찾아줄게요

ODIN 파일은 무엇입니까?

• 안녕하세요. 제 컴퓨터에서 ODIN라는 파일을 찾았는데 이것이 무엇인지 잘 모르겠습니다. 알려주시면 감사하겠습니다.

• ODIN 파일은 Locky 암호화 파일 입니다. Locky에서 배포한 파일인 것으로 보입니다. 2017-10-18 21:08:56에 처음으로 보고되었으며 2017-10-18 21:08:56에 마지막으로 보고되었습니다.

• Locky 프로그램을 다운로드하여 ODIN 파일을 열 수 있습니다.

• Locky 랜섬웨어 암호화 파일

• _[0-9]_HELP_instructions (BMP, HTML, TXT)
  
  _[0-9]-INSTRUCTION (HTML)
  
  _[0-9]_WHAT_is (BMP, HTML)
  
  -INSTRUCTION (BMP, HTML)
  
  _HELP_instructions (BMP, HTML, TXT)
  
  _HOWDO_text (BMP, HTML)
  
  _Locky_recover

• 연관 링크 #1: 첨부된 링크가 없습니다.

• 연관 링크 #2: 첨부된 링크가 없습니다.

• [2021-07-07 03:30:37] @D0rkerDevil IOC- https://www.virustotal.com/gui/file/0fa207940ea53e2b54a2b769d8ab033a6b2c5e08c78bf4d7dade79849960b54d/detection #ThreatIntel #threat #threathunt #REvil #Sodinokibi

• [2021-07-06 03:31:24] @ov3rflow1 @cibernicola_es Tenemos IoCs para #REvil/sodinokibi debido a #kaseya por todas partes :P https://otx.alienvault.com/pulse/60e2aa809c98c33d55061d92/related https://github.com/cado-security/DFIR_Resources_REvil_Kaseya/tree/main/IOCs https://www.cadosecurity.com/post/resources-for-dfir-professionals-responding-to-the-revil-ransomware-kaseya-supply-chain-attack https://malpedia.caad.fkie.fraunhofer.de/details/win.revil

• [2021-07-03 22:30:12] @cocaman @rpargman @malwrhunterteam @Jirehlov @ESETresearch like here File Version Information CopyrightCopyright (C) 2019. xihilujice Internal Namesodinokibi.exe https://www.virustotal.com/gui/file/0fa207940ea53e2b54a2b769d8ab033a6b2c5e08c78bf4d7dade79849960b54d/details

• [2021-06-29 23:14:20] @h2jazi This maldoc is designed to target SKY TVnetwork (or maybe just a red teaming): Environ(USERDNSDOMAIN) = " http://bskyb.com" Environ("OneDrive") = "SKY" It is using several techniques: - Using VBA Self decoding to evade static detections - Spoofing the parent process id https://twitter.com/h2jazi/status/1409908097917796352/photo/1

• [2021-06-17 12:01:55] @pollo290987 #sodinokibi #Ransomware Hashes: https://pastebin.com/z3ANQsdE Samples: #MalwareBazaar https://twitter.com/pollo290987/status/1405390226516852737/photo/1

• [2021-06-16 00:41:06] @pollo290987 #sodinokibi #EnigmaProtector Interesting filename and uploaded from BR JBS_sodinokibi_protected.exe ec926f3d4237e3aa70852c25c156df18 https://twitter.com/pollo290987/status/1404856503417311238/photo/1

• [2021-06-15 22:21:38] @pollo290987 #sodinokibi #ransomware arm_crypt.exe 229da2b80073aed77526aaa0f9445334 Campaign: 8013 https://twitter.com/pollo290987/status/1404821406823632903/photo/1

• [2021-05-29 20:43:15] @arab_coding أفضل 6 مواقع لفحص جهازك وملفاتك أون لاين وإزالة الفيروسات بدون تثبيت أي شئ 1- https://metadefender.opswat.com/?lang= en 2 - https://virustotal.com/gui/home/search 3- https://pandasecurity.com/en/homeusers/solutions/cloud-cleaner/ 4- https://eset.com/uk/home/online-scanner/ 5- https://lite.al/jOTmV 6- https://virscan.org https://twitter.com/arab_coding/status/1398636056027844616/photo/1

• [2021-05-29 02:10:32] @Jacob_Pimental New #Sodinokibi/#REvil 2.07 variant From a quick glance. I'm not seeing anything different besides some slight code modifications. https://www.hybrid-analysis.com/sample/db59d4ab0aaf660fe778f9190102e1b808bc5d357026736ca335e4858ec512eb/60b13e6206e4227c5f0d909e Link to config: https://gist.github.com/JacobPimental/870792860013396997fc43c0a7d6b535

• [2021-05-27 23:27:25] @thomas_bonner A new variant of #REvil/#Sodin (version 2.7) is on VT: https://www.virustotal.com/gui/file/db59d4ab0aaf660fe778f9190102e1b808bc5d357026736ca335e4858ec512eb/detection https://twitter.com/thomas_bonner/status/1397952591817027587/photo/1

