·¹µå»è½º, ÇØÅ·ÆÀ ÀÚ·á ½ÉÃþºÐ¼®...'5163ºÎ´ë°¡ °¡Àå Àû±ØÀû'

ÃÖ¼Ò 15°³±¹¿¡¼­ ÃÖ¼Ò 109°³ÀÇ IP·Î Á¢¼Ó...°¨¿°½ÃŰ·Á ´Ù¾çÇÑ °¡»óÀÇ °³ÀÎ ¼­¹ö»ç¿ë,

¼­¿ïÀǼҸ® | ÀÔ·Â : 2015/07/24 [20:50]

³×´ú¶õµå¿¡ º»»ç¸¦ µÐ ¾Ç¼º ÄÚµå °¨º° ¹× º¸¾È Àü¹®È¸»çÀÎ ·¹µå»è½º(RedSocks)´Â 21ÀÏ ÇØÅ·ÆÀ¿¡¼­ À¯ÃâµÈ ¼¼ºÎ ÀڷḦ ¿ªÃßÀûÇÏ°í ½ÉÃþ ºÐ¼®ÇÑ °á°ú¸¦ ¹ßÇ¥Çß´Ù. 

ÀÌ º¸°í¼­¿¡¼­ ÁÖ¸ñÇÒ¸¸ÇÑ Á¡Àº ÇØÅ·ÆÀÀ¸·ÎºÎÅÍ ÇØÅ· ÇÁ·Î±×·¥ ±¸¸Å¿Í °ü·Ã, ÃÖ±Ù ³í¶õ¿¡ ÇÑ °¡¿îµ¥ ÀÖ´Â ±¹Á¤¿ø¿¡ ´ëÇÑ ¾ð±Þ ºÎºÐÀÌ´Ù. 

·¹µå»è½ºÀÇ Àü¹®°¡µéÀº devilangel1004@gmail.comÀ̶ó´Â À̸ÞÀÏ ÁÖ¼Ò¿Í °ü·ÃÀÌ ÀÖ´Â “5163 À°±ººÎ´ë”°¡ ÇØÅ·ÆÀÀÇ “°¡Àå Àû±ØÀûÀÎ °í°´ Áß Çϳª”À̸ç ÃÖ¼Ò 15°³±¹¿¡¼­ ÃÖ¼Ò 109°³ÀÇ ¾ÆÀÌÇÇ(IP)·Î Á¢¼ÓÇß´Ù°í Æø·ÎÇß´Ù. 

À̾î Çѱ¹ ±¹°¡Á¤º¸¿øÀÇ À§Àå »ç¹«½Ç·Î ¿©°ÜÁö´Â 5163 À°±ººÎ´ë´Â ÀÚ½ÅÀÇ À§Ä¡¸¦ ÀÎÅͳݻ󿡼­ ¼û±â±â À§ÇØ ¿î¿µº¸¾È ü°è¸¦ ÀûÀýÇÑ °÷¿¡ Àß ¹èÄ¡ÇßÀ¸¸ç ÀÌ¿¡ ´ëÇØ ÁÖ¸ñÇÒ ¸¸ÇÏ´Ù°í Æò°¡Çϱ⵵ Çß´Ù. 

¶Ç ±×µéÀº ¸ñÇ¥ ´ë»óÀ» °¨¿°½Ã۱â À§ÇØ ¾Æ·¡¿Í °°Àº ¾ÆÁÖ ´Ù¾çÇÑ °¡»óÀÇ °³ÀÎ ¼­¹ö VPS(Virtual private server) ÀÎÇÁ¶ó¸¦ Ȱ¿ëÇϰí ÀÖ¾ú´Ù°í µ¡ºÙ¿´´Ù. 

