찾아줄게요

ABR 파일은 무엇입니까?

• 안녕하세요. 제 컴퓨터에서 ABR라는 파일을 찾았는데 이것이 무엇인지 잘 모르겠습니다. 알려주시면 감사하겠습니다.

• ABR 파일은 PhotoShop 입니다. Adobe에서 배포한 파일인 것으로 보입니다. 2015-12-05 00:29:34에 처음으로 보고되었으며 2015-12-05 00:29:34에 마지막으로 보고되었습니다.

• 적절한 프로그램을 다운로드하여 ABR 파일을 열 수 있습니다.

• 포토샵

• 시그니처 정보가 없습니다.

• 연관 링크 #1: 첨부된 링크가 없습니다.

• 연관 링크 #2: 첨부된 링크가 없습니다.

• [2021-07-06 22:01:01] @bogdanangh Another #FluBot sample. What is interesting about this one is that the payload name doesn't respect the "assets/{dir}/{8 char string}.{ext}" naming convention. It uses "assets/{dir}/{10 char string}.{ext}". @alberto__segura @ThreatFabric @malwrhunterteam https://www.virustotal.com/gui/file/eddfe1cba210143962db5a6c526a8d880731743043dbe842b8a18d25863e1935/details

• [2021-07-01 19:16:19] @bogdanangh @ThreatFabric @bl4ckh0l3z Seems they started using the "com.sima.weibo" pkg name starting with v4.7(??) https://www.virustotal.com/gui/file/e3b165a677ee3dbfe04b6f76b6a2273bd199f35a4493a2a833bc4439106fa4f1/details

• [2021-06-27 15:11:40] @kyleehmke Set of suspicious domains registered through MonoVM on 6/25 using [email protected]: clampuncture.com (143.198.238.6) forgetfulbig.com normallibraryart.com pullscrewyell.com upsetearthabrupt.com vegetablered.com wittymarble.com https://twitter.com/kyleehmke/status/1409061856199819264/photo/1

• [2021-06-19 21:12:25] @GrujaRS New #APIS(#Hiddentear)#Ransomware extension .apis! Ransom note;read_apis.txt Sample VT https://www.virustotal.com/gui/file/fc7307dc19e676177603dee95b388b8a1159c822b3cfe0dc24f96288749d64cc/detection https://www.hybrid-analysis.com/sample/fc7307dc19e676177603dee95b388b8a1159c822b3cfe0dc24f96288749d64cc/60cdb47b64c54b45567391ce@BleepinComputer @LawrenceAbrams @demonslay335 https://twitter.com/GrujaRS/status/1406253537919705090/photo/1

• [2021-06-12 01:03:10] @noraj_rawsec @Jabra @breakersall https://www.virustotal.com/gui/url/954d7aec047360516e8753e9dac639f3fbf04e1d4b582169270994a65221eb28/

• [2021-06-11 15:35:51] @GrujaRS #Ryuk .Net Ransomware Builder v1.0 Sample https://www.virustotal.com/gui/file/0d8b4a07e91e02335f600332644e8f0e504f75ab19899a58b2c85ecb0887c738/detection @LawrenceAbrams @demonslay335 https://twitter.com/GrujaRS/status/1403269736079806464/photo/1

• [2021-06-10 15:45:59] @Kangxiaopao #Ransomware ext:ChupaCabra sample: https://www.virustotal.com/gui/file/213d6a4c5a5c0045550fa2b822434c51dfd1b6f573c1d1bf22d9eda4f7ab2259/details https://twitter.com/Kangxiaopao/status/1402909897902022661/photo/1

• [2021-05-28 17:17:26] @pcrisk Poker Ransomware; VoidCrypt ransomware family; Extension: .poker Sample: https://www.virustotal.com/gui/file/cd19340138f9eab48d20b3bf0a9dc6b4a6908d14cd48511ccefd6dba9e84705f/detection @demonslay335 @LawrenceAbrams @Amigo_A_

• [2021-05-05 15:06:39] @pcrisk Stop/Djvu Ransomware Extension: .rejg Sample: https://www.virustotal.com/gui/file/4fbb54afa28cb8c5c0451aaf0420d9f0f6a4d39c2c016028312e133c783c9e6d/detection @demonslay335 @LawrenceAbrams

