{"id":148551,"date":"2025-07-29T13:38:34","date_gmt":"2025-07-29T20:38:34","guid":{"rendered":"https:\/\/unit42.paloaltonetworks.com\/?p=148551"},"modified":"2025-07-30T14:12:41","modified_gmt":"2025-07-30T21:12:41","slug":"microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770","status":"publish","type":"post","link":"https:\/\/unit42.paloaltonetworks.com\/ko\/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770\/","title":{"rendered":"Microsoft SharePoint \ucde8\uc57d\uc810\uc758 \uc2e4\uc81c \uc545\uc6a9 (7\uc6d4 29\uc77c \uc5c5\ub370\uc774\ud2b8)"},"content":{"rendered":"<h2><a id=\"post-148551-_heading=h.qst5e84z6owc\"><\/a>\uc804\uccb4 \uac1c\uc694<\/h2>\n<p><a id=\"post-148551-_heading=h.d7qvdzqlo86m\"><\/a><strong>2025\ub144 7\uc6d4 29\uc77c \uc5c5\ub370\uc774\ud2b8<\/strong><\/p>\n<p>Unit 42 \ud154\ub808\uba54\ud2b8\ub9ac\ub97c \ud1b5\ud574 2025\ub144 7\uc6d4 17\uc77c 08:40 UTC\ubd80\ud130 7\uc6d4 22\uc77c\uae4c\uc9c0 CL-CRI-1040\uc73c\ub85c \ucd94\uc801\ub418\ub294 \uc704\ud611 \ud65c\ub3d9\uc5d0\uc11c \ube44\ub86f\ub41c CVE-2025-53770 \uc775\uc2a4\ud50c\ub85c\uc787 \uc2dc\ub3c4\ub97c \ud3ec\ucc29\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<p>2025\ub144 7\uc6d4 17\uc77c 06:58 UTC\ubd80\ud130 CL-CRI-1040 IP \uc8fc\uc18c\uac00 SharePoint \uc11c\ubc84\ub97c \ub300\uc0c1\uc73c\ub85c \uacf5\uaca9 \uc804 \ucde8\uc57d\uc810 \ud14c\uc2a4\ud2b8\ub97c \uc218\ud589\ud558\ub294 \uac83\uc774 \uad00\uce21\ub418\uc5c8\uc2b5\ub2c8\ub2e4. \uc775\uc2a4\ud50c\ub85c\uc787 \uc2dc\ub3c4 \ud328\ud134\uc73c\ub85c \ubcf4\uc544, \uacf5\uaca9\uc790\ub294 \uace0\uc815\ub41c SharePoint \uc11c\ubc84 \ud0c0\uac9f \ubaa9\ub85d\uc744 \uc0ac\uc6a9\ud558\uace0 \uc788\ub294 \uac83\uc73c\ub85c \ubcf4\uc785\ub2c8\ub2e4.<\/p>\n<p>CL-CRI-1040 \ud65c\ub3d9\uc758 \uc77c\ud658\uc73c\ub85c CVE-2025-53770\uc744 \uc775\uc2a4\ud50c\ub85c\uc787\ud558\ub294 IP \uc8fc\uc18c \uc911 \ud558\ub098\ub294 <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/07\/22\/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities\/\" target=\"_blank\" rel=\"noopener\">\ub9c8\uc774\ud06c\ub85c\uc18c\ud504\ud2b8<\/a>\uac00 \uc5b8\uae09\ud55c Storm-2603 \ud074\ub7ec\uc2a4\ud130\uc640 \uacb9\uce69\ub2c8\ub2e4. \uc800\ud76c\ub294 \ud604\uc7ac \uc774 \ud074\ub7ec\uc2a4\ud130\uc758 \ubc30\ud6c4 \uacf5\uaca9\uc790\uc5d0 \ub300\ud574 \ub354 \uc790\uc138\ud788 \ud30c\uc545\ud558\uae30 \uc704\ud574 \uc870\uc0ac\ub97c \uc9c4\ud589\ud558\uace0 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>Unit 42\ub294 \uc628\ud504\ub808\ubbf8\uc2a4 Microsoft SharePoint \uc11c\ubc84\ub97c \ud45c\uc801\uc73c\ub85c \uc0bc\ub294 \uc2ec\uac01\ud558\uace0 \uc9c0\uc18d\uc801\uc778 \uc704\ud611 \ud65c\ub3d9\uc744 \ucd94\uc801\ud558\uace0 \uc788\uc2b5\ub2c8\ub2e4. \ud074\ub77c\uc6b0\ub4dc \ud658\uacbd\uc740 \uc601\ud5a5\uc744 \ubc1b\uc9c0 \uc54a\uc9c0\ub9cc, \ud2b9\ud788 \uc815\ubd80, \ud559\uad50, \uc758\ub8cc \uae30\uad00(\ubcd1\uc6d0 \ud3ec\ud568) \ubc0f \ub300\uae30\uc5c5\uc758 \uc628\ud504\ub808\ubbf8\uc2a4 SharePoint \ubc30\ud3ec\ub294 \uc989\uac01\uc801\uc778 \uc704\ud5d8\uc5d0 \ucc98\ud574 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\ud604\uc7ac \uc628-\ud504\ub808\ubbf8\uc2a4 Microsoft SharePoint \uc11c\ubc84\ub294 \u201cToolShell\u201d\ub85c \ud1b5\uce6d\ub418\ub294 \uc5ec\ub7ec \ucde8\uc57d\uc810(<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-49704\" target=\"_blank\" rel=\"noopener\">CVE-2025-49704<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-49706\" target=\"_blank\" rel=\"noopener\">CVE-2025-49706<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-53770\" target=\"_blank\" rel=\"noopener\">CVE-2025-53770, <\/a><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-53771\" target=\"_blank\" rel=\"noopener\">CVE-2025-53771<\/a>) \uc73c\ub85c \uc778\ud574 \uad11\ubc94\uc704\ud558\uace0 \ud65c\ubc1c\ud55c \uc545\uc6a9\uc5d0 \uc9c1\uba74\ud558\uace0 \uc788\uc2b5\ub2c8\ub2e4. \uc774\ub7ec\ud55c \ucde8\uc57d\uc810\uc744 \ud1b5\ud574 \uacf5\uaca9\uc790\ub294 \uc790\uaca9 \uc99d\uba85\uc774 \uc5c6\uc5b4\ub3c4 \uc644\uc804\ud55c \uc6d0\uaca9 \ucf54\ub4dc \uc2e4\ud589(RCE)\uc744 \uc218\ud589\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc190\uc0c1\ub41c SharePoint \uc11c\ubc84\ub294 \ub2e4\ub978 \ud1b5\ud569 Microsoft \uc11c\ube44\uc2a4\uc5d0 \ub300\ud55c \uac8c\uc774\ud2b8\uc6e8\uc774 \uc5ed\ud560\uc744 \ud560 \uc218 \uc788\uc73c\ubbc0\ub85c \uc870\uc9c1\uc5d0 \uc0c1\ub2f9\ud55c \uc704\ud5d8\uc744 \ucd08\ub798\ud569\ub2c8\ub2e4.<\/p>\n<p>CVE \ubcf4\uace0\uc11c\uc640 \ub354\ubd88\uc5b4 Microsoft\ub294 \uc774\ub7ec\ud55c \ucde8\uc57d\uc810\uc5d0 \ub300\ud55c <a href=\"https:\/\/msrc.microsoft.com\/blog\/2025\/07\/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770\/\" target=\"_blank\" rel=\"noopener\">\ucd94\uac00 \uc9c0\uce68<\/a>\uc744 \ubc1c\ud45c\ud588\uc2b5\ub2c8\ub2e4. \ucde8\uc57d\uc810, \ud574\ub2f9 \ucde8\uc57d\uc810\uc758 CVSS \uc810\uc218 \ubc0f \uc124\uba85\uc740 \ud45c 1\uc5d0 \uc790\uc138\ud788 \ub098\uc640 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<table style=\"width: 99.1086%;\">\n<tbody>\n<tr>\n<td style=\"width: 21.2477%; text-align: center;\"><strong>CVE #<\/strong><\/td>\n<td style=\"width: 54.4501%; text-align: center;\"><strong>\uc124\uba85<\/strong><\/td>\n<td style=\"width: 23.7771%; text-align: center;\"><strong>CVSS \uc810\uc218<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 21.2477%; text-align: center;\"><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-49704\" target=\"_blank\" rel=\"noopener\">CVE-2025-49704<\/a><\/td>\n<td style=\"width: 54.4501%;\">Microsoft Office SharePoint\uc5d0\uc11c \ucf54\ub4dc \uc0dd\uc131(\ucf54\ub4dc \uc0bd\uc785)\uc744 \ubd80\uc801\uc808\ud558\uac8c \uc81c\uc5b4\ud558\uba74 \uad8c\ud55c\uc774 \uc788\ub294 \uacf5\uaca9\uc790\uac00 \ub124\ud2b8\uc6cc\ud06c\ub97c \ud1b5\ud574 \ucf54\ub4dc\ub97c \uc2e4\ud589\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/td>\n<td style=\"width: 23.7771%; text-align: center;\">8.8<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 21.2477%; text-align: center;\"><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-49706\" target=\"_blank\" rel=\"noopener\">CVE-2025-49706<\/a><\/td>\n<td style=\"width: 54.4501%;\">Microsoft Office SharePoint\uc758 \ubd80\uc801\uc808\ud55c \uc778\uc99d\uc73c\ub85c \uc778\ud574 \uad8c\ud55c\uc774 \uc788\ub294 \uacf5\uaca9\uc790\uac00 \ub124\ud2b8\uc6cc\ud06c\ub97c \ud1b5\ud574 \uc2a4\ud478\ud551\uc744 \uc218\ud589\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/td>\n<td style=\"width: 23.7771%; text-align: center;\">6.3<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 21.2477%; text-align: center;\"><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-53770\" target=\"_blank\" rel=\"noopener\">CVE-2025-53770<\/a><\/td>\n<td style=\"width: 54.4501%;\">\uc628\ud504\ub808\ubbf8\uc2a4 Microsoft SharePoint Server\uc5d0\uc11c \uc2e0\ub8b0\ud560 \uc218 \uc5c6\ub294 \ub370\uc774\ud130\ub97c \uc5ed\uc9c1\ub82c\ud654\ud558\uba74 \uad8c\ud55c\uc774 \uc5c6\ub294 \uacf5\uaca9\uc790\uac00 \ub124\ud2b8\uc6cc\ud06c\ub97c \ud1b5\ud574 \ucf54\ub4dc\ub97c \uc2e4\ud589\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/td>\n<td style=\"width: 23.7771%; text-align: center;\">9.8<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 21.2477%; text-align: center;\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-53771\" target=\"_blank\" rel=\"noopener\">CVE-2025-53771<\/a><\/td>\n<td style=\"width: 54.4501%;\">Microsoft Office SharePoint\uc5d0\uc11c \uacbd\ub85c \uc774\ub984\uc744 \uc81c\ud55c\ub41c \ub514\ub809\ud1a0\ub9ac\ub85c \ubd80\uc801\uc808\ud558\uac8c \uc81c\ud55c(\uacbd\ub85c \uc6b0\ud68c)\ud558\uba74 \uad8c\ud55c\uc774 \uc788\ub294 \uacf5\uaca9\uc790\uac00 \ub124\ud2b8\uc6cc\ud06c\ub97c \ud1b5\ud574 \uc2a4\ud478\ud551\uc744 \uc218\ud589\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/td>\n<td style=\"width: 23.7771%; text-align: center;\">6.3<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\ud45c 1. Microsoft SharePoint\uc5d0 \uc601\ud5a5\uc744 \ubbf8\uce58\ub294 \ucd5c\uadfc \ucde8\uc57d\uc810 \ubaa9\ub85d.<\/p>\n<p>\uc774\ub7ec\ud55c \ucde8\uc57d\uc810\uc740 \ubaa8\ub450 Microsoft SharePoint Enterprise Server 2016 \ubc0f 2019\uc5d0 \uc801\uc6a9\ub429\ub2c8\ub2e4. CVE-2025-49706 \ubc0f CVE-2025-53770\uc740 Microsoft SharePoint Server \uad6c\ub3c5 \ubc84\uc804\uc5d0\ub3c4 \uc801\uc6a9\ub429\ub2c8\ub2e4. Microsoft\ub294 Microsoft 365\uc758 SharePoint Online\uc740 \uc601\ud5a5\uc744 \ubc1b\uc9c0 \uc54a\ub294\ub2e4\uace0 \ubc1d\ud614\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\ud604\uc7ac Microsoft \ubcf4\uc548 \ub300\uc751 \uc13c\ud130(MSRC)\uc640 \uae34\ubc00\ud788 \ud611\ub825\ud558\uc5ec \uace0\uac1d\uc5d0\uac8c \ucd5c\uc2e0 \uc815\ubcf4\ub97c \uc81c\uacf5\ud558\uace0 \uc788\uc73c\uba70, \uc601\ud5a5\uc744 \ubc1b\ub294 \uace0\uac1d \ubc0f \uae30\ud0c0 \uc870\uc9c1\uc5d0 \uc801\uadf9\uc801\uc73c\ub85c \uc54c\ub9ac\uace0 \uc788\uc2b5\ub2c8\ub2e4. \uc774\ub7ec\ud55c \uc0c1\ud669\uc740 \ube60\ub974\uac8c \ubcc0\ud654\ud558\uace0 \uc788\uc73c\ubbc0\ub85c Microsoft\uc758 \uad8c\uc7a5 \uc0ac\ud56d\uc744 \uc790\uc8fc \ud655\uc778\ud558\ub294 \uac83\uc774 \uc88b\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uc6b0\ub9ac\ub294 \uc774\ub7ec\ud55c SharePoint \ucde8\uc57d\uc810\uc774 \uc2e4\uc81c\ub85c \uc545\uc6a9\ub418\ub294 \uac83\uc744 \uad00\ucc30\ud588\uc2b5\ub2c8\ub2e4. \uacf5\uaca9\uc790\ub294 \uad8c\ud55c \uc788\ub294 \uc561\uc138\uc2a4\ub97c \uc5bb\uae30 \uc704\ud574 \ub2e4\ub2e8\uacc4 \uc778\uc99d(MFA) \ubc0f Single Sign-On(SSO)\uc744 \ud3ec\ud568\ud55c ID \uc81c\uc5b4\ub97c \uc6b0\ud68c\ud558\uace0 \uc788\uc2b5\ub2c8\ub2e4. \ub0b4\ubd80\ub85c \uce68\uc785\ud55c \uacf5\uaca9\uc790\ub4e4\uc740 \ubbfc\uac10\ud55c \ub370\uc774\ud130\ub97c \uc720\ucd9c\ud558\uace0, \uc9c0\uc18d\uc801\uc778 \ubc31\ub3c4\uc5b4\ub97c \ubc30\ud3ec\ud558\uace0, \uc554\ud638\ud654 \ud0a4\ub97c \ud6d4\uce69\ub2c8\ub2e4.<\/p>\n<p>\uacf5\uaca9\uc790\ub4e4\uc740 \uc774\ub7ec\ud55c \ucde8\uc57d\uc810\uc744 \ud65c\uc6a9\ud558\uc5ec \uc2dc\uc2a4\ud15c\uc5d0 \uce68\uc785\ud588\uc73c\uba70, \uc5b4\ub5a4 \uacbd\uc6b0\uc5d0\ub294 \uc774\ubbf8 \ubc1c\ud310\uc744 \ub9c8\ub828\ud558\uae30\ub3c4 \ud588\uc2b5\ub2c8\ub2e4. \uc778\ud130\ub137\uc5d0 \ub178\ucd9c\ub41c \uc628\ud504\ub808\ubbf8\uc2a4 SharePoint\uac00 \uc788\ub294 \uacbd\uc6b0, \uce68\ud574\ub41c \uac83\uc73c\ub85c \uac04\uc8fc\ud574\uc57c \ud569\ub2c8\ub2e4. \ud328\uce58\ub9cc\uc73c\ub85c\ub294 \uc704\ud611\uc744 \uc644\uc804\ud788 \uc81c\uac70\ud558\uae30\uc5d0 \ucda9\ubd84\ud558\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\ucde8\uc57d\ud55c \uc628\ud504\ub808\ubbf8\uc2a4 SharePoint\ub97c \uc2e4\ud589 \uc911\uc778 \uc870\uc9c1\uc740 \uc989\uc2dc \ub2e4\uc74c \uc870\uce58\ub97c \ucde8\ud560 \uac83\uc744 \uad8c\uace0\ud569\ub2c8\ub2e4.