• [2021-05-21 23:45:15] @h2jazi #Kimsuky #APT d3a317dd167cfa77c976fa9c86c24982 http://samsoding.homm7.gethompy.com/plugins/dropzone/min/css/list.php?query= 1 https://twitter.com/cyberwar_15/status/1395703336528015360 https://twitter.com/h2jazi/status/1395782753765974023/photo/1

• [2021-05-13 17:50:38] @fbgwls245 #REvil (Sodinokibi) #Ransomware Related sample. Signed: BUKTBAI. OOO VT: https://www.virustotal.com/gui/file/aae6e388e774180bc3eb96dad5d5bfefd63d0eb7124d68b6991701936801f1c7/detection https://twitter.com/malwrhunterteam/status/1392748747440992257 https://twitter.com/fbgwls245/status/1392794409960280066/photo/1

• [2021-05-10 22:23:44] @StopMalvertisin @petrovic082 @malwrhunterteam Most likely JS file to deliver #Sodinokibi #REvil #BlueCrab and/or #Gootkit Ref: https://asec.ahnlab.com/en/20030/ and https://twitter.com/HP_Bromium/status/1362789106481328128 Other sample: https://www.virustotal.com/gui/file/af1fe7feff25f775286b726a0b726812416970fee986546417dc33dff1d4f13e/detection https://twitter.com/StopMalvertisin/status/1391775974572773376/photo/1

• [2021-05-06 18:36:44] @petrovic082 #Ransomware #Sodinokibi https://app.any.run/tasks/b179fea1-701e-482c-8e7d-8b3dcc097f5e/ dll https://www.virustotal.com/gui/file/0496ca57e387b10dfdac809de8a4e039f68e8d66535d5d19ec76d39f7d0a4402/

• [2021-04-11 19:59:47] @bl4ckh0l3z (2/3) ????Sample 7b4eb9675b591a482baa13e2269748b707c3ae6cffcbad96e1859f3cb076b44d ????Payload ed2d91e9d6429ebf0371a98f2faecdc755b766faa4e70b6fd9746853c9b69234 ????Adware foodin.site/UploadFiles/20210406052812.apk 79dc6e1c8db764b1eff20ec2911e650d170ffa7a639bd62c991d75a62f35eb6f https://twitter.com/bl4ckh0l3z/status/1381230497855107077/photo/1

• [2021-04-11 19:58:03] @bl4ckh0l3z @JAMESWT_MHT @abuse_ch @m0br3v @malwrhunterteam @guelfoweb @FBussoletti @fr0s7_ @AndreaDraghetti @ffforward @lazyactivist192 @Jan0fficial @Arkbird_SOLG @sugimu_sec @LukasStefanko (2/3) ????Sample 7b4eb9675b591a482baa13e2269748b707c3ae6cffcbad96e1859f3cb076b44d ????Payload ed2d91e9d6429ebf0371a98f2faecdc755b766faa4e70b6fd9746853c9b69234 ????Adware foodin.site/UploadFiles/20210406052812.apk 79dc6e1c8db764b1eff20ec2911e650d170ffa7a639bd62c991d75a62f35eb6f https://twitter.com/bl4ckh0l3z/status/1381230063107067904/photo/1

• [2021-04-06 20:34:53] @aRtAGGI After a quiet period for the #RoyalRoad RTF builder it looks like development on the kit continues. L8ter 8.t Hello e.o! #China #APT Encoding Bytes - B0 74 77 46 C:\Users\<UserDir>\AppData\Local\Temp\e.o e.o|cd5db4214b7c71523134a2ef78444e1f https://www.virustotal.com/gui/file/774a54300223b421854d2e90bcf75ae25df75ba9f3da1b9eb01138301cdd258f/relations https://twitter.com/aRtAGGI/status/1379427391181889537/photo/1

• [2021-03-28 15:43:38] @arab_coding أفضل 6 مواقع لفحص جهازك وملفاتك أون لاين وإزالة الفيروسات بدون تثبيت أي شئ 1- https://metadefender.opswat.com/?lang= en 2 - https://virustotal.com/gui/home/search 3- https://pandasecurity.com/en/homeusers/solutions/cloud-cleaner/ 4- https://eset.com/uk/home/online-scanner/ 5- https://lite.al/jOTmV 6- https://virscan.org https://twitter.com/arab_coding/status/1376092606908743682/photo/1

• [2021-03-25 15:16:24] @nao_sec @aRtAGGI @r0ny_123 @Sebdraven @IntezerLabs @n3ph8t3r And. old nmass sample is this. No traffic encoding https://www.virustotal.com/gui/file/d4db3c29a764ddf989ceb736dd299b2e230ef7d7ea5d1d655d2ff7da847d6d8f/detection