• [2021-05-04 20:09:32] @GrujaRS Can someone test the sample. it doesn't work for me .. it crashes #Ransomware.#LockScreen.#Ransom_Blocker!?? @LawrenceAbrams.@demonslay335.@Amigo_A_ https://www.virustotal.com/gui/file/f3d5013578835436d8cc1f82b7dcfd44e18737535f54fadcb4ea5ad18d8aee0c/detection https://bazaar.abuse.ch/sample/f3d5013578835436d8cc1f82b7dcfd44e18737535f54fadcb4ea5ad18d8aee0c/ https://twitter.com/GrujaRS/status/1389567874872877058/photo/1

• [2021-04-26 18:55:34] @pcrisk Phobos ransomware. Extension: .lookfornewitguy :) VT: https://www.virustotal.com/gui/file/60a529bf654e30d391cf60e30a2b3aece6dc1b6f79899f117a1be4e61b2fc206/details @demonslay335 @BleepinComputer @LawrenceAbrams

• [2021-04-15 04:11:00] @SixLuiz @jujuher @gabrielcosta_iv @Baconbaquin @espectralll @caralcaralcaral @pretademaiss so fazer donwload confia ! https://www.virustotal.com/gui/file/c08c8a2c229813619f324ffaa71e3c7d1b4ebb0491ef5f752db7b62fc23458f3/detection

• [2021-04-10 02:05:42] @GrujaRS New variant!?#RIP_Imao #Ransomware extension .crypted! Ransom note ___RECOVER__FILES__.crypted.txt Sample VT https://www.virustotal.com/gui/file/9e1609ab7f01b56a9476494d9b3bf5997380d466744b07ec5d9b20e416b10f08/detection @BleepinComputer @LawrenceAbrams @demonslay335 https://twitter.com/GrujaRS/status/1380597809376854022/photo/1

• [2021-04-06 00:41:43] @GrujaRS New #Hiddentear #Ransomware extension .Dark! Ransom note;Ransomware Text Message.txt @BleepinComputer @LawrenceAbrams @demonslay335 Sample VT https://www.virustotal.com/gui/file/183288d99c52f5df7837e2ce0ca427bef205d1383eebd6ea4586fd4feac27fb6/detection https://twitter.com/GrujaRS/status/1379127120186769408/photo/1

• [2021-03-27 14:28:44] @nekomimimaiden 電車でD SS ローダー114_1パッチ対応版： https://www.dropbox.com/s/6ggnnzq1vi873ri/dendss_loaderM.exe?dl= 0 ハッシュ値一覧（開発者用）： https://www.dropbox.com/s/iabrrs3v9d0e3p9/dendss114_1_all_files.txt.txt?dl= 0 ウイルストータルスキャン結果（ https://www.virustotal.com/gui/file/bf576dbebcb5bd285a41ffdf19282f5102b590b8590d70a16e3ab6ce1d483e71/detection ） いつも通り、SecureAge APEX不審物扱い、Chromeも多分駄目だと思う。

• [2021-03-24 19:46:34] @reecdeep #AgentTesla #Malware from #malspam ⚙️ https://app.any.run/tasks/b55cd36e-f389-404d-8090-7fabc08d2683 ????c2: ftp.vila-gabriel.ro #infosec #CyberSecurity #DFIR #cybercrime #Security #cyber config ???? https://twitter.com/reecdeep/status/1374689092353597441/photo/1

• [2021-03-13 22:47:32] @GrujaRS It looks like new #Seyret #Ransomware!? No ransom note. Extension .z8sj2c @BleepinComputer @LawrenceAbrams @demonslay335 https://www.virustotal.com/gui/file/4dfc17406a58c6f1ce83a73ce6dd5b343d00fe77d07dfe21d28da13631bfad90/detection https://twitter.com/GrujaRS/status/1370748367693840384/photo/1

• [2021-03-11 22:00:01] @LanceSchukies Abuse .ch creator launches ThreatFox. a platform for sharing malware ioc #news #tech #cybersecurity #data #security #hacker #databreach #cyberattack #network #OSINT #cyber #phishing #cybercrime #infosec #ransomware #datasecurity #internet #software https://portswigger.net/daily-swig/abuse-ch-creator-launches-threatfox-a-platform-for-sharing-malware-indicators-of-compromise

• [2021-03-06 05:12:42] @ArutJoao O canal @manual_sabrina (Que por acaso e verificado) esta disponibilizando linkscom malware. no caso sao oscom encurtadores bitly. Verifcação1 - https://www.virustotal.com/gui/url/4e4b041be593e970f77bd00e96f9b9011dd316dbc073153554d2e5041ddc25e7/detection Verificação 2 - https://www.virustotal.com/gui/url/4e4b041be593e970f77bd00e96f9b9011dd316dbc073153554d2e5041ddc25e7/detection

