{"id":9774,"date":"2025-05-14T14:33:04","date_gmt":"2025-05-14T05:33:04","guid":{"rendered":"https:\/\/www.auctionpro.co.kr\/?p=9774"},"modified":"2025-05-14T14:36:48","modified_gmt":"2025-05-14T05:36:48","slug":"%ec%95%85%ec%84%b1%ec%bd%94%eb%93%9c-dpfdoor","status":"publish","type":"post","link":"https:\/\/www.auctionpro.co.kr\/?p=9774","title":{"rendered":"\uc545\uc131\ucf54\ub4dc DPFDoor"},"content":{"rendered":"\n<p>\ub9ac\ub205\uc2a4 \uae30\ubc18 \uc2dc\uc2a4\ud15c\uc744 \uaca8\ub0e5\ud55c \uace0\ub3c4\ud654\ub41c \ubc31\ub3c4\uc5b4 \uc545\uc131\ucf54\ub4dc\ub85c, 2021\ub144 PwC\uc758 \uc704\ud611 \ubcf4\uace0\uc11c\ub97c \ud1b5\ud574 \ucc98\uc74c \uacf5\uac1c\ub418\uc5c8\uc2b5\ub2c8\ub2e4. \uc774 \uc545\uc131\ucf54\ub4dc\ub294 \uc911\uad6d\uacc4 APT \uadf8\ub8f9\uc778 Earth Bluecrow(\uc77c\uba85 Red Menshen)\uc5d0 \uc758\ud574 \uc0ac\uc6a9\ub41c \uac83\uc73c\ub85c \uc54c\ub824\uc838 \uc788\uc73c\uba70, \uc8fc\ub85c \uc544\uc2dc\uc544\uc640 \uc911\ub3d9 \uc9c0\uc5ed\uc758 \ud1b5\uc2e0, \uae08\uc735, \uc18c\ub9e4 \uc0b0\uc5c5\uc744 \ub300\uc0c1\uc73c\ub85c \ud55c \uc0ac\uc774\ubc84 \uc2a4\ud30c\uc774 \ud65c\ub3d9\uc5d0 \ud65c\uc6a9\ub418\uc5c8\uc2b5\ub2c8\ub2e4. <a href=\"https:\/\/kr.linkedin.com\/posts\/skim71_bpfdoor-%EC%95%85%EC%84%B1%EC%BD%94%EB%93%9C-%EA%B0%84%EB%8B%A8-%EC%9A%94%EC%95%BD-berkeley-packet-filter-activity-7323530465225691137-WtYN?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">\ud398\uc774\uc2a4\ubd81+4LinkedIn+4\uc5f0\ud569\ub274\uc2a4+4<\/a><a href=\"https:\/\/s2w.medium.com\/detailed-analysis-of-bpfdoor-targeting-south-korean-company-328171880a98?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">\uc5f0\ud569\ub274\uc2a4+8Medium+8Industrial Cyber+8<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd0d \uc8fc\uc694 \ud2b9\uc9d5<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>BPF(Berkeley Packet Filter) \uc545\uc6a9<\/strong>: BPFDoor\ub294 \ub9ac\ub205\uc2a4 \ucee4\ub110\uc758 BPF \uae30\ub2a5\uc744 \ud65c\uc6a9\ud558\uc5ec \ub124\ud2b8\uc6cc\ud06c \ud328\ud0b7\uc744 \ud544\ud130\ub9c1\ud558\uace0, \ud2b9\uc815 &#8216;\ub9e4\uc9c1 \uc2dc\ud000\uc2a4&#8217;\uac00 \ud3ec\ud568\ub41c \ud328\ud0b7\uc744 \ud1b5\ud574 \uba85\ub839\uc744 \uc218\uc2e0\ud569\ub2c8\ub2e4. \uc774\ub7ec\ud55c \ubc29\uc2dd\uc740 \ubc29\ud654\ubcbd\uc774\ub098 \uce68\uc785 \ud0d0\uc9c0 \uc2dc\uc2a4\ud15c(IDS\/IPS)\uc744 \uc6b0\ud68c\ud560 \uc218 \uc788\uac8c \ud574\uc90d\ub2c8\ub2e4. <a href=\"https:\/\/s2w.medium.com\/detailed-analysis-of-bpfdoor-targeting-south-korean-company-328171880a98?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">NordVPN+3Medium+3LinkedIn+3<\/a><\/li>\n\n\n\n<li><strong>\ub2e4\uc591\ud55c \ud1b5\uc2e0 \ud504\ub85c\ud1a0\ucf5c \uc9c0\uc6d0<\/strong>: TCP, UDP, ICMP \ud504\ub85c\ud1a0\ucf5c\uc744 \ud1b5\ud574 \ube44\ud45c\uc900 \ud1b5\uc2e0\uc744 \uc218\ud589\ud558\uba70, \uc774\ub97c \ud1b5\ud574 \ub9ac\ubc84\uc2a4 \uc178 \uc5f0\uacb0 \ubc0f \uba85\ub839\uc5b4 \uc2e4\ud589\uc774 \uac00\ub2a5\ud569\ub2c8\ub2e4. <a href=\"https:\/\/s2w.medium.com\/detailed-analysis-of-bpfdoor-targeting-south-korean-company-328171880a98?