' for a UX Design Team Coordinator. On the right is a 'Question Sheet' containing technical and general questions related to user experience (UX) design.\" width=\"1000\" height=\"715\" srcset=\"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-516424-140506-2.png 1580w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-516424-140506-2-615x440.png 615w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-516424-140506-2-979x700.png 979w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-516424-140506-2-768x549.png 768w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-516424-140506-2-1536x1099.png 1536w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><figcaption id=\"caption-attachment-141009\" class=\"wp-caption-text\">\uadf8\ub9bc 2. \uc591\uc131 PDF \ub8e8\uc5b4.<\/figcaption><\/figure>\n<p>\uc6b0\ub9ac\ub294 Slow Pisces\uac00 \uc8fc\ub85c \uc554\ud638\ud654\ud3d0 \ubd84\uc57c\uc5d0\uc11c \uc774\ub7ec\ud55c \ub8e8\uc5b4\ub85c \uc5ec\ub7ec \uc870\uc9c1\uc744 \uc0ac\uce6d\ud558\ub294 \uac83\uc744 \ud655\uc778\ud588\uc2b5\ub2c8\ub2e4. \ubb38\uc81c \uc2dc\ud2b8\uc5d0\ub294 \uc77c\ubc18\uc801\uc778 \uc18c\ud504\ud2b8\uc6e8\uc5b4 \uac1c\ubc1c \uc791\uc5c5\uacfc \uc544\ub798 \uadf8\ub9bc 3\uc5d0 \ud45c\uc2dc\ub41c GitHub \ub9ac\ud3ec\uc9c0\ud1a0\ub9ac\uc5d0 \ub9c1\ud06c\ub41c '\uc2e4\uc81c \ud504\ub85c\uc81d\ud2b8' \ucf54\ub529 \ucc4c\ub9b0\uc9c0\uac00 \ud3ec\ud568\ub418\uc5b4 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<figure id=\"attachment_141020\" aria-describedby=\"caption-attachment-141020\" style=\"width: 600px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-141020 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-520046-140506-3.png\" alt=\"Screenshot of a document titled &quot;Coding and Problem-Solving Skills With Real Project.&quot; It includes a link to a GitHub repository and outlines a coding task involving Bitcoin and Ethereum exchange rates from API sources. The text requests enhancements to the project by adding more market APIs and improving the network communication in the code.\" width=\"600\" height=\"306\" srcset=\"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-520046-140506-3.png 1942w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-520046-140506-3-786x401.png 786w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-520046-140506-3-1373x700.png 1373w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-520046-140506-3-768x392.png 768w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-520046-140506-3-1536x783.png 1536w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><figcaption id=\"caption-attachment-141020\" class=\"wp-caption-text\">\uadf8\ub9bc 3. PDF \ub8e8\uc5b4\uc5d0 \ud3ec\ud568\ub41c \"\uc2e4\uc81c \ud504\ub85c\uc81d\ud2b8\" \ucf54\ub529 \ucc4c\ub9b0\uc9c0.<\/figcaption><\/figure>\n<h3><a id=\"post-140506-_heading=h.ivxoakxrsbbw\"><\/a>2\ub2e8\uacc4 - GitHub \ub9ac\ud3ec\uc9c0\ud1a0\ub9ac<\/h3>\n<p>Slow Pisces\ub294 GitHub \ub9ac\ud3ec\uc9c0\ud1a0\ub9ac\uc758 \ud504\ub85c\uc81d\ud2b8\ub85c \uc18c\uc704 \ucf54\ub529 \ucc4c\ub9b0\uc9c0\ub97c \ubaa9\ud45c\ub85c \uc81c\uc2dc\ud588\uc2b5\ub2c8\ub2e4. \ub9ac\ud3ec\uc9c0\ud1a0\ub9ac\uc5d0\ub294 \uc5f4\ub78c \ubc0f \ubd84\uc11d\uc6a9 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ub4f1 \uc624\ud508\uc18c\uc2a4 \ud504\ub85c\uc81d\ud2b8\uc5d0\uc11c \uc804\ud658\ub41c \ucf54\ub4dc\uac00 \ud3ec\ud568\ub418\uc5b4 \uc788\uc5c8\uc2b5\ub2c8\ub2e4:<\/p>\n<ul>\n<li>\uc8fc\uc2dd\uc2dc\uc7a5 \ub370\uc774\ud130<\/li>\n<li>\uc720\ub7fd \ucd95\uad6c \ub9ac\uadf8 \ud1b5\uacc4<\/li>\n<li>\uae30\uc0c1 \ub370\uc774\ud130<\/li>\n<li>\uc554\ud638\ud654\ud3d0 \uac00\uaca9<\/li>\n<\/ul>\n<p>\uc774 \uadf8\ub8f9\uc740 \uc8fc\ub85c Python\uc774\ub098 JavaScript \ud504\ub85c\uc81d\ud2b8\ub97c \uc0ac\uc6a9\ud558\uba70, \uc9c0\uc6d0\uc790\uac00 \ud504\ub860\ud2b8\uc5d4\ub4dc \uac1c\ubc1c\uc9c1\uacfc \ubc31\uc5d4\ub4dc \uac1c\ubc1c\uc9c1 \uc911 \uc5b4\ub290 \ucabd\uc5d0 \uc9c0\uc6d0\ud588\ub294\uc9c0\uc5d0 \ub530\ub77c \ub2ec\ub77c\uc9c8 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc774 \ucea0\ud398\uc778\uc5d0\uc11c\ub294 Java \uae30\ubc18 \ub9ac\ud3ec\uc9c0\ud1a0\ub9ac\ub3c4 \ud655\uc778\ub418\uc5c8\uc9c0\ub9cc, \uadf8 \ube48\ub3c4\ub294 \ud6e8\uc52c \ub0ae\uc558\uc73c\uba70, jCoin\uc774\ub77c\ub294 \uc554\ud638\ud654\ud3d0 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc744 \uc0ac\uce6d\ud55c \ub450 \uac1c\uc758 \uc778\uc2a4\ud134\uc2a4\ub9cc \ud655\uc778\ub418\uc5c8\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uc774\ub7ec\ud55c \ud76c\uc18c\uc131\uc740 \uacf5\uaca9\uc790\uac00 \ud0c0\uae43\uc774 \uc120\ud638\ud558\ub294 \ud504\ub85c\uadf8\ub798\ubc0d \uc5b8\uc5b4\ub97c \uae30\ubc18\uc73c\ub85c \uc628\ub514\ub9e8\ub4dc \ubc29\uc2dd\uc73c\ub85c \ub9ac\ud3ec\uc9c0\ud1a0\ub9ac\ub97c \uc0dd\uc131\ud588\uc744 \uac00\ub2a5\uc131\uc744 \uc2dc\uc0ac\ud569\ub2c8\ub2e4. \uadf8 \uacb0\uacfc, JavaScript\uc640 Python \ub4f1 \uc554\ud638\ud654\ud3d0 \ubd84\uc57c\uc5d0\uc11c \ub9ce\uc774 \uc4f0\uc774\ub294 \uc5b8\uc5b4\ub97c \uc0ac\uc6a9\ud558\ub294 \uacbd\uc6b0\uac00 \ub9ce\uc544\uc84c\uc2b5\ub2c8\ub2e4. \ub9c8\ucc2c\uac00\uc9c0\ub85c \ub2e4\ub978 \ud504\ub85c\uadf8\ub798\ubc0d \uc5b8\uc5b4\uc5d0\ub3c4 \uc544\uc9c1 \ubc1c\uacac\ub418\uc9c0 \uc54a\uc740 \ub9ac\ud3ec\uc9c0\ud1a0\ub9ac\uac00 \uc874\uc7ac\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<h3><a id=\"post-140506-_heading=h.qd7oceyn7b47\"><\/a>3a \ub2e8\uacc4 - Python \ub9ac\ud3ec\uc9c0\ud1a0\ub9ac<\/h3>\n<p>2024\ub144 \ud558\ubc18\uae30, \uadf8\ub8f9\uc740 <a href=\"https:\/\/github.com\/gaborvecsei\/Stocks-Pattern-Analyzer\" target=\"_blank\" rel=\"noopener\">\uc815\uaddc \ub9ac\ud3ec\uc9c0\ud1a0\ub9ac\uc5d0\uc11c<\/a> \uc804\ud658\ud55c 'Stocks Pattern Analyzer'\ub77c\ub294 \uc81c\ubaa9\uc758 \uadf8\ub9bc 4\uc640 \uac19\uc740 \ud504\ub85c\uc81d\ud2b8\ub97c \uc0ac\uc6a9\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<figure id=\"attachment_141031\" aria-describedby=\"caption-attachment-141031\" style=\"width: 800px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-141031 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-523512-140506-4.png\" alt=\"Screenshot of a GitHub repository named &quot;Stocks Pattern Analyzer&quot; showing file structure on the left and README file content on the right explaining how to run the application directly and with Docker.\" width=\"800\" height=\"415\" srcset=\"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-523512-140506-4.png 1992w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-523512-140506-4-786x408.png 786w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-523512-140506-4-1349x700.png 1349w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-523512-140506-4-768x399.png 768w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-523512-140506-4-1536x797.png 1536w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-141031\" class=\"wp-caption-text\">\uadf8\ub9bc 4.\"Stocks Pattern Analyzer\" Python \ub9ac\ud3ec\uc9c0\ud1a0\ub9ac.<\/figcaption><\/figure>\n<p>\ub9ac\ud3ec\uc9c0\ud1a0\ub9ac\uc5d0 \uc788\ub294 \ucf54\ub4dc\uc758 \ub300\ubd80\ubd84\uc740 \uc591\uc131\uc785\ub2c8\ub2e4. \ud0c0\uac9f\uc774 \ubb38\uc81c \uc2dc\ud2b8\uc5d0 \ub530\ub77c \ud504\ub85c\uc81d\ud2b8\ub97c \uc2e4\ud589\ud558\ub824\uace0 \ud560 \ub54c, \ub370\uc774\ud130\ub294 3\uac1c\uc758 \uc6d0\uaca9 \uc704\uce58\uc5d0\uc11c \uc218\uc9d1\ub429\ub2c8\ub2e4:<\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/en.wikipedia[.]org\/wiki\/List_of_S%26P_500_companies<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/en.wikipedia[.]org\/wiki\/Currency_pair<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">hxxps:\/\/en.stockslab[.]org\/symbols\/sp500<\/span><\/li>\n<\/ul>\n<p>URL \uc911 \ub450 \uac1c\ub294 Wikipedia\uc5d0\uc11c \ub370\uc774\ud130\ub97c \uac00\uc838\uc635\ub2c8\ub2e4. \uc138 \ubc88\uc9f8 URL\uc740 Slow Pisces\uac00 \uad00\ub9ac\ud558\ub294 \ub3c4\uba54\uc778\uc744 \uc0ac\uc6a9\ud569\ub2c8\ub2e4. \uc774 \ud328\ud134(\uc5ec\ub7ec \ub370\uc774\ud130 \uc18c\uc2a4\ub97c \uc0ac\uc6a9\ud558\uba70 \ub300\ubd80\ubd84 \ud569\ubc95\uc801\uc774\uc9c0\ub9cc \uc77c\ubd80\ub294 \uc545\uc758\uc801\uc778 \ub370\uc774\ud130 \uc18c\uc2a4\ub97c \uc0ac\uc6a9\ud558\ub294)\uc740 \uadf8\ub8f9\uc758 Python \ub9ac\ud3ec\uc9c0\ud1a0\ub9ac\uc5d0\uc11c \ud754\ud788 \ubcfc \uc218 \uc788\ub294 \ud328\ud134\uc785\ub2c8\ub2e4.