<\/p>\n<ul>\n<li>\uc9c0\uae08 \uadf8\ub9ac\uace0 \ubaa8\ub4e0 \uad00\ub828 \ubcf4\uc548 \ud328\uce58\uac00 \ucd9c\uc2dc\ub418\ub294 \ub300\ub85c \ud574\ub2f9 \ud328\uce58 \uc801\uc6a9<\/li>\n<li>\ubaa8\ub4e0 \uc554\ud638\ud654 \uc790\ub8cc \uad50\uccb4<\/li>\n<li>\uc804\ubb38\uc801\uc778 \uc778\uc2dc\ub358\ud2b8 \ub300\uc751 \ucc38\uc5ec<\/li>\n<\/ul>\n<p>\ub610\ud55c Palo Alto Networks\ub294 Microsoft\uc758 \ud328\uce58 \ub610\ub294 \uc644\ud654 \uc9c0\uce68\uc744 \ub530\ub97c \uac83\uc744 \uad8c\uc7a5\ud569\ub2c8\ub2e4. <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-49704\" target=\"_blank\" rel=\"noopener\">CVE-2025-49704<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-49706\" target=\"_blank\" rel=\"noopener\">CVE-2025-49706<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-53770\" target=\"_blank\" rel=\"noopener\">CVE-2025-53770<\/a> \ubc0f <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-53771\" target=\"_blank\" rel=\"noopener\">CVE-2025-53771<\/a>.<\/p>\n<p><a href=\"https:\/\/msrc.microsoft.com\/blog\/2025\/07\/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770\/\" target=\"_blank\" rel=\"noopener\">CVE-2025-53770 \ubc0f CVE-2025-53771\uc5d0 \ub300\ud55c \ucd94\uac00 \uc9c0\uce68<\/a>.<\/p>\n<p>Palo Alto Networks \uace0\uac1d\uc740 \ub2e4\uc74c\uacfc \uac19\uc740 \ubc29\ubc95\uc73c\ub85c \uc774\ub7ec\ud55c \ucde8\uc57d\uc810\uc73c\ub85c\ubd80\ud130 \ub354 \uc798 \ubcf4\ud638\ubc1b\uc744 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<ul>\n<li><a href=\"https:\/\/docs-cortex.paloaltonetworks.com\/p\/XPANSE\" target=\"_blank\" rel=\"noopener\">Cortex Xpanse<\/a>\ub294 \uacf5\uc6a9 \uc778\ud130\ub137\uc5d0\uc11c \ub178\ucd9c\ub41c SharePoint \ub514\ubc14\uc774\uc2a4\ub97c \uc2dd\ubcc4\ud558\uace0 \uc774\ub7ec\ud55c \ubc1c\uacac\uc744 \ubc29\uc5b4\uc790\uc5d0\uac8c \uc5d0\uc2a4\uceec\ub808\uc774\uc158\ud558\ub294 \uae30\ub2a5\uc744 \uac16\ucd94\uace0 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<li>\ucf58\ud150\uce20 \ubc84\uc804\uc774 1870-19884(\ub610\ub294 1880-19902)\uc778 <a href=\"https:\/\/docs-cortex.paloaltonetworks.com\/p\/XDR\" target=\"_blank\" rel=\"noopener\">Cortex XDR<\/a> \uc5d0\uc774\uc804\ud2b8 \ubc84\uc804 8.7\uc740 CVE-2025-49704 \ubc0f CVE-2025-49706\uc758 \uc775\uc2a4\ud50c\ub85c\uc787 \uccb4\uc778\uacfc \uad00\ub828\ub41c \uc54c\ub824\uc9c4 \uc775\uc2a4\ud50c\ub85c\uc787 \ud65c\ub3d9\uc744 \ucc28\ub2e8\ud558\uace0 CVE-2025-53770 \ubc0f CVE-2025-53771\uc758 \uccb4\uc778\uc5d0 \uad00\ub828\ub41c \uc54c\ub824\uc9c4 \uc775\uc2a4\ud50c\ub85c\uc787 \ud65c\ub3d9\uc744 \ubcf4\uace0\ud569\ub2c8\ub2e4.<\/li>\n<li><a href=\"https:\/\/cortex\" target=\"_blank\" rel=\"noopener\">Cortex<\/a>\ub294 <a href=\"https:\/\/xsoar.pan.dev\/docs\/reference\/playbooks\/cve-2025-49704-and-cve-2025-49706-and-cve-2025-53770-and-cve-2025-53771---microsoft-share-point-tool-shell-vulnerability-chain\" target=\"_blank\" rel=\"noopener\">Cortex \ub300\uc751 \ubc0f \uce58\ub8cc \ud329\uc758<\/a> \uc77c\ubd80\ub85c \ud50c\ub808\uc774\ubd81\uc744 \ucd9c\uc2dc\ud588\uc2b5\ub2c8\ub2e4.<\/li>\n<li><a href=\"https:\/\/docs-cortex.paloaltonetworks.com\/r\/Cortex-CLOUD\/Cortex-Cloud-Posture-Management-Release-Notes\/July-2025\" target=\"_blank\" rel=\"noopener\">Cortex Cloud<\/a> \ubc84\uc804 1.2\ub294 \ucde8\uc57d\uc810\uc744 \ucc3e\uc544 CVE-2025-49704 \ubc0f CVE-2025-49706\uc758 \uc775\uc2a4\ud50c\ub85c\uc787 \uccb4\uc778\uacfc \uad00\ub828\ub41c \uc54c\ub824\uc9c4 \uc775\uc2a4\ud50c\ub85c\uc787 \ud65c\ub3d9\uc744 \ucc28\ub2e8\ud558\uace0 CVE-2025-53770 \ubc0f CVE-2025-53771\uc758 \uccb4\uc778\uacfc \uad00\ub828\ub41c \uc54c\ub824\uc9c4 \uc775\uc2a4\ud50c\ub85c\uc787 \ud65c\ub3d9\uc744 \ubcf4\uace0\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<li><a href=\"https:\/\/docs.paloaltonetworks.com\/pan-os\/10-1\/pan-os-new-features\/url-filtering-features\/advanced-url-filtering\" target=\"_blank\" rel=\"noopener\">Advanced URL Filtering<\/a> \uacfc <a href=\"https:\/\/docs.paloaltonetworks.com\/dns-security\" target=\"_blank\" rel=\"noopener\">Advanced DNS Security<\/a>\ub294 \uc774 \ud65c\ub3d9\uacfc \uad00\ub828\ub41c \uc54c\ub824\uc9c4 IP \uc8fc\uc18c\ub97c \uc545\uc131\uc73c\ub85c \uc2dd\ubcc4\ud569\ub2c8\ub2e4.<\/li>\n<li><a href=\"https:\/\/docs.paloaltonetworks.com\/advanced-threat-prevention\/administration\" target=\"_blank\" rel=\"noopener\">Advanced Threat Prevention<\/a> \ubcf4\uc548 \uad6c\ub3c5\uc774 \uc801\uc6a9\ub41c <a href=\"https:\/\/docs.paloaltonetworks.com\/ngfw\" target=\"_blank\" rel=\"noopener\">Next-Generation Firewall<\/a>l\uc740 CVE-2025-49704, CVE-2025-49706 \ubc0f CVE-2025-53771\uc758 \uc545\uc6a9\uc744 \ucc28\ub2e8\ud558\ub294 \ub370 \ub3c4\uc6c0\uc774 \ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4..<\/li>\n<li><a href=\"https:\/\/start.paloaltonetworks.com\/contact-unit42.html\" target=\"_blank\" rel=\"noopener\">Unit 42 \uc778\uc2dc\ub358\ud2b8 \ub300\uc751<\/a> \ud300\uacfc \ud611\ub825\ud558\uc5ec \uce68\ud574\ub97c \ud574\uacb0\ud558\uac70\ub098 \uc0ac\uc804 \uc608\ubc29\uc801 \ud3c9\uac00\ub97c \uc81c\uacf5\ud560 \uc218\ub3c4 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<\/ul>\n<table style=\"width: 96.8752%;\">\n<thead>\n<tr>\n<td style=\"width: 35%;\"><b>\ub17c\uc758\ub41c \ucde8\uc57d\uc810<\/b><\/td>\n<td style=\"width: 225.981%;\"><span style=\"font-weight: 400;\"><a href=\"https:\/\/unit42.paloaltonetworks.com\/ko\/tag\/cve-2025-49704-ko\/\" target=\"_blank\" rel=\"noopener\">CVE-2025-49704<\/a>, <a href=\"https:\/\/unit42.paloaltonetworks.com\/ko\/tag\/cve-2025-49706-ko\/\" target=\"_blank\" rel=\"noopener\">CVE-2025-49706<\/a>, <a href=\"https:\/\/unit42.paloaltonetworks.com\/ko\/tag\/cve-2025-53770-ko\/\" target=\"_blank\" rel=\"noopener\">CVE-2025-53770<\/a>, <a href=\"https:\/\/unit42.paloaltonetworks.com\/ko\/tag\/cve-2025-53771-ko\/\" target=\"_blank\" rel=\"noopener\">CVE-2025-53771<\/a><\/span><\/td>\n<\/tr>\n<\/thead>\n<\/table>\n<h2><a id=\"post-148551-_heading=h.hwygb2qdbyi\"><\/a>\ucde8\uc57d\uc810 \uc138\ubd80 \uc815\ubcf4<\/h2>\n<p>CVE-2025-49704 \ubc0f CVE-2025-49706\uc740 Microsoft SharePoint\uc5d0 \uc601\ud5a5\uc744 \ubbf8\uce58\ub294 \uce58\uba85\uc801\uc778 \ucde8\uc57d\uc810 \uc9d1\ud569\uc73c\ub85c, \uc778\uc99d\ub418\uc9c0 \uc54a\uc740 \uc704\ud611 \ud589\uc704\uc790\uac00 \uc77c\ubc18\uc801\uc73c\ub85c \uc81c\ud55c\ub41c \uae30\ub2a5\uc5d0 \uc561\uc138\uc2a4\ud560 \uc218 \uc788\ub3c4\ub85d \ud5c8\uc6a9\ud569\ub2c8\ub2e4. \uc11c\ub85c \uc5f0\uacb0\ub418\uba74 \uacf5\uaca9\uc790\ub294 \ucde8\uc57d\ud55c Microsoft SharePoint \uc778\uc2a4\ud134\uc2a4\uc5d0\uc11c \uc784\uc758\uc758 \uba85\ub839\uc744 \uc2e4\ud589\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\ud65c\uc131 \uacf5\uaca9\uc740 CVE-2025-49706\uc758 \ubcc0\uc885\uc744 \uc545\uc6a9\ud558\uc5ec \uc628\ud504\ub808\ubbf8\uc2a4 SharePoint Server \uace0\uac1d\uc744 \ud45c\uc801\uc73c\ub85c \uc0bc\uace0 \uc788\uc2b5\ub2c8\ub2e4. \uc774 \uc0c8\ub85c\uc6b4 \ubcc0\uc885\uc5d0\ub294 CVE-2025-53770\uc774 \ud560\ub2f9\ub418\uc5c8\uc2b5\ub2c8\ub2e4. Microsoft\ub294 \ub610\ud55c CVE-2025-53771\uc774 \ud560\ub2f9\ub41c \ub124 \ubc88\uc9f8 SharePoint \ucde8\uc57d\uc810\uc744 \ubc1c\ud45c\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uc774\ub7ec\ud55c \ucde8\uc57d\uc810\uc774 \ud2b9\ud788 \uc6b0\ub824\ub418\ub294 \uc774\uc720\ub294 SharePoint\uac00 Office, Teams, OneDrive, Outlook\uacfc \uac19\uc740 \uc11c\ube44\uc2a4\ub97c \ud3ec\ud568\ud55c Microsoft\uc758 \ud50c\ub7ab\ud3fc\uacfc \uae34\ubc00\ud558\uac8c \ud1b5\ud569\ub418\uc5b4 \uc788\uae30 \ub54c\ubb38\uc785\ub2c8\ub2e4. \uc774\ub7ec\ud55c \uc11c\ube44\uc2a4\ub294 \uacf5\uaca9\uc790\uc5d0\uac8c \uadc0\uc911\ud55c \uc815\ubcf4\ub97c \ub9ce\uc774 \ub2f4\uace0 \uc788\uc2b5\ub2c8\ub2e4. \uc774\ub7ec\ud55c \uc0c1\ud669\uc5d0\uc11c \uce68\ud574\uac00 \ubc1c\uc0dd\ud558\uba74 \uc774\uc5d0 \uad6d\ud55c\ub418\uc9c0 \uc54a\uc73c\uba70, \uc804\uccb4 \ub124\ud2b8\uc6cc\ud06c\ub85c \ud655\uc0b0\ub420 \uc218 \uc788\ub294 \ud1b5\ub85c\ub97c \uc5f4\uc5b4\uc90d\ub2c8\ub2e4.<\/p>\n<h2><a id=\"post-148551-_heading=h.pg83uj9vu6cr\"><\/a>CVE-2025-49706, CVE-2025-49704, CVE-2025-53770 \ubc0f CVE-2025-53771\uc744 \ud65c\uc6a9\ud55c \uacf5\uaca9\uc758 \ud604\uc7ac \ubc94\uc704<\/h2>\n<h3><a id=\"post-148551-_heading=h.p5g95rfyrmv7\"><\/a><strong>2025\ub144 7\uc6d4 29\uc77c \uc5c5\ub370\uc774\ud2b8<\/strong><\/h3>\n<p>Unit 42\ub294 \ub0b4\ubd80 \ud154\ub808\uba54\ud2b8\ub9ac(telemetry) \uc18c\uc2a4\ub85c\ubd80\ud130 CVE-2025-53770 \uc775\uc2a4\ud50c\ub85c\uc787 \uc2dc\ub3c4\uc640 \uad00\ub828\ub41c \ud65c\ub3d9\uc744 \uc218\uc9d1\ud558\uace0 \ubd84\uc11d\ud588\uc2b5\ub2c8\ub2e4. \uc800\ud76c\ub294 2025\ub144 7\uc6d4 17\uc77c 08:40 UTC\ubd80\ud130 7\uc6d4 22\uc77c\uae4c\uc9c0 CL-CRI-1040\uc73c\ub85c \uba85\uba85\ub41c \ud074\ub7ec\uc2a4\ud130\uc5d0\uc11c \ucd94\uc801 \uc911\uc778 IP \uc8fc\uc18c\ub85c\ubd80\ud130 CVE-2025-53770 \uc775\uc2a4\ud50c\ub85c\uc787\uc744 \ucc98\uc74c \uad00\uce21\ud588\uc2b5\ub2c8\ub2e4. 2025\ub144 7\uc6d4 17\uc77c 06:58 UTC\ubd80\ud130\ub294 CL-CRI-1040\uacfc \uad00\ub828\ub41c IP \uc8fc\uc18c\ub4e4\uc774 \uc775\uc2a4\ud50c\ub85c\uc787 \uc2dc\ub3c4\uc5d0 \uc55e\uc11c SharePoint \uc11c\ubc84\uc758 \ucde8\uc57d \uc5ec\ubd80\ub97c \ud655\uc778\ud558\uae30 \uc704\ud574 \ud14c\uc2a4\ud2b8\ud558\ub294 \uac83\uc744 \uad00\uce21\ud588\uc2b5\ub2c8\ub2e4. \ub610\ud55c, \uacf5\uaca9\uc790\uac00 SharePoint \uc11c\ubc84\uc758 **\uc815\uc801 \ud0c0\uac9f \ubaa9\ub85d(static targeting list)**\uc744 \uc0ac\uc6a9\ud558\uace0 \uc788\uc74c\uc744 \uc2dc\uc0ac\ud558\ub294 \uc775\uc2a4\ud50c\ub85c\uc787 \uc2dc\ub3c4 \ud328\ud134\uc744 \ubc1c\uacac\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uc774 \ud65c\ub3d9\uacfc \uad00\ub828\ub41c \uacf5\uaca9\uc790\ub4e4\uc740 \ud0d0\uc9c0\ub97c \ud68c\ud53c\ud558\uae30 \uc704\ud574 \uc9e7\uc740 \uae30\uac04 \ub0b4\uc5d0 \uc778\ud504\ub77c\uc640 \ud398\uc774\ub85c\ub4dc\ub97c \ube60\ub974\uac8c \ubcc0\uacbd\ud558\uba70 **\uc804\uc220\uacfc \uae30\uc220(tactics and techniques)**\uc744 \uc870\uc815\ud55c \uac83\uc73c\ub85c \ubcf4\uc785\ub2c8\ub2e4. \uc774 \uacf5\uaca9\uc790\ub4e4\uc740 \uc775\uc2a4\ud50c\ub85c\uc787 \uc131\uacf5 \uc2dc .NET \ubaa8\ub4c8\uc744 \ud398\uc774\ub85c\ub4dc\ub85c \uc804\ub2ec\ud558\ub294 \ubc29\uc2dd\uc5d0\uc11c \uc720\uc0ac\ud55c \uae30\ub2a5\uc744 \uac00\uc9c4 \uc6f9\uc178 \ud398\uc774\ub85c\ub4dc\ub85c \uc804\ud658\ud588\uc2b5\ub2c8\ub2e4. \uc6f9\uc178\uc774 \uacf5\uac1c \ube14\ub85c\uadf8\uc5d0\uc11c \ub17c\uc758\ub41c \ud6c4, \uacf5\uaca9\uc790\ub4e4\uc740 \ub2e4\uc2dc \uc774\uc804\uc5d0 \uad00\uce21\ub418\uc5c8\ub358 .NET \ubaa8\ub4c8\uc744 \ud398\uc774\ub85c\ub4dc\ub85c \uc804\ub2ec\ud558\ub294 \ubc29\uc2dd\uc73c\ub85c \ud68c\uadc0\ud558\ub294 \uac83\uc744 \ud655\uc778\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uacf5\uaca9 \uc8fc\uccb4 \ubd84\uc11d(attribution) \uad00\uc810\uc5d0\uc11c, CL-CRI-1040 \ud074\ub7ec\uc2a4\ud130\uc758 \uc77c\ubd80\ub85c CVE-2025-53770\uc744 \uc775\uc2a4\ud50c\ub85c\uc787\ud558\ub294 IP \uc8fc\uc18c \uc911 \ud558\ub098\uac00<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/07\/22\/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities\/\" target=\"_blank\" rel=\"noopener\"> Microsoft<\/a>\uac00 \uc5b8\uae09\ud55c Storm-2603 \ud074\ub7ec\uc2a4\ud130\uc640 \uc911\ucca9\ub429\ub2c8\ub2e4. \uc800\ud76c\ub294 \uad00\ub828\ub41c \uacf5\uaca9\uc790\uc5d0 \ub300\ud55c \ub354 \uae4a\uc740 \ud1b5\ucc30\ub825\uc744 \uc5bb\uae30 \uc704\ud574 \ud604\uc7ac \uc774 \ud074\ub7ec\uc2a4\ud130\ub97c \uc870\uc0ac\ud558\uace0 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<h3><a id=\"post-148551-_heading=h.bq2fqdh16k5h\"><\/a><strong>\ucd08\uae30 \uc815\ucc30<\/strong><\/h3>\n<p>CVE-2025-53770 \uc775\uc2a4\ud50c\ub85c\uc787\uc744 \uc2dc\ub3c4\ud558\uae30 \uc804\uc5d0, \uc704\ud611 \ud589\uc704\uc790\ub4e4\uc740 \uc6d0\uaca9 \uc11c\ubc84\uac00 \ucde8\uc57d\ud55c \ubc84\uc804\uc758 SharePoint\ub97c \uc2e4\ud589\ud558\uace0 \uc788\ub294\uc9c0 \ud655\uc778\ud558\uae30 \uc704\ud574 \ucd08\uae30 \uc815\ucc30 \ub2e8\uacc4\ub97c \uc218\ud589\ud55c \uac83\uc73c\ub85c \ubcf4\uc785\ub2c8\ub2e4. 