찾아줄게요
WI 파일은 무엇입니까?
-
안녕하세요. 제 컴퓨터에서 WI라는 파일을 찾았는데 이것이 무엇인지 잘 모르겠습니다. 알려주시면 감사하겠습니다.
-
WI 파일은 코렐, Wavelet 압축 비트맵 파일 입니다. Corel에서 배포한 파일인 것으로 보입니다. 2008-09-28 03:03:01에 처음으로 보고되었으며 2008-09-28 03:03:01에 마지막으로 보고되었습니다.
-
적절한 프로그램을 다운로드하여 WI 파일을 열 수 있습니다.
-
코렐, Wavelet 압축 비트맵 파일
-
시그니처 정보가 없습니다.
-
연관 링크 #1: 첨부된 링크가 없습니다.
-
연관 링크 #2: 첨부된 링크가 없습니다.
-
-
[2021-07-07 03:10:30] @bad_packets @UK_Daniel_Card 45.146.164.0/23 (????????) 45.146.166.0/23 (????????) https://twitter.com/bad_packets/status/1412504247548006403/photo/1
-
[2021-07-07 02:55:32] @_Y000_ Publicidad que te manda a descargar un archivo .apk malicioso! https://sorry.waitfordownlaod.com/ZWMwMDBhMDYzNTAwMjA1MjAwMDAyMDVjMDAyMDVjMDAyMDVjMjhkNTRjYjZmYg= = /?name= Downloader&sclid= 60e4b434479281000109c99c&extra= 8284 Virustotal: https://www.virustotal.com/gui/file/a9d5a0741cc5634c6c4a3d76c39560591b97141c27bcc15a6e798aacf9597cbe/detection https://twitter.com/_Y000_/status/1412500481688182788/photo/1
-
[2021-07-07 01:12:04] @MBThreatIntel New #Dridex #malspam: Email -> Contains Excel file -> Drops XSL file -> Creates a scheduled Task -> Calls Mshta.exe to execute XSL file by calling WMIC.exe -> Executes #Dridex payload using Rundll32.exe Maldocs: ea3cc91ae1d7da1d5509530560f69f30 0e0c3c9cea7e59a5aee7a7ab2dd03eb2 https://twitter.com/MBThreatIntel/status/1412474444174479371/photo/1
-
[2021-07-07 01:03:11] @FewAtoms #malware #infosecurity #threathunting #cybersecurity #opendir hxxp://nz-prosthodontists.org.nz/ox/ https://urlhaus.abuse.ch/host/nz-prosthodontists.org.nz @abuse_ch @James_inthe_box @JAMESWT_MHT https://twitter.com/FewAtoms/status/1412472209461940226/photo/1
-
[2021-07-07 00:55:04] @malware_traffic 2021-07-06 (Tuesday) - #BazarLoader (#BazaLoader) from "Stolen Image Evidence" zip archive led to #CobaltStrike - Encoded binary for Cobalt Strike at: hxxp://46.17.98.191/OuqC8rXGwlN5saz48clBNekGjhs8Kjmf - List of IOCs available at: https://github.com/brad-duncan/IOCs/blob/main/2021-07-06-BazarLoader-with-Cobalt-Strike-IOCs.txt https://twitter.com/malware_traffic/status/1412470165179092992/photo/1
-
[2021-07-07 00:03:09] @remram44 @emilynordmann @TaguetteProject We had issues with antiviruses in the past ???? Virustotal gives it an all-green so hopefully that goes away once it isn't so brand new.. https://www.virustotal.com/gui/file/b77d0fdf0e139adb7ffc17f4b65f2d0a6358e052aa117ab92c400654e58151c7
-
[2021-07-06 23:24:11] @angealbertini in comparison. my 190-in-1 polymock has 0 detections. https://www.virustotal.com/gui/file/10a3ec33f7fbfb3dccf6c005aed9c616ced2fadd648a636d1551738ff7a4cd98/details https://twitter.com/angealbertini/status/1412447292041437190/photo/1
-
[2021-07-06 23:07:37] @cpardue09 #ln -s :malware_traffic: 2021-07-06 (Tuesday) - #Hancitor (#Chanitor/#MAN1/#Moskalvzapoe/#TA511) active again today with #FickerStealer and #CobaltStrike as follow-up malware. Example of downloaded Word doc: - https://bazaar.abuse.ch/sample/b55284924181f69bf59527ac2b7a5397c35652c799c037a3e94d492d412f8c9c/ Example of dropped… https://twitter.com/malware_traffic/status/1412440042157576196/photo/1
-