<\/p>\n<p>\uc545\uc131 \uba85\ub839 \ubc0f \uc81c\uc5b4(C2) \uc11c\ubc84\ub294 \uc815\uc0c1 \uc18c\uc2a4\uc758 \ud615\ud0dc\ub97c \ubaa8\ubc29\ud558\ub3c4\ub85d \uad6c\uc131\ub418\uc5b4 \uc788\uc2b5\ub2c8\ub2e4. \uc774 \uacbd\uc6b0 <span style=\"font-family: 'courier new', courier, monospace;\">en<\/span> \uc11c\ube0c\ub3c4\uba54\uc778\uacfc <span style=\"font-family: 'courier new', courier, monospace;\">org<\/span> \ucd5c\uc0c1\uc704 \ub3c4\uba54\uc778(TLD)\uc744 \uc0ac\uc6a9\ud569\ub2c8\ub2e4.<\/p>\n<h4><a id=\"post-140506-_heading=h.mzb15aait28i\"><\/a>YAML \uc5ed\uc9c1\ub82c\ud654<\/h4>\n<p>Slow Pisces\ub294 \ub2e8\uc21c\ud788 \uba40\uc6e8\uc5b4\ub97c \ub9ac\ud3ec\uc9c0\ud1a0\ub9ac\uc5d0 \uc9c1\uc811 \ubc30\uce58\ud558\uac70\ub098 Python\uc758 \ub0b4\uc7a5\ub41c <span style=\"font-family: 'courier new', courier, monospace;\"><a href=\"https:\/\/docs.python.org\/3\/library\/functions.html#%E8%A9%95%E4%BE%A1\" target=\"_blank\" rel=\"noopener\">eval<\/a><\/span> \ud568\uc218\ub098 <span style=\"font-family: 'courier new', courier, monospace;\"><a href=\"https:\/\/docs.python.org\/3\/library\/functions.html#%E3%82%A8%E3%82%B0%E3%82%BC%E3%83%83%E3%82%AF\" target=\"_blank\" rel=\"noopener\">exec<\/a><\/span> \ud568\uc218\ub97c \uc0ac\uc6a9\ud558\uc5ec C2 \uc11c\ubc84\uc5d0\uc11c \ucf54\ub4dc\ub97c \uc2e4\ud589\ud560 \uc218 \uc788\uc5c8\uc2b5\ub2c8\ub2e4. \uadf8\ub7ec\ub098 \uc774\ub7ec\ud55c \uae30\ubc95\uc740 \uc218\ub3d9 \uac80\uc0ac\ub098 \uc548\ud2f0\ubc14\uc774\ub7ec\uc2a4 \uc194\ub8e8\uc158\uc73c\ub85c \uc27d\uac8c \ud0d0\uc9c0\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\ub300\uc2e0 Slow Pisces\ub294 \uba3c\uc800 C2 \uc11c\ubc84\uac00 \uc720\ud6a8\ud55c \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ub370\uc774\ud130\ub85c \uc751\ub2f5\ud558\ub294\uc9c0 \ud655\uc778\ud569\ub2c8\ub2e4. \uc608\ub97c \ub4e4\uc5b4, \uc704\uc758 \ub9ac\ud3ec\uc9c0\ud1a0\ub9ac\ub294 S&amp;P 500\uc758 \uae30\uc5c5 \uae30\ud638 \ubaa9\ub85d\uc744 \uae30\ub300\ud569\ub2c8\ub2e4. C2 URL\uc740 \uba3c\uc800 \uc774 \ub370\uc774\ud130\ub97c JSON \ud615\uc2dd\uc758 \ubaa9\ub85d\uc73c\ub85c \ubc18\ud658\ud569\ub2c8\ub2e4.<\/p>\n<p>\uc704\ud611 \ud589\uc704\uc790\ub294 IP \uc8fc\uc18c, \uc9c0\ub9ac\uc801 \uc704\uce58, \uc2dc\uac04, HTTP \uc694\uccad \ud5e4\ub354\ub97c \uae30\ubc18\uc73c\ub85c \ud655\uc778\ub41c \ub300\uc0c1\uc5d0\uac8c\ub9cc \uc545\uc131 \ud398\uc774\ub85c\ub4dc\ub97c \uc804\uc1a1\ud569\ub2c8\ub2e4. \uad11\ubc94\uc704\ud55c \ud53c\uc2f1 \ucea0\ud398\uc778\uacfc \ub2ec\ub9ac LinkedIn\uc744 \ud1b5\ud574 \uc811\ucd09\ud55c \uac1c\uc778\uc5d0\uac8c \uc9d1\uc911\ud568\uc73c\ub85c\uc368 \uadf8\ub8f9\uc740 \ucea0\ud398\uc778\uc758 \ud6c4\ubc18 \ub2e8\uacc4\ub97c \uc5c4\uaca9\ud558\uac8c \ud1b5\uc81c\ud558\uace0 \uc608\uc0c1 \ud53c\ud574\uc790\uc5d0\uac8c\ub9cc \ud398\uc774\ub85c\ub4dc\ub97c \uc804\ub2ec\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uc758\uc2ec\uc2a4\ub7ec\uc6b4 <span style=\"font-family: 'courier new', courier, monospace;\">eval<\/span> \ud568\uc218\uc640 <span style=\"font-family: 'courier new', courier, monospace;\">exec<\/span> \ud568\uc218\ub97c \ud53c\ud558\uae30 \uc704\ud574 Slow Pisces\ub294 \uadf8\ub9bc 5\uc640 \uac19\uc774 \ud398\uc774\ub85c\ub4dc\ub97c \uc2e4\ud589\ud558\ub294 \ub370 <a href=\"https:\/\/net-square.com\/yaml-deserialization-attack-in-python.html\" target=\"_blank\" rel=\"noopener\">YAML \uc5ed\uc9c1\ub82c\ud654<\/a>\ub97c \uc0ac\uc6a9\ud569\ub2c8\ub2e4.<\/p>\n<figure id=\"attachment_141042\" aria-describedby=\"caption-attachment-141042\" style=\"width: 700px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-141042 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-527222-140506-5.png\" alt=\"Screenshot of Python code defining a function 'fetch_symbols' which retrieves stock symbols from the S&amp;P 500 using an API call, handles different content types, and processes responses based on their content type. The last line has a section highlighted in a red box. \" width=\"700\" height=\"353\" srcset=\"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-527222-140506-5.png 1508w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-527222-140506-5-786x396.png 786w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-527222-140506-5-1389x700.png 1389w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-527222-140506-5-768x387.png 768w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><figcaption id=\"caption-attachment-141042\" class=\"wp-caption-text\">\uadf8\ub9bc 5. YAML \uc5ed\uc9c1\ub82c\ud654\uc744 \uc774\uc6a9\ud55c Slow Pisces \uc545\uc131\ucf54\ub4dc\uc758 \uc9c4\uc785\uc810\uc744 \ubcf4\uc5ec\uc8fc\ub294 Python \ucf54\ub4dc.<\/figcaption><\/figure>\n<p>\uc774 \ucf54\ub4dc\ub294 HTTPS\ub97c \ud1b5\ud574 C2 \uc11c\ubc84\uc5d0\uc11c \ub370\uc774\ud130\ub97c \uac00\uc838\uc640 <span style=\"font-family: 'courier new', courier, monospace;\">Content-Type<\/span> \uc751\ub2f5 \ud5e4\ub354\ub97c \ud655\uc778\ud569\ub2c8\ub2e4. \ud5e4\ub354\uac00 JSON \ub370\uc774\ud130(<span style=\"font-family: 'courier new', courier, monospace;\">application\/json<\/span>)\ub97c \ub098\ud0c0\ub0b4\ub294 \uacbd\uc6b0, \ucf54\ub4dc\ub294 JSON\uc744 \uad6c\ubb38 \ubd84\uc11d\ud558\uc5ec \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc5d0 \ubc18\ud658\ud569\ub2c8\ub2e4.<\/p>\n<p>\uc751\ub2f5\uc774 YAML \ub370\uc774\ud130(<span style=\"font-family: 'courier new', courier, monospace;\">application\/yaml<\/span>)\ub97c \ub098\ud0c0\ub0b4\ub294 \uacbd\uc6b0, \ucf54\ub4dc\ub294 <a href=\"https:\/\/github.com\/yaml\/pyyaml\"> PyYAML<\/a> \ub77c\uc774\ube0c\ub7ec\ub9ac\uc758 <span style=\"font-family: 'courier new', courier, monospace;\">yaml.load()<\/span> \ud568\uc218\ub97c \uc0ac\uc6a9\ud558\uc5ec \ub370\uc774\ud130\ub97c \ubd84\uc11d\ud569\ub2c8\ub2e4. \uc774 \ud568\uc218\ub294 \ubcf8\uc9c8\uc801\uc73c\ub85c \uc548\uc804\ud558\uc9c0 \uc54a\uc73c\uba70, PyYAML \ubb38\uc11c\uc5d0\uc11c\ub294 \uc2e0\ub8b0\ud560 \uc218 \uc5c6\ub294 \uc785\ub825\uc5d0 \ub300\ud574 <span style=\"font-family: 'courier new', courier, monospace;\">yaml.safe_load()<\/span>\ub97c<a href=\"https:\/\/github.com\/yaml\/pyyaml\" target=\"_blank\" rel=\"noopener\"> \uba85\uc2dc\uc801\uc73c\ub85c \uad8c\uc7a5\ud569\ub2c8\ub2e4.<\/a><\/p>\n<p>YAML\uc740 \uc77c\ubc18\uc801\uc73c\ub85c \uc544\ub798 \uc608\uc2dc\uc640 \uac19\uc740 \uc124\uc815 \ud30c\uc77c\uc5d0 \uc0ac\uc6a9\ub429\ub2c8\ub2e4:<\/p>\n<pre class=\"lang:default decode:true\">username: slow\r\n\r\npassword: pisces\r\n\r\napi:\r\n\r\nkey: supersecret\r\n\r\nurl: example.com<\/pre>\n<p>\uadf8\ub7ec\ub098 <span style=\"font-family: 'courier new', courier, monospace;\">yaml.load()<\/span>\ub294 \uc720\ud6a8\ud55c YAML \ub370\uc774\ud130\ubfd0\ub9cc \uc544\ub2c8\ub77c \uc784\uc758\uc758 Python \uac1d\uccb4\ub97c \uc9c1\ub82c\ud654 \ubc0f \uc5ed\uc9c1\ub82c\ud654\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc608\ub97c \ub4e4\uc5b4, \ub2e4\uc74c Python \ucf54\ub4dc\ub294 0-4\uc758 \uc22b\uc790\ub97c \ud45c\uc2dc\ud569\ub2c8\ub2e4:<\/p>\n<pre class=\"lang:default decode:true\">range(0, 5)<\/pre>\n<p>\uc774 \ucf54\ub4dc\ub97c <span style=\"font-family: 'courier new', courier, monospace;\">yaml.dump()<\/span>\ub97c \uc0ac\uc6a9\ud558\uc5ec \uc9c1\ub82c\ud654\ud558\uba74 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4:<\/p>\n<pre class=\"lang:default decode:true\">!!python\/object\/apply:builtins.range\r\n\r\n- 0\r\n\r\n- 5\r\n\r\n- 1<\/pre>\n<p>\ub9c8\uc9c0\ub9c9\uc73c\ub85c \uc774 \ub370\uc774\ud130\uac00 <span style=\"font-family: 'courier new', courier, monospace;\">yaml.load()<\/span>\uc5d0 \uc804\ub2ec\ub418\uba74 \uc6d0\ubcf8 \ucf54\ub4dc\uac00 \uc2e4\ud589\ub429\ub2c8\ub2e4: <span style=\"font-family: 'courier new', courier, monospace;\">range(0, 5)<\/span>.<\/p>\n<p>\uc774\ub294 Python \ub9ac\ud3ec\uc9c0\ud1a0\ub9ac\uc6a9 \ud398\uc774\ub85c\ub4dc\uc640 \uc77c\ubc18\uc801\uc73c\ub85c YAML \uc5ed\uc9c1\ub82c\ud654\ub97c \uc0ac\uc6a9\ud558\ub294 \uba40\uc6e8\uc5b4\uac00, <a href=\"https:\/\/docs.python.org\/3\/library\/functions.html\" target=\"_blank\" rel=\"noopener\">\ub0b4\uc7a5\ub41c Python \ud568\uc218\ub97c<\/a> \uc0ac\uc6a9\ud558\ub294 \uacbd\uc6b0 <span style=\"font-family: 'courier new', courier, monospace;\">!!python\/object\/apply:builtins<\/span>\ub97c \ud3ec\ud568\ud558\uae30 \ub54c\ubb38\uc5d0 \uc7a0\uc7ac\uc801\uc778 \ud0d0\uc9c0 \uc9c0\uc810\uc744 \uac15\uc870\ud569\ub2c8\ub2e4.