찾아줄게요
ATT 파일은 무엇입니까?
-
안녕하세요. 제 컴퓨터에서 ATT라는 파일을 찾았는데 이것이 무엇인지 잘 모르겠습니다. 알려주시면 감사하겠습니다.
-
ATT 파일은 AT&T 그룹 4 비트맵 입니다. AT&T에서 배포한 파일인 것으로 보입니다. 2008-08-09 03:33:39에 처음으로 보고되었으며 2008-08-09 03:33:39에 마지막으로 보고되었습니다.
-
적절한 프로그램을 다운로드하여 ATT 파일을 열 수 있습니다.
-
AT&T 그룹 4 비트맵
-
시그니처 정보가 없습니다.
-
연관 링크 #1: 첨부된 링크가 없습니다.
-
연관 링크 #2: 첨부된 링크가 없습니다.
-
-
[2021-07-06 20:29:51] @_alex_il_ It is not the first time the #REvil gang is using this vulnerable defender executable in its infection flow. Attaching a similar dropper to the #Kaseya attack from May. Interesting fact - the actual ransomware payload signature is still valid. https://www.virustotal.com/gui/file/81d0c71f8b282076cd93fb6bb5bfd3932422d033109e2c92572fc49e4abc2471/details https://twitter.com/_alex_il_/status/1412403420217159694/photo/1
-
[2021-07-06 19:13:40] @yvesago #phishing via attached html form POST to s://mark.al-majarra.com/py/roll.php?email= ping @malwrhunterteam @Spam404 @PhishStats https://twitter.com/yvesago/status/1412384251207733249/photo/1
-
[2021-07-06 18:46:13] @yvesago #phishing @LaBanquePostale with attached docx and link to s://cutt.ly/9mzET96 = > s://sites.google.com/view/postgr/accueil = > p://u1176056ls5.ha004.t.justns.ru/Bp/ ping @malwrhunterteam @PhishStats @ANSSI_FR https://twitter.com/yvesago/status/1412377341523791872/photo/1
-
[2021-07-06 03:31:24] @ov3rflow1 @cibernicola_es Tenemos IoCs para #REvil/sodinokibi debido a #kaseya por todas partes :P https://otx.alienvault.com/pulse/60e2aa809c98c33d55061d92/related https://github.com/cado-security/DFIR_Resources_REvil_Kaseya/tree/main/IOCs https://www.cadosecurity.com/post/resources-for-dfir-professionals-responding-to-the-revil-ransomware-kaseya-supply-chain-attack https://malpedia.caad.fkie.fraunhofer.de/details/win.revil
-
[2021-07-05 18:08:23] @JAMESWT_MHT @cocaman caught this email with password protected attachment DOC .zip pw "Um652VtV3sX2eyy" https://bazaar.abuse.ch/sample/794a518c2857ed2106f0ee8d409c8dc9e0b358df749e6f693ee2a7ba5150b084/ inside Um652VtV3sX2eyy.exe https://bazaar.abuse.ch/sample/32e64abe73b4a1466ff42d4ae193b93a27dd38469fe3df1aea02727db34d8c58 cc @verovaleros any idea what malware ? #AgentTesla? https://twitter.com/JAMESWT_MHT/status/1412005431359250432/photo/1
-
[2021-07-04 00:48:26] @SQLInterstellar The REvil gang is carrying out this massive supply chain attack via a malicious update to Kaseya VSA. Kaseya is a software platform used by MSPs. Here is the binary https://www.virustotal.com/gui/file/8dd620d9aeb35960bb766458c8890ede987c33d239cf730f93fe49d90ae759dd/detection
-
[2021-07-03 19:21:27] @ffforward @campuscodi Coop uses Visma Esscom for most of their cash registers. who confirm they were hit in the Kaseya incident. https://www.svt.se/nyheter/inrikes/it-attacker-och-utpressningar-mot-detaljhandeln-allt-vanligare
-