[2021-07-06 22:55:22] @malware_traffic 2021-07-06 (Tuesday) - #Hancitor (#Chanitor/#MAN1/#Moskalvzapoe/#TA511) active again today with #FickerStealer and #CobaltStrike as follow-up malware. Example of downloaded Word doc: - https://bazaar.abuse.ch/sample/b55284924181f69bf59527ac2b7a5397c35652c799c037a3e94d492d412f8c9c/ Example of dropped DLL: - https://bazaar.abuse.ch/sample/e1e0bfa5cabf7dc46f251327c46c1e371e67262ebb103ab242189e64bf6aa1d4/ https://twitter.com/malware_traffic/status/1412440042157576196/photo/1
-
[2021-07-06 22:49:07] @James_inthe_box #cobaltstrike hosted at: http://23.227.203.229/download/klinch.exe c2: http://94.198.40.11:80/visit.js https://twitter.com/James_inthe_box/status/1412438469494804482/photo/1
-
[2021-07-06 22:25:17] @d4rksystem Open directory on InternetArchive hosting obfuscated dotNet loaders that are dropping infostealer variants. Loaders are compiled on the fly with aspnet_compiler.exe. C2: 103.155.81.167 cc @malwrhunterteam @JAMESWT_MHT @executemalware @abuse_ch @MalwarePatrol @James_inthe_box https://twitter.com/d4rksystem/status/1412432472088981511/photo/1
-
[2021-07-06 21:52:55] @R3MRUM @GobiasInfosec @0xAmit @HuntressLabs 'Officially' it started with version 2.04 but I found a beta version of 2.04 back in 10/2020 that was the initial sample where this key started being used: https://www.virustotal.com/gui/file/f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d/detection
-
[2021-07-06 20:29:51] @_alex_il_ It is not the first time the #REvil gang is using this vulnerable defender executable in its infection flow. Attaching a similar dropper to the #Kaseya attack from May. Interesting fact - the actual ransomware payload signature is still valid. https://www.virustotal.com/gui/file/81d0c71f8b282076cd93fb6bb5bfd3932422d033109e2c92572fc49e4abc2471/details https://twitter.com/_alex_il_/status/1412403420217159694/photo/1
-
[2021-07-06 19:42:15] @ActorExpose @AlvieriD @Twitter @TwitterSupport AS number: AS16509 IP-range/subnet: 3.34.0.0/15 @malwaretracekr @2RunJack2 @Spam404
-
[2021-07-06 19:32:55] @Annihil4tionGod ReadMe-File.txt with further information on data Structure: Download from Google Drive: https://drive.google.com/file/d/15MejWGU68dGMIc7tRlgxXwYgdOn2n1jV/view?usp= sharing http://VirusTotal.com Scan: https://www.virustotal.com/gui/file/d29d7fadd705abf926ba221ed5b25a9ca655fc9b87570e02866abdca12e7628a/detection 5/5
-
[2021-07-06 19:13:40] @yvesago #phishing via attached html form POST to s://mark.al-majarra.com/py/roll.php?email= ping @malwrhunterteam @Spam404 @PhishStats https://twitter.com/yvesago/status/1412384251207733249/photo/1
-
[2021-07-06 19:13:19] @ActorExpose Indonesian Military Domain Defacement :L hxxps://lantamal9-koarmada3.tnial.mil.id/zbi.html @douglasmun @CSAFCert https://twitter.com/ActorExpose/status/1412384163005599747/photo/1
-
[2021-07-06 18:46:13] @yvesago #phishing @LaBanquePostale with attached docx and link to s://cutt.ly/9mzET96 = > s://sites.google.com/view/postgr/accueil = > p://u1176056ls5.ha004.t.justns.ru/Bp/ ping @malwrhunterteam @PhishStats @ANSSI_FR https://twitter.com/yvesago/status/1412377341523791872/photo/1
-
[2021-07-06 18:01:37] @ActorExpose @emailrepio exfil: [email protected] @emailrepio https://shoppy.gg/product/miU49Qq?fbclid= IwAR2aPIaMKldDpnJimmFTJ3snZBVgUcnKGyTidAcsrohfb5-LGCYbInZsqns https://twitter.com/ActorExpose/status/1412366116853256193/photo/1
-
[2021-07-06 17:59:52] @ActorExpose "Zombi Bot v14" affiliated with Dr Hex (?) exfil: [email protected]. [email protected] @emailrepio https://sellix.io/product/607c7a6a95277 https://twitter.com/ActorExpose/status/1412365675860008961/photo/1