<\/p>\n<p>\ud45c 1\uc758 \ub2e4\uc74c \ub2e8\uacc4\ub294 \uc8fc\ub85c \uba54\ubaa8\ub9ac\uc5d0 \uc874\uc7ac\ud558\uba70, \uc77c\ubc18\uc801\uc73c\ub85c \ub514\uc2a4\ud06c\uc5d0 \ud48b\ud504\ub9b0\ud2b8\uac00 \uc5c6\uc2b5\ub2c8\ub2e4. \ucee4\ubba4\ub2c8\ud2f0\uc758 \ud0d0\uc9c0 \ubc0f \uc778\uc2dd\uc744 \ub3d5\uae30 \uc704\ud574 \uc774\ub7ec\ud55c \ud398\uc774\ub85c\ub4dc\ub97c VirusTotal\uc5d0 \uc5c5\ub85c\ub4dc\ud588\uc2b5\ub2c8\ub2e4. YAML \uc5ed\uc9c1\ub82c\ud654 \ud398\uc774\ub85c\ub4dc\ub294 RN Stealer\uc5d0\uc11c \uad00\ucc30\ud55c C2 \ud1a0\ud070 \ud615\uc2dd\uc744 \uae30\ubc18\uc73c\ub85c RN Loader\uc640 RN Stealer\ub77c\ub294 \uc774\ub984\uc758 \uba40\uc6e8\uc5b4\ub97c \uc2e4\ud589\ud569\ub2c8\ub2e4.<\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td style=\"text-align: center;\"><b>\ub2e8\uacc4<\/b><\/td>\n<td style=\"text-align: center;\"><b>SHA256 \ud574\uc2dc<\/b><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">YAML <\/span><span style=\"font-weight: 400;\">\uc5ed\uc9c1\ub82c\ud654<\/span><span style=\"font-weight: 400;\"> \ud398\uc774\ub85c\ub4dc<\/span><\/td>\n<td><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">47e997b85ed3f51d2b1d37a6a61ae72185d9ceaf519e2fdb53bf7e761b7bc08f<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">RN Loader<\/span><\/td>\n<td><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">937c533bddb8bbcd908b62f2bf48e5bc11160505df20fea91d9600d999eafa79<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">RN Stealer<\/span><\/td>\n<td><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">e89bf606fbed8f68127934758726bbb5e68e751427f3bcad3ddf883cb2b50fc7<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-size: 10pt;\">\ud45c 1. Python \ub9ac\ud3ec\uc9c0\ud1a0\ub9ac \ud398\uc774\ub85c\ub4dc. <\/span><\/p>\n<p>Slow Pisces\uc758 YAML \uc5ed\uc9c1\ub82c\ud654 \ud398\uc774\ub85c\ub4dc\ub294 \ud53c\ud574\uc790\uc758 \ud648 \ub514\ub809\ud1a0\ub9ac\uc5d0 Public \ud3f4\ub354\ub97c \uc0dd\uc131\ud558\uace0, \ud574\ub2f9 \ub514\ub809\ud1a0\ub9ac\uc5d0 <span style=\"font-family: 'courier new', courier, monospace;\">_init__.py<\/span>.\ub77c\ub294 \uc774\ub984\uc758 \uc0c8 \ud30c\uc77c\uc744 \uc0dd\uc131\ud558\ub294 \uac83\uc73c\ub85c \uc2dc\uc791\ub429\ub2c8\ub2e4. \ub0b4\uc7a5\ub41c Base64 \ub370\uc774\ud130\ub294 \ub514\ucf54\ub529\ub418\uc5b4 \ub2e4\uc74c \uac10\uc5fc \ub2e8\uacc4(RN \ub85c\ub354)\uac00 \ud3ec\ud568\ub41c \uc774 \ud30c\uc77c\uc5d0 \uae30\ub85d\ub418\uace0 \uc2e4\ud589\ub429\ub2c8\ub2e4.<\/p>\n<h4><a id=\"post-140506-_heading=h.oci39owmds0k\"><\/a>RN Loader<\/h4>\n<p>\uc774 <span style=\"font-family: 'courier new', courier, monospace;\">~\/Public\/__init__.py<\/span>\uc5d0 \uc0c8\ub85c \uc0dd\uc131\ub41c RN Loader\uc6a9 \ud30c\uc77c\uc740 \uc2e4\ud589 \ud6c4 \uc2a4\uc2a4\ub85c \uc0ad\uc81c\ub418\uba70, \uba54\ubaa8\ub9ac\uc5d0\ub9cc \uc874\uc7ac\ud558\ub3c4\ub85d \ud569\ub2c8\ub2e4. \uc774 \uba85\ub839\uc740 HTTPS\ub97c \ud1b5\ud574 \ud53c\ud574 \ucef4\ud4e8\ud130\uc640 \uc6b4\uc601\uccb4\uc81c\uc5d0 \ub300\ud55c \uae30\ubcf8 \uc815\ubcf4\ub97c <span style=\"font-family: 'courier new', courier, monospace;\">en.stockslab[.] org<\/span>\uc758 \ub3d9\uc77c\ud55c C2\ub85c \uae30\ubcf8 \uc815\ubcf4\ub97c \uc804\uc1a1\ud55c \ud6c4, \ud45c 2\uc5d0 \uc81c\uc2dc\ub41c \uc635\uc158\uc73c\ub85c \uba85\ub839 \ub8e8\ud504\ub97c \uc2e4\ud589\ud569\ub2c8\ub2e4.<\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td style=\"text-align: center; width: 7.46269%;\"><b>\ucf54\ub4dc<\/b><\/td>\n<td style=\"text-align: center; width: 91.7413%;\"><b>\uc124\uba85<\/b><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 7.46269%; text-align: center;\"><span style=\"font-weight: 400;\">0<\/span><\/td>\n<td style=\"width: 91.7413%;\"><span style=\"font-weight: 400;\">20\ucd08\uac04 \uc218\uba74<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 7.46269%; text-align: center;\"><span style=\"font-weight: 400;\">1<\/span><\/td>\n<td style=\"width: 91.7413%;\"><span style=\"font-weight: 400;\">\uc804\uc1a1\ub41c \ucf58\ud150\uce20\ub97c Base64 \ub514\ucf54\ub529\ud558\uc5ec Windows\uc758 \uacbd\uc6b0 <span style=\"font-family: 'courier new', courier, monospace;\">init.dll<\/span>, \ub2e4\ub978 OS\uc758 \uacbd\uc6b0 <span style=\"font-family: 'courier new', courier, monospace;\">init<\/span>\uc774\ub77c\ub294 \ud30c\uc77c\uc5d0 \uc800\uc7a5\ud569\ub2c8\ub2e4.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\ud658\uacbd \ubcc0\uc218 <span style=\"font-family: 'courier new', courier, monospace;\">X_DATABASE_NAME<\/span>\uc5d0 \ube48 \ubb38\uc790\uc5f4\uc744 \uc124\uc815\ud569\ub2c8\ub2e4.<\/span><\/p>\n<p><span style=\"font-family: 'courier new', courier, monospace;\"><a href=\"https:\/\/docs.python.org\/3\/library\/ctypes.html#ctypes.CDLL\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">ctypes.cdll.LoadLibrary<\/span><\/a><\/span><span style=\"font-weight: 400;\">\ub97c \uc0ac\uc6a9\ud558\uc5ec \ub2e4\uc6b4\ub85c\ub4dc\ud55c DLL\uc744 \ub85c\ub4dc\ud558\uace0 \uc2e4\ud589<\/span><span style=\"font-weight: 400;\">\ud569\ub2c8<\/span><span style=\"font-weight: 400;\">\ub2e4.<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 7.46269%; text-align: center;\"><span style=\"font-weight: 400;\">2<\/span><\/td>\n<td style=\"width: 91.7413%;\"><span style=\"font-weight: 400;\">\uc804\uc1a1\ub41c \ucf58\ud150\uce20\ub97c Base64\ub85c \ub514\ucf54\ub529\ud558\uace0, Python\uc5d0 \ub0b4\uc7a5\ub41c <span style=\"font-family: 'courier new', courier, monospace;\">exec<\/span>\ub97c \uc0ac\uc6a9\ud558\uc5ec \uc2e4\ud589\ud569\ub2c8\ub2e4.<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 7.46269%; text-align: center;\"><span style=\"font-weight: 400;\">3<\/span><\/td>\n<td style=\"width: 91.7413%;\"><span style=\"font-weight: 400;\">\uc804\uc1a1\ub41c \ucf58\ud150\uce20\uc640 \ud30c\ub77c\ubbf8\ud130\ub97c Base64 \ub514\ucf54\ub529\ud569\ub2c8\ub2e4. <\/span><span style=\"font-weight: 400;\">\ucf58\ud150\uce20\ub294<\/span><span style=\"font-weight: 400;\"><span style=\"font-family: 'courier new', courier, monospace;\"> dockerd<\/span> \ud30c\uc77c\uc5d0 \uc800\uc7a5\ub418\uba70, \ud30c\ub77c\ubbf8\ud130\ub294 <span style=\"font-family: 'courier new', courier, monospace;\">docker-init<\/span>\uc73c\ub85c \uc800\uc7a5<\/span><span style=\"font-weight: 400;\">\ub429\ub2c8<\/span><span style=\"font-weight: 400;\">\ub2e4.<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><span style=\"font-family: 'courier new', courier, monospace;\">dockerd<\/span>\ub294 <span style=\"font-family: 'courier new', courier, monospace;\">docker-init<\/span>\uc744 \uba85\ub839\uc904 \uc778\uc218\ub85c \uc9c0\uc815\ud55c \uc0c8\ub85c\uc6b4 \ud504\ub85c\uc138\uc2a4\uc5d0\uc11c \uc2e4\ud589<\/span><span style=\"font-weight: 400;\">\ub429\ub2c8<\/span><span style=\"font-weight: 400;\">\ub2e4.<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 7.46269%; text-align: center;\"><span style=\"font-weight: 400;\">9<\/span><\/td>\n<td style=\"width: 91.7413%;\"><span style=\"font-weight: 400;\">\uc2e4\ud589\uc744 \uc885\ub8cc\ud569\ub2c8\ub2e4.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-size: 10pt;\">\ud45c 2. RN Loader \uba85\ub839\uc5b4\ud45c. <\/span><\/p>\n<p>\uc635\uc158 <strong>1<\/strong>\uacfc <strong>3\uc744<\/strong> \uc0ac\uc6a9\ud55c \ud45c 2\uc758 \uba85\ub839 \ub8e8\ud504 \ud398\uc774\ub85c\ub4dc\ub294 \ud604\uc7ac\ub85c\uc11c\ub294 \uc54c \uc218 \uc5c6\uc73c\uba70, \ud2b9\uc815 \uc870\uac74\uc5d0 \uc758\ud574 \ud2b8\ub9ac\uac70\ub420 \uac00\ub2a5\uc131\uc774 \ub192\uc2b5\ub2c8\ub2e4. \uadf8\ub7ec\ub098 \uc6b0\ub9ac\ub294 \uc635\uc158 <strong>2\uac00<\/strong> \ubc30\ud3ec\ud55c Python \uae30\ubc18 \uc815\ubcf4 \ud0c8\ucde8 \ud234\uc744 \ud68c\uc218\ud588\uc73c\uba70, \uc774 \uba40\uc6e8\uc5b4\ub97c RN Stealer\ub85c \ucd94\uc801\ud558\uace0 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<h4><a id=\"post-140506-_heading=h.t9zv2tqo1sl7\"><\/a>RN Stealer<\/h4>\n<p>RN Stealer\ub294 \uba3c\uc800 \uc784\uc758\uc758 \ud53c\ud574\uc790 ID\ub97c \uc0dd\uc131\ud558\uace0, \uc774\ud6c4 C2 \uc11c\ubc84\uc640\uc758 \ubaa8\ub4e0 \ud1b5\uc2e0\uc5d0\uc11c \ucfe0\ud0a4\ub85c \uc0ac\uc6a9\ub429\ub2c8\ub2e4. \uadf8\ub9ac\uace0 \uc720\ucd9c\ub41c \ub370\uc774\ud130\ub97c \uc554\ud638\ud654\ud558\uae30 \uc704\ud55c XOR \ud0a4\ub97c \uc11c\ubc84\uc5d0 \uc694\uccad\ud569\ub2c8\ub2e4.