-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
158 additions
and
158 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,14 +1,14 @@ | ||
| <!DOCTYPE html> | ||
| <html lang="en"> | ||
| <head><meta charset="UTF-8"> | ||
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> | ||
| <meta http-equiv="X-UA-Compatible" content="ie=edge"> | ||
| <meta property="og:type" content="article"> | ||
| <meta property="og:image" content="http://ufo.stealien.com/assets/og_image.png"> | ||
| <meta property="og:title" content="STEALIEN Technical Blog"> | ||
| <meta property="og:description" content="Android Malware : 사마귀 해부학"> | ||
| <link href="https://fonts.googleapis.com/css?family=Nunito+Sans:400,400i,700&display=swap" rel="stylesheet"> | ||
| <title>Android Malware : 사마귀 해부학</title> | ||
| <!DOCTYPE html> | ||
| <html lang="en"> | ||
| <head><meta charset="UTF-8"> | ||
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> | ||
| <meta http-equiv="X-UA-Compatible" content="ie=edge"> | ||
| <meta property="og:type" content="article"> | ||
| <meta property="og:image" content="http://ufo.stealien.com/assets/og_image.png"> | ||
| <meta property="og:title" content="STEALIEN Technical Blog"> | ||
| <meta property="og:description" content="Android Malware : 사마귀 해부학"> | ||
| <link href="https://fonts.googleapis.com/css?family=Nunito+Sans:400,400i,700&display=swap" rel="stylesheet"> | ||
| <title>Android Malware : 사마귀 해부학</title> | ||
| <!-- Begin Jekyll SEO tag v2.7.1 --> | ||
| <title>Android Malware : 사마귀 해부학 | STEALIEN Technical Blog</title> | ||
| <meta name="generator" content="Jekyll v4.2.0" /> | ||
|
|
@@ -27,66 +27,66 @@ | |
| <script type="application/ld+json"> | ||
| {"headline":"Android Malware : 사마귀 해부학","dateModified":"2023-11-15T10:00:00+09:00","datePublished":"2023-11-15T10:00:00+09:00","mainEntityOfPage":{"@type":"WebPage","@id":"http://ufo.stealien.com/2023-11-15/Android-malware-%EC%82%AC%EB%A7%88%EA%B7%80-%ED%95%B4%EB%B6%80%ED%95%99-ko"},"author":{"@type":"Person","name":"Hyerim Jeon"},"@type":"BlogPosting","url":"http://ufo.stealien.com/2023-11-15/Android-malware-%EC%82%AC%EB%A7%88%EA%B7%80-%ED%95%B4%EB%B6%80%ED%95%99-ko","description":"Android Malware : 사마귀 해부학","@context":"https://schema.org"}</script> | ||
| <!-- End Jekyll SEO tag --> | ||
|
|
||
| <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"> | ||
| <meta name=“naver-site-verification” content=“74a9ec74d48a1ffca92bf9ac4704ba73be9afd65" /> | ||
| <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css" integrity="sha384-9aIt2nRpC12Uk9gS9baDl411NQApFmC26EwAOH8WgZl5MYYxFfc+NcPb1dKGj7Sk" crossorigin="anonymous"/> | ||
| <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script> | ||
| <script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script> | ||
| <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js" integrity="sha384-OgVRvuATP1z7JjHLkuOU7Xw704+h835Lr+6QL9UvYjZE3Ipu6Tp75j7Bh/kR0JKI" crossorigin="anonymous"></script> | ||
| <link rel="stylesheet" href="/assets/css/style.css"> | ||
|
|
||
| <link href="https://fonts.googleapis.com/css2?family=Nanum+Gothic:wght@400;700;800&display=swap" rel="stylesheet"> | ||
|
|
||
| <link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/10.0.3/styles/default.min.css"> | ||
| <script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/10.0.3/highlight.min.js"></script> | ||
|
|
||
| <link href="/assets/css/syntax.css" rel="stylesheet" > | ||
|
|
||
|
|
||
| <!-- Global site tag (gtag.js) - Google Analytics --> | ||
| <script async src="https://www.googletagmanager.com/gtag/js?id=G-06FFJEF76M"></script> | ||
| <script> | ||
| window.dataLayer = window.dataLayer || []; | ||
| function gtag(){dataLayer.push(arguments);} | ||
| gtag('js', new Date()); | ||
|
|
||
| gtag('config', 'G-06FFJEF76M'); | ||
| </script> | ||
| </head> | ||
| <body> | ||
| <header> | ||
| <div class="container"></div><div id="header"> | ||
