찾아줄게요
ADS 파일은 무엇입니까?
-
안녕하세요. 제 컴퓨터에서 ADS라는 파일을 찾았는데 이것이 무엇인지 잘 모르겠습니다. 알려주시면 감사하겠습니다.
-
ADS 파일은 GNAT, Ada source text specification 입니다. Adacore에서 배포한 파일인 것으로 보입니다. 2008-08-09 01:46:13에 처음으로 보고되었으며 2021-09-09 05:25:35에 마지막으로 보고되었습니다.
-
적절한 프로그램을 다운로드하여 ADS 파일을 열 수 있습니다.
-
GNAT, Ada source text specification
-
시그니처 정보가 없습니다.
-
연관 링크 #1: https://www.adacore.com/
-
연관 링크 #2: 첨부된 링크가 없습니다.
-
-
[2021-07-05 18:43:39] @GossiTheDog Another. The uploads are coming from VirusTotal web submissions from Chinese IP space. https://www.virustotal.com/gui/file/e8e7f2f889948fd977b5941e6897921da28c8898a9ca1379816d9f3fa9bc40ff/detection
-
[2021-07-04 04:14:31] @DmitriyMelikov The docm file downloads an executable file( Md5 810BA7D14F1454A01F8D75C4FFC8F797) that looks for other files and upload them to a remote server. > ( hxxp : // 64. 188. 13. 46 /oiasjdoaijsdoiasjd/ ) https://www.virustotal.com/gui/file/5d3220db34868fc98137b7dfb3a6ee47db386f145b534fb4a13ef5e0b5df9268/relations https://www.virustotal.com/gui/file/a20970aa236aa60d74841e7af53990c5da526f406c83fd1bedb011290517d9b0/detection @InQuest #Malware #maldoc https://twitter.com/DmitriyMelikov/status/1411433194386345986/photo/1
-
[2021-07-04 00:05:35] @dorkingbeauty1 https://www.shodan.io/host/101.53.153.183 https://otx.alienvault.com/pulse/60e098092d446ce18b66ef0c/related/ #Headset #voip #streamdata #malware #hidden #fake #audio #low #FREQUENCY5FM #freqnetwork
-
[2021-07-02 05:44:23] @executemalware I received about 50 #hancitor emails today. As usual. I got #ficker stealer and #cobaltstrike follow-up payloads. Here are the IOCs: https://pastebin.com/Ung73BHW
-
[2021-06-28 03:00:54] @ffforward (Thread) Very well executed unidentified campaign from friday. ????#covid19 #vaccine malspam from /cov19inf.com on @bacloud. with SPF and DKIM. Attached encrypted xlsm with unique(?) password with macro on close that drops 6KB dll loader that downloads 7MB EXE. C2 /usergtarca.com https://twitter.com/ffforward/status/1409240342533181442/photo/1
-
[2021-06-27 18:51:24] @GossiTheDog Ransomware leak time - Babuk's builder. Used for making Babuk payloads and decryption. builder.exe foldername. e.g. builder.exe victim will spit out payloads for: Windows. VMware ESXi.network attached storage x86 and ARM. note.txt must contain ransom. https://www.virustotal.com/gui/file/82e560a078cd7bb4472d5af832a04c4bc8f1001bac97b1574efe9863d3f66550/detection https://twitter.com/GossiTheDog/status/1409117153182224386/photo/1
-
[2021-06-27 06:28:50] @abel1ma ちょっとメモ VISAカード(りそなVISAカード)を騙ったフィッシングメール 件名 あなたのカードは一時的にブロックされています。 誘導先 hxxp://www.lixianwan.com//wp-content/themes/27/index.php リダイレクト先 hxxps://hoanglongads.com/wp-content/themes/27/Visa.co.jp (続く)
-
[2021-06-26 22:15:00] @alberto__segura Just received this SMS whose link downloads the following sample of #NotFlubot #Toddler #Anatsa #Teabot https://www.virustotal.com/gui/file/fb00adb4c51834b5d37f5881b4baa6153b07cf44b6fe523fbedf7c2943d4f661/detection C2: hxxp://185.215.113.31:84/api/ https://twitter.com/alberto__segura/status/1408806004968542212/photo/1
-
[2021-06-24 06:12:31] @executemalware Much like yesterday. we received ~30 #hancitor emails today. Also like yesterday. I saw #ficker stealer and #cobaltstrike payloads. Here are the IOCs: https://pastebin.com/Kga0y4a6
-