2025\ub144 7\uc6d4 17\uc77c 06:58 UTC\ubd80\ud130 \ub2e4\uc74c IP \uc8fc\uc18c\uc5d0\uc11c User-Agent\uac00 <span style=\"font-family: 'courier new', courier, monospace;\">python-requests\/2.32.3<\/span>\uc774\uace0 referrer \ud544\ub4dc\uac00 \uc5c6\ub294 <span style=\"font-family: 'courier new', courier, monospace;\">\/_layouts\/15\/ToolPane.aspx?DisplayMode=Edit&amp;a=\/ToolPane.aspx<\/span>\uc5d0 \ub300\ud55c HTTP GET \uc694\uccad\uc744 \uad00\uce21\ud588\uc2b5\ub2c8\ub2e4:<\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">45.86.231[.]241<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">51.161.152[.]26<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">91.236.230[.]76<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">92.222.167[.]88<\/span><\/li>\n<\/ul>\n<p>Cortex Xpanse \ud154\ub808\uba54\ud2b8\ub9ac\uc5d0 \ub530\ub974\uba74, \uc774 IP \uc8fc\uc18c\ub4e4\uc740 \ubaa8\ub450 **<a href=\"https:\/\/safing.io\/spn\/\" target=\"_blank\" rel=\"noopener\">Safing Privacy Network(SPN)<\/a>**\uc640 \uad00\ub828\ub41c \ucd9c\uad6c \ub178\ub4dc(exit nodes)\uc785\ub2c8\ub2e4. \uc800\ud76c\ub294 \uacf5\uaca9\uc790\uac00 \uc775\uc2a4\ud50c\ub85c\uc787 \uc2dc\ub3c4\uc5d0 \uc55e\uc11c \ud0c0\uac9f \ubaa9\ub85d\uc744 \ud655\uc778\ud558\uae30 \uc704\ud574 \ud14c\uc2a4\ud2b8 \uc2a4\ud06c\ub9bd\ud2b8\uc5d0\uc11c \uc774 HTTP GET \uc694\uccad\uc744 \ubcf4\ub0bc \ub54c SPN\uc744 \uc0ac\uc6a9\ud558\uc5ec \uc790\uc2e0\uc758 \uc704\uce58\ub97c \uc228\uae30\ub824 \ud55c \uac83\uc73c\ub85c \ud310\ub2e8\ud569\ub2c8\ub2e4. \ub2e4\uc74c IP \uc8fc\uc18c\ub4e4\ub85c\ubd80\ud130\uc758 \uc775\uc2a4\ud50c\ub85c\uc787 \uc2dc\ub3c4\uc5d0\uc11c HTTP GET \uc694\uccad\uacfc HTTP POST \uc694\uccad\uc774 \ub3d9\uc77c\ud55c \uc21c\uc11c\ub85c \uc774\ub8e8\uc5b4\uc9c4 \uc810\uc73c\ub85c \ubbf8\ub8e8\uc5b4 \ubcf4\uc544, \uacf5\uaca9\uc790\uac00 \ud0c0\uac9f \ubaa9\ub85d\uc744 \uc0ac\uc6a9\ud588\ub2e4\uace0 \uc0dd\uac01\ud569\ub2c8\ub2e4:<\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">96.9.125[.]147<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">107.191.58[.]76<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">104.238.159[.]149<\/span><\/li>\n<\/ul>\n<h3><a id=\"post-148551-_heading=h.l2jcbu788d6o\"><\/a><strong>\uc804\ub2ec\ub41c \ud398\uc774\ub85c\ub4dc<\/strong><\/h3>\n<p>\uc55e\uc11c \uc5b8\uae09\ud588\ub4ef\uc774, \ub2e4\uc74c IP \uc8fc\uc18c\ub4e4\uc740 CVE-2025-53770 \uc775\uc2a4\ud50c\ub85c\uc787 \uc131\uacf5 \uc2dc \uac01\uae30 \ub2e4\ub978 \ud398\uc774\ub85c\ub4dc\ub97c \uc804\ub2ec\ud558\uc9c0\ub9cc \ubaa8\ub450 CL-CRI-1040 \ud074\ub7ec\uc2a4\ud130\uc640 \uad00\ub828\uc774 \uc788\uc2b5\ub2c8\ub2e4:<\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">96.9.125[.]147<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">107.191.58[.]76<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">104.238.159[.]149<\/span><\/li>\n<\/ul>\n<p>\ud154\ub808\uba54\ud2b8\ub9ac\uc5d0 \ub530\ub974\uba74 <span style=\"font-family: 'courier new', courier, monospace;\">96.9.125[.]147<\/span>\uc740 7\uc6d4 17\uc77c 08:58 UTC\uc5d0 SharePoint \ucde8\uc57d\uc810 \uc775\uc2a4\ud50c\ub85c\uc787\uc744 \uc2dc\uc791\ud588\uc73c\uba70, \ud398\uc774\ub85c\ub4dc\ub85c <a href=\"https:\/\/www.virustotal.com\/gui\/file\/4a02a72aedc3356d8cb38f01f0e0b9f26ddc5ccb7c0f04a561337cf24aa84030\" target=\"_blank\" rel=\"noopener\"><span style=\"font-family: 'courier new', courier, monospace;\">qlj22mpc<\/span><\/a>\ub77c\ub294 \uc774\ub984\uc758 \ub9de\ucda4\ud615 .NET \uc5b4\uc148\ube14\ub9ac \ubaa8\ub4c8\uc744 \uc804\ub2ec\ud588\uc2b5\ub2c8\ub2e4. \ub2e4\uc74c \ub0a0\uc778 7\uc6d4 18\uc77c, \ud574\ub2f9 IP \uc8fc\uc18c\ub294 <span style=\"font-family: 'courier new', courier, monospace;\">bjcloiyq<\/span>\ub77c\ub294 \uc774\ub984\uc758 \uc0c8\ub85c\uc6b4 \ud398\uc774\ub85c\ub4dc\ub97c \uc804\ub2ec\ud588\uc2b5\ub2c8\ub2e4. \uc774 \ub450 .NET \ubaa8\ub4c8\uc740 \ubaa8\ub450 SharePoint \uc11c\ubc84\uc5d0\uc11c \uc554\ud638\ud654\ub41c <span style=\"font-family: 'courier new', courier, monospace;\">MachineKey<\/span>\ub97c HTTP \uc751\ub2f5 \ub0b4\uc5d0 \ud30c\uc774\ud504(\"|\")\ub85c \uad6c\ubd84\ub41c \ubb38\uc790\uc5f4 \ud615\ud0dc\ub85c \uc720\ucd9c\ud558\uba70, \uacf5\uaca9\uc790\ub294 \uc774\ub97c \ud5a5\ud6c4 \uc11c\ubc84 \uc811\uadfc\uc5d0 \uc0ac\uc6a9\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>7\uc6d4 18\uc77c\uacfc 19\uc77c, CL-CRI-1040 \ud074\ub7ec\uc2a4\ud130\uc758 IP \uc8fc\uc18c\uc778 <span style=\"font-family: 'courier new', courier, monospace;\">107.191.58[.]76<\/span>\uacfc <span style=\"font-family: 'courier new', courier, monospace;\">104.238.159[.]149\ub294 CVE-2025-53770<\/span> \uc775\uc2a4\ud50c\ub85c\uc787 \uc131\uacf5 \uc2dc \uc644\uc804\ud788 \uc0c8\ub85c\uc6b4 \ud398\uc774\ub85c\ub4dc\ub97c \uc804\ub2ec\ud588\uc2b5\ub2c8\ub2e4. \uc774 IP \uc8fc\uc18c\ub4e4\uc740 \ucde8\uc57d\uc810 \uc775\uc2a4\ud50c\ub85c\uc787 \ud6c4 .NET \ubaa8\ub4c8\uc744 \uc2e4\ud589\ud558\ub294 \ub300\uc2e0, '\ubcc0\uc885 2' \ubc0f '\ubcc0\uc885 3' \uc139\uc158\uc5d0\uc11c \ub17c\uc758\ub41c \uc778\ucf54\ub529\ub41c PowerShell \uba85\ub839\uc744 \uc2e4\ud589\ud558\uc5ec \uc6f9\uc178\uc744 <a href=\"https:\/\/www.virustotal.com\/gui\/file\/92bb4ddb98eeaf11fc15bb32e71d0a63256a0ed826a03ba293ce3a8bf057a514\" target=\"_blank\" rel=\"noopener\"><span style=\"font-family: 'courier new', courier, monospace;\">spinstall0.aspx<\/span><\/a>\ub85c \uc800\uc7a5\ud558\ub294 \ud398\uc774\ub85c\ub4dc\ub97c \uc804\ub2ec\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uc774 \uc6f9\uc178\uc740 <span style=\"font-family: 'courier new', courier, monospace;\">spinstall0.aspx<\/span>\uc5d0 \uc811\uadfc\ud560 \ub54c SharePoint \uc11c\ubc84\uc5d0\uc11c \uc554\ud638\ud654\ub41c MachineKeys\ub97c \ud30c\uc774\ud504(\"|\")\ub85c \uad6c\ubd84\ub41c \ubb38\uc790\uc5f4 \ud615\ud0dc\ub85c \uc720\ucd9c\ud558\ub3c4\ub85d \uc804\ub2ec\ub418\uc5c8\uc73c\uba70, \uc55e\uc11c \uc5b8\uae09\ub41c .NET \ubaa8\ub4c8\uacfc \ub3d9\uc77c\ud55c \uc21c\uc11c\uc758 \ub3d9\uc77c\ud55c <span style=\"font-family: 'courier new', courier, monospace;\">MachineKeys<\/span> \ud544\ub4dc\ub85c \uc751\ub2f5\ud569\ub2c8\ub2e4.<\/p>\n<p>CVE-2025-53770\uc744 \uc775\uc2a4\ud50c\ub85c\uc787\ud558\ub294 CL-CRI-1040 \uad00\ub828 \uacf5\uaca9\uc790\ub4e4\uc740 \uc791\uc804 \uc911\uc5d0 \uc804\uc220\uacfc \uae30\uc220\uc744 \uc870\uc815\ud558\ub294 \ub2a5\ub825\uc744 \ubcf4\uc5ec\uc90d\ub2c8\ub2e4. \uc774\ub4e4\uc740 .NET \ubaa8\ub4c8 \ud398\uc774\ub85c\ub4dc\uc5d0\uc11c \uc720\uc0ac\ud55c \uae30\ub2a5\uc744 \uac00\uc9c4 \uc6f9\uc178 \ud398\uc774\ub85c\ub4dc\ub85c \uc804\ud658\ud588\uc2b5\ub2c8\ub2e4. \uadf8 \ud6c4, <a href=\"https:\/\/research.eye.security\/sharepoint-under-siege\/\" target=\"_blank\" rel=\"noopener\">Eye Security<\/a>\uc758 CVE-2025-53770 \uc775\uc2a4\ud50c\ub85c\uc787\uc5d0 \ub300\ud55c \uc5f0\uad6c \ube14\ub85c\uadf8\uc640 \uac19\uc740 \uacf5\uac1c \ube14\ub85c\uadf8\uc5d0\uc11c \uc6f9\uc178\uc774 \ub17c\uc758\ub418\uc790 \ub2e4\uc2dc .NET \ubaa8\ub4c8\uc744 \ud398\uc774\ub85c\ub4dc\ub85c \uc0ac\uc6a9\ud558\ub294 \ubc29\uc2dd\uc73c\ub85c \ud68c\uadc0\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<h3><a id=\"post-148551-_heading=h.x6byvevlwakm\"><\/a><strong>\ud0c0\uac9f \ubaa9\ub85d<\/strong><\/h3>\n<p>\uc800\ud76c\ub294 \uacf5\uaca9\uc790\ub4e4\uc774 \ud0c0\uac9f \ubaa9\ub85d\uc744 \uc0ac\uc6a9\ud588\uc74c\uc744 \uc2dc\uc0ac\ud558\ub294 \ud0c0\uac9f\ud305 \ud328\ud134\uc744 \ubc1c\uacac\ud588\uc2b5\ub2c8\ub2e4. \uc2dc\uac04\uc744 \uae30\uc900\uc73c\ub85c \ud65c\ub3d9\uc744 \uc815\ub82c\ud558\uace0 4\uac1c\uc758 \uac1c\ubcc4 \ud0c0\uac9f\uc5d0 \ub300\ud55c \ud65c\ub3d9 \uc0d8\ud50c\uc744 \ucd94\ucd9c\ud588\uc2b5\ub2c8\ub2e4. \uc601\ud5a5\uc744 \ubc1b\uc740 \uc870\uc9c1\uc758 \uc815\ubcf4\ub97c \uac00\ub9ac\uae30 \uc704\ud574 \ud0c0\uac9f\uc744 IPv4 1, IPv4 2, IPv4 3 \ubc0f \ub3c4\uba54\uc778 1\ub85c \uc9c0\uce6d\ud558\uaca0\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uba3c\uc800,<span style=\"font-family: 'courier new', courier, monospace;\"> 91.236.230[.]76<\/span>\uc774 \ub2e4\uc74c \uc21c\uc11c\ub85c <span style=\"font-family: 'courier new', courier, monospace;\">\/_layouts\/15\/ToolPane.aspx?DisplayMode=Edit&amp;a=\/ToolPane.aspx<\/span>\uc5d0 \ub300\ud55c HTTP GET \uc694\uccad\uc744 \uc218\ud589\ud558\ub294 \uac83\uc744 \uad00\uce21\ud588\uc2b5\ub2c8\ub2e4:<\/p>\n<ul>\n<li>IPv4 1 \u2013 2025\ub144 7\uc6d4 17\uc77c, 07:29 UTC<\/li>\n<li>IPv4 2 \u2013 2025\ub144 7\uc6d4 17\uc77c, 07:32 UTC<\/li>\n<li>IPv4 3 \u2013 2025\ub144 7\uc6d4 17\uc77c, 07:33 UTC<\/li>\n<li>\ub3c4\uba54\uc778 1 \u2013 2025\ub144 7\uc6d4 17\uc77c, 07:52 UTC<\/li>\n<\/ul>\n<p>\uadf8 \ub2e4\uc74c, <span style=\"font-family: 'courier new', courier, monospace;\">96.9.125[.]147<\/span> IP \uc8fc\uc18c\uac00 SharePoint \ucde8\uc57d\uc810 \uc775\uc2a4\ud50c\ub85c\uc787\uc744 \uc2dc\ub3c4\ud560 \ub54c <span style=\"font-family: 'courier new', courier, monospace;\">\/_layouts\/SignOut.aspx<\/span>\ub97c referer\ub85c \ud558\uc5ec <span style=\"font-family: 'courier new', courier, monospace;\">\/_layouts\/15\/ToolPane.aspx?DisplayMode=Edit&amp;a=\/ToolPane.aspx<\/span>\uc5d0 HTTP POST \uc694\uccad\uc744 \ub3d9\uc77c\ud55c \ud0c0\uac9f\uc5d0 \ub3d9\uc77c\ud55c \uc21c\uc11c\ub85c \ubcf4\ub0b4\ub294 \uac83\uc744 \uad00\uce21\ud588\uc2b5\ub2c8\ub2e4:<\/p>\n<ul>\n<li>IPv4 1 - 2025\ub144 7\uc6d4 17\uc77c, 09:31 UTC<\/li>\n<li>IPv4 2 - 2025\ub144 7\uc6d4 17\uc77c, 09:36 UTC<\/li>\n<li>IPv4 3 - 2025\ub144 7\uc6d4 17\uc77c, 09:37 UTC<\/li>\n<li>\ub3c4\uba54\uc778 1 - 2025\ub144 7\uc6d4 17\uc77c, 10:17 UTC<\/li>\n<\/ul>\n<p>\ub2e4\uc74c \ub0a0\uc778 2025\ub144 7\uc6d4 18\uc77c, <span style=\"font-family: 'courier new', courier, monospace;\">107.191.58[.]76<\/span>\uc774 <span style=\"font-family: 'courier new', courier, monospace;\">\/_layouts\/15\/ToolPane.aspx?DisplayMode=Edit&amp;a=\/ToolPane.aspx<\/span>\ub85c HTTP POST \uc694\uccad\uc744 \ubcf4\ub0b8 \ud6c4 <span style=\"font-family: 'courier new', courier, monospace;\">\/_layouts\/15\/spinstall0.aspx<\/span>\ub85c HTTP GET \uc694\uccad\uc744 \ubcf4\ub0b4\ub294 \ud65c\ub3d9\uc744 \ub3d9\uc77c\ud55c \uc21c\uc11c\ub85c \ud655\uc778\ud588\uc2b5\ub2c8\ub2e4:<\/p>\n<ul>\n<li>IPv4 1 - 2025\ub144 7\uc6d4 18\uc77c, 14:01 UTC<\/li>\n<li>IPv4 2 - 2025\ub144 7\uc6d4 18\uc77c, 14:05 UTC<\/li>\n<li>IPv4 3 - 2025\ub144 7\uc6d4 18\uc77c, 14:07 UTC<\/li>\n<li>\ub3c4\uba54\uc778 1 - 2025\ub144 7\uc6d4 18\uc77c, 15:01 UTC<\/li>\n<\/ul>\n<p>\ub9c8\uc9c0\ub9c9\uc73c\ub85c, \uadf8 \ub2e4\uc74c \ub0a0(2025\ub144 7\uc6d4 19\uc77c) <span style=\"font-family: 'courier new', courier, monospace;\">104.238.159[.]149<\/span>\uac00 <span style=\"font-family: 'courier new', courier, monospace;\">107.191.58[.]76<\/span>\uacfc \ub3d9\uc77c\ud55c HTTP POST \ubc0f GET \uc694\uccad \ud65c\ub3d9\uc744 \ubcf4\uc774\ub294 \uac83\uc744 \ud655\uc778\ud588\uc2b5\ub2c8\ub2e4:<\/p>\n<ul>\n<li>IPv4 1 - 2025\ub144 7\uc6d4 19\uc77c, 03:43 UTC<\/li>\n<li>IPv4 2 - 2025\ub144 7\uc6d4 19\uc77c, 03:48 UTC<\/li>\n<li>IPv4 3 - 2025\ub144 7\uc6d4 19\uc77c, 03:49 UTC<\/li>\n<li>\ub3c4\uba54\uc778 1 - 2025\ub144 7\uc6d4 19\uc77c, 04:41 UTC<\/li>\n<\/ul>\n<p>\uc704\uc758 \ud328\ud134\uc740 \ucd08\uae30 \ud14c\uc2a4\ud2b8 \uc694\uccad \uc138\ud2b8\uc640 \uadf8 \ub4a4\ub97c \uc774\uc740 \uc138 \ubc88\uc758 \uc775\uc2a4\ud50c\ub85c\uc787 \uc694\uccad \uc138\ud2b8 \uc804\ubc18\uc5d0 \uac78\uccd0 \uac1c\ubcc4 \uc774\ubca4\ud2b8 \uac04\uc758 \uc2dc\uac04 \uac04\uaca9\uc774 \uc720\uc0ac\ud558\uba70, \ub3d9\uc77c\ud55c \uc21c\uc11c\uc758 \ud0c0\uac9f\uc744 \ubcf4\uc5ec\uc90d\ub2c8\ub2e4.