| <div class="container" style="display: flex;justify-content: space-between;"> | ||
| <a href="/"> | ||
| <img | ||
| class="header_image_logo" | ||
| src="/assets/logo.png" | ||
| style="width: 140px; margin: 20px 28px 0px;" | ||
| /> | ||
| </a> | ||
| <a href="https://www.stealien.com/" target="_blank" style="font-family: 'NotoSansKR Medium', sans-serif;font-size: 14px;margin-right: 30px; color: #000; line-height: 70px;">스틸리언 홈페이지</a> | ||
| </div> | ||
| </div> | ||
| </header> | ||
| <section> | ||
| <div> | ||
| <div class="header_image_bg header_image_post" style="background-image: url('');"> | ||
| <div class="header_image_post_body"> | ||
| <div class="container"> | ||
| <div class="page-category">R&D</div> | ||
| <div class="page-title">Android Malware : 사마귀 해부학</div> | ||
| <div class="page-summary"> | ||
| <div style="float:left;"> | ||
| <img class="page-profile_image" src="/assets/stealien_inverse.png" /> | ||
| <span>Hyerim Jeon</span> | ||
| </div> | ||
| <div style="float:right;" class="page-date">Nov 15, 2023</div> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| <div class="container page-content"> | ||
|
|
||
| <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"> | ||
| <meta name=“naver-site-verification” content=“74a9ec74d48a1ffca92bf9ac4704ba73be9afd65" /> | ||
| <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css" integrity="sha384-9aIt2nRpC12Uk9gS9baDl411NQApFmC26EwAOH8WgZl5MYYxFfc+NcPb1dKGj7Sk" crossorigin="anonymous"/> | ||
| <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script> | ||
| <script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script> | ||
| <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js" integrity="sha384-OgVRvuATP1z7JjHLkuOU7Xw704+h835Lr+6QL9UvYjZE3Ipu6Tp75j7Bh/kR0JKI" crossorigin="anonymous"></script> | ||
| <link rel="stylesheet" href="/assets/css/style.css"> | ||
|
|
||
| <link href="https://fonts.googleapis.com/css2?family=Nanum+Gothic:wght@400;700;800&display=swap" rel="stylesheet"> | ||
|
|
||
| <link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/10.0.3/styles/default.min.css"> | ||
| <script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/10.0.3/highlight.min.js"></script> | ||
|
|
||
| <link href="/assets/css/syntax.css" rel="stylesheet" > | ||
|
|
||
|
|
||
| <!-- Global site tag (gtag.js) - Google Analytics --> | ||
| <script async src="https://www.googletagmanager.com/gtag/js?id=G-06FFJEF76M"></script> | ||
| <script> | ||
| window.dataLayer = window.dataLayer || []; | ||
| function gtag(){dataLayer.push(arguments);} | ||
| gtag('js', new Date()); | ||
|
|
||
| gtag('config', 'G-06FFJEF76M'); | ||
| </script> | ||
| </head> | ||
| <body> | ||
| <header> | ||
| <div class="container"></div><div id="header"> | ||
| <div class="container" style="display: flex;justify-content: space-between;"> | ||
| <a href="/"> | ||
| <img | ||
| class="header_image_logo" | ||
| src="/assets/logo.png" | ||
| style="width: 140px; margin: 20px 28px 0px;" | ||
| /> | ||
| </a> | ||
| <a href="https://www.stealien.com/" target="_blank" style="font-family: 'NotoSansKR Medium', sans-serif;font-size: 14px;margin-right: 30px; color: #000; line-height: 70px;">스틸리언 홈페이지</a> | ||
| </div> | ||
| </div> | ||
| </header> | ||
| <section> | ||
| <div> | ||
| <div class="header_image_bg header_image_post" style="background-image: url('');"> | ||
| <div class="header_image_post_body"> | ||
| <div class="container"> | ||
| <div class="page-category">R&D</div> | ||
| <div class="page-title">Android Malware : 사마귀 해부학</div> | ||
| <div class="page-summary"> | ||
| <div style="float:left;"> | ||
| <img class="page-profile_image" src="/assets/stealien_inverse.png" /> | ||
| <span>Hyerim Jeon</span> | ||
| </div> | ||
| <div style="float:right;" class="page-date">Nov 15, 2023</div> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| <div class="container page-content"> | ||
| <h1 id="android-malware--사마귀-해부학">Android Malware : 사마귀 해부학</h1> | ||
