찾아줄게요
ECRYPT 파일은 무엇입니까?
-
안녕하세요. 제 컴퓨터에서 ECRYPT라는 파일을 찾았는데 이것이 무엇인지 잘 모르겠습니다. 알려주시면 감사하겠습니다.
-
ECRYPT 파일은 Erebus 암호화 파일 입니다. Erebus에서 배포한 파일인 것으로 보입니다. 2017-10-19 00:09:43에 처음으로 보고되었으며 2017-11-19 03:20:13에 마지막으로 보고되었습니다.
-
Erebus 프로그램을 다운로드하여 ECRYPT 파일을 열 수 있습니다.
-
Erebus 랜섬웨어 암호화 파일 (윈도우즈 버전)
리눅스 버전 Erebus는 국내 웹호스팅 랜섬웨어 피해 사례가 있음. -
_DECRYPT_FILE (HTML, TXT)
README (HTML)
YOUR_FILES_HAS_BEEN_ENCRYPTED (HTML, TXT) -
연관 링크 #1: 첨부된 링크가 없습니다.
-
연관 링크 #2: 첨부된 링크가 없습니다.
-
-
[2021-07-06 06:17:36] @pollo290987 #Nitro #Ransomware Win32bit.exe 5a615891fcc57b57e9deffce6f559947 EXT: .givemenitro \AppData\Local\Temp\NR_decrypt.txt
-
[2021-06-30 04:25:14] @bry_campbell REvil “decrypter” https://www.virustotal.com/gui/file/587374c9af4b1ca05426ca4bc9ac3de42547288225009ba429661d84adb1c53c/detection https://twitter.com/bry_campbell/status/1409986339987247107/photo/1
-
[2021-06-27 18:51:24] @GossiTheDog Ransomware leak time - Babuk's builder. Used for making Babuk payloads and decryption. builder.exe foldername. e.g. builder.exe victim will spit out payloads for: Windows. VMware ESXi.network attached storage x86 and ARM. note.txt must contain ransom. https://www.virustotal.com/gui/file/82e560a078cd7bb4472d5af832a04c4bc8f1001bac97b1574efe9863d3f66550/detection https://twitter.com/GossiTheDog/status/1409117153182224386/photo/1
-
[2021-06-20 13:18:37] @xorhex #MustangPanda #PlugX variant Encrypted: https://www.virustotal.com/gui/file/0246bae3d010d2add808ecc97d8bf8b68f20301bd99f5cef85503894e3ad75cc/detection Decryption Key: 6f 41 68 53 4f 70 69 6b 56 6d Config: 185.239.226.17:965 185.239.226.17:110 103.200.97.189:965 103.200.97.189:110 https://twitter.com/xorhex/status/1406496693735067650/photo/1
-
[2021-06-16 01:39:15] @InQuest Here is a interesting #dropper https://labs.inquest.net/dfi/hash/0dde111712db81b5a70d9cf35f5e1fcd5d585c62f678a5db66d2a166ef3a3399 The DLL has a unique sleep function.. Transmits sys info. sleeps. then downloads https://www.virustotal.com/gui/file/8706d795cd8bb75b11e3b3e5606decee08596cb613059b10c6ec1df70099b761/detection to inject into explorer.exe. All strings are decrypted with a special algorithm prior to execution. #malware https://twitter.com/InQuest/status/1404871139466285059/photo/1
-
[2021-06-04 00:47:23] @d4rksystem Interesting perspective from @techreview on public release of ransomware decrypters. https://www.technologyreview.com/2021/05/24/1025195/colonial-pipeline-ransomware-bitdefender/ What's your opinion on researchers and security firms exposing vulnerabilities in malware and/or releasing ransomware decrypters publicly? Who does this help more?