DE – 198.105.125.107
DE – 198.105.125.108
CZ – 198.105.122.117
CZ – 198.105.122.118
NL – 131.72.137.101
NL – 131.72.137.104
DE – 185.72.246.46
RU – 46.38.63.194
US – 162.216.7.167

·¹µå»è½º´Â ¾ÕÀ¸·ÎÀÇ ÇØÅ· °ø°Ý¿¡ ´ëÇÑ ¿ªÃßÀûÀ» µ½±â À§ÇØ ÇØÅ·ÆÀÀÇ À¯Ãâ ÀÚ·áµéÀ» Á¤È®È÷ ¼³¸íÇÏ°í ±×µéÀÇ ¹èÈÄ¿¡ ´©°¡ ÀÖ´ÂÁö ÀÚ¼¼È÷ Á¶»çÇϱâ·Î Çß´Ù°í À̹ø ½ÉÃþ ºÐ¼®ÀÇ Àǵµ¸¦ ¼³¸íÇß´Ù. 

¶Ç ÇØÅ· °ø°Ý¿¡ ´ëÇÑ ¿ªÃßÀûÀº ´Ù¾çÇÑ Á¤È²Àû Áõ°Å¸¦ ¹ÙÅÁÀ¸·Î ÀÌ·ç¾îÁú ¼ö ÀÖ¾î ½¬¿î ÀÏÀÌ ¾Æ´Ï¸ç µ¶Æ¯Çϸ鼭µµ ºÐ¸íÇÑ Ã»»çÁøÀÌ °ø°Ý Áß¿¡ ³ªÅ¸³ª¾ß °¡´ÉÇÏ´Ù°í ¸»Çß´Ù. 

µû¶ó¼­ À̹ø ºÐ¼®Àº ¿¬±¸Àڵ鿡°Ô ÇöÀç¿Í ¹Ì·¡ÀÇ ÇØÅ· ±×·ìµé°ú ±×µéÀÌ »ç¿ëÇÏ´Â µµ±¸µé°ú IP ¹üÀ§, ±×¸®°í ´É·Â°ú µ¿±â¿¡ °üÇÑ °¡Ä¡ ÀÖ´Â Á¤º¸¸¦ ¼öÁýÇÒ ¼ö ÀÖµµ·Ï µµ¿òÀ» ÁÙ ¼ö ÀÖÀ» °ÍÀ̶ó°í ¼³¸íÇß´Ù.

·¹µå»è½º´Â ÇØÅ·ÆÀ °í°´µéÀÇ À̸ÞÀÏ ÁÖ¼Ò, ÄÚµå À̸§, °í°´ À̸§, ±×¸®°í ¿¬°áµÈ ¾ÆÀÌÇÇ ÁÖ¼Ò°¡ ÀûÈù ¸®½ºÆ®¸¦ °ø°³ÇßÀ¸¸ç ¿äûÀÌ ÀÖÀ¸¸é Àüü ¸®½ºÆ®¸¦ Á¦°øÇϰڴٴ Àǻ絵 ¹àÇû´Ù.

´ÙÀ½Àº ´º½ºÇÁ·Î°¡ ºÎºÐ ¹ßÃéÇØ ¹ø¿ªÇÑ ·¹µå»è½º ±â»çÀÌ´Ù.

¹ø¿ª °¨¼ö:  ÀÓ¿Á NewsPro (´º½ºÇÁ·Î)-ÆíÁýºÎ 

±â»ç ¹Ù·Î°¡±â ¢Ñ http://bit.ly/1IjRJhn

Tuesday, July 21, 2015

Deep dive into attribution trove of Hacking Team

ÇØÅ·ÆÀÀÇ ¿ªÃßÀû ÀÚ·á¿¡ ´ëÇÑ ½ÉÃþ ºÐ¼®

redsocks_0721_2015

Attribution is probably one of the toughest things to deal with during a major Cyber Security breach, yet it is one of the most demanded skills.