<\/p>\n<h3><a id=\"post-148551-_heading=h.wlf5x9cmwu2m\"><\/a><strong>\uacf5\uaca9 \uc8fc\uccb4 \ubd84\uc11d<\/strong><\/h3>\n<p>CVE-2025-53770 \uc775\uc2a4\ud50c\ub85c\uc787\uc5d0 \uc0ac\uc6a9\ub41c \uac83\uc73c\ub85c \ud655\uc778\ub41c CL-CRI-1040 \ud074\ub7ec\uc2a4\ud130\uc758 IP \uc8fc\uc18c <span style=\"font-family: 'courier new', courier, monospace;\">104.238.159[.]149<\/span>\ub294 Microsoft\uc5d0 \uc758\ud574 Storm-2603\uc774\ub77c\ub294 \uc774\ub984\uc758 \ud074\ub7ec\uc2a4\ud130 \uc18c\ud589\uc73c\ub85c\ub3c4 \uc9c0\ubaa9\ub418\uc5c8\uc2b5\ub2c8\ub2e4. \ub610\ud55c Microsoft\ub294 Storm-2603\uc774 <span style=\"font-family: 'courier new', courier, monospace;\">spinstall0.aspx<\/span>\ub77c\ub294 \uc774\ub984\uc758 \uc6f9\uc178(SHA256 \ud574\uc2dc: <span style=\"font-family: 'courier new', courier, monospace;\">92bb4ddb98eeaf11fc15bb32e71d0a63256a0ed826a03ba293ce3a8bf057a514<\/span>)\uc744 \uc804\ub2ec\ud588\ub2e4\uace0 \uc5b8\uae09\ud588\ub294\ub370, \uc774\ub294 <span style=\"font-family: 'courier new', courier, monospace;\">104.238.159[.]149<\/span>\uc640 \uad00\ub828\ub41c \ud65c\ub3d9\uc5d0 \ub300\ud55c \uc800\ud76c\uc758 \uad00\uce21 \ub0b4\uc6a9\uacfc \uc9c1\uc811\uc801\uc73c\ub85c \uc77c\uce58\ud569\ub2c8\ub2e4.<\/p>\n<p>\uc800\ud76c\ub294 CL-CRI-1040\uc774 Storm-2603\uacfc \uc911\ucca9\ub41c\ub2e4\uace0 **\uc911\uac04 \uc815\ub3c4\uc758 \uc2e0\ub8b0\ub3c4(moderate confidence)**\ub85c \ud3c9\uac00\ud558\uba70, \uc774 \ud074\ub7ec\uc2a4\ud130\uc5d0 \ub300\ud55c \ub354 \ub9ce\uc740 \ud1b5\ucc30\ub825\uc744 \uc5bb\uae30 \uc704\ud574 CL-CRI-1040 \uad00\ub828 \ud65c\ub3d9\uc744 \uacc4\uc18d \ubd84\uc11d\ud560 \uac83\uc785\ub2c8\ub2e4.<\/p>\n<p>Unit 42\uc640 Microsoft\ub97c \ud3ec\ud568\ud55c \ub2e4\ub978 \uc870\uc9c1\uc5d0\uc11c\ub294 \uc774\ub7ec\ud55c \ucde8\uc57d\uc810\uc774 \uc2e4\uc81c\ub85c \uad11\ubc94\uc704\ud558\uac8c \uc545\uc6a9\ub418\ub294 \uac83\uc744 \uad00\ucc30\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uc6d0\uaca9 \ubd84\uc11d \uacb0\uacfc, \uc170\uc5b4\ud3ec\uc778\ud2b8 \ud234\uc258 \uacf5\uaca9 \ucea0\ud398\uc778\uc740 \ub450 \uac00\uc9c0 \ub2e8\uacc4\ub85c \ub69c\ub837\ud558\uac8c \uc9c4\ud654\ud558\uace0 \uc788\ub294 \uac83\uc73c\ub85c \ub098\ud0c0\ub0ac\uc2b5\ub2c8\ub2e4:<\/p>\n<ul>\n<li>PoC \uc774\uc804 \ub2e8\uacc4<\/li>\n<li>\uad11\ubc94\uc704\ud55c PoC \uc774\ud6c4 \ub2e8\uacc4<\/li>\n<\/ul>\n<p>\uc5d4\ub4dc\ud3ec\uc778\ud2b8 \uc6d0\uaca9 \ubd84\uc11d\uc744 \uae30\ubc18\uc73c\ub85c \uadf8\ub9bc 1\uacfc \uac19\uc774 \uc2dc\uac04 \uacbd\uacfc\uc5d0 \ub530\ub77c \uad00\ucc30\ub41c \ud328\ud134\uc744 \ubcf4\uc5ec\uc8fc\ub294 \ud65c\ub3d9\ub7c9 \ud45c\ud604\uc744 \ub9cc\ub4e4\uc5c8\uc2b5\ub2c8\ub2e4.<\/p>\n<figure id=\"attachment_148552\" aria-describedby=\"caption-attachment-148552\" style=\"width: 1475px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-148552 size-full lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-875350-148551-1.png\" alt=\"\ub2e4\uc591\ud55c \ub0a0\uc9dc\uc5d0 \uac78\uccd0 \ud65c\ub3d9\ub7c9\uc758 \ubcc0\ub3d9\uc744 \ubcf4\uc5ec\uc8fc\ub294 '\uc2dc\uac04\ubcc4 \ud65c\ub3d9\ub7c9'\uc774\ub77c\ub294 \ub9c9\ub300\ud615 \ucc28\ud2b8\uc785\ub2c8\ub2e4. Y\ucd95\uc740 \ud65c\ub3d9\ub7c9\uc744 \ub098\ud0c0\ub0b4\uace0 X\ucd95\uc740 2025\ub144 7\uc6d4 17\uc77c\ubd80\ud130 2025\ub144 7\uc6d4 24\uc77c\uae4c\uc9c0\uc758 \ub0a0\uc9dc \ubc94\uc704\ub97c \ub098\ud0c0\ub0c5\ub2c8\ub2e4.\" width=\"1475\" height=\"783\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-875350-148551-1.png 1475w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-875350-148551-1-786x417.png 786w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-875350-148551-1-1319x700.png 1319w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-875350-148551-1-768x408.png 768w\" sizes=\"(max-width: 1475px) 100vw, 1475px\" \/><figcaption id=\"caption-attachment-148552\" class=\"wp-caption-text\">\uadf8\ub9bc 1. \uc5d4\ub4dc\ud3ec\uc778\ud2b8 \uc6d0\uaca9 \ubd84\uc11d\uc5d0 \ub530\ub978 \uc2dc\uac04 \uacbd\uacfc\uc5d0 \ub530\ub978 \ud65c\ub3d9\ub7c9.<\/figcaption><\/figure>\n<h3>\ud65c\ub3d9 \ud0c0\uc784\ub77c\uc778<\/h3>\n<ul>\n<li>2025\ub144 5\uc6d4 17\uc77c: <a href=\"https:\/\/cybersecuritynews.com\/pwn2own-0-day-vulnerabilities\/\" target=\"_blank\" rel=\"noopener\">\uc0ac\uc774\ubc84 \ubcf4\uc548 \ub274\uc2a4<\/a>\uc5d0 \ub530\ub974\uba74 Viettel Cyber Security\uc758 Dinh Ho Anh Khoa(@_l0gg)\uac00 Pwn2Own Berlin\uc5d0\uc11c SharePoint\uc758 \ub450 \uac00\uc9c0 \ucde8\uc57d\uc810\uc744 \uc11c\ub85c \uc5f0\uacb0\ud558\uc5ec \ubb34\ub2e8 \uc561\uc138\uc2a4 \uad8c\ud55c\uc744 \ud68d\ub4dd\ud588\ub2e4\uace0 \ubcf4\ub3c4\ud588\uc2b5\ub2c8\ub2e4. \uc774\ub7ec\ud55c \ucde8\uc57d\uc810\ub4e4\uc740 CVE-2025-49704 \ubc0f CVE-2025-49706\uc774 \ub429\ub2c8\ub2e4. @l0gg\ub294 \uc774\ud6c4 \uc774 \uacf5\uaca9 \uccb4\uc778\uc744 \u2018ToolShell\u2019\uc774\ub77c\uace0 \uba85\uba85\ud588\uc2b5\ub2c8\ub2e4.<\/li>\n<li>2025\ub144 7\uc6d4 8\uc77c: Microsoft\ub294 CVE-2025-49704 \ubc0f CVE-2025-49706\uc744 \uacf5\uac1c\ud588\uc2b5\ub2c8\ub2e4. \uacf5\uac1c \ub2f9\uc2dc Microsoft\ub294 \uc544\uc9c1 \uc775\uc2a4\ud50c\ub85c\uc787\uc774 \ubc1c\uacac\ub418\uc9c0 \uc54a\uc558\ub2e4\uace0 \ubc1d\ud614\uc2b5\ub2c8\ub2e4.<\/li>\n<li>2025\ub144 7\uc6d4 14\uc77c: CVE \uae30\ub85d\uc774 \uacf5\uac1c\ub41c \uc9c0 \uc77c\uc8fc\uc77c\ub3c4 \ucc44 \uc9c0\ub098\uc9c0 \uc54a\uc544 <a href=\"https:\/\/infosec.exchange\/@codewhitesec\/114851715379861407\" target=\"_blank\" rel=\"noopener\">Code White GmbH\uc758 \uacf5\uaca9 \ubcf4\uc548 \ud300<\/a>\uc740 \uc774\ub7ec\ud55c \ucde8\uc57d\uc810\uacfc \uad00\ub828\ub41c \uc778\uc99d\ub418\uc9c0 \uc54a\uc740 \uc775\uc2a4\ud50c\ub85c\uc787 \uccb4\uc778\uc744 SharePoint\uc5d0\uc11c \uc7ac\ud604\ud560 \uc218 \uc788\uc74c\uc744 \uc785\uc99d\ud588\uc2b5\ub2c8\ub2e4.<\/li>\n<li>2025\ub144 7\uc6d4 19\uc77c: Microsoft\ub294 CVE-2025-53770 \ubc0f CVE-2025-53771\uc5d0 \ub300\ud55c \uc815\ubcf4\ub97c \uacf5\uac1c\ud588\uc2b5\ub2c8\ub2e4. \uacf5\uac1c \uc2dc\uc810\uc5d0 \uc774\ubbf8 \uc775\uc2a4\ud50c\ub85c\uc787\uc774 \ud655\uc778\ub418\uc5c8\uc73c\uba70, Microsoft\ub294 CVE-2025-53770\uc774 CVE-2025-49706\uc758 \ubcc0\uc885\uc774\ub77c\uace0 \uc5b8\uae09\ud588\uc2b5\ub2c8\ub2e4.<\/li>\n<li>2025\ub144 7\uc6d4 21\uc77c \ud604\uc7ac, \uc5ec\ub7ec \uac1c\ub150 \uc99d\uba85\uc774 GitHub\uc5d0 \uac8c\uc2dc\ub418\uc5c8\uc2b5\ub2c8\ub2e4.<\/li>\n<\/ul>\n<p>Unit 42 \uad00\ub9ac\ud615 \uc704\ud611 \ud5cc\ud305 \ud300\uc740 7\uc6d4 17\uc77c\uc5d0 \uc138 \uac00\uc9c0 \ub2e4\ub978 \ud615\ud0dc\uc758 \uc775\uc2a4\ud50c\ub85c\uc787 \ud65c\ub3d9\uc744 \ud655\uc778\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<h3><a id=\"post-148551-_heading=h.22togsa6jx7a\"><\/a>\ubcc0\ud615 1<\/h3>\n<p>\uc774 \ubcc0\ud615\uc5d0\uc11c\ub294 PowerShell \uba85\ub839\uc744 \ud638\ucd9c\ud558\ub294 \uba85\ub839 \uc178\uc758 \uba85\ub839 \uc2e4\ud589\uc774 \uad00\ucc30\ub418\uc5c8\uc2b5\ub2c8\ub2e4. \uc5d4\ub4dc\ud3ec\uc778\ud2b8\uc5d0\uc11c <span style=\"font-family: 'courier new', courier, monospace;\">web.config<\/span> \ud30c\uc77c\uc744 \ubc18\ubcf5\ud558\uace0 \ud574\ub2f9 \ud30c\uc77c\uc758 \ub0b4\uc6a9\uc744 <span style=\"font-family: 'courier new', courier, monospace;\">debug_dev.js<\/span>\ub77c\ub294 \ud30c\uc77c\uc5d0 \uc800\uc7a5\ud558\ub824\uace0 \ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uadf8\ub9bc 2\uc740 \uad00\ucc30\ub41c \uba85\ub839\uc744 \ubcf4\uc5ec\uc90d\ub2c8\ub2e4.<\/p>\n<figure id=\"attachment_148563\" aria-describedby=\"caption-attachment-148563\" style=\"width: 1000px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-148563 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-878512-148551-2.png\" alt=\"\ud14d\uc2a4\ud2b8 \ud3b8\uc9d1\uae30\uc5d0\uc11c \uacbd\ub85c\uc640 \ud655\uc7a5\uc790\ub97c \ud3ec\ud568\ud55c \ucf54\ub4dc\ub97c \ud45c\uc2dc\ud558\ub294 \uc2a4\ud06c\ub9b0\uc0f7\uc785\ub2c8\ub2e4.\" width=\"1000\" height=\"407\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-878512-148551-2.png 1464w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-878512-148551-2-786x320.png 786w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-878512-148551-2-768x313.png 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><figcaption id=\"caption-attachment-148563\" class=\"wp-caption-text\">\uadf8\ub9bc 2. SharePoint \ucde8\uc57d\uc810\uc758 \uc2e4\uc81c \uc545\uc6a9\uc5d0\uc11c \ud655\uc778\ub41c \uba85\ub839.<\/figcaption><\/figure>\n<p>\uadf8\ub9bc 2\uc5d0 \ud45c\uc2dc\ub41c \uba85\ub839\uc740 \ub2e4\uc74c \uc791\uc5c5\uc744 \uc218\ud589\ud569\ub2c8\ub2e4.<\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">web.config<\/span> \ud30c\uc77c\uc5d0 \ub300\ud574 \ubc18\ubcf5\ud560 \uc18c\uc2a4 \ub514\ub809\ud1a0\ub9ac \uc124\uc815\ud558\uae30<\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">debug_dev.js<\/span>\ub77c\ub294 \ube48 \ud30c\uc77c \uc0dd\uc131\ud558\uae30<\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">web.config<\/span> \ud30c\uc77c\uc758 \uc18c\uc2a4 \ub514\ub809\ud1a0\ub9ac \ubc18\ubcf5\ud558\uae30<\/li>\n<li><span style=\"font-family: georgia, palatino, serif;\">web.config <\/span>\ud30c\uc77c\uc774 \uc788\ub294 \uacbd\uc6b0, <span style=\"font-family: 'courier new', courier, monospace;\">web.config<\/span>\uc758 \ub370\uc774\ud130\ub97c <span style=\"font-family: 'courier new', courier, monospace;\">debug_dev.js<\/span>\uc5d0 \ucd94\uac00\ud558\uae30<\/li>\n<\/ul>\n<h3><a id=\"post-148551-_heading=h.sp8bts3cd2k4\"><\/a>\ubcc0\ud615 2<\/h3>\n<p>\ub610 \ub2e4\ub978 \ubcc0\ud615\uc73c\ub85c, IIS Process Worker(<span style=\"font-family: 'courier new', courier, monospace;\">w3wp.exe<\/span>)\uac00 \uba85\ub839 \uc178\uc744 \ud638\ucd9c\ud558\uc5ec \uc544\ub798 \uadf8\ub9bc 3\uc5d0 \ud45c\uc2dc\ub41c Base64\ub85c \uc778\ucf54\ub529\ub41c PowerShell \uba85\ub839\uc744 \uc2e4\ud589\ud558\ub294 \uac83\uc744 \uad00\ucc30\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<figure id=\"attachment_148574\" aria-describedby=\"caption-attachment-148574\" style=\"width: 1000px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-148574 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-880813-148551-3.png\" alt=\"\ud30c\uc77c \uacbd\ub85c\uc640 \uc2dc\uc2a4\ud15c \uba85\ub839\uc774 \ud3ec\ud568\ub41c \uc778\ucf54\ub529 \ubc0f \ub514\ucf54\ub529\ub41c Base64 \ubb38\uc790\uc5f4 \uc904\uc774 \ud3ec\ud568\ub41c \ucef4\ud4e8\ud130 \ucf54\ub4dc\uc758 \uc2a4\ud06c\ub9b0\uc0f7\uc785\ub2c8\ub2e4.\" width=\"1000\" height=\"568\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-880813-148551-3.png 1480w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-880813-148551-3-775x440.png 775w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-880813-148551-3-1233x700.png 1233w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-880813-148551-3-768x436.png 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><figcaption id=\"caption-attachment-148574\" class=\"wp-caption-text\">\uadf8\ub9bc 3. \uc774 \ubcc0\ud615\uc5d0\uc11c \ud655\uc778\ub41c Base64\ub85c \uc778\ucf54\ub529\ub41c PowerShell \uba85\ub839.