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">Medium+1MITRE ATT&amp;CK+1<\/a><\/li>\n\n\n\n<li><strong>\uc740\ub2c9 \ubc0f \uc9c0\uc18d\uc131<\/strong>: \ud504\ub85c\uc138\uc2a4 \uc774\ub984 \uc704\uc7a5, \uba54\ubaa8\ub9ac \uae30\ubc18 \uc2e4\ud589, \ud788\uc2a4\ud1a0\ub9ac \uae30\ub85d \ucc28\ub2e8 \ub4f1 \ub2e4\uc591\ud55c \uc548\ud2f0 \ud3ec\ub80c\uc2dd \uae30\uc220\uc744 \uc801\uc6a9\ud558\uc5ec \uc2dc\uc2a4\ud15c \ub0b4\uc5d0\uc11c \uc7a5\uae30\uac04 \uc740\ub2c9\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. <a href=\"https:\/\/s2w.medium.com\/detailed-analysis-of-bpfdoor-targeting-south-korean-company-328171880a98?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">Medium<\/a><\/li>\n\n\n\n<li><strong>\uce21\uba74 \uc774\ub3d9 \ubc0f \ucd94\uac00 \uac10\uc5fc<\/strong>: \uac10\uc5fc\ub41c \uc2dc\uc2a4\ud15c \ub0b4\uc5d0\uc11c \ub2e4\ub978 \ud638\uc2a4\ud2b8\ub85c\uc758 \uce21\uba74 \uc774\ub3d9\uc744 \uc9c0\uc6d0\ud558\uba70, \ucd94\uac00\uc801\uc778 \uc545\uc131 \ub3c4\uad6c\ub97c \uc5c5\ub85c\ub4dc\ud558\uc5ec \ub124\ud2b8\uc6cc\ud06c \ub0b4 \ud655\uc0b0\uc774 \uac00\ub2a5\ud569\ub2c8\ub2e4. <a href=\"https:\/\/s2w.medium.com\/detailed-analysis-of-bpfdoor-targeting-south-korean-company-328171880a98?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">Medium<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udee1\ufe0f \ub300\uc751 \ubc0f \ubc29\uc9c0 \ubc29\ubc95<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\ubcf4\uc548 \uc810\uac80 \ub3c4\uad6c \ud65c\uc6a9<\/strong>: \ud30c\uc774\uc624\ub9c1\ud06c\uc5d0\uc11c\ub294 \ucd5c\uadfc BPFDoor \uc545\uc131\ucf54\ub4dc\ub97c \uc810\uac80\ud560 \uc218 \uc788\ub294 \ubb34\ub8cc \ub3c4\uad6c\ub97c \ubc30\ud3ec\ud558\uc600\uc2b5\ub2c8\ub2e4. \uc774 \ub3c4\uad6c\ub294 \ub9ac\ub205\uc2a4(CentOS, Ubuntu \ub4f1) \ud658\uacbd\uc5d0\uc11c \ud14c\uc2a4\ud2b8\ub418\uc5c8\uc73c\uba70, \ud30c\uc774\uc624\ub9c1\ud06c \uacf5\uc2dd \ud648\ud398\uc774\uc9c0\uc5d0\uc11c \ub2e4\uc6b4\ub85c\ub4dc\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. <a href=\"https:\/\/zdnet.co.kr\/view\/?no=20250508215806&amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">\uc9c0\ub514\ub137\ucf54\ub9ac\uc544+1\ud398\uc774\uc2a4\ubd81+1<\/a><\/li>\n\n\n\n<li><strong>\uc815\uae30\uc801\uc778 \uc2dc\uc2a4\ud15c \uc810\uac80<\/strong>: \ube44\uc815\uc0c1\uc801\uc778 \uc18c\ucf13 \uc5f0\uacb0, \uc2e4\ud589 \ud30c\uc77c \uc704\ubcc0\uc870, \ud504\ub85c\uc138\uc2a4 \uc774\ub984 \ubcc0\uc870 \uc5ec\ubd80 \ub4f1\uc744 \uc8fc\uae30\uc801\uc73c\ub85c \uc810\uac80\ud558\uc5ec \uc774\uc0c1 \uc9d5\ud6c4\ub97c \uc870\uae30\uc5d0 \ubc1c\uacac\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. <a href=\"https:\/\/s2w.medium.com\/detailed-analysis-of-bpfdoor-targeting-south-korean-company-328171880a98?