»çÀ̹ö °ø°ÝÀÇ ¿ªÃßÀûÀº ÁÖ¿ä »çÀ̹ö º¸¾È ÇØÅ· ½Ã ´Ù·ç±â¿¡ °¡Àå Èûµç °Íµé ÁßÀÇ ÇϳªÀÏ ¼ö ÀÖÀ¸¸é¼­ °¡Àå ¸¹ÀÌ Ã£´Â ±â¼ú Áß Çϳª´Ù.

Earlier in the first incident response cases, attribution was based solely on IP address location. Even though proxy servers have been there all along, individuals, companies and researchers could easily get away with this type of attribution.

ÀÌÀü Ãʱ⠻ç°Ç ´ëÀÀ »ç·Ê¿¡¼­ ¿ªÃßÀûÀº ¾ÆÀÌÇÇ(IP) ÁÖ¼Ò À§Ä¡¿¡¸¸ ÀÇÁ¸Çß´Ù. ÇÁ·Ï½Ã ¼­¹öµéÀÌ ±× À§Ä¡¿¡ ÀÖ¾ú´ø °æ¿ì¿¡µµ °³ÀÎÀ̳ª ȸ»ç ¹× ¿¬±¸ÀÚµéÀº ÀÌ·¯ÇÑ ¿ªÃßÀûÀ» ½±°Ô ÇØ³¾ ¼ö ÀÖ¾ú´Ù.

Attribution and Advanced Persistent Threats

»çÀ̹ö °ø°Ý ¿ªÃßÀû ¹× Áö´ÉÇüÁö¼ÓÀ§Çù

Since recent years, and especially since the community has started to attribute and specifically mention certain hacker groups by giving them a name, this ability to attribute cyber attacks has been a spear point for companies to showcase their skills. Often were fashionable names created and in other cases solely the abbreviation APT (Advance Persistent Threat), with a connecting number has been used to identify specific hacker groups.

ÃÖ±Ù µé¾î, ƯÈ÷ Ä¿¹Â´ÏƼ°¡ »çÀ̹ö °ø°Ý ¿ªÃßÀûÀ» ÇÏ°í ±¸Ã¼ÀûÀ¸·Î ƯÁ¤ ÇØÄ¿ ±×·ìµé¿¡ À̸§À» ºÙ¿© À̵éÀ» ¹àÈ÷±â ½ÃÀÛÇÑ ÀÌ·¡·Î »çÀ̹ö °ø°ÝÀ» ¿ªÃßÀûÇÏ´Â ÀÌ·¯ÇÑ ´É·ÂÀº ȸ»çµéÀÌ ÀڽŵéÀÇ ±â¼úÀ» ½Ã¿¬ÄÚÀÚ ÇÒ ¶§ ÇÏÀ̶óÀÌÆ®°¡ µÇ¾î¿Ô´Ù. Á¾Á¾ ¸ÚÁø À̸§µéÀÌ ¸¸µé¾îÁ³°í, ¶Ç ´Ù¸¥ °æ¿ì¿¡´Â APT(Áö´ÉÇüÁö¼ÓÀ§Çù)ÀÇ ¾àÀÚ¿¡ ¿¬°á ¹øÈ£¸¸ ºÙÀÎ À̸§ÀÌ Æ¯Á¤ ÇØÄ¿ ±×·ìÀ» ½Äº°ÇÏ´Â µ¥¿¡ ¾²¿´´Ù.

Attribution is not easy, attribution can be based on all sorts of circumstantial evidence. As long as that unique specific blueprint pops up during the whole attack, you can be able to attribute an attack.

¿ªÃßÀûÀº ½±Áö ¾ÊÀ¸¸ç ¸ðµç À¯ÇüÀÇ Á¤È²Àû Áõ°Å¿¡ ±Ù°ÅÇÒ ¼ö ÀÖ´Ù. µ¶Æ¯ÇÑ Æ¯Á¤ û»çÁøÀÌ ´ë·®°ø°Ý ¿ÍÁß¿¡ °©Àڱ⠳ªÅ¸³ª±â¸¸ ÇÑ´Ù¸é ±× °ø°ÝÀÌ ´©±¸¿¡ ÀÇÇÑ °ÍÀÎÁö ÆÄ¾ÇÇÒ ¼ö ÀÖ´Ù.

