찾아줄게요

AIN 파일은 무엇입니까?

• 안녕하세요. 제 컴퓨터에서 AIN라는 파일을 찾았는데 이것이 무엇인지 잘 모르겠습니다. 알려주시면 감사하겠습니다.

• AIN 파일은 AIN 입니다. AIN에서 배포한 파일인 것으로 보입니다. 2015-12-05 00:55:00에 처음으로 보고되었으며 2015-12-05 00:55:00에 마지막으로 보고되었습니다.

• 적절한 프로그램을 다운로드하여 AIN 파일을 열 수 있습니다.

• AIN

• 시그니처 정보가 없습니다.

• 연관 링크 #1: 첨부된 링크가 없습니다.

• 연관 링크 #2: 첨부된 링크가 없습니다.

• [2021-07-07 01:12:04] @MBThreatIntel New #Dridex #malspam: Email -> Contains Excel file -> Drops XSL file -> Creates a scheduled Task -> Calls Mshta.exe to execute XSL file by calling WMIC.exe -> Executes #Dridex payload using Rundll32.exe Maldocs: ea3cc91ae1d7da1d5509530560f69f30 0e0c3c9cea7e59a5aee7a7ab2dd03eb2 https://twitter.com/MBThreatIntel/status/1412474444174479371/photo/1

• [2021-07-07 00:55:04] @malware_traffic 2021-07-06 (Tuesday) - #BazarLoader (#BazaLoader) from "Stolen Image Evidence" zip archive led to #CobaltStrike - Encoded binary for Cobalt Strike at: hxxp://46.17.98.191/OuqC8rXGwlN5saz48clBNekGjhs8Kjmf - List of IOCs available at: https://github.com/brad-duncan/IOCs/blob/main/2021-07-06-BazarLoader-with-Cobalt-Strike-IOCs.txt https://twitter.com/malware_traffic/status/1412470165179092992/photo/1

• [2021-07-06 23:07:37] @cpardue09 #ln -s :malware_traffic: 2021-07-06 (Tuesday) - #Hancitor (#Chanitor/#MAN1/#Moskalvzapoe/#TA511) active again today with #FickerStealer and #CobaltStrike as follow-up malware. Example of downloaded Word doc: - https://bazaar.abuse.ch/sample/b55284924181f69bf59527ac2b7a5397c35652c799c037a3e94d492d412f8c9c/ Example of dropped… https://twitter.com/malware_traffic/status/1412440042157576196/photo/1

• [2021-07-06 22:55:22] @malware_traffic 2021-07-06 (Tuesday) - #Hancitor (#Chanitor/#MAN1/#Moskalvzapoe/#TA511) active again today with #FickerStealer and #CobaltStrike as follow-up malware. Example of downloaded Word doc: - https://bazaar.abuse.ch/sample/b55284924181f69bf59527ac2b7a5397c35652c799c037a3e94d492d412f8c9c/ Example of dropped DLL: - https://bazaar.abuse.ch/sample/e1e0bfa5cabf7dc46f251327c46c1e371e67262ebb103ab242189e64bf6aa1d4/ https://twitter.com/malware_traffic/status/1412440042157576196/photo/1

• [2021-07-06 19:32:53] @Annihil4tionGod In case it takes a while till my post goes public again. here the links to the data sets: Download Zip Part 1 from Google Drive: https://drive.google.com/file/d/1J-l5jkqyQfMgrLUBOk5miNefaNDaGoC3/view?usp= sharing http://VirusTotal.com Scan: https://www.virustotal.com/gui/file/ed414f9c0e2f85546e70816ac00d318bcff226d60a93e567ccb61b4cfdb2b217/detection 1/5

• [2021-07-06 19:13:19] @ActorExpose Indonesian Military Domain Defacement :L hxxps://lantamal9-koarmada3.tnial.mil.id/zbi.html @douglasmun @CSAFCert https://twitter.com/ActorExpose/status/1412384163005599747/photo/1

• [2021-07-06 17:51:33] @ActorExpose @JCyberSec_ @rootprivilege @PhishKitTracker @BushidoToken Affiliated with Dr Hex https://domainbigdata.com/hotmail.com/mj/S3qN8ZJYvkVsqm12FuQjwQ https://twitter.com/ActorExpose/status/1412363584277987334/photo/1

• [2021-07-06 15:22:06] @Certego_Intel #Covid19 #CertStream #Suspicious Domain: coronavirus.internationaleshoppingcenter.com VirusTotal: https://www.virustotal.com/gui/domain/coronavirus.internationaleshoppingcenter.com #CyberSecurity #ThreatIntel (bot generated)