|
|
||
| <p><br /></p> | ||
|
|
@@ -575,7 +575,7 @@ <h2 id="3-behavior-analysis">3) Behavior Analysis</h2> | |
| <p>JSON-RPC로 <code class="language-plaintext highlighter-rouge">onSms</code> method와 수집한 내용을 공격자 서버로 전달합니다.</p> | ||
|
|
||
| <div class="language-jsx highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1">// s = "onSms"</span> | ||
| <span class="c1">// 1. Json-RPC로 onSms mthod 실행</span> | ||
| <span class="c1">// 1. Json-RPC로 onSms method 실행</span> | ||
| <span class="nb">Map</span> <span class="nx">map0</span> <span class="o">=</span> <span class="nx">b0</span><span class="p">.</span><span class="nx">f</span><span class="p">(</span><span class="k">new</span> <span class="nx">b</span><span class="p">[]{</span><span class="nx">c</span><span class="p">.</span><span class="nx">a</span><span class="p">(</span><span class="dl">"</span><span class="s2">jsonrpc</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">2.0</span><span class="dl">"</span><span class="p">),</span> <span class="nx">c</span><span class="p">.</span><span class="nx">a</span><span class="p">(</span><span class="dl">"</span><span class="s2">method</span><span class="dl">"</span><span class="p">,</span> <span class="nx">s</span><span class="p">)});</span> | ||
|
|
||
| <span class="c1">// 2. 수집한 내용을 params로 전달</span> | ||
|
|
@@ -693,88 +693,88 @@ <h1 id="4--outro">4. Outro</h1> | |
| <p>글의 주제를 제공해주신 김도현 팀장님과 분석 실마리를 제공해주신 김동규 선임연구원님, 글 작성을 도와주신 임필호 선임연구원님을 비롯한 모의해킹팀 분들에게 감사합니다.</p> | ||
|
|
||
| <p>이 글이 많은 분들의 연구에 도움이 되길 바라며 글을 줄이겠습니다.</p> | ||
|
|
||
| <div class="page-profile-detail"> | ||
| <div class="page-profile-detail-info"> | ||
| <div> | ||
| <img class="page-profile_image-detail" src="/assets/stealien_inverse.png" /> | ||
| </div> | ||
| <div style="position: relative; top: 12px;left: 10px;"> | ||
| <div class="page-profile-author">Hyerim Jeon</div> | ||
| <div class="page-profile-email">[email protected]</div> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </div> | ||
|
|
||
| <div class="recent-post-area"> | ||
| <div class="posts container"> | ||
| <div class="h1-recent-post">RECENT POST</div> | ||
| <div class="row"> | ||
| <div class="col-sm-2 col-md-2"> | ||
| <div class="profile"> | ||
| <img src="/assets/stealien_inverse.png" class="profile_image" /> | ||
| <div class="profile_author">Hyerim Jeon</div> | ||
| </div> | ||
| </div> | ||
| <div class="col"> | ||
| <a href="/2023-11-15/Android-malware-%EC%82%AC%EB%A7%88%EA%B7%80-%ED%95%B4%EB%B6%80%ED%95%99-ko"> | ||
| <div class="post-title"> | ||
| Android Malware : 사마귀 해부학 | ||
| </div> | ||
| </a> | ||
| <div class="post-summary">about Roaming Mantis</div> | ||
| <div class="post-info"> | ||
| <span style="color: #545454" class="post-author-mobile"> | ||
| Hyerim Jeon | ||
| <span style="color: #f5f5f5; margin: 2px">|</span> | ||
| </span> | ||
| Nov 15, 2023 | ||
| <span style="color: #f5f5f5; margin: 2px">|</span> | ||
| <span>R&D</span> | ||
| </div> | ||
| </div> | ||
| </div><div class="row"> | ||
| <div class="col-sm-2 col-md-2"> | ||
| <div class="profile"> | ||
| <img src="/assets/stealien_inverse.png" class="profile_image" /> | ||
| <div class="profile_author">Donggyu Kim</div> | ||
| </div> | ||
| </div> | ||
| <div class="col"> | ||
| <a href="/2023-07-31/bughunting-vulnerability-chaining-ko"> | ||
| <div class="post-title"> | ||
| 버그헌팅: 취약점 체이닝의 중요성 | ||
| </div> | ||
| </a> | ||
| <div class="post-summary">No impact, No bug</div> | ||
| <div class="post-info"> | ||
| <span style="color: #545454" class="post-author-mobile"> | ||
| Donggyu Kim | ||
| <span style="color: #f5f5f5; margin: 2px">|</span> | ||
| </span> | ||
| Jul 31, 2023 | ||
| <span style="color: #f5f5f5; margin: 2px">|</span> | ||
| <span>R&D</span> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </section><footer> | ||
| <div class="container" style="display: flex; justify-content: space-between;"> | ||