<\/figcaption><\/figure>\n<p>\uadf8\ub9bc 3\uc5d0 \ud45c\uc2dc\ub41c \uba85\ub839\uc740 <span style=\"font-family: 'courier new', courier, monospace;\">C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WEBSER~1\\16\\TEMPLATE\\LAYOUTS\\spinstall0.aspx<\/span>\uc5d0 \ud30c\uc77c\uc744 \uc0dd\uc131\ud55c \ub2e4\uc74c \ubcc0\uc218 <span style=\"font-family: 'courier new', courier, monospace;\">$base64string<\/span>\uc5d0 \ud3ec\ud568\ub41c Base64 \ubb38\uc790\uc5f4\uc758 \ub0b4\uc6a9\uc744 \ud30c\uc77c\ub85c \ub514\ucf54\ub529\ud569\ub2c8\ub2e4. <span style=\"font-family: 'courier new', courier, monospace;\">spinstall0.aspx<\/span> \ud30c\uc77c\uc740 ViewState \uc554\ud638\ud654 \ud0a4\ub97c \uc704\uc870\ud558\ub294 \ub370 \ud544\uc694\ud55c \uc11c\ubc84\uc758 <span style=\"font-family: 'courier new', courier, monospace;\">ValidationKeys, DecryptionKeys<\/span> \ubc0f <span style=\"font-family: 'courier new', courier, monospace;\">CompatabilityMode<\/span>\ub97c \uac00\uc838\uc624\ub294 \ub2e4\uc591\ud55c \ud568\uc218\ub97c \uc2e4\ud589\ud560 \uc218 \uc788\ub294 \uc6f9 \uc178\uc785\ub2c8\ub2e4.<\/p>\n<p>\uadf8\ub9bc 4\uc740 \uadf8\ub9bc 3\uc758 \uba85\ub839\uc73c\ub85c \uc0dd\uc131\ub41c <span style=\"font-family: 'courier new', courier, monospace;\">spinstall0.aspx<\/span> \ud30c\uc77c\uc758 \ub0b4\uc6a9\uc744 \ubcf4\uc5ec\uc90d\ub2c8\ub2e4.<\/p>\n<figure id=\"attachment_148585\" aria-describedby=\"caption-attachment-148585\" style=\"width: 1000px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-148585 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-883389-148551-4.png\" alt=\"\ub124\uc784\uc2a4\ud398\uc774\uc2a4\ub97c \ucc38\uc870\ud558\ub294 \uc2a4\ud06c\ub9bd\ud2b8\uac00 \ud3ec\ud568\ub41c \ucf54\ub4dc\ub97c \ud45c\uc2dc\ud558\ub294 \uc2a4\ud06c\ub9b0\uc0f7\uc785\ub2c8\ub2e4.\" width=\"1000\" height=\"527\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-883389-148551-4.png 1492w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-883389-148551-4-786x414.png 786w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-883389-148551-4-1329x700.png 1329w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-883389-148551-4-768x405.png 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><figcaption id=\"caption-attachment-148585\" class=\"wp-caption-text\">\uadf8\ub9bc 4. <span style=\"font-family: 'courier new', courier, monospace;\">spinstall0.aspx<\/span>\uc758 \ub0b4\uc6a9.<\/figcaption><\/figure>\n<h3><a id=\"post-148551-_heading=h.fcds4nhf5vhr\"><\/a>\ubcc0\ud615 3<\/h3>\n<p>\uc774 \ubcc0\ud615\uc740 \ubcc0\ud615 2\uc640 \uac70\uc758 \ub3d9\uc77c\ud558\uc9c0\ub9cc \uba87 \uac00\uc9c0 \uc0ac\uc18c\ud55c \ucc28\uc774\uc810\uc774 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<ul>\n<li>\ub2e4\uc74c \uacbd\ub85c\uc5d0 <span style=\"font-family: 'courier new', courier, monospace;\">spinstall0.aspx<\/span> \ud30c\uc77c \uc791\uc131\ud558\uae30: <span style=\"font-family: 'courier new', courier, monospace;\">C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WEBSER~1\\15\\TEMPLATE\\LAYOUTS\\spinstall0.aspx<\/span>\n<ul>\n<li>\ucc28\uc774\uc810\uc740 \ub514\ub809\ud1a0\ub9ac\uac00 15\uc778\uc9c0 16\uc778\uc9c0\uc5d0 \uc788\uc74c<\/li>\n<\/ul>\n<\/li>\n<li>\ubcc0\uc218\ub97c \ub2e8\uc77c \ubb38\uc790\ub85c \uc774\ub984 \ubc14\uafb8\uae30<\/li>\n<li>\ub9c8\uc9c0\ub9c9\uc5d0 sleep \ud568\uc218 \ud638\ucd9c\ud558\uae30<\/li>\n<\/ul>\n<p>\uc544\ub798 \uadf8\ub9bc 5\ub294 \uc774 \ubcc0\ud615\uc758 \uc608\ub97c \ubcf4\uc5ec\uc90d\ub2c8\ub2e4.<\/p>\n<figure id=\"attachment_148596\" aria-describedby=\"caption-attachment-148596\" style=\"width: 1000px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-148596 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-885749-148551-5.png\" alt=\"\ud504\ub85c\uadf8\ub798\ubc0d \ucf54\ub4dc \ube14\ub85d\uc744 \ud45c\uc2dc\ud558\ub294 \ucef4\ud4e8\ud130 \ud654\uba74\uc758 \uc2a4\ud06c\ub9b0\uc0f7\uc785\ub2c8\ub2e4.\" width=\"1000\" height=\"592\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-885749-148551-5.png 1496w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-885749-148551-5-743x440.png 743w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-885749-148551-5-1182x700.png 1182w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-885749-148551-5-768x455.png 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><figcaption id=\"caption-attachment-148596\" class=\"wp-caption-text\">\uadf8\ub9bc 5. \uc775\uc2a4\ud50c\ub85c\uc787 \ud65c\ub3d9\uc758 \ubcc0\ud615 3.<\/figcaption><\/figure>\n<h2><a id=\"post-148551-_heading=h.23suvv26a9k7\"><\/a>\uc784\uc2dc \uc9c0\uce68<\/h2>\n<p>Palo Alto Networks\uc640 Unit 42\ub294 MSRC\uc640 \uae34\ubc00\ud788 \ud611\ub825\ud558\uace0 \uc788\uc73c\uba70 \ub2e4\uc74c\uacfc \uac19\uc740 \uc911\uc694\ud55c \uc870\uce58\ub97c \uad8c\uc7a5\ud569\ub2c8\ub2e4.<\/p>\n<ul>\n<li><strong>\uc704\ud611 \uc5b5\uc81c<\/strong>: \ucde8\uc57d\ud55c \uc628\ud504\ub808\ubbf8\uc2a4 SharePoint \uc11c\ubc84\ub294 \uc644\uc804\ud788 \ubcf4\ud638\ub418\uace0 \ubb38\uc81c\uac00 \ud574\uacb0\ub420 \ub54c\uae4c\uc9c0 \uc989\uc2dc \uc778\ud130\ub137\uc5d0\uc11c \uc5f0\uacb0\uc744 \ud574\uc81c\ud558\uc138\uc694.<\/li>\n<li><strong>\ud328\uce58 \ubc0f \ubcf4\uc548 \uac15\ud654<\/strong>: Microsoft\uc758 \ubaa8\ub4e0 \uad00\ub828 \ubcf4\uc548 \ud328\uce58\uac00 \ucd9c\uc2dc\ub418\ub294 \ub300\ub85c \ud574\ub2f9 \ud328\uce58\ub97c \uc801\uc6a9\ud558\uc138\uc694. \uacb0\uc815\uc801\uc73c\ub85c, \ubaa8\ub4e0 \uc554\ud638\ud654 \uc790\ub8cc\ub97c \uad50\uccb4\ud558\uace0 \uad00\ub828 \uc790\uaca9 \uc99d\uba85\uc744 \uc7ac\uc124\uc815\ud574\uc57c \ud569\ub2c8\ub2e4.<\/li>\n<li><strong>\uc804\ubb38\uc801\uc778 \uc778\uc2dc\ub358\ud2b8 \ub300\uc751 \ucc38\uc5ec<\/strong>: \uc798\ubabb\ub41c \ubcf4\uc548 \uc758\uc2dd\uc73c\ub85c \uc778\ud574 \uc7a5\uae30\uac04 \ub178\ucd9c\ub85c \uc774\uc5b4\uc9c8 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc601\ud5a5\uc744 \ubc1b\ub294 \uc870\uc9c1\uc740 \uc804\ubb38\uc801\uc778 \uc778\uc2dc\ub358\ud2b8 \ub300\uc751 \ud300\uacfc \ud611\ub825\ud558\uc5ec \ucca0\uc800\ud55c \uce68\ud574 \ud3c9\uac00\ub97c \uc218\ud589\ud558\uace0, \uc124\uce58\ub41c \ubc31\ub3c4\uc5b4\ub97c \ucc3e\uc544\ub0b4\uba70, \uc704\ud611\uc744 \ud658\uacbd\uc5d0\uc11c \uc644\uc804\ud788 \uc81c\uac70\ud560 \uac83\uc744 \uac15\ub825\ud788 \uad8c\uace0\ud569\ub2c8\ub2e4.<\/li>\n<\/ul>\n<p>\ub610\ud55c Palo Alto Networks\ub294 Microsoft\uc758 \ud328\uce58 \ub610\ub294 \uc644\ud654 \uc9c0\uce68\uc744 \ub530\ub97c \uac83\uc744 \uad8c\uc7a5\ud569\ub2c8\ub2e4.<\/p>\n<ul>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-49704\" target=\"_blank\" rel=\"noopener\">CVE-2025-49704<\/a><\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-49706\" target=\"_blank\" rel=\"noopener\">CVE-2025-49706<\/a><\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-53770\" target=\"_blank\" rel=\"noopener\">CVE-2025-53770<\/a><\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-53771\" target=\"_blank\" rel=\"noopener\">CVE-2025-53771<\/a><\/li>\n<\/ul>\n<p><a href=\"https:\/\/msrc.microsoft.com\/blog\/2025\/07\/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770\/\" target=\"_blank\" rel=\"noopener\">CVE-2025-53770 \ubc0f CVE-2025-53771<\/a>\uc5d0 \ub300\ud55c Microsoft\uc758 \ucd94\uac00 \uc9c0\uce68\uc744 \ucc38\uc870\ud558\uc138\uc694. Microsoft\ub294 CVE-2025-53770\uc5d0 \ub300\ud55c \uc5c5\ub370\uc774\ud2b8\uc5d0 CVE-2025-49704\uc5d0 \ub300\ud55c \uc5c5\ub370\uc774\ud2b8\ubcf4\ub2e4 \ub354 \uac15\ub825\ud55c \ubcf4\ud638 \uae30\ub2a5\uc774 \ud3ec\ud568\ub418\uc5b4 \uc788\ub2e4\uace0 \ub9d0\ud569\ub2c8\ub2e4. CVE-2025-53771\uc5d0 \ub300\ud55c \uc5c5\ub370\uc774\ud2b8\uc5d0\ub294 CVE-2025-49706\uc5d0 \ub300\ud55c \uc5c5\ub370\uc774\ud2b8\ubcf4\ub2e4 \ub354 \uac15\ub825\ud55c \ubcf4\ud638 \uae30\ub2a5\uc774 \ud3ec\ud568\ub418\uc5b4 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p><strong>2025\ub144 7\uc6d4 25\uc77c \uc5c5\ub370\uc774\ud2b8:<\/strong> <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/07\/22\/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities\/\" target=\"_blank\" rel=\"noopener\">Microsoft<\/a>\ub294 \uba38\uc2e0 \ud0a4 \uc21c\ud658\uc744 \uc704\ud574 \ub2e4\uc74c\uc744 \uad8c\uc7a5\ud569\ub2c8\ub2e4.<\/p>\n<ol>\n<li>Microsoft\uc758 \ubcf4\uc548 \uc5c5\ub370\uc774\ud2b8 \uc801\uc6a9<\/li>\n<li>ASP.NET \uba38\uc2e0 \ud0a4\ub97c \ub2e4\uc2dc \ud68c\uc804<\/li>\n<li>IIS \uc6f9 \uc11c\ubc84\ub97c \ub2e4\uc2dc \uc2dc\uc791\ud569\ub2c8\ub2e4.<\/li>\n<\/ol>\n<h2><a id=\"post-148551-_heading=h.kegh8qflek83\"><\/a>Unit 42 \uad00\ub9ac\ud615 \uc704\ud611 \ud5cc\ud305 \uc11c\ube44\uc2a4<\/h2>\n<p>Unit 42 \uad00\ub9ac\ud615 \uc704\ud611 \ud5cc\ud305 \ud300\uc740 Cortex XDR\uacfc \uc544\ub798 XQL \ucffc\ub9ac\ub97c \uc0ac\uc6a9\ud558\uc5ec \uace0\uac1d \uc804\ubc18\uc5d0\uc11c \uc774\ub7ec\ud55c \ucde8\uc57d\uc810\uc744 \uc545\uc6a9\ud558\ub824\ub294 \uc2dc\ub3c4\ub97c \uc9c0\uc18d\uc801\uc73c\ub85c \ucd94\uc801\ud558\uace0 \uc788\uc2b5\ub2c8\ub2e4. Cortex XDR \uace0\uac1d\uc740 \uc774\ub7ec\ud55c XQL \ucffc\ub9ac\ub97c \uc0ac\uc6a9\ud558\uc5ec \uc775\uc2a4\ud50c\ub85c\uc787 \uc9d5\ud6c4\ub97c \uac80\uc0c9\ud560 \uc218\ub3c4 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<pre class=\"lang:default decode:true\">\/\/ Note: This query will only work on agents 8.7 or higher\r\n\/\/ Description: This query leverages DotNet telemetry to identify references to ToolPane.exe, and extracts fields to provide additional context.\r\ndataset = xdr_data\r\n| fields _time, agent_hostname, actor_effective_username, actor_process_image_name, actor_process_image_path, actor_process_command_line, dynamic_event_string_map, event_thread_context, event_type\r\n| filter event_type = ENUM.DOT_NET and actor_process_image_name = \"w3wp.exe\" and event_thread_context contains \"ToolPane.aspx\"\r\n\r\n\/\/ Extract the IIS application pool name from command line\r\n| alter IIS_appName = arrayindex(regextract(actor_process_command_line, \"\\-ap\\s+\\\"([^\\\"]+)\\\"\"), 0)\r\n\r\n\/\/ Extract fields from the dynamic_string_string_map:\r\n\/\/ EventSrcIP - Logged IP address by the IIS server\r\n\/\/ RequestURI - The requested URL by the threat actor\r\n\/\/ Payload - time he decoded .NET payload from exploitation\r\n\/\/ Headers - HTTP request headers\r\n| alter EventSrcIP = trim(json_extract(dynamic_event_string_map, \"$.27\"), \"\\\"\"),\r\n        RequestURI = trim(json_extract(dynamic_event_string_map, \"$.26\"), \"\\\"\"),\r\n        Payload = trim(json_extract(dynamic_event_string_map, \"$.30\"), \"\\\"\"),\r\n        Headers = trim(json_extract(dynamic_event_string_map, \"$.32\"), \"\\\"\")\r\n\r\n\/\/ Extract the X-Forwarded-For headers from the Headers field in an attempt to identify the source of exploitation\r\n| alter x_forwarded_for_header = regextract(lowercase(Headers), \"\\|(?:client-ip|x-forwarded-for)\\:((?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[1-9])(?:\\.