[2021-06-24 01:07:20] @MBThreatIntel ???? #LokiBot #malspam Spam email -> Contains a malicious document -> Downloads a remote template -> Exploits Equation Editor vulnerability -> Drops LokiBot ➡️ Maldoc: c0534b394a520926576f93d2fcb53460 ➡️ Remote template (Uses URL shortener): https://itsssl.com/9h7CN https://twitter.com/MBThreatIntel/status/1407762211293089798/photo/1
-
[2021-06-23 19:12:40] @michalmalik https://www.virustotal.com/gui/file/80e58eb314d0d5e1a50be0c5fca0ca42cdda5e5297d6f7a2590840ac60504be1/detection < OSX Gmera. not sure about NukeSped. Downloads hxxps://troxtrade.com/starterapp.zip. which contains a FAT file with ARM64 and X86_64 MachO. https://twitter.com/michalmalik/status/1407672957028253703/photo/1
-
[2021-06-23 05:54:51] @executemalware Today's was the start of week for #hancitor . I saw follow-up payloads of both #ficker stealer and #cobaltstrike . Here are the IOCs: https://pastebin.com/tArswBep
-
[2021-06-23 02:07:13] @cpardue09 #ln -s :malware_traffic: 2021-06-22 (Tuesday) - #Dridex-style Excel file from yesterday still retrieving & running #CobaltStrike today - Spreadsheet: https://tria.ge/210622-ekdh2kvp8j - URL for Cobalt Strike: https://urlhaus.abuse.ch/url/1386065/ - Cobalt Strike EXE: … https://twitter.com/malware_traffic/status/1407411585254137856/photo/1
-
[2021-06-23 01:54:05] @malware_traffic 2021-06-22 (Tuesday) - #Dridex-style Excel file from yesterday still retrieving & running #CobaltStrike today - Spreadsheet: https://tria.ge/210622-ekdh2kvp8j - URL for Cobalt Strike: https://urlhaus.abuse.ch/url/1386065/ - Cobalt Strike EXE: https://tria.ge/210622-5946tjsyc6 https://twitter.com/malware_traffic/status/1407411585254137856/photo/1
-
[2021-06-21 20:52:03] @MBThreatIntel ???? #FormBook via CVE-2017-11882 #malspam ➡️ Mal docs: da283f39df7a4399184f1882695048bc 752e33013becf59e32c926823f0919f2 ➡️ Payloads: 5dcdf6c934870b13c42b3548f8747d0a 5d2abf9eb3310e498f8510a4966f9ab0 ➡️ Download IP: 212.192.241.94 https://twitter.com/MBThreatIntel/status/1406973188828024837/photo/1
-
[2021-06-20 19:36:41] @sergedroz @abuse_ch @Quad9DNS Zur Erinnerung:Sony war die Firma. die Rootkits auf den Rechnern ihrer Kunden installierte. als Kopierschutz. https://www.heise.de/newsticker/meldung/10-Jahre-Sony-Rootkit-Schadsoftware-vom-Hersteller-2865426.html
-
[2021-06-19 10:11:27] @pollo290987 #MEMZ Storno.bin 84887b550e951055309ca04dab0d0cf7 Giovanni\Downloads\MEMZ-master\MEMZ-master\Storno\Debug\Storno.pdb https://github.com/JmNkS/MEMZ https://twitter.com/pollo290987/status/1406087202199777281/photo/1
-
[2021-06-19 07:56:24] @fbgwls245 #Povlsomware (ALPHA LOCKER) #Ransomware 84BDE248E4F4C504384BB3A3B9703E4EA7E033F9AA1160089FEC9C30AF6632D7 C:\Users\ALPHA_HACKER\Downloads\Povlsomware-master\Povlsomware-master\Povlsomware\obj\Release\Povlsomware.pdb https://twitter.com/fbgwls245/status/1406053214005305345/photo/1
-
[2021-06-17 20:52:59] @lazyactivist192 Here's a much better source than the beacon's fluff article (the beacon exclusively writes fluff pieces) https://www.dontshootpdx.org/wp-content/uploads/2020/06/DSPFinal-RCAreport4SocialChange-AM.AR_.ZW_.DS-.pdf https://twitter.com/AkronOhioMayor/status/1405496735200419847
-
[2021-06-17 20:51:41] @lazyactivist192 @AkronOhioMayor @beaconjournal https://www.dontshootpdx.org/wp-content/uploads/2020/06/DSPFinal-RCAreport4SocialChange-AM.AR_.ZW_.DS-.pdf So what I'm hearing is the city of Akron loves cops who disobey court orders?