| <!-- <a href="#top"> | ||
| <img src="/assets/white_logo.png" class="footer-logo" /> | ||
| </a> --> | ||
| <div class="footer-copyright">Copyright © Stealien Inc.</div> | ||
| <div class="footer-icons"> | ||
| <a target="_blank" href="https://twitter.com/stealien"><img class="sns" src="/assets/icons/twitter_ic.png"/></a> | ||
| <a target="_blank" href="https://blog.naver.com/stealien_official"><img class="sns" src="/assets/icons/blog_ic.png"/></a> | ||
| <a target="_blank" href="https://www.facebook.com/stealien/"><img class="sns" src="/assets/icons/facebook_ic.png"/></a> | ||
| <a target="_blank" href="https://www.youtube.com/c/STEALIEN"><img class="sns" src="/assets/icons/youtube_ic.png"/></a> | ||
| </div> | ||
| </div> | ||
| </footer></body> | ||
| </html> | ||
|
|
||
| <div class="page-profile-detail"> | ||
| <div class="page-profile-detail-info"> | ||
| <div> | ||
| <img class="page-profile_image-detail" src="/assets/stealien_inverse.png" /> | ||
| </div> | ||
| <div style="position: relative; top: 12px;left: 10px;"> | ||
| <div class="page-profile-author">Hyerim Jeon</div> | ||
| <div class="page-profile-email">[email protected]</div> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </div> | ||
|
|
||
| <div class="recent-post-area"> | ||
| <div class="posts container"> | ||
| <div class="h1-recent-post">RECENT POST</div> | ||
| <div class="row"> | ||
| <div class="col-sm-2 col-md-2"> | ||
| <div class="profile"> | ||
| <img src="/assets/stealien_inverse.png" class="profile_image" /> | ||
| <div class="profile_author">Hyerim Jeon</div> | ||
| </div> | ||
| </div> | ||
| <div class="col"> | ||
| <a href="/2023-11-15/Android-malware-%EC%82%AC%EB%A7%88%EA%B7%80-%ED%95%B4%EB%B6%80%ED%95%99-ko"> | ||
| <div class="post-title"> | ||
| Android Malware : 사마귀 해부학 | ||
| </div> | ||
| </a> | ||
| <div class="post-summary">about Roaming Mantis</div> | ||
| <div class="post-info"> | ||
| <span style="color: #545454" class="post-author-mobile"> | ||
| Hyerim Jeon | ||
| <span style="color: #f5f5f5; margin: 2px">|</span> | ||
| </span> | ||
| Nov 15, 2023 | ||
| <span style="color: #f5f5f5; margin: 2px">|</span> | ||
| <span>R&D</span> | ||
| </div> | ||
| </div> | ||
| </div><div class="row"> | ||
| <div class="col-sm-2 col-md-2"> | ||
| <div class="profile"> | ||
| <img src="/assets/stealien_inverse.png" class="profile_image" /> | ||
| <div class="profile_author">Donggyu Kim</div> | ||
| </div> | ||
| </div> | ||
| <div class="col"> | ||
| <a href="/2023-07-31/bughunting-vulnerability-chaining-ko"> | ||
| <div class="post-title"> | ||
| 버그헌팅: 취약점 체이닝의 중요성 | ||
| </div> | ||
| </a> | ||
| <div class="post-summary">No impact, No bug</div> | ||
| <div class="post-info"> | ||
| <span style="color: #545454" class="post-author-mobile"> | ||
| Donggyu Kim | ||
| <span style="color: #f5f5f5; margin: 2px">|</span> | ||
| </span> | ||
| Jul 31, 2023 | ||
| <span style="color: #f5f5f5; margin: 2px">|</span> | ||
| <span>R&D</span> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </section><footer> | ||
| <div class="container" style="display: flex; justify-content: space-between;"> | ||
| <!-- <a href="#top"> | ||
| <img src="/assets/white_logo.png" class="footer-logo" /> | ||
| </a> --> | ||
| <div class="footer-copyright">Copyright © Stealien Inc.</div> | ||
| <div class="footer-icons"> | ||
| <a target="_blank" href="https://twitter.com/stealien"><img class="sns" src="/assets/icons/twitter_ic.png"/></a> | ||
| <a target="_blank" href="https://blog.naver.com/stealien_official"><img class="sns" src="/assets/icons/blog_ic.png"/></a> | ||
| <a target="_blank" href="https://www.facebook.com/stealien/"><img class="sns" src="/assets/icons/facebook_ic.png"/></a> | ||
| <a target="_blank" href="https://www.youtube.com/c/STEALIEN"><img class="sns" src="/assets/icons/youtube_ic.png"/></a> | ||
| </div> | ||
| </div> | ||
| </footer></body> | ||
| </html> | ||