찾아줄게요
ROSE 파일은 무엇입니까?
-
안녕하세요. 제 컴퓨터에서 ROSE라는 파일을 찾았는데 이것이 무엇인지 잘 모르겠습니다. 알려주시면 감사하겠습니다.
-
ROSE 파일은 GlobeImposter 암호화 파일 입니다. GlobeImposter에서 배포한 파일인 것으로 보입니다. 2018-02-02 09:51:10에 처음으로 보고되었으며 2018-02-03 02:48:16에 마지막으로 보고되었습니다.
-
GlobeImposter 프로그램을 다운로드하여 ROSE 파일을 열 수 있습니다.
-
GlobeImposter 랜섬웨어 암호화 파일
GlobeImposter ransomware encrypted file
MD5: 35dbc933eb02e3c9ca28fa0c78cd5606 -
.[[email protected]].rose
[email protected]
[email protected] -
연관 링크 #1: http://blog.alyac.co.kr/1249
-
연관 링크 #2: 첨부된 링크가 없습니다.
-
-
[2021-07-05 20:13:07] @JAMESWT_MHT "Pagamento Parziale" spam email spread #FormBook Rar https://bazaar.abuse.ch/sample/00425eabe686540501470b13eddfab0ad4e548a174b5e92d8d2a81b36ec205ad/ Com https://bazaar.abuse.ch/sample/0cedf0486e20023ffdfd3cb3942efb70e55ba208f0864dfccb08f125b962e851/ C2 www.montrosecbdsupplements.com/cb53/ H/T @b4rtik https://twitter.com/JAMESWT_MHT/status/1412036820632838145/photo/1
-
[2021-04-13 00:23:10] @lazyactivist192 @AutumnInBuffalo @outliersgeorg @goddessarashi @_TallieRose @DormantLime @HurnPubBooks https://web.archive.org/web/20210407143651/ https://hurnpublications.com/2021/04/07/formal-apology-explanation-from-hurn-publications/ still lives on in archives
-
[2021-03-21 19:55:54] @fr0s7_ https://app.any.run/tasks/c17f7cf7-8f58-4889-94e2-aa02e9e4fe71 c2: http://147.237.76.106:443/nP1m @UnderTheBreach @IdoNaor1 @ProferoSec https://twitter.com/fr0s7_/status/1373604275243388935/photo/1
-
[2021-03-04 23:18:19] @James_inthe_box C2's: http://throsesspeotte.com/8/forum.php http://imilifeesinci.ru/8/forum.php http://publearysuc.ru/8/forum.php
-
[2021-02-21 08:11:46] @WillaGreyLala @RoseFromSin @salmir URL un-shortening: https://unshorten.it/ File/URL virus scanner: https://www.virustotal.com/gui/ (Press the URL tab and paste it in the search bar. it will run the site through multiple scan definitions.) It's not a perfect means of finding bad sites. but it helps.