<\/p>\n<p>C2 \uc11c\ubc84\uc640\uc758 \ud1b5\uc2e0\uc740 HTTPS\ub85c \uc774\ub8e8\uc5b4\uc9c0\uba70, \uc694\uccad\uacfc \uc751\ub2f5 \uc720\ud615\uc744 \uc2dd\ubcc4\ud558\uae30 \uc704\ud574 Base64\ub85c \uc778\ucf54\ub529\ub41c \ud1a0\ud070\uc774 \uc0ac\uc6a9\ub429\ub2c8\ub2e4. \ubd84\uc11d\ub41c \ud398\uc774\ub85c\ub4dc\uc5d0\ub294 4\uc885\ub958\uc758 \ud1a0\ud070\uc774 \ud3ec\ud568\ub418\uc5b4 \uc788\uc2b5\ub2c8\ub2e4:<\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">R0<\/span> - XOR \ud0a4 \uc694\uccad<\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">R64<\/span> - \ub370\uc774\ud130 \uc720\ucd9c<\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">R128<\/span> - \uc555\ucd95 \ub370\uc774\ud130 \uc720\ucd9c<\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">R256<\/span> - \uc778\ud3ec\uc2a4\ud2f8\ub7ec \uc644\uc131<\/li>\n<\/ul>\n<p>\uc774\ub7ec\ud55c \ud1a0\ud070 \ud0c0\uc785\uc758 \ud615\uc2dd(\ubb38\uc790 R \ub4a4\uc5d0 \uc815\uc218 N\uc774 \ub4a4\ub530\ub974\ub294 \ud615\uc2dd)\uc774 \uc774 \ud398\uc774\ub85c\ub4dc\uc758 \uc774\ub984\uc73c\ub85c \uc774\uc5b4\uc84c\uc2b5\ub2c8\ub2e4. \ud398\uc774\ub85c\ub4dc\ub97c RN Stealer, \uc804\ub2e8\uacc4\ub97c RN Loader\ub77c\uace0 \ubd80\ub985\ub2c8\ub2e4.<\/p>\n<p>\uc774 RN Stealer \uc0d8\ud50c \uc2a4\ud06c\ub9bd\ud2b8\ub97c macOS \uc2dc\uc2a4\ud15c\uc5d0\uc11c \ubcf5\uc6d0\ud588\uc2b5\ub2c8\ub2e4. \ub530\ub77c\uc11c \uc704\ud611 \uc81c\uc791\uc790\ub294 \uc774 \uc0d8\ud50c\uc744 \ub2e4\uc74c\uacfc \uac19\uc740 macOS \uae30\uae30 \uad00\ub828 \uc815\ubcf4\ub97c \ud6d4\uce58\ub3c4\ub85d \uc870\uc815\ud588\uc2b5\ub2c8\ub2e4:<\/p>\n<ul>\n<li>\ud53c\ud574\uc790\uc758 \uae30\ubcf8 \uc815\ubcf4 \uc0ac\uc6a9\uc790 \uc774\ub984, \uba38\uc2e0 \uc774\ub984, \uc544\ud0a4\ud14d\ucc98<\/li>\n<li>\uc124\uce58\ub41c \uc560\ud50c\ub9ac\ucf00\uc774\uc158<\/li>\n<li>\ud53c\ud574\uc790\uc758 \ud648 \ub514\ub809\ud1a0\ub9ac\uc758 \ub514\ub809\ud1a0\ub9ac \ubaa9\ub85d\uacfc \ucd5c\uc0c1\uc704 \ub808\ubca8\uc758 \ub0b4\uc6a9<\/li>\n<li>macOS \uc2dc\uc2a4\ud15c\uc5d0 \uc800\uc7a5\ub41c \uc778\uc99d \uc815\ubcf4\ub97c \uc800\uc7a5\ud558\ub294 <span style=\"font-family: 'courier new', courier, monospace;\">login.keychain-db<\/span> \ud30c\uc77c<\/li>\n<li>SSH \ud0a4 \uc800\uc7a5<\/li>\n<li>AWS, Kubernetes, Google Cloud\uc6a9 \uc124\uc815 \ud30c\uc77c<\/li>\n<\/ul>\n<p>RN Stealer\uac00 \uc218\uc9d1\ud55c \ub370\uc774\ud130\ub294 \uc544\ub9c8\ub3c4 \uc601\uad6c\uc801\uc778 \uc811\uadfc\uc774 \ud544\uc694\ud55c\uc9c0 \uc5ec\ubd80\ub97c \uacb0\uc815\ud569\ub2c8\ub2e4. \ub9cc\uc57d \uadf8\ub807\ub2e4\uba74, \uc774 Python\uc758 \uac10\uc5fc \uccb4\uc778\uc740 \ub2e4\uc74c\uacfc \uac19\uc740 \ub2e8\uacc4\ub97c \uac70\ucce4\uc744 \uac83\uc73c\ub85c \ucd94\uce21\ud560 \uc218 \uc788\ub2e4:<\/p>\n<ol>\n<li>C2 \uc11c\ubc84\ub294 \uc54c \uc218 \uc5c6\ub294 \uae30\uc900\uc5d0 \ub530\ub77c \ube44\ucf58 \ubc1c\uc2e0\uc790\ub97c \ud655\uc778\ud569\ub2c8\ub2e4. \uc720\ud6a8\ud55c \ud53c\ud574\uc790\ub294 YAML \uc5ed\uc9c1\ub82c\ud654 \ud398\uc774\ub85c\ub4dc\ub97c \ubc1b\uac8c \ub429\ub2c8\ub2e4. \uc798\ubabb\ub41c \ud53c\ud574\uc790\ub294 \ubb34\ud574\ud55c JSON \ub370\uc774\ud130\ub97c \ubc1b\uac8c \ub429\ub2c8\ub2e4.<\/li>\n<li>\uc5ed\uc9c1\ub82c\ud654 \ud398\uc774\ub85c\ub4dc\ub294 C2 \uc11c\ubc84\uc640 \uba85\ub839 \ub8e8\ud504\ub97c \uc124\uc815\ud558\uc5ec \uae30\ubcf8 \ud53c\ud574\uc790 \uc815\ubcf4\ub97c \uc720\ucd9c\ud558\uace0, \ud45c 2\uc758 \uc635\uc158 \ucf54\ub4dc <strong>2\ub97c \ud1b5\ud574<\/strong> \ub9de\ucda4\ud615 Python \uc778\ud3ec\uc2a4\ud2f8\ub7ec\ub97c \ubc30\ud3ec\ud569\ub2c8\ub2e4.<\/li>\n<li>\uc778\ud3ec\uc2a4\ud2f8\ub7ec\ub294 \ub354 \uc790\uc138\ud55c \ud53c\ud574\uc790 \uc815\ubcf4\ub97c \uc218\uc9d1\ud558\uc5ec \uacf5\uaca9\uc790\uac00 \uc9c0\uc18d\uc801\uc778 \uc811\uadfc\uc774 \ud544\uc694\ud55c\uc9c0 \uc5ec\ubd80\ub97c \ud310\ub2e8\ud558\uae30 \uc704\ud574 \uc0ac\uc6a9\ud55c \uac83\uc73c\ub85c \ubcf4\uc785\ub2c8\ub2e4.\n<ol>\n<li>\uc9c0\uc18d\uc801\uc778 \uc561\uc138\uc2a4\uac00 \ud544\uc694\ud55c \uacbd\uc6b0 C2 \uc11c\ubc84\ub294 \uc635\uc158 \ucf54\ub4dc <strong>1 \ub610\ub294 3\uc744 \ud1b5\ud574<\/strong> \ud398\uc774\ub85c\ub4dc\ub97c \uc804\ub2ec\ud569\ub2c8\ub2e4.<\/li>\n<li>\uc561\uc138\uc2a4 \uad8c\ud55c\uc774 \ub354 \uc774\uc0c1 \ud544\uc694\ud558\uc9c0 \uc54a\uc740 \uacbd\uc6b0, \uc635\uc158 \ucf54\ub4dc <strong>9\ub294<\/strong> \uc545\uc131\ucf54\ub4dc\uc758 \uc2e4\ud589\uc744 \uc885\ub8cc\ud558\uace0 \ud398\uc774\ub85c\ub4dc\uac00 \uba54\ubaa8\ub9ac\uc5d0\ub9cc \uc874\uc7ac\ud558\uae30 \ub54c\ubb38\uc5d0 \ubaa8\ub4e0 \uc561\uc138\uc2a4\ub97c \uc81c\uac70\ud569\ub2c8\ub2e4.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<h3><a id=\"post-140506-_heading=h.evk72bz1pvb4\"><\/a>3b \ub2e8\uacc4 - JavaScript \ub9ac\ud3ec\uc9c0\ud1a0\ub9ac<\/h3>\n<p>\ud45c\uc801\uc774 \ub41c \ud53c\ud574\uc790\uac00 JavaScript \uc5ed\ud560\uc744 \uc2e0\uccad\ud55c \uacbd\uc6b0, \uc544\ub798 \uadf8\ub9bc 6\uc758 \uc608\uc2dc\uc640 \uac19\uc774 'Cryptocurrency Dashboard' \ud504\ub85c\uc81d\ud2b8\ub97c \ub9cc\ub098\uac8c \ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<figure id=\"attachment_141053\" aria-describedby=\"caption-attachment-141053\" style=\"width: 700px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-141053 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-530549-140506-6.png\" alt=\"Screenshot of a GitHub repository named &quot;Cryptocurrency Dashboard,&quot; featuring a README.md file displayed. This README includes sections: Features, Installation, Usage, Project Structure, Configuration, Dependencies, and License. It describes the project as an application built with Node.js, Express, and EJS that displays real-time and historical data for various cryptocurrencies.\" width=\"700\" height=\"404\" srcset=\"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-530549-140506-6.png 1764w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-530549-140506-6-762x440.png 762w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-530549-140506-6-1213x700.png 1213w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-530549-140506-6-768x443.png 768w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-530549-140506-6-1536x886.png 1536w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><figcaption id=\"caption-attachment-141053\" class=\"wp-caption-text\">\uadf8\ub9bc 6. JavaScript \uc800\uc7a5\uc18c.<\/figcaption><\/figure>\n<p>\uc774 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc5d0\ub294 C2\uc640 \uc815\uc2dd \ub370\uc774\ud130 \uc18c\uc2a4\uac00 \ud3ec\ud568\ub41c <span style=\"font-family: 'courier new', courier, monospace;\">.env<\/span> \ud30c\uc77c\uc774 \ud3ec\ud568\ub418\uc5b4 \uc788\uc2b5\ub2c8\ub2e4:<\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">PORT=3000<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">COINGECKO_API_URL=hxxps:\/\/api.coingecko[.]com\/api\/v3<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">JQUERY_API_URL=hxxps:\/\/update.jquerycloud[.]io\/api\/v1<\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: 'courier new', courier, monospace;\">COINGECKO_API_URL<\/span> \uac12\uc740 \uc554\ud638\ud654\ud3d0 \ub300\uc2dc\ubcf4\ub4dc\uc758 \ub370\uc774\ud130 \uc218\uc9d1\uc5d0 \uc0ac\uc6a9\ub418\uba70, <span style=\"font-family: 'courier new', courier, monospace;\">JQUERY_API_URL<\/span> \uac12\uc740 Slow Pisces\uac00 \uc81c\uc5b4\ud558\ub294 C2 \uc11c\ubc84\ub97c \ub098\ud0c0\ub0c5\ub2c8\ub2e4. Python \ub9ac\ud3ec\uc9c0\ud1a0\ub9ac\uc640 \ub9c8\ucc2c\uac00\uc9c0\ub85c JavaScript C2 \uc11c\ubc84\ub294 \uac80\uc99d\ub41c \ub300\uc0c1\uc5d0\ub9cc \ud398\uc774\ub85c\ub4dc\ub97c \uc804\ub2ec\ud558\uace0, \uadf8\ub807\uc9c0 \uc54a\uc740 \uacbd\uc6b0 \ubc84\uc804 \ubc88\ud638\ub85c \uc751\ub2f5\ud569\ub2c8\ub2e4.<\/p>\n<p>\ub9ac\ud3ec\uc9c0\ud1a0\ub9ac\ub294 <a href=\"https:\/\/ejs.co\/\" target=\"_blank\" rel=\"noopener\">Embedded JavaScript(EJS) \ud15c\ud50c\ub9bf \ub3c4\uad6c<\/a>\ub97c \uc0ac\uc6a9\ud558\uc5ec C2 \uc11c\ubc84\uc758 \uc751\ub2f5\uc744 <span style=\"font-family: 'courier new', courier, monospace;\">ejs.render()<\/span> \ud568\uc218\uc5d0 \uc804\ub2ec\ud55c\ub2e4.