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">Medium<\/a><\/li>\n\n\n\n<li><strong>\ubcf4\uc548 \uc194\ub8e8\uc158 \uc5c5\ub370\uc774\ud2b8<\/strong>: \uc548\ub7a9 V3, \ud2b8\ub80c\ub4dc\ub9c8\uc774\ud06c\ub85c \ub4f1 \uc8fc\uc694 \ubcf4\uc548 \uc194\ub8e8\uc158\uc5d0\uc11c BPFDoor \ud0d0\uc9c0 \ubc0f \ub300\uc751 \uae30\ub2a5\uc744 \uc81c\uacf5\ud558\uace0 \uc788\uc73c\ubbc0\ub85c, \ucd5c\uc2e0 \ubc84\uc804\uc73c\ub85c \uc5c5\ub370\uc774\ud2b8\ud558\uc5ec \ubcf4\ud638 \uae30\ub2a5\uc744 \uac15\ud654\ud574\uc57c \ud569\ub2c8\ub2e4. <a href=\"https:\/\/s2w.medium.com\/detailed-analysis-of-bpfdoor-targeting-south-korean-company-328171880a98?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">Medium<\/a><\/li>\n\n\n\n<li><strong>KISA \ubcf4\uc548 \uacf5\uc9c0 \ucc38\uace0<\/strong>: \ud55c\uad6d\uc778\ud130\ub137\uc9c4\ud765\uc6d0(KISA)\uc5d0\uc11c\ub294 BPFDoor \uad00\ub828 \ubcf4\uc548 \uacf5\uc9c0\ub97c \ud1b5\ud574 \uc545\uc131\ucf54\ub4dc \ud574\uc2dc\uac12 \ubc0f \ub300\uc751 \ubc29\ubc95\uc744 \uc548\ub0b4\ud558\uace0 \uc788\uc73c\ubbc0\ub85c, \uc774\ub97c \ucc38\uace0\ud558\uc5ec \ubcf4\uc548 \uc870\uce58\ub97c \ucde8\ud558\ub294 \uac83\uc774 \uc911\uc694\ud569\ub2c8\ub2e4. <a href=\"https:\/\/www.facebook.com\/photo.php?fbid=1001529198816866&amp;set=a.163795379256923&amp;type=3&amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">\uc9c0\ub514\ub137\ucf54\ub9ac\uc544+3\ud398\uc774\uc2a4\ubd81+3\uc5f0\ud569\ub274\uc2a4+3<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>BPFDoor\ub294 \ub9ac\ub205\uc2a4 \uc2dc\uc2a4\ud15c\uc744 \ud45c\uc801\uc73c\ub85c \ud558\ub294 \uace0\ub3c4\ud654\ub41c \uc2a4\ud154\uc2a4\ud615 \uc545\uc131\ucf54\ub4dc\ub85c, \uc2dc\uc2a4\ud15c \uad00\ub9ac\uc790\uc640 \ubcf4\uc548 \ub2f4\ub2f9\uc790\uc758 \uac01\ubcc4\ud55c \uc8fc\uc758\uac00 \ud544\uc694\ud569\ub2c8\ub2e4. \uc815\uae30\uc801\uc778 \ubcf4\uc548 \uc810\uac80\uacfc \ucd5c\uc2e0 \ubcf4\uc548 \uc194\ub8e8\uc158\uc758 \ud65c\uc6a9\uc744 \ud1b5\ud574 \uc774\ub7ec\ud55c \uc704\ud611\uc5d0 \ub300\ube44\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<a href=\"https:\/\/kr.linkedin.com\/posts\/skim71_bpfdoor-%EC%95%85%EC%84%B1%EC%BD%94%EB%93%9C-%EA%B0%84%EB%8B%A8-%EC%9A%94%EC%95%BD-berkeley-packet-filter-activity-7323530465225691137-WtYN?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">LinkedIn+1\uc9c0\ub514\ub137\ucf54\ub9ac\uc544+1<\/a><\/p>\n\n\n\n<p>BPFDoor\ub294 <strong>Linux \uc2dc\uc2a4\ud15c\uc744 \ub178\ub9b0 \ubc31\ub3c4\uc5b4 \uc545\uc131\ucf54\ub4dc<\/strong>\ub85c, <strong>\uace0\uae09 \uc9c0\uc18d \uc704\ud611(APT) \uadf8\ub8f9 Red Menshen<\/strong>\uc774 \uc0ac\uc6a9\ud558\ub294 \uac83\uc73c\ub85c \uc54c\ub824\uc84c\uc2b5\ub2c8\ub2e4. \uc774 \uc545\uc131\ucf54\ub4dc\ub294 BPF(Berkeley Packet Filter)\ub97c \ud65c\uc6a9\ud574 <strong>\ub124\ud2b8\uc6cc\ud06c \ud2b8\ub798\ud53d\uc744 \uc740\ubc00\ud788 \uac10\uc2dc<\/strong>\ud558\uace0, <strong>\ud3ec\ud2b8 \ubc31\ub85c\uadf8\ub97c \ud65c\uc6a9\ud55c \uba85\ub839 \uc218\uc2e0<\/strong> \ubc0f <strong>\uc6d0\uaca9 \uc81c\uc5b4<\/strong> \uae30\ub2a5\uc744 \uc218\ud589\ud569\ub2c8\ub2e4. \uc2dc\uc2a4\ud15c\uc5d0 \uac70\uc758 \ud754\uc801\uc744 \ub0a8\uae30\uc9c0 \uc54a\uae30 \ub54c\ubb38\uc5d0 \ud0d0\uc9c0 \ubc0f \ubd84\uc11d\uc774 \ub9e4\uc6b0 \uc5b4\ub835\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n<p>\ub2e4\uc74c\uc740 BPFDoor \uac10\uc5fc \uc5ec\ubd80\ub97c \uc810\uac80\ud558\ub294 \ubc29\ubc95\uc785\ub2c8\ub2e4.