• [2021-07-06 15:22:06] @Certego_Intel #Covid19 #Spam #Suspicious Domain: perfieve.digital VirusTotal: https://www.virustotal.com/gui/domain/perfieve.digital #CyberSecurity #ThreatIntel (bot generated)

• [2021-07-06 13:58:56] @0xrb #CobaltStrike #C2 IP/Domain 42.193.186.7 103.86.44.196 121.196.106.136 43.228.126.114 121.199.0.233 18.183.54.253 149.28.248.129 43.226.74.228 101.37.14.144 p5z2c7j9.hostrycdn.com nollipap.tk

• [2021-07-06 05:22:54] @pollo290987 #raccoon Main-Setup.exe 98157da0c7419fc47d7868df32467700 C2: /tttttt.me/newmanwaterwall /35.246.76.29/

• [2021-07-06 03:31:24] @ov3rflow1 @cibernicola_es Tenemos IoCs para #REvil/sodinokibi debido a #kaseya por todas partes :P https://otx.alienvault.com/pulse/60e2aa809c98c33d55061d92/related https://github.com/cado-security/DFIR_Resources_REvil_Kaseya/tree/main/IOCs https://www.cadosecurity.com/post/resources-for-dfir-professionals-responding-to-the-revil-ransomware-kaseya-supply-chain-attack https://malpedia.caad.fkie.fraunhofer.de/details/win.revil

• [2021-07-06 03:14:57] @vxunderground We've got our hands on the latest Conti (Ryuk) ransomware sample. You can download it here: vxug.fakedoma.in/tmp/ * Link modified to conform with Twitters ban on our domains * 120.000 new samples going live 7.06.2021 * Additional info on Conti sample: https://www.virustotal.com/gui/file/4bfd58d4e4a6fe5e91b408bc190a24d352124902085f9c2da948ad7d79b72618/detection

• [2021-07-05 17:22:05] @Certego_Intel #Malware #sLoad #Blocklist Domain: chinghsiang.com VirusTotal: https://www.virustotal.com/gui/domain/chinghsiang.com #CyberSecurity #ThreatIntel (bot generated)

• [2021-07-04 21:32:16] @ActorExpose @AlvieriD @jack @Twitter @TwitterSafety @TwitterSupport @CNN @nytimes @washingtonpost @FBI @TheJusticeDept Nice Catch! Domain: twitter-finance.com IP: 94.130.189.228 AS number: AS24940 AS name (ISP): Hetzner Online GmbH NuKe request @Spam404

• [2021-07-04 11:14:41] @micham #Phish & kit targeting @microsoft hosted at the "#ArtiricialIntelligent (sic) Laboratory in Sakarya University" ???????? @yazsum Stay safe! https://www.phishtank.com/phish_detail.php?phish_id= 7211992 https://www.virustotal.com/gui/domain/yazsum.sakarya.edu.tr/detection https://twitter.com/micham/status/1411538934249627653/photo/1

• [2021-07-04 08:32:43] @bad_packets “Blockchain can eliminate the TCP/IP’s fundamental security flaws.” https://web.archive.org/web/20210703220948/ https://www.rsaconference.com/library/blog/understanding-blockchain-security

• [2021-07-04 00:52:27] @arielbeckerart I downloaded that ZIP. It contains a malicious EXE. Please. do not execute it. Here's the technical analysis. Totally malware. https://www.hybrid-analysis.com/sample/6149dffc991880f5b4febd9f6d4969fcdff6686aab937547af4fee2c93c45afe/60e05e972731fa18364a2a8a https://twitter.com/wildalps/status/1411367734370312197

• [2021-07-04 00:48:26] @SQLInterstellar The REvil gang is carrying out this massive supply chain attack via a malicious update to Kaseya VSA. Kaseya is a software platform used by MSPs. Here is the binary https://www.virustotal.com/gui/file/8dd620d9aeb35960bb766458c8890ede987c33d239cf730f93fe49d90ae759dd/detection

• [2021-07-03 15:22:04] @Certego_Intel #Covid19 #CertStream #Suspicious Domain: baby-nest.com.covid-19selfchecker.com VirusTotal: https://www.virustotal.com/gui/domain/baby-nest.com.covid-19selfchecker.com #CyberSecurity #ThreatIntel (bot generated)

• [2021-07-03 13:19:21] @wwp96 #opendir #LokiBot @hexlax @JAMESWT_MHT hxxp://103.145.253.94/pipe/.audiodg.exe hxxp://domainaccountsupport.tk/Mrlogs/fre.php a61eb0d04d5d774fdffa7055c1a79dc1 https://app.any.run/tasks/48b4464d-6b13-450c-afd9-bc38c48901c9/ https://twitter.com/wwp96/status/1411207917953552384/photo/1