(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])){3})\\|\")\r\n\r\n| fields _time, agent_hostname, actor_effective_username, actor_process_image_path, actor_process_command_line, IIS_appName, dynamic_event_string_map, event_thread_context, EventSrcIP, x_forwarded_for_header, RequestURI, Payload, Headers\r\n<\/pre>\n<pre class=\"lang:default decode:true\">\/\/ Description: This query identifies specific files being written to the observed file paths during exploitation. This query may identify false-positive, legitimate files.\r\ndataset = xdr_data \r\n| fields _time, agent_hostname, causality_actor_process_image_name, causality_actor_process_command_line, actor_process_image_name, actor_process_command_line, action_file_name, action_file_path, action_file_extension, action_file_sha256, event_type, event_sub_type \r\n| filter event_type = ENUM.FILE and event_sub_type in (ENUM.FILE_WRITE, ENUM.FILE_CREATE_NEW) and lowercase(action_file_path) ~= \"web server extensions\\\\1[5-6]\\\\template\\\\layouts\" and lowercase(action_file_extension) in (\"asp\", \"aspx\", \"js\", \"txt\", \"css\")\r\n| filter lowercase(actor_process_image_name) in (\"powershell.exe\", \"cmd.exe\", \"w3wp.exe\")\r\n| comp values(action_file_name) as action_file_name, values(action_file_path) as action_file_path, values(actor_process_command_line) as actor_process_command_line by agent_hostname, actor_process_image_name addrawdata = true\r\n<\/pre>\n<pre class=\"lang:default decode:true\">\/\/ Description: This query identifies the IIS Process Worker, w3wp invoking a command shell which executes a base64 encodedPowerShell command. This is not specific to the CVE, and may catch potential other post-exploitation activity.\r\ndataset = xdr_data \r\n| fields _time, agent_hostname, causality_actor_process_image_name, actor_process_image_name, actor_process_command_line, action_process_image_name, action_process_image_command_line , event_type, event_sub_type \r\n| filter event_type = ENUM.PROCESS and event_sub_type = ENUM.PROCESS_START and lowercase(causality_actor_process_image_name) = \"w3wp.exe\" and lowercase(actor_process_image_name) = \"cmd.exe\" and lowercase(action_process_image_name) = \"powershell.exe\" and action_process_image_command_line  ~= \"(?:[A-Za-z0-9+\\\/]{4})*(?:[A-Za-z0-9+\\\/]{4}|[A-Za-z0-9+\\\/]{3}=|[A-Za-z0-9+\\\/]{2}={2})\"\r\n<\/pre>\n<h2><a id=\"post-148551-_heading=h.cggezlezg54n\"><\/a>\uacb0\ub860<\/h2>\n<p>\uc2e4\uc81c \ud658\uacbd\uc5d0\uc11c\uc758 \uc775\uc2a4\ud50c\ub85c\uc787\uacfc \ud574\ub2f9 \uc775\uc2a4\ud50c\ub85c\uc787\uc758 \uc6a9\uc774\uc131\uacfc \ud6a8\uacfc\ub97c \uad00\ucc30\ud55c \uacb0\uacfc, Palo Alto Networks\ub294 \uc870\uc9c1\uc744 \ubcf4\ud638\ud558\uae30 \uc704\ud574 Microsoft\uc758 \uc9c0\uce68\uc744 \ub530\ub97c \uac83\uc744 \uc801\uadf9 \uad8c\uc7a5\ud569\ub2c8\ub2e4. Palo Alto Networks\uc640 Unit 42\ub294 \ucd5c\uc2e0 \uc815\ubcf4\ub97c \ud30c\uc545\ud558\uae30 \uc704\ud574 \uacc4\uc18d\ud574\uc11c \uc0c1\ud669\uc744 \ubaa8\ub2c8\ud130\ub9c1\ud560 \uc608\uc815\uc785\ub2c8\ub2e4.<\/p>\n<p>Palo Alto Networks\ub294 Cyber Threat Alliance(CTA) \ud68c\uc6d0\uc0ac\ub4e4\uacfc \uc870\uc0ac \uacb0\uacfc\ub97c \uacf5\uc720\ud588\uc2b5\ub2c8\ub2e4. CTA \ud68c\uc6d0\uc0ac\ub294 \uc774 \uc778\ud154\ub9ac\uc804\uc2a4\ub97c \uc0ac\uc6a9\ud558\uc5ec \uace0\uac1d\uc5d0\uac8c \ubcf4\ud638 \uae30\ub2a5\uc744 \uc2e0\uc18d\ud558\uac8c \ubc30\ud3ec\ud558\uace0 \uc545\uc758\uc801\uc778 \uc0ac\uc774\ubc84 \ud589\uc704\uc790\ub97c \uccb4\uacc4\uc801\uc73c\ub85c \ucc28\ub2e8\ud569\ub2c8\ub2e4. <a href=\"https:\/\/www.cyberthreatalliance.org\/\" target=\"_blank\" rel=\"noopener\">Cyber Threat Alliance<\/a>\uc5d0 \ub300\ud574 \uc790\uc138\ud788 \uc54c\uc544\ubcf4\uc138\uc694.<\/p>\n<p>Palo Alto Networks \uace0\uac1d\uc740 \uc544\ub798\uc5d0 \ub098\uc5f4\ub41c \ub2f9\uc0ac \uc81c\ud488\uc744 \ud1b5\ud574 \ub354 \uc548\uc804\ud558\uac8c \ubcf4\ud638\ubc1b\uc744 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \ub354 \ub9ce\uc740 \uad00\ub828 \uc815\ubcf4\uac00 \uc785\uc218\ub418\ub294 \ub300\ub85c \uc774 \uc704\ud611 \uac1c\uc694\ub97c \uc5c5\ub370\uc774\ud2b8\ud560 \uc608\uc815\uc785\ub2c8\ub2e4.<\/p>\n<h2><a id=\"post-148551-_heading=h.k8xocklrbx1p\"><\/a>Microsoft SharePoint \ucde8\uc57d\uc810\uc758 \uc2e4\uc81c \uc545\uc6a9\uc5d0 \ub300\ud55c Palo Alto Networks \uc81c\ud488 \ubcf4\ud638 \uae30\ub2a5<\/h2>\n<p>Palo Alto Networks \uace0\uac1d\uc740 \ub2e4\uc591\ud55c \uc81c\ud488 \ubcf4\ud638 \uae30\ub2a5 \ubc0f \uc5c5\ub370\uc774\ud2b8\ub97c \ud65c\uc6a9\ud558\uc5ec \uc774 \uc704\ud611\uc744 \uc2dd\ubcc4\ud558\uace0 \ubc29\uc5b4\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uac1c\uc778\uc815\ubcf4\uac00 \uc720\ucd9c\ub418\uc5c8\ub2e4\uace0 \uc0dd\uac01\ub418\uac70\ub098 \uae34\uae09\ud55c \ubb38\uc81c\uac00 \uc788\ub294 \uacbd\uc6b0 <a href=\"https:\/\/start.paloaltonetworks.com\/contact-unit42.html\" target=\"_blank\" rel=\"noopener\">Unit 42 \uc778\uc2dc\ub358\ud2b8 \ub300\uc751 \ud300<\/a>\uc5d0 \ubb38\uc758\ud558\uac70\ub098 \uc804\ud654\ud558\uc138\uc694.<\/p>\n<ul>\n<li>\ubd81\ubbf8: \ubb34\ub8cc \uc804\ud654: +1(866) 486-4842(866.4.unit42)<\/li>\n<li>\uc601\uad6d: +44.20.3743.3660<\/li>\n<li>\uc720\ub7fd \ubc0f \uc911\ub3d9: +31.20.299.3130<\/li>\n<li>\uc544\uc2dc\uc544: +65.6983.8730<\/li>\n<li>\uc77c\ubcf8: +81.50.1790.0200<\/li>\n<li>\ud638\uc8fc: +61.2.4062.7950<\/li>\n<li>\uc778\ub3c4: 00080005045107<\/li>\n<\/ul>\n<h3><a id=\"post-148551-_heading=h.ss2uhhv9zmqy\"><\/a>\uace0\uae09 Threat Prevention \uae30\ub2a5\uc744 \uac16\ucd98 \ucc28\uc138\ub300 \ubc29\ud654\ubcbd<\/h3>\n<p><a href=\"https:\/\/docs.paloaltonetworks.com\/advanced-threat-prevention\/administration\" target=\"_blank\" rel=\"noopener\">Advanced Threat Prevention<\/a> \ubcf4\uc548 \uad6c\ub3c5\uc744 \uc0ac\uc6a9\ud558\ub294 <a href=\"https:\/\/docs.paloaltonetworks.com\/ngfw\" target=\"_blank\" rel=\"noopener\">Next-Generation Firewall<\/a> \uc740 \ub2e4\uc74c\uc758 \uc704\ud611 \ubc29\uc9c0 \uc2dc\uadf8\ub2c8\ucc98(<a href=\"https:\/\/threatvault.paloaltonetworks.com\/?query=96481\" target=\"_blank\" rel=\"noopener\">96481<\/a>, <a href=\"https:\/\/threatvault.paloaltonetworks.com\/?query=96436\" target=\"_blank\" rel=\"noopener\">96436<\/a>, <a href=\"https:\/\/threatvault.paloaltonetworks.com\/?query=96496\" target=\"_blank\" rel=\"noopener\">96496<\/a>.)\ub97c \ud1b5\ud574 CVE-2025-49704, CVE-2025-49706 \ubc0f CVE-2025-53771\uc758 \uc545\uc6a9\uc744 \ucc28\ub2e8\ud558\ub294 \ub370 \ub3c4\uc6c0\uc774 \ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<h3><a id=\"post-148551-_heading=h.iri4pnknnc9k\"><\/a>\ucc28\uc138\ub300 \ubc29\ud654\ubcbd\uc744 \uc704\ud55c \ud074\ub77c\uc6b0\ub4dc \uc81c\uacf5 \ubcf4\uc548 \uc11c\ube44\uc2a4<\/h3>\n<p><a href=\"https:\/\/docs.paloaltonetworks.com\/pan-os\/10-1\/pan-os-new-features\/url-filtering-features\/advanced-url-filtering\" target=\"_blank\" rel=\"noopener\">Advanced URL Filtering<\/a> \ubc0f <a href=\"https:\/\/docs.paloaltonetworks.com\/dns-security\" target=\"_blank\" rel=\"noopener\">Advanced DNS Security<\/a>\ub294 \uc774 \ud65c\ub3d9\uacfc \uad00\ub828\ub41c \uc54c\ub824\uc9c4 IP \uc8fc\uc18c\ub97c \uc545\uc131\uc73c\ub85c \uc2dd\ubcc4\ud569\ub2c8\ub2e4.<\/p>\n<h3><a id=\"post-148551-_heading=h.2pstzma4r7sm\"><\/a>Cortex<\/h3>\n<p>Cortex\ub294 <a href=\"https:\/\/xsoar.pan.dev\/docs\/reference\/playbooks\/cve-2025-49704-and-cve-2025-49706-and-cve-2025-53770-and-cve-2025-53771---microsoft-share-point-tool-shell-vulnerability-chain\" target=\"_blank\" rel=\"noopener\">Cortex Response and Remediation Pack<\/a>\uc758 \uc77c\ubd80\ub85c \ud50c\ub808\uc774\ubd81(playbook)\uc744 \ucd9c\uc2dc\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<p>SharePoint \"ToolShell\" \uc54c\ub9bc \ub610\ub294 \uc218\ub3d9 \uc2e4\ud589\uc5d0 \uc758\ud574 \ud2b8\ub9ac\uac70\ub418\ub294 \uc774 \ud50c\ub808\uc774\ubd81\uc740 \uba3c\uc800 \uacbd\ub7c9 XQL \ucffc\ub9ac\ub97c \ud1b5\ud574 \ubaa8\ub4e0 SharePoint \ud638\uc2a4\ud2b8\ub97c \ud551\uac70\ud504\ub9b0\ud305\ud569\ub2c8\ub2e4. \uadf8\ub7f0 \ub2e4\uc74c \ub2e4\uc74c \ud56d\ubaa9\uc744 \ubcd1\ub82c\ub85c \ud5cc\ud305\ud569\ub2c8\ub2e4.<\/p>\n<ul>\n<li>\ub514\uc2a4\ud06c\uc5d0 \uc0c8\ub85c \uc791\uc131\ub41c \uc6f9 \uc178(web shells)<\/li>\n<li>CVE \uc545\uc6a9 \ubc0f \uc6f9 \uc178 \uc561\uc138\uc2a4\uc5d0 \ub300\ud55c \ud2b8\ub798\ud53d \ub85c\uadf8<\/li>\n<li>\uacf5\uaca9\uc790 IP \ubc0f \ud398\uc774\ub85c\ub4dc\ub97c \uac00\uc838\uc624\uae30 \uc704\ud55c .NET \uc6d0\uaca9 \uce21\uc815<\/li>\n<li>Unit 42 \uc9c0\ud45c\uc640 \ub85c\uceec\uc5d0\uc11c \ucd94\ucd9c\ub41c \ub370\uc774\ud130\ub97c \ubcd1\ud569\ud558\ub294 IoC(\uce68\ud574 \uc9c0\ud45c)<\/li>\n<li>\uacf5\uaca9 \uc804\ud6c4 \ud589\uc704<\/li>\n<\/ul>\n<p>\ud655\uc778\ub41c \ubaa8\ub4e0 \uc9c0\ud45c\ub294 \uc790\ub3d9\uc73c\ub85c \ucc28\ub2e8\ub429\ub2c8\ub2e4.<\/p>\n<p>\uc2e4\ud589\uc740 \uba38\uc2e0 \ud0a4 \uc21c\ud658, 2025\ub144 7\uc6d4 \ud328\uce58 \ub9c1\ud06c \ubc0f \uc704\ud611 \ud5cc\ud305 \uacb0\uacfc\uc5d0 \ub300\ud55c \uc911\uc559 \uc9d1\uc911\uc2dd \ubcf4\uae30\ub97c \ud45c\uc2dc\ud558\uba70 \uc885\ub8cc\ub429\ub2c8\ub2e4.<\/p>\n<h3><a id=\"post-148551-_heading=h.3gmrag5r8w84\"><\/a>Cortex Cloud<\/h3>\n<p><a href=\"https:\/\/docs-cortex.paloaltonetworks.com\/r\/Cortex-CLOUD\/Cortex-Cloud-Posture-Management-Release-Notes\/July-2025\" target=\"_blank\" rel=\"noopener\">Cortex Cloud<\/a> \ubc84\uc804 1.2\ub294 CVE-2025-49704 \ubc0f CVE-2025-49706\uc758 \uc545\uc6a9 \uccb4\uc778\uacfc \uad00\ub828\ub41c \ucde8\uc57d\uc810\uc744 \ucc3e\uc544 \uc54c\ub824\uc9c4 \uc545\uc6a9 \ud65c\ub3d9\uc744 \ucc28\ub2e8\ud558\uace0, CVE-2025-53770 \ubc0f CVE-2025-53771 \uccb4\uc778\uacfc \uad00\ub828\ub41c \uc54c\ub824\uc9c4 \uc545\uc6a9 \ud65c\ub3d9\uc744 \ubcf4\uace0\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<h3><a id=\"post-148551-_heading=h.lgahqcz6a06c\"><\/a>Cortex XDR \ubc0f XSIAM<\/h3>\n<p>\ucf58\ud150\uce20 \ubc84\uc804\uc774 1870-19884(\ub610\ub294 1880-19902)\uc778 <a href=\"https:\/\/docs-cortex.paloaltonetworks.com\/p\/XDR\" target=\"_blank\" rel=\"noopener\">Cortex XDR<\/a> \uc5d0\uc774\uc804\ud2b8 \ubc84\uc804 8.7\uc740 CVE-2025-49704 \ubc0f CVE-2025-49706\uc758 \uc775\uc2a4\ud50c\ub85c\uc787 \uccb4\uc778\uacfc \uad00\ub828\ub41c \uc54c\ub824\uc9c4 \uc775\uc2a4\ud50c\ub85c\uc787 \ud65c\ub3d9\uc744 \ucc28\ub2e8\ud558\uace0 CVE-2025-53770 \ubc0f CVE-2025-53771\uc758 \uccb4\uc778\uc5d0 \uad00\ub828\ub41c \uc54c\ub824\uc9c4 \uc775\uc2a4\ud50c\ub85c\uc787 \ud65c\ub3d9\uc744 \ubcf4\uace0\ud569\ub2c8\ub2e4.<\/p>\n<h3><a id=\"post-148551-_heading=h.rvaogm3q8urw\"><\/a>Cortex Xpanse<\/h3>\n<p><a href=\"https:\/\/docs-cortex.paloaltonetworks.com\/p\/XPANSE\" target=\"_blank\" rel=\"noopener\">Cortex Xpanse<\/a>\ub294 \uacf5\uc6a9 \uc778\ud130\ub137\uc5d0\uc11c \ub178\ucd9c\ub41c SharePoint \ub514\ubc14\uc774\uc2a4\ub97c \uc2dd\ubcc4\ud558\uace0 \uc774\ub7ec\ud55c \ubc1c\uacac\uc744 \ubc29\uc5b4\uc790\uc5d0\uac8c \uc5d0\uc2a4\uceec\ub808\uc774\uc158\ud558\ub294 \uae30\ub2a5\uc744 \uac16\ucd94\uace0 \uc788\uc2b5\ub2c8\ub2e4. \uace0\uac1d\uc740 SharePoint Server \uacf5\uaca9 \ud45c\uba74 \uaddc\uce59\uc774 \ud65c\uc131\ud654\ub418\uc5b4 \uc788\ub294\uc9c0 \ud655\uc778\ud558\uc5ec \uc778\ud130\ub137\uc5d0 \ub178\ucd9c\ub41c SharePoint\uc5d0 \ub300\ud55c \uacbd\uace0\ub97c \ud65c\uc131\ud654\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \ud655\uc778\ub41c \uacb0\uacfc\ub294 <a href=\"https:\/\/docs-cortex.paloaltonetworks.com\/r\/Cortex-XPANSE\/2\/Cortex-Xpanse-Expander-User-Guide\/Threat-Response-Center\" target=\"_blank\" rel=\"noopener\">\uc704\ud611 \ub300\uc751 \uc13c\ud130<\/a> \ub610\ub294 Expander\uc758 \uc778\uc2dc\ub358\ud2b8 \ubcf4\uae30\uc5d0\uc11c \ud655\uc778\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc774\ub7ec\ud55c \uacb0\uacfc\ub294 ASM \ubaa8\ub4c8\uc744 \uad6c\ub9e4\ud55c Cortex XSIAM \uace0\uac1d\uc5d0\uac8c\ub3c4 \uc81c\uacf5\ub429\ub2c8\ub2e4.