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd0d 1. <strong>\ud504\ub85c\uc138\uc2a4 \ubc0f \ubc14\uc774\ub108\ub9ac \uac80\uc0ac<\/strong><\/h3>\n\n\n\n<p>BPFDoor\ub294 \uc790\uc2e0\uc744 <code>sshd<\/code>, <code>cron<\/code> \ub4f1 \uc815\uc0c1\uc801\uc778 \uc2dc\uc2a4\ud15c \ud504\ub85c\uc138\uc2a4\ub85c \uc704\uc7a5\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">bash\ubcf5\uc0ac\ud3b8\uc9d1<code>ps aux | grep -E 'sshd|cron|kworker|systemd'\n<\/code><\/pre>\n\n\n\n<p>\uc774 \uc911\uc5d0\uc11c \ub2e4\uc74c \ud56d\ubaa9\uc744 \ud655\uc778\ud558\uc138\uc694:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>**UID\uac00 0(root)**\uc774 \uc544\ub2cc\ub370 \uc774\uc0c1\ud55c \uacbd\ub85c\uc5d0\uc11c \uc2e4\ud589 \uc911\uc778 <code>sshd<\/code>, <code>cron<\/code> \ub4f1\uc774 \uc788\ub294\uc9c0<\/li>\n\n\n\n<li><strong>\uc815\uc0c1 \uc704\uce58\uac00 \uc544\ub2cc \uacbd\ub85c<\/strong> (\uc608: <code>\/tmp\/sshd<\/code>, <code>\/dev\/shm\/cron<\/code>)\uc5d0\uc11c \uc2e4\ud589\ub418\ub294 \ud504\ub85c\uc138\uc2a4<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udcc2 2. <strong>\ud30c\uc77c \uacbd\ub85c \uae30\ubc18 \uc218\uc0c1\ud55c \uc2e4\ud589\ud30c\uc77c \ud0d0\uc9c0<\/strong><\/h3>\n\n\n\n<p>BPFDoor\ub294 \uc77c\ubc18\uc801\uc73c\ub85c \ub2e4\uc74c \uacbd\ub85c\uc5d0 \uc124\uce58\ub429\ub2c8\ub2e4:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>\/dev\/shm\/<\/code><\/li>\n\n\n\n<li><code>\/tmp\/<\/code><\/li>\n\n\n\n<li><code>\/var\/tmp\/<\/code><\/li>\n<\/ul>\n\n\n\n<p>\uc774 \uacbd\ub85c\uc5d0\uc11c \uc2e4\ud589 \uad8c\ud55c\uc774 \uc788\ub294 \ud30c\uc77c\uc744 \ucc3e\uc544\ubd05\ub2c8\ub2e4:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">bash\ubcf5\uc0ac\ud3b8\uc9d1<code>find \/dev\/shm \/tmp \/var\/tmp -type f -executable\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udce1 3. <strong>Netstat\/ss \ub85c \uc218\uc0c1\ud55c \ud3ec\ud2b8 \ub9ac\uc2a4\ub2dd \ud0d0\uc9c0<\/strong><\/h3>\n\n\n\n<p>BPFDoor\ub294 \uc77c\ubc18\uc801\uc73c\ub85c <strong>\ub9ac\uc2a4\ub2dd \ud3ec\ud2b8\ub97c \uc5f4\uc9c0 \uc54a\uace0\ub3c4<\/strong> \ud328\ud0b7\uc744 \uc218\uc2e0\ud569\ub2c8\ub2e4. \uadf8\ub7ec\ub098 \uac04\ud639 \ub2e4\uc74c\uc744 \ud1b5\ud574 \uac10\uc9c0 \uac00\ub2a5\ud569\ub2c8\ub2e4:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">bash\ubcf5\uc0ac\ud3b8\uc9d1<code>ss -pant\nnetstat -antup\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>LISTEN<\/code> \uc0c1\ud0dc\uac00 \uc544\ub2cc\ub370\ub3c4 <strong>\uc678\ubd80 \uc5f0\uacb0\uc744 \uae30\ub2e4\ub9ac\ub294 \ub4ef\ud55c \ud504\ub85c\uc138\uc2a4<\/strong>\uac00 \uc788\ub294 \uacbd\uc6b0 \uc8fc\uc758.