• [2021-07-03 02:41:55] @Custodian360 For any @KaseyaCorp MSP's this notification is up - https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689-Important-Notice-July-2nd-2021 Looks to be a supply chain compromise locking admin accounts and dropping ReVil following disabling Windows Defender. VT info here- https://www.virustotal.com/gui/file/d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e/detection Reddit here - https://www.reddit.com/r/kaseya/comments/ocf0x1/kaseya_has_been_hacked_with_randomware_that/?utm_medium= android_app&utm_source= share

• [2021-07-03 02:39:42] @C_C_Krebs News Flash: cybercriminals are a$$holes. Keep all the Incident Response teams in mind this holiday weekend as they're in the thick of it..again. If you use Kaseya VSA. shut it down *now* until told to reactivate and initiate IR. Here's the binary: https://www.virustotal.com/gui/file/8dd620d9aeb35960bb766458c8890ede987c33d239cf730f93fe49d90ae759dd/detection https://twitter.com/GossiTheDog/status/1411045233136177173

• [2021-07-03 01:46:11] @BushidoToken ☣ #AgentTesla spoofing #UPS employee emails. logos. invoices. Word Doc w/ Equation Editor (CVE-2017-11882) Filenames: UPS-AIRWAY BILL_20210325115310.docx. AWB.doc. chrome.exe/vbc.exe C2: https://app.any.run/submissions/#domain:monnimonitorcloudfiles.mangospot.net Hashes: https://www.virustotal.com/gui/search/9dcbe83b39985ca2b2b2047e123e73d860b838a576092ebc1895ba2af7f87711%250A8c3684a7dc88ad3cf2b3c29d8152261a5c789a7ed5f8919286b695b07cd77269%250Ab24dca7a4be8c8bf61d8e2c17bb596caee88f6f2aabda72c14dc6f0f3684bb87 https://twitter.com/BushidoToken/status/1411033476380385286/photo/1

• [2021-07-02 17:22:03] @Certego_Intel #Malware #CobaltStrike #Blocklist Domain: advansys.com.ar VirusTotal: https://www.virustotal.com/gui/domain/advansys.com.ar #CyberSecurity #ThreatIntel (bot generated)

• [2021-07-02 07:24:49] @ActorExpose Defacement incidents *.jp related domains https://hastebin.com/raw/giqiduhefa @ozuma5119 @tiketiketikeke @58_158_177_102

• [2021-07-02 07:16:18] @ActorExpose previous defacement Incidents *.kr domains (not recovered) https://hastebin.com/raw/uqabizixim @2RunJack2 @douglasmun @CSAFCert

• [2021-07-01 18:20:57] @JAMESWT_MHT Mentioned "CARTA_IDENTITA" Samples rtf https://bazaar.abuse.ch/sample/abab55c3c2109d14d6efde236c6200bbf59edf9c2edc6d8a59ce6e310607bc9b/ vbe https://bazaar.abuse.ch/sample/bd63f098304c316749c2b49726aaa7c5af4c33a4de7a5049e32587491c21a113/ Run https://app.any.run/tasks/5bdbb67e-f8a4-45f5-98ef-d67943e7a484 ❗️❗️CARTA_IDENTITA.exe ❗️❗️ https://bazaar.abuse.ch/sample/99ebb7d245ea5a3535cfba9d1cc7ec71a8cef683b91522574e32170198851d7f/ ✳️Samples https://bazaar.abuse.ch/browse/tag/rinaldo/ Relations https://www.virustotal.com/gui/domain/rinaldomattei.firstcloudit.com/relations cc @verovaleros @felixw3000 @sS55752750 https://twitter.com/D3LabIT/status/1410540076447191040 https://twitter.com/JAMESWT_MHT/status/1410559041911328772/photo/1

• [2021-07-01 15:22:03] @Certego_Intel #Covid19 #CertStream #Suspicious Domain: coronavirus-world-map.net.agentotoplay.info VirusTotal: https://www.virustotal.com/gui/domain/coronavirus-world-map.net.agentotoplay.info #CyberSecurity #ThreatIntel (bot generated)

• [2021-07-01 15:22:02] @Certego_Intel #Covid19 #Spam #Suspicious Domain: serentypros.cyou VirusTotal: https://www.virustotal.com/gui/domain/serentypros.cyou #CyberSecurity #ThreatIntel (bot generated)

• 보이스피싱, 불법촬영물, 랜섬웨어, 사이버 안보위협 등에 관련된 사안의 경우 다음과 같은 기관 및 단체의 도움을 받을 수 있습니다. 노모어랜섬(No More Ransom) 경찰청 사이버범죄 신고시스템 국가정보원 민원센터