찾아줄게요
파일은 무엇입니까?
-
안녕하세요. 제 컴퓨터에서 라는 파일을 찾았는데 이것이 무엇인지 잘 모르겠습니다. 알려주시면 감사하겠습니다.
-
파일은 THINK C project 입니다. THINK C project에서 배포한 파일인 것으로 보입니다. 2015-12-05 01:38:21에 처음으로 보고되었으며 2017-01-18 08:43:30에 마지막으로 보고되었습니다.
-
적절한 프로그램을 다운로드하여 파일을 열 수 있습니다.
-
THINK C project
-
시그니처 정보가 없습니다.
-
연관 링크 #1: 첨부된 링크가 없습니다.
-
연관 링크 #2: 첨부된 링크가 없습니다.
-
-
[2021-07-07 04:57:24] @dms1899 @MBThreatIntel https://tria.ge/210706-96ygcxwemj
-
[2021-07-07 04:06:55] @MBThreatIntel Cobalt Strike Payload: 5de6ec9265f79a31a9845c8a504d28f0 Download URL: http://45.153.241.113/download/pload.exe
-
[2021-07-07 03:30:37] @D0rkerDevil IOC- https://www.virustotal.com/gui/file/0fa207940ea53e2b54a2b769d8ab033a6b2c5e08c78bf4d7dade79849960b54d/detection #ThreatIntel #threat #threathunt #REvil #Sodinokibi
-
[2021-07-07 03:10:30] @bad_packets @UK_Daniel_Card 45.146.164.0/23 (????????) 45.146.166.0/23 (????????) https://twitter.com/bad_packets/status/1412504247548006403/photo/1
-
[2021-07-07 02:55:32] @_Y000_ Publicidad que te manda a descargar un archivo .apk malicioso! https://sorry.waitfordownlaod.com/ZWMwMDBhMDYzNTAwMjA1MjAwMDAyMDVjMDAyMDVjMDAyMDVjMjhkNTRjYjZmYg= = /?name= Downloader&sclid= 60e4b434479281000109c99c&extra= 8284 Virustotal: https://www.virustotal.com/gui/file/a9d5a0741cc5634c6c4a3d76c39560591b97141c27bcc15a6e798aacf9597cbe/detection https://twitter.com/_Y000_/status/1412500481688182788/photo/1
-
[2021-07-07 02:43:13] @EmotetIndian #hancitor #DLL: fc1f9739dc9d6e9c61222beb9e3552bbc9a5a94699eb48aafeb6491a404e8ad4 https://bazaar.abuse.ch/sample/fc1f9739dc9d6e9c61222beb9e3552bbc9a5a94699eb48aafeb6491a404e8ad4/ cc @James_inthe_box
-
[2021-07-07 02:42:08] @EmotetIndian #hancitor #doc: efb609d20da350260b06bde4f21813eb6d6fc7f71a675bb5b0609b6aebe44df7 https://bazaar.abuse.ch/sample/efb609d20da350260b06bde4f21813eb6d6fc7f71a675bb5b0609b6aebe44df7/ cc @James_inthe_box
-
[2021-07-07 01:55:02] @HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 61 VirusTotal: https://www.virustotal.com/gui/file/d1bdeab931708b32f59008adf3db60d392e59561addb1d3e5f4985fec0a1ce09/detection/f-d1bdeab931708b32f59008adf3db60d392e59561addb1d3e5f4985fec0a1ce09-1620255318 Threat: Ransom_WCRY.SMALYM (TrendMicro)
-
[2021-07-07 01:12:05] @MBThreatIntel Download URLs: http://212.114.52.129:80/download/flnam.dll http://37.120.239.185:80/download/dllmar.dll http://145.249.106.39:80/download/cxas.dll http://5.39.222.102:80/download/pdllod.dll Dridex payload: c2b80fa119a1f182a24569df973f6b44
-
[2021-07-07 01:12:04] @MBThreatIntel New #Dridex #malspam: Email -> Contains Excel file -> Drops XSL file -> Creates a scheduled Task -> Calls Mshta.exe to execute XSL file by calling WMIC.exe -> Executes #Dridex payload using Rundll32.exe Maldocs: ea3cc91ae1d7da1d5509530560f69f30 0e0c3c9cea7e59a5aee7a7ab2dd03eb2 https://twitter.com/MBThreatIntel/status/1412474444174479371/photo/1
-
[2021-07-07 01:03:11] @FewAtoms #malware #infosecurity #threathunting #cybersecurity #opendir hxxp://nz-prosthodontists.org.nz/ox/ https://urlhaus.abuse.ch/host/nz-prosthodontists.org.nz @abuse_ch @James_inthe_box @JAMESWT_MHT https://twitter.com/FewAtoms/status/1412472209461940226/photo/1
-
[2021-07-07 01:02:21] @bad_packets 8.344.683 bad packets detected from 91.220.163.0/24 (????????) in the last 24 hours.