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83e\uddea 4. <strong>\ud328\ud0b7 \ud544\ud130\ub9c1 \uae30\ub2a5(BPF) \uac80\uc0ac<\/strong><\/h3>\n\n\n\n<p>BPFDoor\ub294 <code>SO_ATTACH_FILTER<\/code>\ub85c BPF \ud544\ud130\ub97c \uc18c\ucf13\uc5d0 \uc5f0\uacb0\ud569\ub2c8\ub2e4. \uc774\uac78 \uac80\uc0ac\ud558\ub824\uba74:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">bash\ubcf5\uc0ac\ud3b8\uc9d1<code>sudo bpftool prog show\n<\/code><\/pre>\n\n\n\n<p>BPFDoor\uc640 \uac19\uc740 \ubc31\ub3c4\uc5b4\ub294 \uc885\uc885 \uc774 \ubaa9\ub85d\uc5d0 **&#8221;unspecified&#8221;**\ub85c \ub098\uc635\ub2c8\ub2e4.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udcc8 5. <strong>ld.so.preload \ud30c\uc77c \uac80\uc0ac<\/strong><\/h3>\n\n\n\n<p>BPFDoor\ub294 \uc885\uc885 \ub77c\uc774\ube0c\ub7ec\ub9ac\ub97c \uc545\uc6a9\ud558\uae30 \uc704\ud574 <code>\/etc\/ld.so.preload<\/code>\ub97c \uc218\uc815\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">bash\ubcf5\uc0ac\ud3b8\uc9d1<code>cat \/etc\/ld.so.preload\n<\/code><\/pre>\n\n\n\n<p>\uc774 \ud30c\uc77c\uc774 <strong>\ube44\uc5b4 \uc788\uc9c0 \uc54a\uac70\ub098<\/strong>, <strong>\uc758\uc2ec\uc2a4\ub7ec\uc6b4 \uacbd\ub85c<\/strong>\uac00 \uc788\ub2e4\uba74 \uac10\uc5fc \uc758\uc2ec.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83e\uddf0 6. <strong>\ud3ec\ub80c\uc2dd \ub3c4\uad6c \ud65c\uc6a9<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\"><a class=\"\" href=\"http:\/\/www.chkrootkit.org\/\">Chkrootkit<\/a><\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\">bash\ubcf5\uc0ac\ud3b8\uc9d1<code>sudo apt install chkrootkit\nsudo chkrootkit\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><a>rkhunter<\/a><\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\">bash\ubcf5\uc0ac\ud3b8\uc9d1<code>sudo apt install rkhunter\nsudo rkhunter --update\nsudo rkhunter --check\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udee1\ufe0f 7. <strong>\uba54\ubaa8\ub9ac \ubc0f \ub3d9\uc791 \uae30\ubc18 \ud0d0\uc9c0 (\uace0\uae09)<\/strong><\/h3>\n\n\n\n<p><code>bpftool<\/code>, <code>strace<\/code>, <code>lsof<\/code>, <code>auditd<\/code> \ub4f1\uc744 \ud65c\uc6a9\ud558\uc5ec:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\uc2e4\ud589 \uc911\uc778 \ud504\ub85c\uc138\uc2a4\uc758 <strong>\ub77c\uc774\ube0c\ub7ec\ub9ac \ub3d9\uc801 \ub85c\ub529<\/strong><\/li>\n\n\n\n<li><strong>raw socket<\/strong> \uc0ac\uc6a9<\/li>\n\n\n\n<li><strong>fork+exec<\/strong> \uc5c6\uc774 \uba85\ub839\uc744 \uc218\ud589\ud558\ub294 \ud328\ud134 \ub4f1\uc744 \ubd84\uc11d<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\u2705 \uc694\uc57d<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>\ud56d\ubaa9<\/th><th>\uc810\uac80<\/th><\/tr><\/thead><tbody><tr><td>ps, find \uba85\ub839\uc73c\ub85c \uc704\uc7a5 \ud504\ub85c\uc138\uc2a4 \ud0d0\uc9c0<\/td><td>\u2705<\/td><\/tr><tr><td>\/dev\/shm, \/tmp \ub4f1\uc5d0\uc11c \uc2e4\ud589 \ud30c\uc77c \uac80\uc0ac<\/td><td>\u2705<\/td><\/tr><tr><td>bpftool\ub85c BPF \ud544\ud130 \ud655\uc778<\/td><td>\u2705<\/td><\/tr><tr><td>ld.so.preload \ub0b4\uc6a9 \ud655\uc778<\/td><td>\u2705<\/td><\/tr><tr><td>rkhunter, chkrootkit \ub4f1 \ub3c4\uad6c \uc0ac\uc6a9<\/td><td>\u2705<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udca1 \ub300\uc751 \uad8c\uc7a5 \uc0ac\ud56d<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>\uac10\uc5fc \uc758\uc2ec \uc2dc \uc989\uc2dc \ub124\ud2b8\uc6cc\ud06c \uaca9\ub9ac<\/strong><\/li>\n\n\n\n<li><strong>\uc2dc\uc2a4\ud15c \ubc31\uc5c5 \ud655\ubcf4 \ud6c4, \ud3ec\ub80c\uc2dd \ubd84\uc11d \ub610\ub294 \ud074\ub9b0 \uc7ac\uc124\uce58 \uad8c\uc7a5<\/strong><\/li>\n\n\n\n<li><strong>\ucde8\uc57d\ud55c \ud3ec\ud2b8\ub97c \ub2eb\uace0, SSH \ub4f1 \uc811\uadfc\uc744 \uc81c\ud55c<\/strong><\/li>\n\n\n\n<li><strong>\ub85c\uadf8\ub97c \uc678\ubd80 \ub85c\uadf8 \uc11c\ubc84\ub85c \uc804\uc1a1\ud558\uc5ec tamper-proof \uc720\uc9c0<\/strong><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\"><p>\ub9ac\ub205\uc2a4 \uae30\ubc18 \uc2dc\uc2a4\ud15c\uc744 \uaca8\ub0e5\ud55c \uace0\ub3c4\ud654\ub41c \ubc31\ub3c4\uc5b4 \uc545\uc131\ucf54\ub4dc\ub85c, 2021\ub144 PwC\uc758 \uc704\ud611 \ubcf4\uace0\uc11c\ub97c \ud1b5\ud574 \ucc98\uc74c \uacf5\uac1c\ub418\uc5c8\uc2b5\ub2c8\ub2e4. \uc774 \uc545\uc131\ucf54\ub4dc\ub294 \uc911\uad6d\uacc4 APT \uadf8\ub8f9\uc778 Earth Bluecrow(\uc77c\uba85 Red Menshen)\uc5d0 \uc758\ud574 \uc0ac\uc6a9\ub41c <a class=\"mh-excerpt-more\" href=\"https:\/\/www.auctionpro.co.kr\/?p=9774\" title=\"\uc545\uc131\ucf54\ub4dc DPFDoor\">[&#8230;]<\/a><\/p>\n<\/div>","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[17],"tags":[],"class_list":["post-9774","post","type-post","status-publish","format-standard","hentry","category-17"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>\uc545\uc131\ucf54\ub4dc DPFDoor - AuctionPro<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.auctionpro.co.kr\/?p=9774\" \/>\n<meta property=\"og:locale\" content=\"ko_KR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\uc545\uc131\ucf54\ub4dc DPFDoor - AuctionPro\" \/>\n<meta property=\"og:description\" content=\"\ub9ac\ub205\uc2a4 \uae30\ubc18 \uc2dc\uc2a4\ud15c\uc744 \uaca8\ub0e5\ud55c \uace0\ub3c4\ud654\ub41c \ubc31\ub3c4\uc5b4 \uc545\uc131\ucf54\ub4dc\ub85c, 2021\ub144 PwC\uc758 \uc704\ud611 \ubcf4\uace0\uc11c\ub97c \ud1b5\ud574 \ucc98\uc74c \uacf5\uac1c\ub418\uc5c8\uc2b5\ub2c8\ub2e4. \uc774 \uc545\uc131\ucf54\ub4dc\ub294 \uc911\uad6d\uacc4 APT \uadf8\ub8f9\uc778 Earth Bluecrow(\uc77c\uba85 Red Menshen)\uc5d0 \uc758\ud574 \uc0ac\uc6a9\ub41c [...]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.auctionpro.co.kr\/?p=9774\" \/>\n<meta property=\"og:site_name\" content=\"AuctionPro\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-14T05:33:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-14T05:36:48+00:00\" \/>\n<meta name=\"author\" content=\"golgol\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\uae00\uc4f4\uc774\" \/>\n\t<meta name=\"twitter:data1\" content=\"golgol\" \/>\n\t<meta name=\"twitter:label2\" content=\"\uc608\uc0c1 \ub418\ub294 \ud310\ub3c5 \uc2dc\uac04\" \/>\n\t<meta name=\"twitter:data2\" content=\"1\ubd84\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.auctionpro.co.kr\\\/?p=9774#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.auctionpro.co.kr\\\/?p=9774\"},\"author\":{\"name\":\"golgol\",\"@id\":\"https:\\\/\\\/www.auctionpro.co.kr\\\/#\\\/schema\\\/person\\\/d3dbae599b06cd55f5b14a3e2116f7a2\"},\"headline\":\"\uc545\uc131\ucf54\ub4dc