[2021-07-03 04:14:33] @nubesque If it matters. 7/2/2021 9:10 GMT detections for #kaseya binaries https://www.virustotal.com/gui/file/d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e/detection and https://www.virustotal.com/gui/file/8dd620d9aeb35960bb766458c8890ede987c33d239cf730f93fe49d90ae759dd/detection CrowdStrike: yes PaloAlto: yes SentinelOne: no BlackBerry/(Cylance): yes elastic (Endgame): yes MSFT: yes Mcafee: yes Sophos: yes Symantec: yes Webroot: yes
-
[2021-07-02 12:43:40] @InQuest ???? Malicious file found hosted at: https///cdn.discordapp.com/attachments/860170708751351860/860171759285436436/Swiftcopy.zip SHA256: 095836ae800afed643741e3ed46f27142a9df2928c28a6aa17f132b0a1184e9e IOC extracted from sample: https://labs.inquest.net/dfi/hash/ee8d059d79f1b0a00c4dc97ff552e49f20a6c87b0c2ac4632fc909d830e3b735
-
[2021-07-02 12:41:30] @InQuest ???? Malicious file found hosted at: https///cdn.discordapp.com/attachments/860170708751351860/860369971107463188/InvoicePO-03092021.zip SHA256: fba67af010c2b53e948a1502eb92dbdf88bd57795e3f4cf3898f8e77f68fbb9c IOC extracted from sample: https://labs.inquest.net/dfi/hash/ee8d059d79f1b0a00c4dc97ff552e49f20a6c87b0c2ac4632fc909d830e3b735
-
[2021-07-02 12:33:27] @yvesago #phishing via html attached form post to s://edaacil.com/lail/UZIE/actions.php ping @malwrhunterteam @Spam404 @PhishStats https://twitter.com/yvesago/status/1410833981088669696/photo/1
-
[2021-07-02 01:28:26] @jasonsnitker Wow look out for this western digital attack https://www.virustotal.com/gui/file/9f7edb6383ca58584d3c7bd038aa3bf29f0a544fe1eedb0f8c28af52245b70f0/details
-
[2021-07-01 23:13:39] @James_inthe_box A csv formatted list of #malspam campaigns that crossed my path in June to include family. hash. c2.'s and some email exfils: https://gist.github.com/silence-is-best/d5814e07e5637891143762a19eb76479 #retrohunt https://twitter.com/James_inthe_box/status/1410632701871230978/photo/1
-
[2021-07-01 18:20:57] @JAMESWT_MHT Mentioned "CARTA_IDENTITA" Samples rtf https://bazaar.abuse.ch/sample/abab55c3c2109d14d6efde236c6200bbf59edf9c2edc6d8a59ce6e310607bc9b/ vbe https://bazaar.abuse.ch/sample/bd63f098304c316749c2b49726aaa7c5af4c33a4de7a5049e32587491c21a113/ Run https://app.any.run/tasks/5bdbb67e-f8a4-45f5-98ef-d67943e7a484 ❗️❗️CARTA_IDENTITA.exe ❗️❗️ https://bazaar.abuse.ch/sample/99ebb7d245ea5a3535cfba9d1cc7ec71a8cef683b91522574e32170198851d7f/ ✳️Samples https://bazaar.abuse.ch/browse/tag/rinaldo/ Relations https://www.virustotal.com/gui/domain/rinaldomattei.firstcloudit.com/relations cc @verovaleros @felixw3000 @sS55752750 https://twitter.com/D3LabIT/status/1410540076447191040 https://twitter.com/JAMESWT_MHT/status/1410559041911328772/photo/1
-
[2021-07-01 14:10:55] @yashvar_dhan 5. http://virustotal.com: Scan any suspicious file or email attachment for viruses. 6. http://printwhatyoulike.com: Print web pages without the clutter.