• [2021-02-15 17:48:49] @kyleehmke Possibly related to some of the domains mentioned earlier in the thread. mail-messenger.com was registered through MonoVM on 2/13/21 using [email protected]. Currently on a non-dedicated server. https://twitter.com/kyleehmke/status/1361251105569660930/photo/1

• [2021-02-12 18:47:52] @reecdeep #formbook #malware targets #italy ???????? "richiesta d'ordine" https://tria.ge/210212-1vnbtgn8w2 #infosec #CyberSecurity #DFIR #cybercrime @guelfoweb @VirITeXplorer @D3LabIT @merlos1977 @sS55752750 @matte_lodi @luc4m @Gabry89 @rootella_ @FBussoletti @58_158_177_102 @sugimu_sec

• [2021-02-10 21:38:33] @feed_hack Defacement https://otx.alienvault.com/indicator/url/ https://www.tokyo-seek.com/.pay/ https://app.hacknotice.com/hack/6023be1891d2e5299f5f9a3b?utm_source= dlvr.it&utm_medium= twitter #databreach #security #tokyo_seek https://twitter.com/feed_hack/status/1359496981702344710/photo/1

• [2021-02-07 21:51:27] @killamjr @Gabry89 @vxunderground morse code decodes to two urls: https://urlscan.io/search/#coollab.jp hXXp://coollab jp/dir/root/p/434.js hXXp://coollab jp/dir/root/p/09908.js 2nd url contains http POST to: hXXp://www.tanikawashuntaro com//cgi-bin/root-6544323232000/0453000.php?90989897-45453 https://twitter.com/killamjr/status/1358413063590998018/photo/1

• [2021-02-02 14:45:26] @yvesago POST to #opendir s://ccco.dbrhosting.com/abroadguywe/post.php https://twitter.com/yvesago/status/1356493916695126018/photo/1

• [2021-01-29 21:54:04] @feed_hack Defacement https://otx.alienvault.com/indicator/url/ https://www.the-chic-home.com/stats/jp/.pay/ https://app.hacknotice.com/hack/6013b3d191d2e5299f5f145f?utm_source= dlvr.it&utm_medium= twitter #databreach #security #the_chic_home https://twitter.com/feed_hack/status/1355152232300199936/photo/1

• [2021-01-29 01:24:13] @MBThreatIntel We are checking on the #Emotet 'cleanup binary'. It seems the actual date to trigger the uninstall routine is April 25. More details to come. /cc @campuscodi @LawrenceAbrams https://www.virustotal.com/gui/file/a9c68d527223db40014d067cf4fdae5be46cca67387e9cfdff118276085f23ef/detection https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/localtime-localtime32-localtime64?view= msvc-160 https://twitter.com/MBThreatIntel/status/1354842730711502850/photo/1

• [2021-01-20 21:34:24] @Cryptolaemus1 #emotet Epoch 2 urls ://trainwithconviction.com/wp-admin/y/ ://trainwithconviction.webdmcsolutions.com/wp-admin/rEEEU/ s://perrasmoore.ca/wp-admin/rM6HK/ s://canadabrightway.com/wp-admin/n3/ s://upinsmokebatonrouge.com/var/Ux1V/ 1/2

• [2021-01-12 18:54:56] @m0br3v @ThreatFabric In the wild since December 2020 payload: https://www.virustotal.com/gui/file/d39910cb9abfdb064afb6b7b75511bb6f62a602e8299c51cf1b190934128f0a4

• [2020-12-29 23:18:07] @Cryptolaemus1 New #emotet E1 Payloads as of 13:36UTC+: /allcannabismeds.com/unraid-map/ZZm6/ /giannaspsychicstudio.com/cgi-bin/PP/ /ienglishabc.com/cow/JH/ /abrillofurniture.com/bph-nclex-wygq4/a7nBfhs/ 1 of 2

• [2020-12-29 17:06:02] @Cryptolaemus1 New #emotet Epoch 2 urls 1/2 //206.189.146.42/wp-admin/F0xAutoConfig/XR9/ //paroissesaintabraham.com/wp-admin/H/ s://lnfch.com/wp-includes/quC/ s://nahlasolimandesigns.com/wp-admin/0HHK7/ //harmonimedia.com/wp-content/uploads/Zol/ //ncap.lbatechnologies.com/media/6iQ/

• 보이스피싱, 불법촬영물, 랜섬웨어, 사이버 안보위협 등에 관련된 사안의 경우 다음과 같은 기관 및 단체의 도움을 받을 수 있습니다. 노모어랜섬(No More Ransom) 경찰청 사이버범죄 신고시스템 국가정보원 민원센터