One thing most people often forget is that we are living on huge globe, with continents, habits and completely different mindsets. Cyber attacks in Europe and America are completely different by nature than cyber attacks in the Asia Pacific region and let alone from Russia.

´ëºÎºÐÀÇ »ç¶÷µéÀÌ Á¾Á¾ ¸Á°¢ÇÏ´Â »ç½ÇÀº ¿ì¸®°¡ ¿ÏÀüÈ÷ ´Ù¸¥ »ç°í¹æ½Äµé°ú ½À°ü ±×¸®°í ¿©·¯ ´ë·ú¿¡ °ÉÄ£ °Å´ëÇÑ Áö±¸¿¡ »ì°í ÀÖ´Ù´Â Á¡ÀÌ´Ù. À¯·´À̳ª ¹ÌÁÖ´ë·ú¿¡¼­ÀÇ »çÀ̹ö °ø°ÝÀº ¾Æ½Ã¾Æ ÅÂÆò¾ç Áö¿ª¿¡¼­ÀÇ »çÀ̹ö °ø°Ý°ú´Â ±× ¼º°ÝÀÌ ¿ÏÀüÈ÷ ´Ù¸£¸ç ·¯½Ã¾ÆÀÇ °ø°ÝÀº ¸»ÇÒ °Íµµ ¾ø´Ù.

Hacking Team

ÇØÅ·ÆÀ

In order to help future attribution cases, we @RedSocks have decided to pinpoint all specific details from the Hacking Team leak as much as possible, and get to the slightest detail into pinpointing who is behind them.

ÇâÈÄ ¿ªÃßÀû »ç·ÊµéÀ» µ½±â À§ÇØ, ¿ì¸® ·¹µå»è½º(@RedSocks)´Â ÇØÅ·ÆÀ ´©Ãâ ¼¼ºÎÀÚ·áµéÀÇ °¡´ÉÇÑ ¸ðµç ƯÁ¤ ¼¼ºÎ»çÇ×µéÀ» Á¤È®È÷ ¼³¸íÇÏ°í ±×µé ¹èÈÄ¿¡ ´©°¡ ÀÖ´ÂÁö¸¦ ¹àÈ÷±â À§ÇØ ¾ÆÁÖ ÀÚ¼¼È÷ Á¶»çÇϱâ·Î °áÁ¤Çß´Ù.

What stands out most is the different use-cases you see in how specific parties are maintaining contact with hacking team. There are clients that don’t really mind if their identity is known, clients that are in a hurry, and clients that care about their identity. A lot of Hacking Teams clients for example use Gmail, Yahoo and Outlook email addresses. Some clients even prefer to only have contact by phone, and others only via encrypted email.

°¡Àå µÎµå·¯Á® º¸ÀÌ´Â Á¡Àº ƯÁ¤ ºÎ·ù°¡ ÇØÅ·ÆÀ°úÀÇ Á¢ÃËÀ» ¾î¶² ½ÄÀ¸·Î À¯ÁöÇϴ°¡¿¡ À־ °¢±â ´Ù¸¥ »ç¿ë »ç·ÊµéÀÌ ÀÖ´Ù´Â °ÍÀÌ´Ù. ÀڽŵéÀÇ Á¤Ã¼°¡ ¾Ë·ÁÁö´Â °ÍÀ» ²¨¸®Áö ¾Ê´Â °í°´µµ ÀÖ°í, ½Ã°£¿¡ Âѱâ´Â °í°´µµ ÀÖÀ¸¸ç ÀÚ½ÅÀÇ Á¤Ã¼°¡ µå·¯³ªÁö ¾Êµµ·Ï Á¶½ÉÇÏ´Â °í°´µµ ÀÖ´Ù. ÇØÅ·ÆÀ °í°´µéÀÇ »ó´ç¼ö°¡ °¡·É Áö¸ÞÀÏ, ¾ßÈÄ ±×¸®°í ¾Æ¿ô·è À̸ÞÀÏ ÁÖ¼Ò¸¦ »ç¿ëÇÑ´Ù. ½ÉÁö¾î ÀϺΠ°í°´µéÀº ÀüÈ­ Á¢Ã˸¸À» ¼±È£ÇÏ°í ¶Ç ´Ù¸¥ °í°´µéÀº ¾ÏȣȭµÈ À̸ÞÀÏÀ» ÅëÇØ¼­¸¸ Á¢ÃËÇÑ´Ù.