-
[2021-07-01 12:30:22] @DmitriyMelikov An advanced doс that uses PCShare Backdoor. They added one more step of infection. namely downloading the rar file and unpacking it with a password. https://www.virustotal.com/gui/file/d063c3938bb3ce3a0fe0c5492b7a8fe072524db87606b071152958e795501f7f/detection https://blogs.blackberry.com/en/2019/09/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware @InQuest @ShadowChasing1 #PCShare #Malware #maldoc https://twitter.com/DmitriyMelikov/status/1410470816198889474/photo/1
-
[2021-06-30 03:03:16] @bad_packets Active DDoS malware payload detected: http://209.141.59.56/arm7 ( https://www.virustotal.com/gui/url/fa73df7b4f8f8c511ee23992159c151971683651c057fbc4ffdb8f242967d71e/details) http://209.141.59.56/multi/wget.sh Exploit attempt source IPs: 103.145.13.121 (????????) 196.196.41.68 (????????) Vulnerabilities targeted: CVE-2019-19824 CVE-2020-8515 CVE-2020-10987 #threatintel https://twitter.com/bad_packets/status/1409965712743944192/photo/1
-
[2021-06-29 20:01:49] @wwp96 @IndianCERT "IAF attack.pdf" with HEAD requests to: hxxp://email-govin.duia.eu:8011/1203334A04AF-X-USER-PC/file.pdf Credential harvester hosted on same #opendir but on different dynamic DNS spoofing @goi_meity hxxp://nicindia.mywire.org:8011/e/ https://app.any.run/tasks/3a5b2783-4828-423d-9b13-5c11e32622fd/ https://twitter.com/wwp96/status/1409859652750356480/photo/1
-
[2021-06-29 17:50:22] @reecdeep #Gozi #Ursnif #ISFB targets #Italy ???????? h/t @58_158_177_102 ✉️"BRT S.P.A. - fatture scadute" ????hxxps://Consaltyng.com ???? c2: ghjakappoppepeodkd.website hteadclsspdkmdasd.live 185.212.47.181 31.214.157.207 185.186.246.95 dreamfjdjslkdskdn.website #infosec #CyberSecurity https://twitter.com/reecdeep/status/1409826569984557059/photo/1
-
[2021-06-29 17:45:59] @JAMESWT_MHT #BRT spam email spread #ursnif #gozi #ISFB #Italy "BRT S.P.A. Sollecito pagamento fatture" Xlsm https://bazaar.abuse.ch/sample/9a5bcc05135936554e6b1cb4a4d9ac026c66f2a8cc403e42f85cc28166922539/ Dll https://bazaar.abuse.ch/sample/5831ebc72dc810c036fa0c1dc85e17490ebfe2f7379b9573f99d47817b9eb42c/ Url https://urlhaus.abuse.ch/url/1410469/ C2 ghjakappoppepeodkd.website hteadclsspdkmdasd.live cc @felixw3000 @58_158_177_102 @guelfoweb https://twitter.com/JAMESWT_MHT/status/1409825466769313799/photo/1
-
[2021-06-29 15:02:17] @58_158_177_102 #cutwail preapare to spread #maldoc #ursnif ? Subject : BRT S.P.A. - fatture scadute * BRT S.P.A. - Sollecito pagamento fatture * MD5 : faf276a7f7aabafa22ff9f8fd92dc9c2 payload/C2: checking.. Sample : https://app.any.run/tasks/cc790040-56b0-442f-bb0d-b315aba791a9 https://www.virustotal.com/gui/file/51effaf547c9973feeb1929b5069eaef5f97b8d1d86fb8025ea85f182f709bb1/detection (6/63) https://tria.ge/210629-f562ammlls/static1
-
[2021-06-29 14:07:03] @JAMESWT_MHT @cocaman caught this email with password protected attachment proforma invoice .zip pw "yFkyXKYmdcQ14NR" https://bazaar.abuse.ch/sample/8af2e98ea8178165a2ae8a43cc1c85377574334996afadb7a98cf445646fa2c4/ inside yFkyXKYmdcQ14NR.exe https://bazaar.abuse.ch/sample/7eaabb247c63cc8914303806733bff4557726474a5eeb1d81e7e456efab85772/ cc @verovaleros any idea what malware ? https://twitter.com/JAMESWT_MHT/status/1409770373571297280/photo/1