<\/p>\n<h2><a id=\"post-148551-_heading=h.1fcl371ahc9j\"><\/a>\uc190\uc0c1 \uc9c0\ud45c<\/h2>\n<p>\ud45c 2\ub294 Unit 42\uc5d0\uc11c \uad00\ucc30\ud55c SharePoint \uc775\uc2a4\ud50c\ub85c\uc787 \ud65c\ub3d9\uacfc \uad00\ub828\ub41c \uc9c0\ud45c \ubaa9\ub85d\uacfc \uadf8 \uc124\uba85\uc744 \ubcf4\uc5ec\uc90d\ub2c8\ub2e4.<\/p>\n<table>\n<tbody>\n<tr style=\"height: 24px;\">\n<td style=\"height: 24px; text-align: center;\"><b>\uc9c0\ud45c<\/b><\/td>\n<td style=\"height: 24px; text-align: center;\"><b>\uc124\uba85<\/b><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"text-align: left; height: 25px;\"><span style=\"font-family: 'courier new', courier, monospace;\">107.191.58[.]76<\/span><\/td>\n<td style=\"height: 25px; text-align: left;\"><span style=\"font-weight: 400;\">\uc775\uc2a4\ud50c\ub85c\uc787 \ucd9c\ucc98<\/span>, delivered <span style=\"font-family: 'courier new', courier, monospace;\">spinstall0.aspx<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"text-align: left; height: 25px;\"><span style=\"font-family: 'courier new', courier, monospace;\">104.238.159[.]149<\/span><\/td>\n<td style=\"height: 25px; text-align: left;\"><span style=\"font-weight: 400;\">\uc775\uc2a4\ud50c\ub85c\uc787 \ucd9c\ucc98<\/span>, delivered <span style=\"font-family: 'courier new', courier, monospace;\">spinstall0.aspx<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"text-align: left; height: 25px;\"><span style=\"font-family: 'courier new', courier, monospace;\">96.9.125[.]147<\/span><\/td>\n<td style=\"height: 25px; text-align: left;\"><span style=\"font-weight: 400;\">\uc775\uc2a4\ud50c\ub85c\uc787 \ucd9c\ucc98<\/span>, modules <span style=\"font-family: 'courier new', courier, monospace;\">qlj22mpc<\/span> and <span style=\"font-family: 'courier new', courier, monospace;\">bjcloiyq<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"text-align: left; height: 25px;\"><span style=\"font-family: 'courier new', courier, monospace;\">139.144.199[.]41<\/span><\/td>\n<td style=\"height: 25px; text-align: left;\"><span style=\"font-weight: 400;\">\uc775\uc2a4\ud50c\ub85c\uc787 \ucd9c\ucc98<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"text-align: left; height: 25px;\"><span style=\"font-family: 'courier new', courier, monospace;\">89.46.223[.]88<\/span><\/td>\n<td style=\"height: 25px; text-align: left;\"><span style=\"font-weight: 400;\">\uc775\uc2a4\ud50c\ub85c\uc787 \ucd9c\ucc98<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"text-align: left; height: 25px;\"><span style=\"font-family: 'courier new', courier, monospace;\">45.77.155[.]170<\/span><\/td>\n<td style=\"height: 25px; text-align: left;\"><span style=\"font-weight: 400;\">\uc775\uc2a4\ud50c\ub85c\uc787 \ucd9c\ucc98<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"text-align: left; height: 25px;\"><span style=\"font-family: 'courier new', courier, monospace;\">154.223.19[.]106<\/span><\/td>\n<td style=\"height: 25px; text-align: left;\"><span style=\"font-weight: 400;\">\uc775\uc2a4\ud50c\ub85c\uc787 \ucd9c\ucc98<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"text-align: left; height: 25px;\"><span style=\"font-family: 'courier new', courier, monospace;\">185.197.248[.]131<\/span><\/td>\n<td style=\"height: 25px; text-align: left;\"><span style=\"font-weight: 400;\">\uc775\uc2a4\ud50c\ub85c\uc787 \ucd9c\ucc98<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"text-align: left; height: 25px;\"><span style=\"font-family: 'courier new', courier, monospace;\">149.40.50[.]15<\/span><\/td>\n<td style=\"height: 25px; text-align: left;\"><span style=\"font-weight: 400;\">\uc775\uc2a4\ud50c\ub85c\uc787 \ucd9c\ucc98<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><span style=\"font-family: 'courier new', courier, monospace;\"> 64.176.50[.]109<\/span><\/td>\n<td style=\"text-align: left;\"><span style=\"font-weight: 400;\">\uc775\uc2a4\ud50c\ub85c\uc787 \ucd9c\ucc98<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><span style=\"font-family: 'courier new', courier, monospace;\"> 149.28.124[.]70<\/span><\/td>\n<td style=\"text-align: left;\"><span style=\"font-weight: 400;\">\uc775\uc2a4\ud50c\ub85c\uc787 \ucd9c\ucc98<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><span style=\"font-family: 'courier new', courier, monospace;\">206.166.251[.]228<\/span><\/td>\n<td style=\"text-align: left;\"><span style=\"font-weight: 400;\">\uc775\uc2a4\ud50c\ub85c\uc787 \ucd9c\ucc98<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><span style=\"font-family: 'courier new', courier, monospace;\">95.179.158[.]42<\/span><\/td>\n<td style=\"text-align: left;\"><span style=\"font-weight: 400;\">\uc775\uc2a4\ud50c\ub85c\uc787 \ucd9c\ucc98<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><span style=\"font-family: 'courier new', courier, monospace;\">86.48.9[.]38<\/span><\/td>\n<td style=\"text-align: left;\"><span style=\"font-weight: 400;\">\uc775\uc2a4\ud50c\ub85c\uc787 \ucd9c\ucc98<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><span style=\"font-family: 'courier new', courier, monospace;\">128.199.240[.]182<\/span><\/td>\n<td style=\"text-align: left;\"><span style=\"font-weight: 400;\">\uc775\uc2a4\ud50c\ub85c\uc787 \ucd9c\ucc98<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><span style=\"font-family: 'courier new', courier, monospace;\">212.125.27[.]102<\/span><\/td>\n<td style=\"text-align: left;\"><span style=\"font-weight: 400;\">\uc775\uc2a4\ud50c\ub85c\uc787 \ucd9c\ucc98<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><span style=\"font-family: 'courier new', courier, monospace;\">91.132.95[.]60<\/span><\/td>\n<td style=\"text-align: left;\"><span style=\"font-weight: 400;\">\uc775\uc2a4\ud50c\ub85c\uc787 \ucd9c\ucc98<\/span><\/td>\n<\/tr>\n<tr style=\"height: 48px;\">\n<td style=\"text-align: left; height: 48px;\"><span style=\"font-family: 'courier new', courier, monospace;\">C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WEBSER~1\\16\\TEMPLATE\\LAYOUTS\\spinstall0.aspx<\/span><\/td>\n<td style=\"height: 48px; text-align: left;\"><span style=\"font-weight: 400;\">\uc778\ucf54\ub529\ub41c \uba85\ub839 \uc2e4\ud589 \ud6c4 \uc0dd\uc131\ub41c \ud30c\uc77c<\/span><\/td>\n<\/tr>\n<tr style=\"height: 48px;\">\n<td style=\"text-align: left; height: 48px;\"><span style=\"font-family: 'courier new', courier, monospace;\">C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WEBSER~1\\15\\TEMPLATE\\LAYOUTS\\spinstall0.aspx<\/span><\/td>\n<td style=\"height: 48px; text-align: left;\"><span style=\"font-weight: 400;\">\uc778\ucf54\ub529\ub41c \uba85\ub839 \uc2e4\ud589 \ud6c4 \uc0dd\uc131\ub41c \ud30c\uc77c<\/span><\/td>\n<\/tr>\n<tr style=\"height: 50px;\">\n<td style=\"text-align: left; height: 50px;\"><span style=\"font-family: 'courier new', courier, monospace;\">C:\\Program Files\\Common Files\\microsoft shared\\Web Server Extensions\\16\\TEMPLATE\\LAYOUTS\\debug_dev.js<\/span><\/td>\n<td style=\"height: 50px; text-align: left;\">F<span style=\"font-weight: 400;\">PowerShell \uba85\ub839 \uc2e4\ud589 \ud6c4 \uc0dd\uc131\ub41c \ud30c\uc77c<\/span><\/td>\n<\/tr>\n<tr style=\"height: 48px;\">\n<td style=\"text-align: left; height: 48px;\"><span style=\"font-family: 'courier new', courier, monospace;\">4A02A72AEDC3356D8CB38F01F0E0B9F26DDC5CCB7C0F04A561337CF24AA84030<\/span><\/td>\n<td style=\"height: 48px; text-align: left;\"><span style=\"font-weight: 400;\">.NET \ubaa8\ub4c8 <span style=\"font-family: 'courier new', courier, monospace;\">qlj22mpc <\/span>- \ucd08\uae30 \ud574\uc2dc\uac00 \uad00\ucc30\ub428\u00a0<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"text-align: left; height: 25px;\"><span style=\"font-family: 'courier new', courier, monospace;\">B39C14BECB62AEB55DF7FD55C814AFBB0D659687D947D917512FE67973100B70<\/span><\/td>\n<td style=\"height: 25px; text-align: left;\"><span style=\"font-family: 'courier new', courier, monospace;\"><span style=\"font-weight: 400;\"><span style=\"font-family: georgia, palatino, serif;\">.NET<\/span> \ubaa8\ub4c8 <\/span>bjcloiyq<\/span><\/td>\n<\/tr>\n<tr style=\"height: 48px;\">\n<td style=\"text-align: left; height: 48px;\"><span style=\"font-family: 'courier new', courier, monospace;\">FA3A74A6C015C801F5341C02BE2CBDFB301C6ED60633D49FC0BC723617741AF7<\/span><\/td>\n<td style=\"height: 48px; text-align: left;\"><span style=\"font-weight: 400;\">.NET \ubaa8\ub4c8 - ViewState \ud45c\uc801<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"text-align: left; height: 25px;\"><span style=\"font-family: 'courier new', courier, monospace;\">390665BDD93A656F48C463BB6C11A4D45B7D5444BDD1D1F7A5879B0F6F9AAC7E<\/span><\/td>\n<td style=\"height: 25px; text-align: left;\"><span style=\"font-weight: 400;\">.NET \ubaa8\ub4c8<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"text-align: left; height: 25px;\"><span style=\"font-family: 'courier new', courier, monospace;\">66AF332CE5F93CE21D2FE408DFFD49D4AE31E364D6802FFF97D95ED593FF3082<\/span><\/td>\n<td style=\"height: 25px; text-align: left;\"><span style=\"font-weight: 400;\">.NET \ubaa8\ub4c8<\/span><\/td>\n<\/tr>\n<tr style=\"height: 25px;\">\n<td style=\"text-align: left; height: 25px;\"><span style=\"font-family: 'courier new', courier, monospace;\">7BAF220EB89F2A216FCB2D0E9AA021B2A10324F0641CAF8B7A9088E4E45BEC95<\/span><\/td>\n<td style=\"height: 25px; text-align: left;\"><span style=\"font-weight: 400;\">.NET \ubaa8\ub4c8<\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><span style=\"font-family: 'courier new', courier, monospace;\">92bb4ddb98eeaf11fc15bb32e71d0a63256a0ed826a03ba293ce3a8bf057a514<br \/>\n<\/span><\/td>\n<td style=\"text-align: left;\"><span style=\"font-family: 'courier new', courier, monospace;\">spinstall0.aspx<\/span> webshell<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\ud45c 2. Unit 42\uc5d0\uc11c \uad00\ucc30\ud55c SharePoint \uc775\uc2a4\ud50c\ub85c\uc787 \ud65c\ub3d9\uacfc \uad00\ub828\ub41c \uc9c0\ud45c.<\/p>\n<h2><a id=\"post-148551-_heading=h.w6mprpz0gnq3\"><\/a>\ucd94\uac00 \uc790\ub8cc<\/h2>\n<ul>\n<li><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/07\/22\/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities\/\" target=\"_blank\" rel=\"noopener\">\uc628\ud504\ub808\ubbf8\uc2a4 SharePoint \ucde8\uc57d\uc810\uc758 \uc9c4\ud589 \uc911\uc778 \uc545\uc6a9 \uc911\ub2e8<\/a> \u2013 Microsoft Security<\/li>\n<li><a href=\"https:\/\/www.brighttalk.com\/webcast\/10903\/649025?utm_source=PaloAltoNetworks&amp;utm_medium=brighttalk&amp;utm_campaign=649025\" target=\"_blank\" rel=\"noopener\">Unit 42 Threat Briefing <\/a>| \uc9c4\ud589 \uc911\uc778 Microsoft SharePoint \uc775\uc2a4\ud50c\ub85c\uc787 \ubc29\uc5b4 \u2013 BrightTALK\uc758 Unit 42 Threat Briefing \uc6e8\ube44\ub098<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Unit 42\ub294 \ucd5c\uadfc Microsoft SharePoint \ucde8\uc57d\uc810\uc744 \uc2e4\uc81c\ub85c \uc545\uc6a9\ud558\ub294 \uac83\uc744 \uad00\ucc30\ud588\uc2b5\ub2c8\ub2e4. \uc870\uc9c1\uc744 \ubcf4\ud638\ud558\ub294 \ubc29\ubc95\uc740 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4.