It turns out a few (if not all) customers prefer to have their Collector server in their own home country.

(ÀüºÎ´Â ¾Æ´Ï´õ¶óµµ) ÃÖ¼Ò ¸î¸î °í°´Àº ÀÚ±¹ ³»¿¡ ÄÝ·ºÅÍ ¼­¹ö¸¦ º¸À¯Çϱ⸦ ¿øÇÏ´Â °ÍÀ¸·Î ³ªÅ¸³­´Ù.

The massive Hacking Team leak allowed us to gain insight in the client infrastructure of Hacking Team. The Hacking Team company used various anonymizers and you can find them in our previous post on Hacking Team.

¹æ´ëÇÑ ¾çÀÇ ÇØÅ·ÆÀ ÀÚ·á À¯ÃâÀº ÇØÅ·ÆÀÀÇ °í°´ ÀÎÇÁ¶ó¸¦ µé¿©´Ùº¼ ¼ö ÀÖµµ·Ï ÇØÁÖ¾ú´Ù. ÇØÅ·ÆÀ »ç´Â ´Ù¾çÇÑ ÀÍ¸í ¼­ºñ½º¸¦ ÀÌ¿ëÇßÀ¸¸ç ÀÌ¿¡ ´ëÇØ¼­´Â ÇØÅ·ÆÀ¿¡ ´ëÇÑ ¿ì¸®ÀÇ ÀÌÀü ±Û¿¡¼­ ÀÐÀ» ¼ö ÀÖ´Ù.

On the bottom of this blog post is a list of associated Hacking Team Collector server anonymizers and connected email addresses.

ÀÌ ºí·Î±× ÇÏ´Ü¿¡´Â ¿¬°áµÈ ÇØÅ· ÆÀ ÄÝ·ºÅÍ ¼­¹ö ÀÍ¸í ¼­ºñ½ºµé°ú ±×¿¡ ¿¬°áµÈ À̸ÞÀÏ ÁÖ¼ÒµéÀÇ ¸ñ·ÏÀÌ ÀÖ´Ù.

These details should give researchers the ability to gather valuable information about current and future APT groups, their tool set, IP ranges, capabilities and motives.

ÀÌ·¯ÇÑ ¼¼ºÎ»çÇ×µéÀº ¿¬±¸Àڵ鿡°Ô ÇöÀç¿Í ¹Ì·¡ÀÇ APT ±×·ìµé°ú ±×µéÀÇ µµ±¸µé, IP ¹üÀ§, ´É·Â°ú µ¿±âµé¿¡ °üÇÑ °¡Ä¡ ÀÖ´Â Á¤º¸¸¦ ¼öÁýÇÒ ¼ö ÀÖµµ·Ï ÇØÁÙ °ÍÀÌ´Ù.

We have highlighted some for you:

µ¶ÀÚ¸¦ À§ÇØ ´ÙÀ½ ¸î °¡Áö ÁÖ¿ä »çÇ×À» Á¤¸®Çß´Ù.

The 5163 Army Division customer

5163 À°±ººÎ´ë °í°´

This customer was one of the most active users, it is associated with the email address:
devilangel1004@gmail.com

ÀÌ °í°´Àº °¡Àå Àû±ØÀûÀÎ »ç¿ëÀÚµé Áß Çϳª·Î¼­ devilangel1004@gmail.comÀ̶ó´Â À̸ÞÀÏ ÁÖ¼Ò¿Í ¿¬°üµÈ´Ù.