-
[2021-07-06 17:51:33] @ActorExpose @JCyberSec_ @rootprivilege @PhishKitTracker @BushidoToken Affiliated with Dr Hex https://domainbigdata.com/hotmail.com/mj/S3qN8ZJYvkVsqm12FuQjwQ https://twitter.com/ActorExpose/status/1412363584277987334/photo/1
-
[2021-07-06 16:50:01] @JAMESWT_MHT Mentioned #Flubot v4.7 Sample ???? https://bazaar.abuse.ch/sample/fe52bed001f28a4b218bcd0ad31b92fb59022778cf68a1445cf3e8c612a5e04c/ https://twitter.com/alberto__segura/status/1412291656301400064
-
[2021-07-06 16:31:05] @ActorExpose Ugly Phish LMAO hxxps://xcrng.com/universal/mail/v16/9pAa79B12eQ-XxE6fyY8204-AA6dS5790C/id= 807cc23A3D4Q13/?e= [email protected] NuKe @Spam404 https://twitter.com/ActorExpose/status/1412343333884764160/photo/1
-
[2021-07-06 16:17:49] @aaqeel87 @58_158_177_102 @BushidoToken @SyscallE @stoerchl @ffforward @abuse_ch @bry_campbell @dms1899 @Cryptolaemus1 Thanks for sharing! maldoc #ursnif url: https://welcombiz.com https://twitter.com/aaqeel87/status/1412339994358915073/photo/1
-
[2021-07-06 15:23:23] @reecdeep #Gozi #ISFB #Malware targets #Italy ???????? Enel themed h/t @58_158_177_102 ????hxxps://welcombiz.com ???? auredosite.club vuredosite.club 37.120.222.59 185.156.172.98 guredosite.shop ruredosite.shop wuredosite.shop #infosec #CyberSecurity #mlwitaly https://twitter.com/58_158_177_102/status/1412321471821611008?s= 20 https://twitter.com/reecdeep/status/1412326296332472324/photo/1
-
[2021-07-06 15:19:20] @JAMESWT_MHT @58_158_177_102 Yes your sample drop #ursnif #gozi #isfb #Italy 05/06_07_2021 Xlsm https://bazaar.abuse.ch/sample/00946462797de8e5636676060439d06adb4878ab1472db5c16972b2074a0400f/ Dll https://bazaar.abuse.ch/sample/62dbfe723197430a3af1ec9262fcd2a5c2bfc8e81b97c313101f0a5388d587fc/ Dll Url (geo ita+blacklist IP) https://urlhaus.abuse.ch/url/1430390/ C2 auredosite.club vuredosite.club cc @felixw3000 https://twitter.com/JAMESWT_MHT/status/1412325277229797378/photo/1
-
[2021-07-06 13:05:44] @alberto__segura New #Flubot 4.7 sample. Same countries affected. but it is stopped using seed by country. it now selects a DGA seed randomly. The old code is still used to block numbers phone numbers. https://www.virustotal.com/gui/file/fe52bed001f28a4b218bcd0ad31b92fb59022778cf68a1445cf3e8c612a5e04c/detection cc @malwrhunterteam @danlopgom @pr3wtd @JosepAlbors https://twitter.com/alberto__segura/status/1412291656301400064/photo/1
-
[2021-07-06 08:01:16] @wwp96 #opendir @JAMESWT_MHT hxxp://136.144.41.3/LINEARcndkjncjkd/ https://app.any.run/tasks/ccdbfbe3-b790-4c40-8d7b-4a0f9a8399c2/ https://twitter.com/wwp96/status/1412215034206429186/photo/1
-
[2021-07-06 07:58:02] @wwp96 #opendir #dcrat @JAMESWT_MHT 82.146.37.195/Develop/Jabber/MsTeams/userbd/production/Longpolllinuxwindowsuniversal.php?.. d8a099b848c4801c7aead1d9ca42830b https://app.any.run/tasks/108808ef-d65a-428e-bda2-296f8ca29b2d/ https://twitter.com/wwp96/status/1412214220285005832/photo/1
-
[2021-07-06 07:54:35] @wwp96 @FewAtoms still alive hxxp://198.12.110.183/wn/vbc.exe 95477d3439411e6aa6704a73a3bb6c05 https://app.any.run/tasks/663000ba-e43e-481d-89bb-8bcbd772d5d5/ https://twitter.com/wwp96/status/1412213351279644678/photo/1
-
보이스피싱, 불법촬영물, 랜섬웨어, 사이버 안보위협 등에 관련된 사안의 경우 다음과 같은 기관 및 단체의 도움을 받을 수 있습니다. 노모어랜섬(No More Ransom) 경찰청 사이버범죄 신고시스템 국가정보원 민원센터