<\/p>\n<figure id=\"attachment_141064\" aria-describedby=\"caption-attachment-141064\" style=\"width: 700px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-141064 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-533434-140506-7.png\" alt=\"Screenshot showing a code snippet in JavaScript. It includes a comment and a function call to render a homepage with settings and items per page. res.render is highlighted in a red box. \" width=\"700\" height=\"294\" srcset=\"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-533434-140506-7.png 1116w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-533434-140506-7-786x330.png 786w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-533434-140506-7-768x322.png 768w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><figcaption id=\"caption-attachment-141064\" class=\"wp-caption-text\">\uadf8\ub9bc 7. EJS\uc758 \ub80c\ub354\ub9c1 \uae30\ub2a5\uc744 \uc774\uc6a9\ud55c Slow Pisces \uc545\uc131\ucf54\ub4dc\uc758 \uc9c4\uc785\uc810\uc744 \ubcf4\uc5ec\uc8fc\ub294 JavaScript \ucf54\ub4dc.<\/figcaption><\/figure>\n<p><span style=\"font-family: 'courier new', courier, monospace;\">yaml.load()<\/span> \uc0ac\uc6a9\uacfc \ub9c8\ucc2c\uac00\uc9c0\ub85c, \uc774\uac83\uc740 C2 \uc11c\ubc84\uc5d0\uc11c \uc784\uc758\uc758 \ucf54\ub4dc \uc2e4\ud589\uc744 \uc228\uae30\uae30 \uc704\ud574 Slow Pisces\uac00 \uc0ac\uc6a9\ud558\ub294 \ub610 \ub2e4\ub978 \uae30\ubc95\uc774\uba70, \uc774 \uae30\ubc95\uc740 \uc544\ub9c8\ub3c4 \uc720\ud6a8\ud55c \ud398\uc774\ub85c\ub4dc\ub97c \ud45c\uc2dc\ud560 \ub54c\ub9cc \ub4dc\ub7ec\ub0a0 \uac83\uc785\ub2c8\ub2e4.<\/p>\n<p>EJS\uc758 \ub80c\ub354 \ud568\uc218\ub294 \ub2e4\uc591\ud55c \ud30c\ub77c\ubbf8\ud130\ub97c \ud5c8\uc6a9\ud558\ub294\ub370, \uadf8 \uc911 \ud558\ub098\uac00 <span style=\"font-family: 'courier new', courier, monospace;\">view options<\/span>\ub77c\ub294 \ub9c8\ub77c\ubbf8\ud130\uc785\ub2c8\ub2e4. \uc774 \uc911 <span style=\"font-family: 'courier new', courier, monospace;\">escapeFunction<\/span> \ud0a4\ub97c \ud1b5\ud574 \uc784\uc758\uc758 JavaScript \ucf54\ub4dc\ub97c \uc81c\uacf5\ud558\uace0 \uc2e4\ud589\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>Huli\ub77c\ub294 \uc544\uc774\ub514\ub97c \uac00\uc9c4 \ub300\ub9cc\uc758 \uc5f0\uad6c\uc6d0\uc740, <a href=\"https:\/\/blog.huli.tw\/2023\/06\/22\/en\/ejs-render-vulnerability-ctf\/\" target=\"_blank\" rel=\"noopener\">CTF \uac8c\uc2dc\ubb3c<\/a>\uc5d0 \uc62c\ub9b0 \uae00\uc5d0\uc11c \uc784\uc758\uc758 \ucf54\ub4dc\uac00 \uc5b4\ub5bb\uac8c \uc2e4\ud589\ub418\ub294\uc9c0\uc5d0 \ub300\ud55c \uae30\uc220\uc801 \uc138\ubd80 \uc0ac\ud56d\uc744 \ub17c\uc758\ud558\uace0 \uc788\uc2b5\ub2c8\ub2e4. \ud558\uc9c0\ub9cc \uadf8\ub9bc 8\uacfc \uac19\uc774 \uad6c\uc870\ud654\ub41c \ud398\uc774\ub85c\ub4dc\uac00 <span style=\"font-family: 'courier new', courier, monospace;\">ejs.render()<\/span>\uc5d0 \uc804\ub2ec\ub418\uba74 <span style=\"font-family: 'courier new', courier, monospace;\">escapeFunction<\/span>\uc5d0 \ud3ec\ud568\ub41c \ucf54\ub4dc\uac00 \uc2e4\ud589\ub418\ub294 \uac83\uc740 \ucda9\ubd84\ud788 \uc774\ud574\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<figure id=\"attachment_141075\" aria-describedby=\"caption-attachment-141075\" style=\"width: 1000px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-141075 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-535667-140506-8.png\" alt=\"Screenshot of a JavaScript code snippet involving functions with &quot;escapeFunction&quot; highlighted in a red box. \" width=\"1000\" height=\"848\" srcset=\"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-535667-140506-8.png 1234w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-535667-140506-8-519x440.png 519w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-535667-140506-8-826x700.png 826w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-535667-140506-8-768x651.png 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><figcaption id=\"caption-attachment-141075\" class=\"wp-caption-text\">\uadf8\ub9bc 8. \ubd80\ubd84\uc801\uc778 EJS \ub80c\ub354 \ud398\uc774\ub85c\ub4dc.<\/figcaption><\/figure>\n<p>\uc548\ud0c0\uae5d\uac8c\ub3c4 \uc774 \ud398\uc774\ub85c\ub4dc\ub97c \ubaa8\ub450 \ud68c\uc218\ud560 \uc218 \uc5c6\uc5c8\uc2b5\ub2c8\ub2e4. \uc774\ub807\uac8c \uc0ac\uc6a9\uc790\uc758 \ud648 \ub514\ub809\ud130\ub9ac \uc544\ub798\uc5d0 \uc0c8\ub85c\uc6b4 <span style=\"font-family: 'courier new', courier, monospace;\">.jql<\/span> \ub514\ub809\ud130\ub9ac\uac00 \uc0dd\uc131\ub418\uace0, \uac70\uae30\uc5d0 Base64\ub85c \uc778\ucf54\ub529\ub41c \ub370\uc774\ud130\uac00 \ud3ec\ud568\ub41c <span style=\"font-family: 'courier new', courier, monospace;\">helper.js<\/span>\ub77c\ub294 \ud30c\uc77c\uc774 \ub4dc\ub86d\ub418\ub294 \uac83\uc73c\ub85c \ucd94\uce21\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<h3><a id=\"post-140506-_heading=h.xwqrim9avik1\"><\/a>\uc778\ud504\ub77c<\/h3>\n<p>\uc544\ub798 \uadf8\ub9bc 9\uc758 \ud0c0\uc784\ub77c\uc778\uc740 2024\ub144 2\uc6d4\ubd80\ud130 2025\ub144 2\uc6d4\uae4c\uc9c0 \ucea0\ud398\uc778\uc5d0 \uc0ac\uc6a9\ub41c C2 \uc778\ud504\ub77c\uc758 \uc138\ubd80 \uc0ac\ud56d\uc744 \uc81c\uacf5\ub41c \ub9ac\ud3ec\uc9c0\ud1a0\ub9ac \uc720\ud615(JavaScript \ub610\ub294 Python)\ubcc4\ub85c \uadf8\ub8f9\ud654\ud55c \uac83\uc785\ub2c8\ub2e4.<\/p>\n<figure id=\"attachment_141086\" aria-describedby=\"caption-attachment-141086\" style=\"width: 1000px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-141086 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-539154-140506-9.png\" alt=\"Timeline of infrastructure tracking the JavaScript command and controls (top, yellow label) and the Python command and controls (bottom, orange label). The timeline starts at the end of Q1 of 2024 and continues to Q2 of 2025. \" width=\"1000\" height=\"906\" srcset=\"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-539154-140506-9.png 1338w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-539154-140506-9-486x440.png 486w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-539154-140506-9-773x700.png 773w, https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/05\/word-image-539154-140506-9-768x696.png 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><figcaption id=\"caption-attachment-141086\" class=\"wp-caption-text\">\uadf8\ub9bc 9. C2 \uc778\ud504\ub77c \ud0c0\uc784\ub77c\uc778.<\/figcaption><\/figure>\n<p>\uc55e\uc11c \uc5b8\uae09\ud588\ub4ef\uc774, \uc774 \ucea0\ud398\uc778\uc758 \uc778\ud504\ub77c \ub3c4\uba54\uc778\uc740 API\ub098 CDN\uacfc \uac19\uc740 \uc11c\ube0c \ub3c4\uba54\uc778\uc744 \uc790\uc8fc \uc0ac\uc6a9\ud558\uc5ec \ud569\ubc95\uc801\uc778 \uc18c\uc2a4\uc758 \ud615\ud0dc\ub97c \ubaa8\ubc29\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc774 \uae00\uc744 \uc4f0\ub294 \uc2dc\uc810\uae4c\uc9c0 \uc774 \ucea0\ud398\uc778\uacfc \uad00\ub828\ub41c \uc778\ud504\ub77c\ub97c \ubc1c\uacac\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<h2><a id=\"post-140506-_heading=h.rli061b7aoa8\"><\/a>\uacb0\ub860<\/h2>\n<p>\uc774\ubc88 \ubcf4\uace0\uc11c\uc5d0\uc11c\ub294 \uc554\ud638\ud654\ud3d0 \ubd84\uc57c \uac1c\ubc1c\uc790\ub97c \ub300\uc0c1\uc73c\ub85c \ucc44\uc6a9 \ub2f4\ub2f9\uc790\ub97c \uc0ac\uce6d\ud574 \uc545\uc758\uc801\uc778 \ucf54\ub529 \ucc4c\ub9b0\uc9c0\ub97c \uc9c4\ud589\ud558\ub294 Slow Pisces\uc758 \ucd5c\uc2e0 \ucea0\ud398\uc778\uc5d0 \ub300\ud574 \uc54c\uc544\ubd24\uc2b5\ub2c8\ub2e4. JavaScript \ub9ac\ud3ec\uc9c0\ud1a0\ub9ac\uc5d0 \ub300\ud55c \uc804\uccb4 \uacf5\uaca9 \uccb4\uc778\uc744 \ubcf5\uad6c\ud560 \uc218\ub294 \uc5c6\uc5c8\uc9c0\ub9cc, Python \ubc84\uc804\uc758 \ucea0\ud398\uc778\uc5d0\uc11c\ub294 RN Loader\uc640 RN Stealer\ub77c\ub294 \uc774\ub984\uc758 \ub450 \uac00\uc9c0 \uc0c8\ub85c\uc6b4 \ud398\uc774\ub85c\ub4dc\uac00 \uc804\ub2ec\ub418\uc5c8\uc2b5\ub2c8\ub2e4.<\/p>\n<p>LinkedIn\uacfc GitHub\ub97c \uc774\ub807\uac8c \uc0ac\uc6a9\ud558\ub294 \uac83\uc740 \ud2b9\ubcc4\ud55c \uc77c\uc774 \uc544\ub2d9\ub2c8\ub2e4. \uc870\uc120\ubbfc\uc8fc\uc8fc\uc758\uc778\ubbfc\uacf5\ud654\uad6d(\ubd81\ud55c) \uacc4\uc5f4\uc758 \uc5ec\ub7ec \ub2e8\uccb4\uac00 '\uc870\uc120\ubbfc\uc8fc\uc8fc\uc758\uc778\ubbfc\uacf5\ud654\uad6d(\ubd81\ud55c)\uc758 <a href=\"https:\/\/www.reversinglabs.com\/blog\/fake-recruiter-coding-tests-target-devs-with-malicious-python-packages\" target=\"_blank\" rel=\"noopener\">Alluring Pisces<\/a>\uc640 <a href=\"https:\/\/unit42.paloaltonetworks.com\/two-campaigns-by-north-korea-bad-actors-target-job-hunters\/\" target=\"_blank\" rel=\"noopener\">Contagious Interview<\/a>\ub4f1\uacfc \ube44\uc2b7\ud55c \uc218\ubc95\uc744 \uc0ac\uc6a9\ud558\uace0 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uc774 \ub450 \uadf8\ub8f9\uc5d0\ub294 \uc791\uc804\uc0c1 \uc911\ubcf5\ub418\ub294 \ubd80\ubd84\uc774 \uc5c6\uc2b5\ub2c8\ub2e4. \uadf8\ub7ec\ub098 \uc774\ub4e4 \ucea0\ud398\uc778\uc774 \uc720\uc0ac\ud55c \ucd08\uae30 \uac10\uc5fc \ubca1\ud130\ub97c \uc0ac\uc6a9\ud558\uace0 \uc788\ub2e4\ub294 \uc810\uc740 \uc8fc\ubaa9\ud560 \ub9cc\ud569\ub2c8\ub2e4.