-
[2021-07-07 00:55:04] @malware_traffic 2021-07-06 (Tuesday) - #BazarLoader (#BazaLoader) from "Stolen Image Evidence" zip archive led to #CobaltStrike - Encoded binary for Cobalt Strike at: hxxp://46.17.98.191/OuqC8rXGwlN5saz48clBNekGjhs8Kjmf - List of IOCs available at: https://github.com/brad-duncan/IOCs/blob/main/2021-07-06-BazarLoader-with-Cobalt-Strike-IOCs.txt https://twitter.com/malware_traffic/status/1412470165179092992/photo/1
-
[2021-07-07 00:21:00] @killamjr #malware #qbot https://app.any.run/tasks/a8785302-6c45-4f32-92d2-5e37298a02bc/ payload urls: hXXp://thousandsyears download/div/44376.8555986111.jpg hXXp://voopeople fun/div/44376.8555986111.jpg hXXp://uppercilio fun/div/44376.8555986111.jpg dll: https://www.virustotal.com/gui/file/2b56efdd9d771bce51087101ac109c30b81e29e583c0178d33b90ad0128d9ba8/detection
-
[2021-07-07 00:03:09] @remram44 @emilynordmann @TaguetteProject We had issues with antiviruses in the past ???? Virustotal gives it an all-green so hopefully that goes away once it isn't so brand new.. https://www.virustotal.com/gui/file/b77d0fdf0e139adb7ffc17f4b65f2d0a6358e052aa117ab92c400654e58151c7
-
[2021-07-06 23:53:07] @EmotetIndian #hancitor #DLL: e341ac6d35df89d0c60edb100ff789af32d10f5fbf9706d7f53e8cdb0e712455 https://bazaar.abuse.ch/sample/e341ac6d35df89d0c60edb100ff789af32d10f5fbf9706d7f53e8cdb0e712455/ cc @James_inthe_box
-
[2021-07-06 23:51:35] @EmotetIndian #hancitor #doc: 4a68e284c206b9feb5a81d2235a338195db6982c439d088d357fdfb69630f15b https://bazaar.abuse.ch/sample/4a68e284c206b9feb5a81d2235a338195db6982c439d088d357fdfb69630f15b/ cc @James_inthe_box
-
[2021-07-06 23:24:11] @angealbertini in comparison. my 190-in-1 polymock has 0 detections. https://www.virustotal.com/gui/file/10a3ec33f7fbfb3dccf6c005aed9c616ced2fadd648a636d1551738ff7a4cd98/details https://twitter.com/angealbertini/status/1412447292041437190/photo/1
-
[2021-07-06 23:07:37] @cpardue09 #ln -s :malware_traffic: 2021-07-06 (Tuesday) - #Hancitor (#Chanitor/#MAN1/#Moskalvzapoe/#TA511) active again today with #FickerStealer and #CobaltStrike as follow-up malware. Example of downloaded Word doc: - https://bazaar.abuse.ch/sample/b55284924181f69bf59527ac2b7a5397c35652c799c037a3e94d492d412f8c9c/ Example of dropped… https://twitter.com/malware_traffic/status/1412440042157576196/photo/1
-
[2021-07-06 22:57:46] @angealbertini It's totally clean but scores 21/68 on VirusTotal https://www.virustotal.com/gui/file/dc6fa3183772a561ddd25784ff664c56ee82869cf992b4cbe977488d732e622f/detection
-
[2021-07-06 22:55:22] @malware_traffic 2021-07-06 (Tuesday) - #Hancitor (#Chanitor/#MAN1/#Moskalvzapoe/#TA511) active again today with #FickerStealer and #CobaltStrike as follow-up malware. Example of downloaded Word doc: - https://bazaar.abuse.ch/sample/b55284924181f69bf59527ac2b7a5397c35652c799c037a3e94d492d412f8c9c/ Example of dropped DLL: - https://bazaar.abuse.ch/sample/e1e0bfa5cabf7dc46f251327c46c1e371e67262ebb103ab242189e64bf6aa1d4/ https://twitter.com/malware_traffic/status/1412440042157576196/photo/1