• [2021-03-24 00:37:22] @arab_coding أفضل 6 مواقع لفحص جهازك وملفاتك أون لاين وإزالة الفيروسات بدون تثبيت أي شئ 1- https://metadefender.opswat.com/?lang= en 2 - https://virustotal.com/gui/home/search 3- https://pandasecurity.com/en/homeusers 4- https://eset.com/uk/home/online-scanner/ 5- https://lite.al/jOTmV 6- https://virscan.org https://twitter.com/arab_coding/status/1374399886750150660/photo/1

• [2021-03-18 22:06:37] @SchrodingersMin Echelon Stealer md5: 1f4f57202ef12656df3582a8adef59d8 http://any.run scan: https://app.any.run/tasks/3a36f0a0-2288-4a9d-b4e1-49fd3bec3477/ exfil over telegram But. probably. user didn't write anything to the bot. so one can't receive loot ???? https://twitter.com/SchrodingersMin/status/1372550009187622914/photo/1

• [2021-03-06 01:56:07] @pmelson @ochsenmeier The encoding detector for @ScumBots found it here: https://pastebin.com/PvLuparz

• [2021-01-21 00:46:36] @reecdeep ???? xlsb #maldoc drops DLL by decoding base64 cell contents Dll ➡️ hxxp://172.104.129.156/campo/o/o Final stage downloaded is #Gozi #Malware ????c2: api10.laptok.at/api1 golang.feel500.at/api1 go.in100k.at/api1 ⚙️ https://app.any.run/tasks/207441d6-614b-46e6-9e10-693bf69226d0 #CyberSecurity #DFIR #infosec https://twitter.com/reecdeep/status/1351934161276305413/photo/1

• [2021-01-14 01:00:20] @TommyTenacious Something interesting from 2016. https://www.hybrid-analysis.com/sample/41a7dbf432eac2c470e1118b0cae4815ab04478f8f6669f7b32cd615bed64834?environmentId= 1 Makes me wonder if the current malicious rulings are because of the Hebrew character encoding. https://twitter.com/TommyTenacious/status/1349400902180999169/photo/1

• [2020-12-02 04:19:35] @bad_packets @tolisec @r3dbU7z @0xrb @AwakeSecurity You should also ask @dangoodin001 for a backlink in https://arstechnica.com/information-technology/2020/12/oracle-vulnerability-that-executes-malicious-code-is-under-active-attack/.

• [2020-11-26 03:22:53] @0xastrovax API-HASHING IN THE SODINOKIBI/REVIL RANSOMWARE – WHY AND HOW? https://blag.nullteilerfrei.de/2019/11/09/api-hashing-why-and-how/ I am currently reversing #REvil latest sample tweeted by @Arkbird_SOLG here is it if u are interested :) https://bazaar.abuse.ch/sample/d91f951bdcf35012ac6b47c28cf32ec143e4269243d8c229f6cb326fd343df95/

• [2020-11-22 08:09:14] @Arkbird_SOLG Recent #REvil/#Sodinokibi uploaded today on VT. Extension:34m1b Sample: https://bazaar.abuse.ch/sample/d91f951bdcf35012ac6b47c28cf32ec143e4269243d8c229f6cb326fd343df95/ cc: @VK_Intel @malwrhunterteam @demonslay335 @JAMESWT_MHT @James_inthe_box @KorbenD_Intel @0xtornado @Kangxiaopao

• [2020-11-19 22:51:45] @Arkbird_SOLG @JAMESWT_MHT @malwrhunterteam @FBussoletti @Jan0fficial @guelfoweb @sugimu_sec Some improvements on the algorithm (and change interface reference) but rest the same in decoding the section "data" for the final implant. Final implant : https://bazaar.abuse.ch/sample/11e755c9d1a5ea74dfc765a2f44eb7c3bbc2d735fcf2489882ede6aeb0816493/ https://twitter.com/Arkbird_SOLG/status/1329437211507494912/photo/1

• [2020-11-15 22:16:53] @siri_urz .tp8p0o1 F0DB9243FDD14D4755F5B12860D0394D Sodinokibi (REvil) #Ransomware

• [2020-11-12 18:10:13] @NiceManNoCoding Cobalt Strike 4.0源码疑似泄露… https://github.com/Freakboy/CobaltStrike Chrome和Firefox提示风险，但毒检没问题： https://www.virustotal.com/gui/url/f64cc050f645ae9ca8aa2f7227409cf986bad35784c5be800e31d0175aa2f342/detection 就不知道有没有加料了… https://twitter.com/bleepincomputer/status/1326632169322770432 https://twitter.com/NiceManNoCoding/status/1326829646755766273/photo/1

• 보이스피싱, 불법촬영물, 랜섬웨어, 사이버 안보위협 등에 관련된 사안의 경우 다음과 같은 기관 및 단체의 도움을 받을 수 있습니다. 노모어랜섬(No More Ransom) 경찰청 사이버범죄 신고시스템 국가정보원 민원센터