<\/p>\n<p>Slow Pisces\ub294 \ub3d9\uc885\uc5c5\uacc4\uc758 \ub2e4\ub978 \ucea0\ud398\uc778\uacfc \ube44\uad50\ud588\uc744 \ub54c \uc6b4\uc601\uc758 \uc548\uc804\uc131\uc774 \ub3cb\ubcf4\uc785\ub2c8\ub2e4. \uac01 \ub2e8\uacc4\uc758 \ud398\uc774\ub85c\ub4dc \uc804\ub2ec\uc740 \uc5c4\uaca9\ud558\uac8c \ubcf4\ud638\ub418\uba70, \uba54\ubaa8\ub9ac \uc0c1\uc5d0\ub9cc \uc874\uc7ac\ud569\ub2c8\ub2e4. \ub610\ud55c, \uc774 \uadf8\ub8f9\uc758 \ud6c4\uae30 \ud234\uc740 \ud544\uc694\ud55c \uacbd\uc6b0\uc5d0\ub9cc \ubc30\ud3ec\ub429\ub2c8\ub2e4.<\/p>\n<p>\ud2b9\ud788 \uc774 \uadf8\ub8f9\uc740 \uae30\ub2a5\uc744 \uc228\uae30\uae30 \uc704\ud574 \ub450 \uac00\uc9c0 \uae30\ubc95\uc744 \ud65c\uc6a9\ud588\uc2b5\ub2c8\ub2e4:<\/p>\n<ul>\n<li>YAML \uc5ed\uc9c1\ub82c\ud654<\/li>\n<li>EJS <span style=\"font-family: 'courier new', courier, monospace;\">escapeFunction<\/span><\/li>\n<\/ul>\n<p>\uc774 \ub450 \uac00\uc9c0 \uae30\uc220\uc740 \ubd84\uc11d, \ud0d0\uc9c0 \ubc0f \uc0ac\ub0e5\uc744 \ubc29\ud574\ud569\ub2c8\ub2e4. \ub9c8\ucc2c\uac00\uc9c0\ub85c, \uc554\ud638\ud654\ud3d0 \ubd84\uc57c\uc758 \ube44\uad50\uc801 \uc0c8\ub85c\uc6b4 \uac1c\ubc1c\uc790\ub4e4\uc774\ub098 \uacbd\ud5d8\uc774 \ubd80\uc871\ud55c \uac1c\ubc1c\uc790\ub4e4\uc740 \uc774\ub7ec\ud55c \ub9ac\ud3ec\uc9c0\ud1a0\ub9ac\uac00 \uc545\uc758\uc801\uc778 \uac83\uc784\uc744 \uc2dd\ubcc4\ud558\uae30 \uc5b4\ub824\uc6b8 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uc554\ud638\ud654\ud3d0 \uac15\ub3c4\uc758 \uacf5\uac1c \ubcf4\uace0\uc11c\uc5d0 \ub530\ub974\uba74, \uc774 \ucea0\ud398\uc778\uc740 \ub9e4\uc6b0 \uc131\uacf5\uc801\uc774\uc5c8\uc73c\uba70, 2025\ub144\uc5d0\ub3c4 \uacc4\uc18d\ub420 \uac00\ub2a5\uc131\uc774 \ub192\ub2e4\uace0 \ud569\ub2c8\ub2e4. \uc774 \uae00\uc5d0\uc11c\ub294 YAML \uc5ed\uc9c1\ub82c\ud654\uc640 EJS <span style=\"font-family: 'courier new', courier, monospace;\">escapeFunction<\/span> \ud398\uc774\ub85c\ub4dc\uc758 \ub450 \uac00\uc9c0 \uc7a0\uc7ac\uc801 \ud0d0\uc9c0 \uac00\ub2a5\uc131\uc744 \uac15\uc870\ud588\uc9c0\ub9cc, \uac00\uc7a5 \ud6a8\uacfc\uc801\uc778 \uc644\ud654\ucc45\uc740 \uae30\uc5c5\uacfc \uac1c\uc778 \uae30\uae30\ub97c \uc5c4\uaca9\ud558\uac8c \ubd84\ub9ac\ud558\ub294 \uac83\uc785\ub2c8\ub2e4. \uc774\ub97c \ud1b5\ud574 \ud45c\uc801\ud615 \uc18c\uc15c \uc5d4\uc9c0\ub2c8\uc5b4\ub9c1 \ucea0\ud398\uc778\uc5d0 \uc758\ud55c \uae30\uc5c5 \uc2dc\uc2a4\ud15c \uce68\ud574\ub97c \ubc29\uc9c0\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<h3><a id=\"post-140506-_heading=h.qapb5hxeiym1\"><\/a>Palo Alto Networks\uc758 \ubcf4\ud638 \ubc0f \uc644\ud654<\/h3>\n<p>Palo Alto Networks\uc758 \uace0\uac1d\uc740 \ub2e4\uc74c\uacfc \uac19\uc740 \uc81c\ud488\uc744 \ud1b5\ud574 \uc704\uc758 \uc704\ud611\uc73c\ub85c\ubd80\ud130 \ubcf4\ub2e4 \ud655\uc2e4\ud558\uac8c \ubcf4\ud638\ubc1b\uc744 \uc218 \uc788\uc2b5\ub2c8\ub2e4:<\/p>\n<ul>\n<li><a href=\"https:\/\/docs.paloaltonetworks.com\/advanced-url-filtering\/administration\" target=\"_blank\" rel=\"noopener\">Advanced URL Filtering<\/a> \ubc0f <a href=\"https:\/\/docs.paloaltonetworks.com\/dns-security\" target=\"_blank\" rel=\"noopener\">Advanced DNS Security<\/a><\/li>\n<\/ul>\n<p>\uc815\ubcf4 \uc720\ucd9c \uac00\ub2a5\uc131\uc774 \uc788\uac70\ub098 \uae34\uae09\ud55c \ubb38\uc81c\uac00 \uc788\ub294 \uacbd\uc6b0 \ub2e4\uc74c \uc5f0\ub77d\ucc98\ub85c \uc5f0\ub77d\ud574 \uc8fc\uc2dc\uae30 \ubc14\ub78d\ub2c8\ub2e4. <a href=\"https:\/\/start.paloaltonetworks.com\/contact-unit42.html\" target=\"_blank\" rel=\"noopener\">Unit 42 \uc0ac\uace0\ub300\uc751\ud300<\/a> \ub610\ub294 \uc804\ud654\ub85c \ubb38\uc758\ud558\uc138\uc694:<\/p>\n<ul>\n<li>\ubd81\ubbf8 \ubb34\ub8cc\uc804\ud654 +1 (866) 486-4842 (866.4.unit42)<\/li>\n<li>\uc601\uad6d: +44.20.3743.3660<\/li>\n<li>\uc720\ub7fd \ubc0f \uc911\ub3d9: +31.20.299.3130<\/li>\n<li>\uc544\uc2dc\uc544: +65.6983.8730<\/li>\n<li>\uc77c\ubcf8: +81.50.1790.0200<\/li>\n<li>\ud638\uc8fc: +61.2.4062.7950<\/li>\n<li>\uc778\ub3c4: 00080005045107<\/li>\n<\/ul>\n<p>Palo Alto Networks\ub294 \uc774 \uc870\uc0ac \uacb0\uacfc\ub97c \uc0ac\uc774\ubc84 \uc704\ud611 \uc5f0\ud569(Cyber Threat Alliance, CTA) \ud68c\uc6d0\ub4e4\uacfc \uacf5\uc720\ud588\uc2b5\ub2c8\ub2e4. CTA \ud68c\uc6d0\uc0ac\ub4e4\uc740 \uc774 \uc778\ud154\ub9ac\uc804\uc2a4\ub97c \ud65c\uc6a9\ud558\uc5ec \uace0\uac1d\uc5d0\uac8c \uc2e0\uc18d\ud558\uac8c \ubcf4\ud638 \uae30\ub2a5\uc744 \ubc30\ud3ec\ud558\uace0 \uc545\uc758\uc801\uc778 \uc0ac\uc774\ubc84 \ud589\uc704\uc790\ub97c \uc870\uc9c1\uc801\uc73c\ub85c \ubc29\ud574\ud558\uace0 \uc788\uc2b5\ub2c8\ub2e4. \uc0ac\uc774\ubc84 \uc704\ud611 \ub3d9\ub9f9 <a href=\"https:\/\/www.cyberthreatalliance.org\" target=\"_blank\" rel=\"noopener\">Cyber Threat Alliance<\/a>.<\/p>\n<h2><a id=\"post-140506-_heading=h.kfa3415rlqp0\"><\/a>\uce68\ud574 \uc9c0\ud45c<\/h2>\n<table style=\"width: 100%; height: 699px;\">\n<tbody>\n<tr style=\"height: 24px;\">\n<td style=\"text-align: center; height: 24px;\"><b>\ub3c4\uba54\uc778<\/b><\/td>\n<td style=\"text-align: center; height: 24px;\"><b>IP \uc8fc\uc18c<\/b><\/td>\n<td style=\"text-align: center; height: 24px;\"><b>\uccab <\/b><b>\ubaa9\uaca9<\/b><\/td>\n<td style=\"text-align: center; height: 24px;\"><b>\ub9c8\uc9c0\ub9c9 <\/b><b>\ubaa9\uaca9<\/b><\/td>\n<td style=\"text-align: center; height: 24px;\"><b>\ub9ac\ud3ec\uc9c0\ud1a0\ub9ac<\/b><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">getstockprice[.]com<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">70.34.245[.]118<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2025-02-03<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2025-02-20<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">cdn[.]clubinfo[.]io<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">5.206.227[.]51<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2025-01-21<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2025-02-19<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">getstockprice[.]info<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">131.226.2[.]120<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2025-01-21<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2025-01-23<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">api[.]stockinfo[.]io<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">136.244.93[.]248<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-10-30<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-11-11<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">cdn[.]logoeye[.]net<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">54.39.83[.]151<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-10-29<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-11-03<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">ja[.]wfinance[.]org<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">195.133.26[.]32<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-10-12<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-11-01<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">ja[.]stocksindex[.]org<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">185.236.231[.]224<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-09-11<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-10-04<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">cdn[.]jqueryversion[.]net<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">194.11.226[.]16<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-08-23<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-09-23<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">JavaScript<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">ja[.]stockslab[.]org<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">91.103.140[.]191<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-08-19<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-09-12<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">update[.]jquerycloud[.]io<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">192.236.199[.]57<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-07-03<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-08-22<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">JavaScript<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">cdn[.]soccerlab[.]io<