-
[2021-06-28 03:00:54] @ffforward (Thread) Very well executed unidentified campaign from friday. ????#covid19 #vaccine malspam from /cov19inf.com on @bacloud. with SPF and DKIM. Attached encrypted xlsm with unique(?) password with macro on close that drops 6KB dll loader that downloads 7MB EXE. C2 /usergtarca.com https://twitter.com/ffforward/status/1409240342533181442/photo/1
-
[2021-06-28 02:28:03] @phishunt_io #NewPhishing | #phishing #scam ???? /amazoneen.com/ ???? 107.142.179.132 ☁ ATT-INTERNET4 ???? http://SSL.com RSA SSL subCA https://twitter.com/phishunt_io/status/1409232074469515267/photo/1
-
[2021-06-27 18:51:24] @GossiTheDog Ransomware leak time - Babuk's builder. Used for making Babuk payloads and decryption. builder.exe foldername. e.g. builder.exe victim will spit out payloads for: Windows. VMware ESXi.network attached storage x86 and ARM. note.txt must contain ransom. https://www.virustotal.com/gui/file/82e560a078cd7bb4472d5af832a04c4bc8f1001bac97b1574efe9863d3f66550/detection https://twitter.com/GossiTheDog/status/1409117153182224386/photo/1
-
[2021-06-25 23:03:53] @James_inthe_box FYI..seen a large uptick in #azorult #malspam this month..attachment names: https://gist.github.com/silence-is-best/24a6e83345701f15aec5d962f8d53bc5 https://twitter.com/James_inthe_box/status/1408455918908444674/photo/1
-
[2021-06-25 16:55:59] @reecdeep #FormBook #Malware targeting #Italy ???????? "Ordinazione d'acquisto" ⚙️ https://app.any.run/tasks/11020007-26d7-41a6-ae83-78c2e12d214f ????hxxps://cdn.discordapp.com/attachments/851129144217829379/857861081514770432/Zbcdggljpfzkskzkjiahputwmixnfof ????c2: jam-nins.com #infosec #CyberSecurity #cybercrime #Security https://twitter.com/reecdeep/status/1408363331526799365/photo/1
-
[2021-06-25 13:52:59] @pollo290987 #remcos EnvironmentPermissionAttribute.exe 6ebb570b031208a0f5c4b516d64b9971 "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZBADBUNNY" C2: /dominoduck2116.duckdns.org:9803
-
[2021-06-23 23:27:46] @Sebdraven We've just released Yeti 1.7.0 ! https://github.com/yeti-platform/yeti/releases/tag/1.7.0 We add ThreatFox of @abuse_ch in feeds. tls for db connections. we fixe @MISPProject feed using pysmisp and importing attributes of objects and we fixes bugs So update your yeti ! https://media.giphy.com/media/bWFMAT9uSIsr6/giphy.gif #ThreatIntel
-
[2021-06-23 15:05:00] @Timele9527 #APT threat analysis report about #Kimsuky : “Kimsuky APT organization's targeted attacks on South Korean defense and security related departments” report: https://mp.weixin.qq.com/s/SLocYak45PoOwLtMCn0PFg https://translate.google.com/translate?hl= &sl= zh-CN&tl= en&u= https%3A%2F%2Fmp.weixin.qq.com%2Fs%2FSLocYak45PoOwLtMCn0PFg&sandbox= 1 https://twitter.com/Timele9527/status/1407610627011403779/photo/1
-
보이스피싱, 불법촬영물, 랜섬웨어, 사이버 안보위협 등에 관련된 사안의 경우 다음과 같은 기관 및 단체의 도움을 받을 수 있습니다. 노모어랜섬(No More Ransom) 경찰청 사이버범죄 신고시스템 국가정보원 민원센터