<\/p>\n","protected":false},"author":23,"featured_media":148235,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[8772,8853],"tags":[9406,9407,9408,9409,9410,9411,9412,9413],"product_categories":[8961,8970,8971,8981,8954,9039,9047,9051,9079,9069,9156,9087,9150],"coauthors":[1025],"class_list":["post-148551","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-top-cyberthreats-ko","category-vulnerabilities-ko","tag-cl-cri-1040-ko","tag-cve-2025-49704-ko","tag-cve-2025-49706-ko","tag-cve-2025-53770-ko","tag-cve-2025-53771-ko","tag-microsoft-ko","tag-sharepoint-ko","tag-zero-day-ko","product_categories-advanced-dns-security-ko","product_categories-advanced-threat-prevention-ko","product_categories-advanced-url-filtering-ko","product_categories-advanced-wildfire-ko","product_categories-cloud-delivered-security-services-ko","product_categories-cortex-ko","product_categories-cortex-cloud-ko","product_categories-cortex-xdr-ko","product_categories-cortex-xpanse-ko","product_categories-cortex-xsoar-ko","product_categories-managed-threat-hunting-ko","product_categories-next-generation-firewall-ko","product_categories-unit-42-incident-response-ko"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Microsoft SharePoint \ucde8\uc57d\uc810\uc758 \uc2e4\uc81c \uc545\uc6a9 (7\uc6d4 29\uc77c \uc5c5\ub370\uc774\ud2b8) Microsoft SharePoint \ucde8\uc57d\uc810\uc758 \uc801\uadf9\uc801\uc778 \uc545\uc6a9<\/title>\n<meta name=\"description\" content=\"Unit 42\ub294 \ucd5c\uadfc Microsoft SharePoint \ucde8\uc57d\uc810\uc744 \uc2e4\uc81c\ub85c \uc545\uc6a9\ud558\ub294 \uac83\uc744 \uad00\ucc30\ud588\uc2b5\ub2c8\ub2e4. \uc870\uc9c1\uc744 \ubcf4\ud638\ud558\ub294 \ubc29\ubc95\uc740 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4. Unit 42\ub294 \ucd5c\uadfc Microsoft SharePoint \ucde8\uc57d\uc810\uc744 \uc2e4\uc81c\ub85c \uc545\uc6a9\ud558\ub294 \uac83\uc744 \uad00\ucc30\ud588\uc2b5\ub2c8\ub2e4. \uc870\uc9c1\uc744 \ubcf4\ud638\ud558\ub294 \ubc29\ubc95\uc740 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/unit42.paloaltonetworks.com\/ko\/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770\/\" \/>\n<meta property=\"og:locale\" content=\"ko_KR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft SharePoint \ucde8\uc57d\uc810\uc758 \uc2e4\uc81c \uc545\uc6a9 (7\uc6d4 29\uc77c \uc5c5\ub370\uc774\ud2b8)\" \/>\n<meta property=\"og:description\" content=\"Unit 42\ub294 \ucd5c\uadfc Microsoft SharePoint \ucde8\uc57d\uc810\uc744 \uc2e4\uc81c\ub85c \uc545\uc6a9\ud558\ub294 \uac83\uc744 \uad00\ucc30\ud588\uc2b5\ub2c8\ub2e4. \uc870\uc9c1\uc744 \ubcf4\ud638\ud558\ub294 \ubc29\ubc95\uc740 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4. Unit 42\ub294 \ucd5c\uadfc Microsoft SharePoint \ucde8\uc57d\uc810\uc744 \uc2e4\uc81c\ub85c \uc545\uc6a9\ud558\ub294 \uac83\uc744 \uad00\ucc30\ud588\uc2b5\ub2c8\ub2e4. \uc870\uc9c1\uc744 \ubcf4\ud638\ud558\ub294 \ubc29\ubc95\uc740 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/unit42.paloaltonetworks.com\/ko\/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770\/\" \/>\n<meta property=\"og:site_name\" content=\"Unit 42\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-29T20:38:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-30T21:12:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/02_Vulnerabilities_1920x900.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Unit 42\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Microsoft SharePoint \ucde8\uc57d\uc810\uc758 \uc2e4\uc81c \uc545\uc6a9 (7\uc6d4 29\uc77c \uc5c5\ub370\uc774\ud2b8) Microsoft SharePoint \ucde8\uc57d\uc810\uc758 \uc801\uadf9\uc801\uc778 \uc545\uc6a9","description":"Unit 42\ub294 \ucd5c\uadfc Microsoft SharePoint \ucde8\uc57d\uc810\uc744 \uc2e4\uc81c\ub85c \uc545\uc6a9\ud558\ub294 \uac83\uc744 \uad00\ucc30\ud588\uc2b5\ub2c8\ub2e4. \uc870\uc9c1\uc744 \ubcf4\ud638\ud558\ub294 \ubc29\ubc95\uc740 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4. Unit 42\ub294 \ucd5c\uadfc Microsoft SharePoint \ucde8\uc57d\uc810\uc744 \uc2e4\uc81c\ub85c \uc545\uc6a9\ud558\ub294 \uac83\uc744 \uad00\ucc30\ud588\uc2b5\ub2c8\ub2e4. \uc870\uc9c1\uc744 \ubcf4\ud638\ud558\ub294 \ubc29\ubc95\uc740 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/unit42.paloaltonetworks.com\/ko\/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770\/","og_locale":"ko_KR","og_type":"article","og_title":"Microsoft SharePoint \ucde8\uc57d\uc810\uc758 \uc2e4\uc81c \uc545\uc6a9 (7\uc6d4 29\uc77c \uc5c5\ub370\uc774\ud2b8)","og_description":"Unit 42\ub294 \ucd5c\uadfc Microsoft SharePoint \ucde8\uc57d\uc810\uc744 \uc2e4\uc81c\ub85c \uc545\uc6a9\ud558\ub294 \uac83\uc744 \uad00\ucc30\ud588\uc2b5\ub2c8\ub2e4. \uc870\uc9c1\uc744 \ubcf4\ud638\ud558\ub294 \ubc29\ubc95\uc740 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4. Unit 42\ub294 \ucd5c\uadfc Microsoft SharePoint \ucde8\uc57d\uc810\uc744 \uc2e4\uc81c\ub85c \uc545\uc6a9\ud558\ub294 \uac83\uc744 \uad00\ucc30\ud588\uc2b5\ub2c8\ub2e4. \uc870\uc9c1\uc744 \ubcf4\ud638\ud558\ub294 \ubc29\ubc95\uc740 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4.","og_url":"https:\/\/unit42.paloaltonetworks.com\/ko\/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770\/","og_site_name":"Unit 42","article_published_time":"2025-07-29T20:38:34+00:00","article_modified_time":"2025-07-30T21:12:41+00:00","og_image":[{"width":1920,"height":900,"url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/02_Vulnerabilities_1920x900.jpg","type":"image\/jpeg"}],"author":"Unit 42","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/unit42.paloaltonetworks.com\/ko\/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770\/#article","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ko\/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770\/"},"author":{"name":"Unit 42","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/a891f81d18648a1e0bab742238d31a63"},"headline":"Microsoft SharePoint \ucde8\uc57d\uc810\uc758 \uc2e4\uc81c \uc545\uc6a9 (7\uc6d4 29\uc77c \uc5c5\ub370\uc774\ud2b8)","datePublished":"2025-07-29T20:38:34+00:00","dateModified":"2025-07-30T21:12:41+00:00","mainEntityOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ko\/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770\/"},"wordCount":912,"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ko\/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770\/#primaryimage"},"thumbnailUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/02_Vulnerabilities_1920x900.jpg","keywords":["CL-CRI-1040","CVE-2025-49704","CVE-2025-49706","CVE-2025-53770","CVE-2025-53771","Microsoft","SharePoint","zero-day"],"articleSection":["\uc8fc\uc694 \uc704\ud611","\ucde8\uc57d\uc810"],"inLanguage":"ko-KR"},{"@type":"WebPage","@id":"https:\/\/unit42.paloaltonetworks.com\/ko\/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770\/","url":"https:\/\/unit42.paloaltonetworks.com\/ko\/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770\/","name":"Microsoft SharePoint \ucde8\uc57d\uc810\uc758 \uc2e4\uc81c \uc545\uc6a9 (7\uc6d4 29\uc77c \uc5c5\ub370\uc774\ud2b8) Microsoft SharePoint \ucde8\uc57d\uc810\uc758 \uc801\uadf9\uc801\uc778 \uc545\uc6a9","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ko\/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770\/#primaryimage"},"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ko\/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770\/#primaryimage"},"thumbnailUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/02_Vulnerabilities_1920x900.jpg","datePublished":"2025-07-29T20:38:34+00:00","dateModified":"2025-07-30T21:12:41+00:00","author":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/a891f81d18648a1e0bab742238d31a63"},"description":"Unit 42\ub294 \ucd5c\uadfc Microsoft SharePoint \ucde8\uc57d\uc810\uc744 \uc2e4\uc81c\ub85c \uc545\uc6a9\ud558\ub294 \uac83\uc744 \uad00\ucc30\ud588\uc2b5\ub2c8\ub2e4. \uc870\uc9c1\uc744 \ubcf4\ud638\ud558\ub294 \ubc29\ubc95\uc740 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4. Unit 42\ub294 \ucd5c\uadfc Microsoft SharePoint \ucde8\uc57d\uc810\uc744 \uc2e4\uc81c\ub85c \uc545\uc6a9\ud558\ub294 \uac83\uc744 \uad00\ucc30\ud588\uc2b5\ub2c8\ub2e4. \uc870\uc9c1\uc744 \ubcf4\ud638\ud558\ub294 \ubc29\ubc95\uc740 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4.","breadcrumb":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ko\/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770\/#breadcrumb"},"inLanguage":"ko-KR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/unit42.paloaltonetworks.com\/ko\/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770\/"]}]},{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/unit42.paloaltonetworks.com\/ko\/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770\/#primaryimage","url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/02_Vulnerabilities_1920x900.jpg","contentUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/02_Vulnerabilities_1920x900.jpg","width":1920,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/unit42.paloaltonetworks.com\/ko\/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/unit42.paloaltonetworks.com\/"},{"@type":"ListItem","position":2,"name":"Microsoft SharePoint \ucde8\uc57d\uc810\uc758 \uc2e4\uc81c \uc545\uc6a9 (7\uc6d4 29\uc77c \uc5c5\ub370\uc774\ud2b8)"}]},{"@type":"WebSite","@id":"https:\/\/unit42.paloaltonetworks.com\/#website","url":"https:\/\/unit42.paloaltonetworks.com\/","name":"Unit 42","description":"Palo Alto Networks","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/unit42.paloaltonetworks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ko-KR"},{"@type":"Person","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/a891f81d18648a1e0bab742238d31a63","name":"Unit 42","image":{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/image\/4ffb3c2d260a0150fb91b3715442f8b3","url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","contentUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","caption":"Unit 42"},"url":"https:\/\/unit42.paloaltonetworks.com\/ko\/author\/unit42\/"}]}},"_links":{"self":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/posts\/148551","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/comments?post=148551"}],"version-history":[{"count":4,"href":"https:\/\/unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/posts\/148551\/revisions"}],"predecessor-version":[{"id":148669,"href":"https:\/\/unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/posts\/148551\/revisions\/148669"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/media\/148235"}],"wp:attachment":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/media?parent=148551"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/categories?post=148551"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/tags?post=148551"},{"taxonomy":"product_categories","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/product_categories?post=148551"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ko\/wp-json\/wp\/v2\/coauthors?post=148551"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}