-
[2021-07-06 22:49:07] @James_inthe_box #cobaltstrike hosted at: http://23.227.203.229/download/klinch.exe c2: http://94.198.40.11:80/visit.js https://twitter.com/James_inthe_box/status/1412438469494804482/photo/1
-
[2021-07-06 22:25:17] @d4rksystem Open directory on InternetArchive hosting obfuscated dotNet loaders that are dropping infostealer variants. Loaders are compiled on the fly with aspnet_compiler.exe. C2: 103.155.81.167 cc @malwrhunterteam @JAMESWT_MHT @executemalware @abuse_ch @MalwarePatrol @James_inthe_box https://twitter.com/d4rksystem/status/1412432472088981511/photo/1
-
[2021-07-06 22:18:56] @m0rb 2021-07-06T15:18:56 - Commented: https://www.virustotal.com/gui/file/2e4506802aedea2e6d53910dfb296323be6620ac08c4b799a879eace5923a7b6/community #malware #commandinjection
-
[2021-07-06 22:01:01] @bogdanangh Another #FluBot sample. What is interesting about this one is that the payload name doesn't respect the "assets/{dir}/{8 char string}.{ext}" naming convention. It uses "assets/{dir}/{10 char string}.{ext}". @alberto__segura @ThreatFabric @malwrhunterteam https://www.virustotal.com/gui/file/eddfe1cba210143962db5a6c526a8d880731743043dbe842b8a18d25863e1935/details
-
[2021-07-06 21:52:55] @R3MRUM @GobiasInfosec @0xAmit @HuntressLabs 'Officially' it started with version 2.04 but I found a beta version of 2.04 back in 10/2020 that was the initial sample where this key started being used: https://www.virustotal.com/gui/file/f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d/detection
-
[2021-07-06 21:31:15] @James_inthe_box #ficker #stealer drop: http://kubantr0.ru/7gfdg5egds.exe
-
[2021-07-06 21:29:52] @James_inthe_box c2's: http://hosouggs.com/8/forum.php http://mancause.ru/8/forum.php http://hievescits.ru/8/forum.php
-
[2021-07-06 21:28:00] @James_inthe_box @Google doc hash 04b91c6a305e16819b1a177a5a2d68888c8eb1949ebc2622931e9f6618c4c767 dll hash 893a905733f177ba900a82f4170e5b2ded3bd9cb35ca8cc04d0eb3346b549ceb cc @wavellan @noottrak @jw_sec @malware_traffic @executemalware @wwp96 @felixw3000 @HerbieZimmerman @ffforward @node5
-
[2021-07-06 20:29:51] @_alex_il_ It is not the first time the #REvil gang is using this vulnerable defender executable in its infection flow. Attaching a similar dropper to the #Kaseya attack from May. Interesting fact - the actual ransomware payload signature is still valid. https://www.virustotal.com/gui/file/81d0c71f8b282076cd93fb6bb5bfd3932422d033109e2c92572fc49e4abc2471/details https://twitter.com/_alex_il_/status/1412403420217159694/photo/1
-
보이스피싱, 불법촬영물, 랜섬웨어, 사이버 안보위협 등에 관련된 사안의 경우 다음과 같은 기관 및 단체의 도움을 받을 수 있습니다. 노모어랜섬(No More Ransom) 경찰청 사이버범죄 신고시스템 국가정보원 민원센터