{"published":"2025-05-30 00:00:00","image_url":"https://cdn-ak.f.st-hatena.com/images/fotolife/t/tanigawa/20250531/20250531184933.png","title":"North Korean IT Workers Exploit Legitimate Software and Network Tactics to Evade EDR","version":"1.0","blog_url":"https://malware-log.hatenablog.com/","height":"190","categories":["\u30d7\u30ed\u30c8\u30b3\u30eb: ARP","\u30d7\u30ed\u30c8\u30b3\u30eb: WebSockets","\u30c4\u30fc\u30eb: Scapy","\u30a2\u30d7\u30ea: Zoom","\u30c4\u30fc\u30eb: Extrahop","\u30c4\u30fc\u30eb: Zeek","\u507d\u88c5\u624b\u6cd5: Zoom\u306e\u30ea\u30e2\u30fc\u30c8\u30c4\u30fc\u30eb\u5316"],"blog_title":"TT Malware Log","width":"100%","author_name":"tanigawa","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fmalware-log.hatenablog.com%2Fentry%2F2025%2F05%2F30%2F000000_2\" title=\"North Korean IT Workers Exploit Legitimate Software and Network Tactics to Evade EDR - TT Malware Log\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","url":"https://malware-log.hatenablog.com/entry/2025/05/30/000000_2","provider_url":"https://hatena.blog","description":"\u3010\u8a33\u3011\u5317\u671d\u9bae\u306eIT\u6280\u8853\u8005\u304c\u3001\u6b63\u898f\u306e\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3068\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u6226\u8853\u3092\u60aa\u7528\u3057\u3066EDR\u3092\u56de\u907f\u3057\u3066\u3044\u308b\u3002 \u3010\u56f3\u8868\u3011 \u51fa\u5178: https://gbhackers.com/north-korean-it-workers-exploit-legitimate-software/ \u3010\u8981\u7d04\u3011 \u5317\u671d\u9bae\u306eIT\u6280\u8853\u8005\u304c\u507d\u540d\u3067\u4f01\u696d\u306b\u96c7\u7528\u3055\u308c\u3001\u5408\u6cd5\u7684\u306a\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3084\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30d7\u30ed\u30c8\u30b3\u30eb\u3092\u60aa\u7528\u3057\u3066EDR\u306e\u691c\u51fa\u3092\u56de\u907f\u3057\u3001\u30b9\u30c6\u30eb\u30b9\u306a\u9060\u9694\u64cd\u4f5c\u3092\u5b9f\u65bd\u3057\u307e\u3057\u305f\u3002WebSocket\u3084ARP\u30d1\u30b1\u30c3\u30c8\u3092\u5229\u7528\u3057\u3001Zoom\u3092\u30ea\u30e2\u30fc\u30c8\u30c4\u30fc\u30eb\u5316\u3002\u4fe1\u983c\u3055\u308c\u305f\u74b0\u5883\u3092\u60aa\u7528\u3059\u308b\u5de7\u5999\u306a\u624b\u6cd5\u3067\u3001\u7d44\u7e54\u306e\u5185\u90e8\u8005\u30ea\u30b9\u30af\u3068\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u76e3\u8996\u5f37\u5316\u306e\u5fc5\u8981\u6027\u304c\u6d6e\u304d\u5f6b\u308a\u3068\u306a\u2026","author_url":"https://blog.hatena.ne.jp/tanigawa/","type":"rich","provider_name":"Hatena Blog"}