DPFDoor\",\"datePublished\":\"2025-05-14T05:33:04+00:00\",\"dateModified\":\"2025-05-14T05:36:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.auctionpro.co.kr\\\/?p=9774\"},\"wordCount\":90,\"commentCount\":0,\"articleSection\":[\"[DEV]\ubcf4\uc548\"],\"inLanguage\":\"ko-KR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.auctionpro.co.kr\\\/?p=9774#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.auctionpro.co.kr\\\/?p=9774\",\"url\":\"https:\\\/\\\/www.auctionpro.co.kr\\\/?p=9774\",\"name\":\"\uc545\uc131\ucf54\ub4dc DPFDoor - AuctionPro\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.auctionpro.co.kr\\\/#website\"},\"datePublished\":\"2025-05-14T05:33:04+00:00\",\"dateModified\":\"2025-05-14T05:36:48+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.auctionpro.co.kr\\\/#\\\/schema\\\/person\\\/d3dbae599b06cd55f5b14a3e2116f7a2\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.auctionpro.co.kr\\\/?p=9774#breadcrumb\"},\"inLanguage\":\"ko-KR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.auctionpro.co.kr\\\/?p=9774\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.auctionpro.co.kr\\\/?p=9774#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\ud648\",\"item\":\"https:\\\/\\\/www.auctionpro.co.kr\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\uc545\uc131\ucf54\ub4dc DPFDoor\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.auctionpro.co.kr\\\/#website\",\"url\":\"https:\\\/\\\/www.auctionpro.co.kr\\\/\",\"name\":\"AuctionPro\",\"description\":\"\uc625\uc158\ud504\ub85c\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.auctionpro.co.kr\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ko-KR\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.auctionpro.co.kr\\\/#\\\/schema\\\/person\\\/d3dbae599b06cd55f5b14a3e2116f7a2\",\"name\":\"golgol\",\"url\":\"https:\\\/\\\/www.auctionpro.co.kr\\\/?author=6\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\uc545\uc131\ucf54\ub4dc DPFDoor - AuctionPro","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.auctionpro.co.kr\/?p=9774","og_locale":"ko_KR","og_type":"article","og_title":"\uc545\uc131\ucf54\ub4dc DPFDoor - AuctionPro","og_description":"\ub9ac\ub205\uc2a4 \uae30\ubc18 \uc2dc\uc2a4\ud15c\uc744 \uaca8\ub0e5\ud55c \uace0\ub3c4\ud654\ub41c \ubc31\ub3c4\uc5b4 \uc545\uc131\ucf54\ub4dc\ub85c, 2021\ub144 PwC\uc758 \uc704\ud611 \ubcf4\uace0\uc11c\ub97c \ud1b5\ud574 \ucc98\uc74c \uacf5\uac1c\ub418\uc5c8\uc2b5\ub2c8\ub2e4. \uc774 \uc545\uc131\ucf54\ub4dc\ub294 \uc911\uad6d\uacc4 APT \uadf8\ub8f9\uc778 Earth Bluecrow(\uc77c\uba85 Red Menshen)\uc5d0 \uc758\ud574 \uc0ac\uc6a9\ub41c [...]","og_url":"https:\/\/www.auctionpro.co.kr\/?p=9774","og_site_name":"AuctionPro","article_published_time":"2025-05-14T05:33:04+00:00","article_modified_time":"2025-05-14T05:36:48+00:00","author":"golgol","twitter_card":"summary_large_image","twitter_misc":{"\uae00\uc4f4\uc774":"golgol","\uc608\uc0c1 \ub418\ub294 \ud310\ub3c5 \uc2dc\uac04":"1\ubd84"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.auctionpro.co.kr\/?p=9774#article","isPartOf":{"@id":"https:\/\/www.auctionpro.co.kr\/?p=9774"},"author":{"name":"golgol","@id":"https:\/\/www.auctionpro.co.kr\/#\/schema\/person\/d3dbae599b06cd55f5b14a3e2116f7a2"},"headline":"\uc545\uc131\ucf54\ub4dc DPFDoor","datePublished":"2025-05-14T05:33:04+00:00","dateModified":"2025-05-14T05:36:48+00:00","mainEntityOfPage":{"@id":"https:\/\/www.auctionpro.co.kr\/?p=9774"},"wordCount":90,"commentCount":0,"articleSection":["[DEV]\ubcf4\uc548"],"inLanguage":"ko-KR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.auctionpro.co.kr\/?p=9774#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.auctionpro.co.kr\/?p=9774","url":"https:\/\/www.auctionpro.co.kr\/?p=9774","name":"\uc545\uc131\ucf54\ub4dc DPFDoor - AuctionPro","isPartOf":{"@id":"https:\/\/www.auctionpro.co.kr\/#website"},"datePublished":"2025-05-14T05:33:04+00:00","dateModified":"2025-05-14T05:36:48+00:00","author":{"@id":"https:\/\/www.auctionpro.co.kr\/#\/schema\/person\/d3dbae599b06cd55f5b14a3e2116f7a2"},"breadcrumb":{"@id":"https:\/\/www.auctionpro.co.kr\/?p=9774#breadcrumb"},"inLanguage":"ko-KR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.auctionpro.co.kr\/?p=9774"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.auctionpro.co.kr\/?p=9774#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\ud648","item":"https:\/\/www.auctionpro.co.kr\/"},{"@type":"ListItem","position":2,"name":"\uc545\uc131\ucf54\ub4dc DPFDoor"}]},{"@type":"WebSite","@id":"https:\/\/www.auctionpro.co.kr\/#website","url":"https:\/\/www.auctionpro.co.kr\/","name":"AuctionPro","description":"\uc625\uc158\ud504\ub85c","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.auctionpro.co.kr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ko-KR"},{"@type":"Person","@id":"https:\/\/www.auctionpro.co.kr\/#\/schema\/person\/d3dbae599b06cd55f5b14a3e2116f7a2","name":"golgol","url":"https:\/\/www.auctionpro.co.kr\/?author=6"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.auctionpro.co.kr\/index.php?rest_route=\/wp\/v2\/posts\/9774","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.auctionpro.co.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.auctionpro.co.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.auctionpro.co.kr\/index.php?rest_route=\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.auctionpro.co.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9774"}],"version-history":[{"count":0,"href":"https:\/\/www.auctionpro.co.kr\/index.php?rest_route=\/wp\/v2\/posts\/9774\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.auctionpro.co.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9774"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.auctionpro.co.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9774"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.auctionpro.co.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9774"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}