It has connected with at least 109 different IP addresses from at least 15 different countries. All of them where TOR exit nodes. It can be noted that this customer had good operational security in place in order to hide its original location on the internet.

ÀÌ »ç¿ëÀÚ´Â ÃÖ¼Ò 15°³±¹¿¡¼­ ÃÖ¼Ò 109°³ÀÇ ¾ÆÀÌÇÇ(IP)·Î Á¢ÃËÇß´Ù. ÀÌµé ¸ðµÎ°¡ Å丣 Ãⱸ ³ëµå(TOR exit node)¿´´Ù. ÀÌ »ç¿ëÀÚ´Â ÀÚ½ÅÀÇ ÀÎÅÍ³Ý À§Ä¡¸¦ ¼û±â±â À§ÇØ ¿î¿µº¸¾È ü°è¸¦ ¾ÆÁÖ Àß ¼³Ä¡ÇÑ Á¡ÀÌ ÁÖ¸ñµÈ´Ù.

This customer was using a large variety of VPS infrastructure to infect its targets:

ÀÌ °í°´Àº ¸ñÇ¥ ´ë»óÀ» °¨¿°½Ã۱â À§ÇØ ¾ÆÁÖ ´Ù¾çÇÑ VPS(Virtual private server, °¡»ó °³ÀÎ ¼­¹ö È£½ºÆÃ) ÀÎÇÁ¶ó¸¦ »ç¿ëÇϰí ÀÖ¾ú´Ù.

DE – 198.105.125.107
DE – 198.105.125.108
CZ – 198.105.122.117
CZ – 198.105.122.118
NL – 131.72.137.101
NL – 131.72.137.104
DE – 185.72.246.46
RU – 46.38.63.194
US – 162.216.7.167

The 5163 Army Division is thought to be the front office of National Intelligence Service of South Korea.

5163 À°±ººÎ´ë´Â Çѱ¹ÀÇ ±¹°¡Á¤º¸¿øÀÇ À§Àå »ç¹«½Ç·Î ¿©°ÜÁø´Ù.

To summon some very specific characteristics that can be noticed during an attack I have decided to write some down that are able to help you. And others that can easily cause tunnel vision, and thus should be taken less into account.

°ø°Ý Áß¿¡ ¹ß°ßµÉ ¼ö ÀÖ´Â ¸î¸îÀÇ ¸Å¿ì ±¸Ã¼ÀûÀΠƯ¡µéÀ» º¸¿©ÁÖ±â À§ÇØ, µ¶ÀÚ¸¦ µµ¿ï ¼ö ÀÖ´Â ¸î °¡Áö »çÇ×À» ¾Æ·¡¿¡ ±â·ÏÇϱâ·Î ÇÑ´Ù. ±×¸®°í ÅͳΠºñÀüÀ» (¿ªÁÖ: Á¼Àº ½Ã¾ß) ½±°Ô ÀÏÀ¸Å³ ¼ö ÀÖ´Â ´Ù¸¥ °ÍµéÀÌ ÀÖ°í, À̵éÀº µû¶ó¼­ ´ú °í·ÁµÇ¾î¾ß ÇÑ´Ù.

Attribution:
New malware strains, from same source code
Lateral movement characteristics
Reconnaissance characteristics
Persistence/Backdoor characteristics
Connecting IP space
Plurality of IP series
Amount of concurrent (active) backdoor connections
Routine of instructions
Batch/Script files used and purpose of those
Favorable tools of common open source tool sets
Entry point details (hacked, bought, bought in underground, hijacked, stolen)
Sophistication of malware (sole purpose, modular, ease of creation)