-
[2021-01-29 14:23:08] @dubstard ✋#Phishing ???????? ????@bancosantander @santanderukhelp ⚠ /mysantan-device-authentication.com ☣ AS22612 185.61.154.5 ???????? ????????@Namecheap ????@SectigoHQ @sectigostore @Bank_Security @JAMESWT_MHT @TotalsecMx @Prosegur_Es @incibe_cert @esCERT_UPC @CSIRTCV @CCNCERT @Ingenia_es https://twitter.com/dubstard/status/1355038750246645760/photo/1
-
[2021-01-27 15:01:50] @bl4ckh0l3z @malwrhunterteam #banker ???????????? inject js for #credentials stealing. ????Payload: bd9942e2a28bd0d1a39d20b0037bf87626de582067c2de68073b517785c6eab5. assets/Re.json (enc.) c2b03eec456cd843bdbf6c06f1a9586863c24d341fc6216bd3a65e5372472ae9. Re.dex (decr.) ????️C2: pokymase.xyz oinregoinroseg.xyz https://twitter.com/bl4ckh0l3z/status/1354323713907372033/photo/1
-
[2021-01-26 02:44:11] @ffforward @abuse_ch . Or they just regrouped. XLSM downloads now on s/rose-world.us on @CloudflareAbuse cc @xxdesmus @matthewgall I bet you can make a blocklist for new domain with rose in them ???? https://urlhaus.abuse.ch/url/978009/ EXE drop https://urlhaus.abuse.ch/url/978013/ https://app.any.run/tasks/fadfb6b7-5985-4574-8dd6-52e48718a957/
-
[2021-01-25 21:37:19] @ffforward Correction of first tweet: The invoice mentions different sites. When you continue to query for your order. you are redirected to another domain depending where you started. New doc drop on /rosedelivery.us https://urlhaus.abuse.ch/url/977353/
-
[2021-01-25 21:23:39] @ffforward 1/4????#BazarLoader > #BazarBackdoor #KEGTAP via social engineering. Email from /mail.com and /gmx.com senders contains fake PDF flower invoice that mentions (not links) /roseworld.us. The website is completely fake too. and asks you do download an xlsm to change your order. https://twitter.com/ffforward/status/1353695027621457921/photo/1
-
[2021-01-25 12:45:58] @8th_grey_owl ELF #Bifrose using SSL https://www.virustotal.com/gui/file/7446ea8c799845cd32deeb43cd121692fa5ab2ba33c2ac98b8eeb2ca67ba84ea/detection C2: cache8754.myssldomains.com This domain was associated with 104.238.160.164 (Choopa JP) around Sep 2020. That is a little interesting.
-
[2021-01-22 05:39:11] @JWilsonSecurity @jfslowik Saw this also tied to BazarLoader. not sure if the same exact campaign but also interesting. rosedelivery\.us https://app.any.run/tasks/55eb8ee2-252c-4bef-b964-754635d91a0e#
-
[2021-01-16 06:23:59] @jstrosch yes. turn on the macroses! https://www.virustotal.com/gui/file/4c84f30a755963c7e697d8781b17abe323f43c122a9b9b007146918859dc43a1/detection https://twitter.com/jstrosch/status/1350207129316163587/photo/1
-
[2021-01-05 16:04:11] @dubstard #Phishing ???????? ???? @bancosantander @santanderukhelp ⚠ /santan-device-verifying.com ☣ AS22612 185.61.154.14 ???????? ????@Namecheap @SectigoHQ @JAMESWT_MHT @malwrhunterteam @TotalsecMx @Prosegur_Es @incibe_cert @esCERT_UPC @CCNCERT @Ingenia_es @EC3Europol https://twitter.com/dubstard/status/1346366874351792130/photo/1
-
[2020-12-03 19:26:20] @ffforward Heads up ???????? large #Phishing campaign inc heading your way via @awscloud SES. @ClubMedDE > /tradingplatforms.website on @CloudflareAbuse > *.amazonaws.com. Posts to s/rosecollection.biz/cape.php @Office365 are having issues blocking these. https://urlscan.io/result/6b1e02ea-7e03-4737-846a-474cba3a339d/#summary cc @certbund https://twitter.com/ffforward/status/1334458944383840256/photo/1
-
[2020-11-13 02:41:55] @DynamicAnalysis #ZLoader C2s (1/2): s://tfbuildingjoinery.co.uk/robots.php s://globalpacificproperties.com.au/terms.php s://www.loonybinforum.com/errors.php s://luminousintent.com.au/wp-smarts.php s://espazioabierto.com/wp-smarts.php s://racriporrosepo.tk/wp-smarts.php
-
[2020-10-19 16:53:20] @Cryptolaemus1 new #emotet Epoch 1 urls ://tonolledo.com/docs/R6/ ://jegsnet.com/wp-content/J/ s://melrosebeautycenter.com/windows-10/MM/ ://blog.gadzoom.net/wp-includes/g0/ ://gtech.thngo58.com/zwift-level/xnH/ s://hbrpatel.com/wp-content/amT/ s://indiastartup360.com/wp-admin/Cm/ https://twitter.com/Cryptolaemus1/status/1318128086848864256/photo/1
-
[2020-09-04 00:22:18] @__Knut_ Erschreckend dabei. dass die großen/bekannten Hersteller Kaspersky. Panda. Avast. Bitdefender und Konsorten. den Anhang nicht als Schadhaft eingestuft haben. #Vorsicht #Emotet #Trojaner . https://urlknecht.de/2020emotet Auch bei vermeintlich bekannten Absendern immer gut aufpassen!