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">146.70.124[.]70<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-08-07<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-08-21<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">api[.]coinpricehub[.]io<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">45.141.58[.]40<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-05-06<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-08-06<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">Java<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">cdn[.]leaguehub[.]net<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">5.133.9[.]252<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-07-15<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-07-21<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">cdn[.]clublogos[.]io<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">146.19.173[.]29<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-06-24<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-07-12<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">api[.]jquery-release[.]com<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">146.70.125[.]120<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-06-10<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-06-28<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">JavaScript<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">cdn[.]logosports[.]net<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">185.62.58[.]74<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-05-08<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-06-23<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">skypredict[.\uff3d<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">80.82.77[.]80<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-05-06<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-06-16<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">JavaScript<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">api[.]bitzone[.]io<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">192.248.145[.]210<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-04-25<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-05-13<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">weatherdatahub[.]org<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">194.15.112[.]200<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-04-05<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-05-03<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">JavaScript<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">api[.]ethzone[.]io<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">91.234.199[.]90<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-04-16<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-04-24<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">api[.]fivebit[.]io<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">185.216.144[.]41<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-04-08<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-04-14<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">blockprices[.]io<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">91.193.18[.]201<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-03-15<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-04-09<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">JavaScript<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">api[.]coinhar[.]io<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">185.62.58[.]122<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-03-26<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-04-09<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">mavenradar[.]com<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">23.254.230[.]253<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-02-21<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-03-26<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">JavaScript<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">indobit[.]io<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">146.70.88[.]126<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-03-19<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-03-20<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">api[.]thaibit[.]io<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">79.137.248[.]193<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-03-07<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-03-09<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">Python<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">chainanalyser[.]com<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400; font-family: 'courier new', courier, monospace;\">38.180.62[.]135<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-02-23<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">2024-03-06<\/span><\/td>\n<td style=\"height: 25px;\"><span style=\"font-weight: 400;\">JavaScript<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2><a id=\"post-140506-_heading=h.z2oopiodaml1\"><\/a>\uae30\ud0c0 \uc790\ub8cc<\/h2>\n<ul>\n<li><a href=\"https:\/\/www.ic3.gov\/PSA\/2025\/PSA250226\" target=\"_blank\" rel=\"noopener\">\ubd81\ud55c, 15\uc5b5 \ub2ec\ub7ec \uaddc\ubaa8\uc758 Bybit \ud574\ud0b9\uc5d0 \uc5f0\ub8e8<\/a> \u2013 \uc778\ud130\ub137\ubc94\uc8c4\uc2e0\uace0\uc13c\ud130(IC3)<\/li>\n<li><a href=\"https:\/\/www.fbi.gov\/news\/press-releases\/fbi-dc3-and-npa-identification-of-north-korean-cyber-actors-tracked-as-tradertraitor-responsible-for-theft-of-308-million-from-bitcoindmmcom\" target=\"_blank\" rel=\"noopener\">FBI, DC3, \uacbd\ucc30\uccad, \ube44\ud2b8\ucf54\uc778\ub2f7\ucef4(Bitcoin.DMM.com)\uc5d0\uc11c 3\uc5b5 800\ub9cc \ub2ec\ub7ec\ub97c \ud6d4\uce5c TraderTraitor\ub85c \ucd94\uc801\ub41c \ubd81\ud55c \uc0ac\uc774\ubc84 \ubc94\uc8c4\uc790 \ud655\uc778<\/a> \u2013 FBI<\/li>\n<li><a href=\"https:\/\/github.blog\/security\/vulnerability-research\/security-alert-social-engineering-campaign-targets-technology-industry-employees\/\" target=\"_blank\" rel=\"noopener\">\ubcf4\uc548 \uacbd\uace0: \uae30\uc220 \uc0b0\uc5c5 \uc885\uc0ac\uc790\ub97c \ub178\ub9ac\ub294 \uc18c\uc15c \uc5d4\uc9c0\ub2c8\uc5b4\ub9c1 \ucea0\ud398\uc778<\/a> \u2013 GitHub \ube14\ub85c\uadf8<\/li>\n<li><a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/north-korea-supply-chain\" target=\"_blank\" rel=\"noopener\">\ubd81\ud55c, \ud45c\uc801\ud615 \uacf5\uae09\ub9dd \uacf5\uaca9\uc5d0 SaaS \uc81c\uacf5\uc5c5\uccb4 \ud65c\uc6a9<\/a> \u2013 Mandiant, Google Cloud<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Slow Pisces, \uac1c\ubc1c\uc790\uc5d0\uac8c \ucf54\ub529 \uacfc\uc81c\ub97c \ubbf8\ub07c\ub85c \uc811\uadfc, \uc0c8 \ub9de\ucda4\ud615 \ud30c\uc774\uc36c \uc545\uc131\ucf54\ub4dc \ubc30\ud3ec<\/p>\n","protected":false},"author":359,"featured_media":138788,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[8790,8736,8826],"tags":[8872,8873],"product_categories":[],"coauthors":[8711],"class_list":["post-140506","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-malware-ko","category-cybercrime-ko","category-threat-actor-groups-ko","tag-cryptocurrency-ko","tag-dprk-ko"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>\ucf54\ub529\uc5d0 \ub3c4\uc804\ud558\ub294 \uac1c\ubc1c\uc790\ub97c \ub178\ub9ac\ub294 Slow Pisces, \uc0c8\ub85c\uc6b4 \ub9de\ucda4\ud615 Python \uba40\uc6e8\uc5b4 \ub3c4\uc785<\/title>\n<meta name=\"description\" content=\"Slow Pisces, \uac1c\ubc1c\uc790\uc5d0\uac8c \ucf54\ub529 \uacfc\uc81c\ub97c \ubbf8\ub07c\ub85c \uc811\uadfc, \uc0c8 \ub9de\ucda4\ud615 \ud30c\uc774\uc36c \uc545\uc131\ucf54\ub4dc \ubc30\ud3ec Slow Pisces, \uac1c\ubc1c\uc790\uc5d0\uac8c \ucf54\ub529 \uacfc\uc81c\ub97c \ubbf8\ub07c\ub85c \uc811\uadfc, \uc0c8 \ub9de\ucda4\ud615 \ud30c\uc774\uc36c \uc545\uc131\ucf54\ub4dc \ubc30\ud3ec\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/unit42.paloaltonetworks.com\/ko\/slow-pisces-new-custom-malware\/\" \/>\n<meta property=\"og:locale\" content=\"ko_KR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ucf54\ub529\uc5d0 \ub3c4\uc804\ud558\ub294 \uac1c\ubc1c\uc790\ub97c \ub178\ub9ac\ub294 Slow Pisces, \uc0c8\ub85c\uc6b4 \ub9de\ucda4\ud615 Python \uba40\uc6e8\uc5b4 \ub3c4\uc785\" \/>\n<meta property=\"og:description\" content=\"Slow Pisces, \uac1c\ubc1c\uc790\uc5d0\uac8c \ucf54\ub529 \uacfc\uc81c\ub97c \ubbf8\ub07c\ub85c \uc811\uadfc, \uc0c8 \ub9de\ucda4\ud615 \ud30c\uc774\uc36c \uc545\uc131\ucf54\ub4dc \ubc30\ud3ec Slow Pisces, \uac1c\ubc1c\uc790\uc5d0\uac8c \ucf54\ub529 \uacfc\uc81c\ub97c \ubbf8\ub07c\ub85c \uc811\uadfc, \uc0c8 \ub9de\ucda4\ud615 \ud30c\uc774\uc36c \uc545\uc131\ucf54\ub4dc \ubc30\ud3ec\" \/>\n<meta property=\"og:url\" content=\"https:\/\/unit42.paloaltonetworks.com\/ko\/slow-pisces-new-custom-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"Unit 42\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-14T15:48:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-19T18:04:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/03\/Pisces-NK-A-1920x900-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Prashil Pattni\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\ucf54\ub529\uc5d0 \ub3c4\uc804\ud558\ub294 \uac1c\ubc1c\uc790\ub97c \ub178\ub9ac\ub294 Slow Pisces, \uc0c8\ub85c\uc6b4 \ub9de\ucda4\ud615 Python \uba40\uc6e8\uc5b4 \ub3c4\uc785","description":"Slow Pisces, \uac1c\ubc1c\uc790\uc5d0\uac8c \ucf54\ub529 \uacfc\uc81c\ub97c \ubbf8\ub07c\ub85c \uc811\uadfc, \uc0c8 \ub9de\ucda4\ud615 \ud30c\uc774\uc36c \uc545\uc131\ucf54\ub4dc \ubc30\ud3ec Slow Pisces, \uac1c\ubc1c\uc790\uc5d0\uac8c \ucf54\ub529 \uacfc\uc81c\ub97c \ubbf8\ub07c\ub85c \uc811\uadfc, \uc0c8 \ub9de\ucda4\ud615 \ud30c\uc774\uc36c \uc545\uc131\ucf54\ub4dc \ubc30\ud3ec","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/unit42.paloaltonetworks.com\/ko\/slow-pisces-new-custom-malware\/","og_locale":"ko_KR","og_type":"article","og_title":"\ucf54\ub529\uc5d0 \ub3c4\uc804\ud558\ub294 \uac1c\ubc1c\uc790\ub97c \ub178\ub9ac\ub294 Slow Pisces, \uc0c8\ub85c\uc6b4 \ub9de\ucda4\ud615 Python \uba40\uc6e8\uc5b4 \ub3c4\uc785","og_description":"Slow Pisces, \uac1c\ubc1c\uc790\uc5d0\uac8c \ucf54\ub529 \uacfc\uc81c\ub97c \ubbf8\ub07c\ub85c \uc811\uadfc, \uc0c8 \ub9de\ucda4\ud615 \ud30c\uc774\uc36c \uc545\uc131\ucf54\ub4dc \ubc30\ud3ec Slow Pisces, \uac1c\ubc1c\uc790\uc5d0\uac8c \ucf54\ub529 \uacfc\uc81c\ub97c \ubbf8\ub07c\ub85c \uc811\uadfc, \uc0c8 \ub9de\ucda4\ud615 \ud30c\uc774\uc36c \uc545\uc131\ucf54\ub4dc \ubc30\ud3ec","og_url":"https:\/\/unit42.paloaltonetworks.com\/ko\/slow-pisces-new-custom-malware\/","og_site_name":"Unit 42","article_published_time":"2025-04-14T15:48:43+00:00","article_modified_time":"2025-06-19T18:04:42+00:00","og_image":[{"width":1920,"height":900,"url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/03\/Pisces-NK-A-1920x900-1.png","type":"image\/png"}],"author":"Prashil Pattni","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/unit42.paloaltonetworks.com\/ko\/slow-pisces-new-custom-malware\/#article","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ko\/slow-pisces-new-custom-malware\/"},"author":{"name":"Samantha Stallings","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/02432a76cded81307123196237e2c981"},"headline":"\ucf54\ub529\uc5d0 \ub3c4\uc804\ud558\ub294 \uac1c\ubc1c\uc790\ub97c \ub178\ub9ac\ub294 Slow Pisces, \uc0c8\ub85c\uc6b4 \ub9de\ucda4\ud615 Python \uba40\uc6e8\uc5b4 \ub3c4\uc785","datePublished":"2025-04-14T15:48:43+00:00","dateModified":"2025-06-19T18:04:42+00:00","mainEntityOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ko\/slow-pisces-new-custom-malware\/"},"wordCount":734,"commentCount":0,"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ko\/slow-pisces-new-custom-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/03\/Pisces-NK-A-1920x900-1.png","keywords":["Cryptocurrency","DPRK"],"articleSection":["\uba40\uc6e8\uc5b4","\uc0ac\uc774\ubc84 \ubc94\uc8c4","\uc704\ud611 \ud589\uc704\uc790 \uadf8\ub8f9"],"inLanguage":"ko-KR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/unit42.paloaltonetworks.com\/ko\/slow-pisces-new-custom-malware\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/unit42.paloaltonetworks.com\/ko\/slow-pisces-new-custom-malware\/","url":"https:\/\/unit42.paloaltonetworks.com\/ko\/slow-pisces-new-custom-malware\/","name":"\ucf54\ub529\uc5d0 \ub3c4\uc804\ud558\ub294 \uac1c\ubc1c\uc790\ub97c \ub178\ub9ac\ub294 Slow Pisces, \uc0c8\ub85c\uc6b4 \ub9de\ucda4\ud615 Python \uba40\uc6e8\uc5b4 \ub3c4\uc785","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ko\/slow-pisces-new-custom-malware\/#primaryimage"},"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ko\/slow-pisces-new-custom-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/03\/Pisces-NK-A-1920x900-1.png","datePublished":"2025-04-14T15:48:43+00:00","dateModified":"2025-06-19T18:04:42+00:00","author":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/02432a76cded81307123196237e2c981"},"description":"Slow Pisces, \uac1c\ubc1c\uc790\uc5d0\uac8c \ucf54\ub529 \uacfc\uc81c\ub97c \ubbf8\ub07c\ub85c \uc811\uadfc, \uc0c8 \ub9de\ucda4\ud615 \ud30c\uc774\uc36c \uc545\uc131\ucf54\ub4dc \ubc30\ud3ec Slow Pisces, \uac1c\ubc1c\uc790\uc5d0\uac8c \ucf54\ub529 \uacfc\uc81c\ub97c \ubbf8\ub07c\ub85c \uc811\uadfc, \uc0c8 \ub9de\ucda4\ud615 \ud30c\uc774\uc36c \uc545\uc131\ucf54\ub4dc \ubc30\ud3ec","breadcrumb":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ko\/slow-pisces-new-custom-malware\/#breadcrumb"},"inLanguage":"ko-KR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/unit42.paloaltonetworks.com\/ko\/slow-pisces-new-custom-malware\/"]}]},{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/unit42.paloaltonetworks.com\/ko\/slow-pisces-new-custom-malware\/#primaryimage","url":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/03\/Pisces-NK-A-1920x900-1.png","contentUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/03\/Pisces-NK-A-1920x900-1.png","width":1920,"height":900,"caption":"Pictorial representation of APT Slow Pisces. The silhouette of two fish and the Pisces constellation inside an orange abstract planet. Background of stars and swirling purple and blue colors."},{"@type":"BreadcrumbList","@id":"https:\/\/unit42.paloaltonetworks.com\/ko\/slow-pisces-new-custom-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/unit42.paloaltonetworks.com\/"},{"@type":"ListItem","position":2,"name":"\ucf54\ub529\uc5d0 \ub3c4\uc804\ud558\ub294 \uac1c\ubc1c\uc790\ub97c \ub178\ub9ac\ub294 Slow Pisces, \uc0c8\ub85c\uc6b4 \ub9de\ucda4\ud615 Python \uba40\uc6e8\uc5b4 \ub3c4\uc785"}]},{"@type":"WebSite","@id":"https:\/\/unit42.paloaltonetworks.com\/#website","url":"https:\/\/unit42.paloaltonetworks.com\/","name":"Unit 42","description":"Palo Alto Networks","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/unit42.paloaltonetworks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ko-KR"},{"@type":"Person","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/02432a76cded81307123196237e2c981","name":"Samantha Stallings","image":{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/image\/417e56ed8d3092ea85e34b75496b9e05","url":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/12\/Stallings-Insights-300x300.png","contentUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/12\/Stallings-Insights-300x300.png","caption":"Samantha Stallings"},"description":"Samantha Stallings is a Technical Writing Manager in Unit 42. In past lives, she has been a stationery designer, preservation assistant for the Frank Lloyd Wright Trust, and technical editor. Outside of work she spends her time hunting down patisserie and reading.","url":"https:\/\/origin-unit42.paloaltonetworks.com\/ko\/author\/samantha-stallings\/"}]}},"_links":{"self":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/posts\/140506","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/users\/359"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/comments?post=140506"}],"version-history":[{"count":11,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/posts\/140506\/revisions"}],"predecessor-version":[{"id":141102,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/posts\/140506\/revisions\/141102"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/media\/138788"}],"wp:attachment":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/media?parent=140506"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/categories?post=140506"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/tags?post=140506"},{"taxonomy":"product_categories","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/product_categories?post=140506"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/coauthors?post=140506"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}