-
[2021-06-16 01:39:15] @InQuest Here is a interesting #dropper https://labs.inquest.net/dfi/hash/0dde111712db81b5a70d9cf35f5e1fcd5d585c62f678a5db66d2a166ef3a3399 The DLL has a unique sleep function.. Transmits sys info. sleeps. then downloads https://www.virustotal.com/gui/file/8706d795cd8bb75b11e3b3e5606decee08596cb613059b10c6ec1df70099b761/detection to inject into explorer.exe. All strings are decrypted with a special algorithm prior to execution. #malware https://twitter.com/InQuest/status/1404871139466285059/photo/1
-
[2021-06-09 19:37:17] @tlansec @alexanderjaeger There are a huge #of inaccuracies in part due to the rules and it part due to the data its matching against. Example file with loads of misleading matches: https://www.virustotal.com/gui/file/982f7c4700c75b81833d5d59ad29147c392b20c760fe36b200b541a0f841c8a9/behavior/VirusTotal%20Jujubox
-
[2021-06-08 00:38:56] @MBThreatIntel #BuerLoader #malspam: Spam emails -> Excel files with DocuWare template -> contains a macro that is activated on "Workbook_BeforeClose()" event -> drops now.dll and executes it using regsvr32.exe -> downloads and execute BuerLoader ➡️ Maldocs: 533cc0286ef26ad26ca5b042f0aad018 https://twitter.com/MBThreatIntel/status/1401956856931700736/photo/1
-
[2021-06-06 01:35:02] @bad_packets @0xDUDE @unix_root @DIVDnl Thanks for the heads-up. To be clear. we've detected CVE-2021-21985 activity from numerous hosts since 2021-05-27T19:13:25Z and not just @DIVDnl's scans from 104.40.252.159 (????????). https://twitter.com/bad_packets/status/1398358990015188992
-
[2021-06-04 21:37:33] @phishunt_io #NewPhishing | #phishing #scam ???? /simple359.space/uploads/login.linkedin.com/lin/index.html ???? 164.138.223.145 ☁ http://SuperHosting.BG Ltd. ???? cPanel. Inc. Certification Authority https://twitter.com/phishunt_io/status/1400824046560940040/photo/1
-
[2021-06-04 07:04:49] @ActorExpose Active Phish (compromised) hxxp://dknengereye.com/wp-includes/loads/index.html @Spam404
-
[2021-06-04 01:29:12] @Mesiagh @FewAtoms @James_inthe_box @pmelson @abuse_ch @JAMESWT_MHT #Raccoon #Stealer: Hash: 4c77f8dd45de2772f04d175f9ee4b3dcc3f3412a84c438c65eb067c12efb13a0 C2: 34.88.140.135 Additional requests and downloads: g-cleanpartners.in noirok06.top nailedpizza.top
-
[2021-06-03 03:41:19] @jaimeblascob @InQuest The template downloads Trickbot from download3.xyz https://otx.alienvault.com/indicator/file/fd05481da74a6d89ac3c60db954e8f02a85711f9abaf12ede2d4e54eaf06a032 https://twitter.com/jaimeblascob/status/1400190815180410880/photo/1
-
[2021-06-03 02:02:09] @ESETresearch In the archive. attackers added a Cobalt Strike loader Acrobat.dll. that loads a Cobalt Strike shellcode. The C&C is 95.217.1.81. Malicious archive on VT: https://www.virustotal.com/gui/file/FF1DCAB09F24A4C314AF3EE829F80127E5B54F5BE2A13E812617F77D0DEEEF57 2/7
-
[2021-06-02 16:17:56] @Artilllerie #Hancitor (2705_pinr3 | botnet) ????Low detection (9/66) https://www.virustotal.com/gui/file/9a9926376a027f80eb56912ae54db483382e6566a54a139d6c7b384b3bd06409 ➡️C&C /alconothe.com:80 /deparnized.ru:80 /ereallfulaw.ru:80 ➡️Payloads repo /kor0leva.ru:80 ➡️Ficker C&C /sweyblidian.com:80 ➡️Cobalt Strike https://0paste.com/252523 @malwrhunterteam https://twitter.com/Artilllerie/status/1400018838398418944/photo/1
-
보이스피싱, 불법촬영물, 랜섬웨어, 사이버 안보위협 등에 관련된 사안의 경우 다음과 같은 기관 및 단체의 도움을 받을 수 있습니다. 노모어랜섬(No More Ransom) 경찰청 사이버범죄 신고시스템 국가정보원 민원센터