-
[2020-08-26 02:39:25] @p5yb34m #Qbot IOCs: //alfredoburguers.cl //americanwardrobefitters.com //equitymm.com //fishlovingworld.com //kmbuzz.com //lumanaridecorative.com //onlyicon.com //ricari.com.br //rosemiracle.com //styletadka.in //test.bateaux-bois.com //teste4.filimartis.com.br https://app.any.run/tasks/f5eec26e-d2c3-41da-b1ac-7707682b2766 …
-
[2020-05-20 20:08:13] @DFNCERT Nach wie vor massive #Qakbot Spamwellen in DE. Der "ANHANG ZUM DOKUMENT" zeigt dabei auf ein ZIP-Archiv. das eine ca. 36MB große VBS-Datei (VT: https://www.virustotal.com/gui/file/f6c848d53b9c8612849ba0275cc2af1c619cc1472477c885983858dfcfdd8374/detection …) enthält. Aktuelle IOCs via: @abuse_ch: https://urlhaus.abuse.ch/url/364924/ @malware_traffic: https://pastebin.com/u/malware_traffic … https://twitter.com/certbund/status/1261317907268751360 …
-
[2020-05-14 21:20:03] @pro_integritate -"Roses are red. Obfuscation is blue. hex mixed with junk. Automation > you." https://www.virustotal.com/gui/file/855b018d149e8c5731d6d771c9f32c9ffbec5c3b3ba0537cf601ef13ee14eae3/detection … pic.twitter.com/kW4ctMD31I
-
[2020-03-24 05:31:23] @Jouliok #Maldoc #Lokibot #opendir //tescohomegroseryandelectronicstday2store.duckdns.org/office/invoice_22115.doc //tescohomegroseryandelectronicstday2store.duckdns.org/chnsfrnd2/regasm.exe Samples are in @virusbay_io @mal_share & bazaar @abuse_ch cc: @malwrhunterteam @JAMESWT_MHT pic.twitter.com/6YYlGMuh1E
-
[2020-03-07 00:04:00] @IpNigh #PhishingKit found on #Phishing site. Threat Actor emails found in dump: [email protected] For more information on kits contact me.
-
[2020-02-07 06:21:25] @wwp96 #Formbook @JAMESWT_MHT /www.madisonroseholtze.com /www.softlanders.com /www.bluecottonhome.com /www.apachedrone.com /www.regular123.com /www.divineandrefined.com e10be3c07f6b1d565e9139b3c882b59e 82aa6956bcd9cd43dd0f85b158120bba https://app.any.run/tasks/861664b9-1bbe-4a1b-8cc3-d99353084e86 …
-
[2020-02-02 09:10:16] @IpNigh #Phishing | #PhishKit | #PhishingKit Found and downloaded. URL:hxxps://audreyilarson.com/Roselyne%20Nobles/mazon/amazon Threat Actor Emails are attached below. Bot Generated pic.twitter.com/dma55ZZ77k
-
보이스피싱, 불법촬영물, 랜섬웨어, 사이버 안보위협 등에 관련된 사안의 경우 다음과 같은 기관 및 단체의 도움을 받을 수 있습니다. 노모어랜섬(No More Ransom) 경찰청 사이버범죄 신고시스템 국가정보원 민원센터