악성코드분석_최종본_1.hwp (11 MB)

KISA/KRCERT's 2014 Malware Analysis report examines more than 500 malware samples to support similarity analysis, rapid variant detection, and incident response for Korean cyber incidents. The DPRK-relevant sections cover 7.7 DDoS, 3.4 DDoS, 3.20 cyber-terror, and 6.25 cyber-terror malware, documenting DDoS modules, backdoors, downloaders, host-file manipulation, MBR/VBR destruction, disk wiping, and C2 or Tor-based communications. The report also analyzes HWP vulnerability malware and Kimsuky APT samples that steal host and user information, collect keyboard input, use email accounts for exfiltration or follow-on downloads, and in some cases rely on modified remote-control tooling. It concludes by extracting malware features and YARA-style signatures for families including 7.7/3.4/3.20/6.25 DDoS-related malware, HWP exploit malware, Kimsuky, IceFog, LiveRe, and uncategorized credential-theft samples.