¿ªÃßÀû:
°°Àº ¼Ò½º ÄÚµå·ÎºÎÅÍÀÇ »õ·Î¿î ¾Ç¼ºÄÚµåµé
ȾÀû À̵¿ Ư¼º
Á¤Âû Ư¼º
¾ÆÀÌÇǸ¦ ¿¬°áÇÏ´Â °ø°£
¿¬¼ÓÀûÀÎ ¼ö ¸¹Àº ¾ÆÀÌÇǵé
»ç¿ëµÈ ¹èÄ¡ ½ºÅ©¸®Æ® ÆÄÀϵé, ±×¸®°í ÀÌ·± ¸ñÀû
°øÀ¯µÇ´Â ¿ÀÇ ¼Ò½º µµ±¸ ¼Â Áß¿¡¼­ ¼±È£ÇÏ´Â µµ±¸µé.
À¯ÀÔ °æ·Î ¼¼ºÎ»çÇ× ( ÇØÅ·µÈ °Í, ±¸ÀÔµÈ °Í, À½¼ºÀ¸·Î ±¸ÀÔÇÑ °Í, °¡·Îæ °Í, ÈÉÄ£ °Í)
¾Ç¼º ÄÚµåÀÇ Á¤±³ÇÔ ( ´ÜÀÏ ¸ñÀû, ¸ðµâ½Ä, ½±°Ô »ý¼º)

Helpful:
Possible motives
Compilation time stamps

µµ¿òµÇ´Â °Í:
°¡´ÉÇÑ µ¿±âµé
½Ã°£ ±â·Ïµé ÆíÁý

Tunnel vision:
Specifically attributed known malware (Could be Re-used.)
IP ranges solely
Strings in malware

ÅͳΠºñÀüÀ» ÀÏÀ¸Å³ ¼ö ÀÖ´Â »çÇ×:
±¸Ã¼ÀûÀ¸·Î ¾Ë·ÁÁø ¾Ç¼ºÄÚµå(´Ù½Ã »ç¿ë °¡´É)
À¯ÀÏÇÏ°Ô ¾ÆÀÌÇǰ¡ ¹èÁ¤µÇ´Â °Í
ÀÏ·ÃÀÇ ¾Ç¼ºÄÚµåµé

Below is a list of customer email addresses, customers code names, customer names and connecting IP addresses. Researches willing to receive the complete list are free to contact us.

¾Æ·¡´Â °í°´µéÀÇ À̸ÞÀÏ ÁÖ¼Ò, ÄÚµå À̸§, °í°´ À̸§, ±×¸®°í ¿¬°áµÈ ¾ÆÀÌÇÇ ÁÖ¼Ò°¡ ÀûÈù ¸®½ºÆ®ÀÌ´Ù. ¿ì¸®¿¡°Ô ¿¬¶ôÇϸé Àüü ¸®½ºÆ®¸¦ ¹ÞÀ» ¼ö ÀÖ´Ù.

devilangel1004@gmail.com SKA devilangel 176.10.99.202 CH (¿ªÁÖ: ½ºÀ§½º)

ÀÌ ±â»ç¿¡ ´ëÇÑ µ¶ÀÚÀÇ°ß Àǰ߾²±â ÀüüÀǰߺ¸±â
±â»ç ³»¿ë°ú °ü·ÃÀÌ ¾ø´Â ±Û, ¿å¼³À» »ç¿ëÇÏ´Â µî ŸÀÎÀÇ ¸í¿¹¸¦ ÈѼÕÇÏ´Â ±ÛÀº °ü¸®ÀÚ¿¡ ÀÇÇØ ¿¹°í¾øÀÌ ÀÓÀÇ »èÁ¦µÉ ¼ö ÀÖÀ¸¹Ç·Î ÁÖÀÇÇϽñ⠹ٶø´Ï´Ù.
´Ð³×ÀÓ ÆÐ½º¿öµå µµ¹è¹æÁö ¼ýÀÚ ÀÔ·Â
³» ¿ë
±¹Á¤¿ø °ü·Ã±â»ç¸ñ·Ï
´õº¸±â