-
[2021-05-20 23:52:57] @petrovic082 #Ransomware [email protected] .arrow https://app.any.run/tasks/56911500-1b7f-46d9-b397-b3377bda23cb/
-
[2021-05-20 03:41:24] @JakubKroustek '.root' - '[email protected]' - https://www.virustotal.com/gui/file/54815ed57e4dcf41776f228fa4c1058f45d6eb77cc327d2cc39742d674344524/ #CrySiS #Dharma #ransomware
-
[2021-05-19 16:46:31] @Malwaredev #DecryptMyFiles #Ransomware #Onion Page. Accepts Currency in #Dash. #Ransom #price is low as compared to other #Ransomware VTLINK: https://www.virustotal.com/gui/file/a0070951284e17ec843b498d0a11f4a2ebb8ce64c9f27faf7af96124fd691b1e/community @GrujaRS @James_inthe_box @JAMESWT_MHT @JakubKroustek @struppigel @VK_Intel @BleepinComputer @blackorbird https://twitter.com/Malwaredev/status/1394952600584433664/photo/1
-
[2021-05-10 15:40:37] @fbgwls245 @WindNsfwArtist Read the FAQ. https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
-
[2021-05-10 00:30:53] @daniel_bilar Analysis #darkside ransomware RSA-1024 + Salsa20; subvertable: aborts if GetUserDefaultLangID & GetSystemDefaultUILanguage = = .ru . see Conficker.A 2008 etc https://twitter.com/daniel_bilar/status/1224732124449845248 ; sample https://bazaar.abuse.ch/sample/151fbd6c299e734f7853497bd083abfa29f8c186a9db31dbe330ace2d35660d5/ ; decrypt https://www.nomoreransom.org/en/decryption-tools.html#Darkside https://chuongdong.com/reverse%20engineering/2021/05/06/DarksideRansomware/ https://twitter.com/daniel_bilar/status/1391445584758853635/photo/1
-
[2021-05-08 01:16:56] @michalmalik https://www.virustotal.com/gui/file/d5fc1d8567253f9bb03c9d4b809463c6f305711ade4c8cf619fb3ba32b3abc79/detection < Looks like a new Masuta variant called "Rimasuta" (based on Mirai). uses TEA to decrypt/encrypt strings with a message for @briankrebs "come at me krebs rimasuta go BRRT" ;-) https://twitter.com/michalmalik/status/1390732396274884610/photo/1
-
[2021-04-19 00:45:42] @Arkbird_SOLG Not SideWinder that #APT36 with the operation SideCopy. that the similar copycat of .NET malware founded and the analysed in the past. Same TTPs and focus recon information (system.network ..). can execute a shell for commands. encrypt/decrypt with RC4. https://twitter.com/cyber__sloth/status/1383394061965348867 https://twitter.com/Arkbird_SOLG/status/1383839165440094210/photo/1
-
[2021-04-18 03:44:46] @1nternaut YARA-rule that covers #SaintBot .NET dropper decryption function. https://pastebin.com/BnZ6gUzs https://www.virustotal.com/gui/file/b0b0cb50456a989114468733428ca9ef8096b18bce256634811ddf81f2119274/detection https://twitter.com/1nternaut/status/1383521842443395082/photo/1
-
[2021-04-14 14:06:35] @fbgwls245 #Ouroboros #Ransomware 645D774A869C582B2C46BEED455321D4 C:\Users\Legion\source\repos\last project\Release\curl.pdb New ext: [email protected] .hydra Note: Decrypt-me.txt @BleepinComputer @demonslay335 @Amigo_A_ @siri_urz @malwrhunterteam @JAMESWT_MHT https://twitter.com/fbgwls245/status/1382228777204273154/photo/1
-
[2021-04-11 07:48:18] @aaqeel87 @malware_traffic license.dat SHA256: 29d2a8344bd725d7a8b43cc77a82b3db57a5226ce792ac4b37e7f73ec468510e ????VT(0/57) https://www.virustotal.com/gui/file/29d2a8344bd725d7a8b43cc77a82b3db57a5226ce792ac4b37e7f73ec468510e/detection Decrypted license.dat (corrupted. but still work in IDA) submitted VT & Triage VT (14/68) https://www.virustotal.com/gui/file/d45b3f9d93171c29a51f9c8011cd61aa44fcb474d59a0b68181bb690dbbf2ef5/detection https://tria.ge/210410-kv8hzayf6n cc:@lazyactivist192 https://twitter.com/aaqeel87/status/1381046414168502276/photo/1
-
[2021-04-02 02:05:40] @JakubKroustek '.4o4' - '[email protected]' - https://www.virustotal.com/gui/file/df90f27751985b5ae75d7dcd9bbd7a9d6ce65327940511205b4ce19ff2d25280/ #CrySiS #Dharma #ransomware
-
[2021-03-30 08:37:09] @jishuzhain #CryLock #Ransomware how_to_decrypt.hta [email protected] [email protected] .526562AE-4B129694 https://app.any.run/tasks/294ad53f-af7c-4ad7-a690-987743280db3/
-
[2021-03-29 21:07:32] @rufusmbrown Undetected ???? #BEACON ???? loader on VT.. https://www.virustotal.com/gui/file/64f6a67a9bfd15f1f363fd13996b530b55fa50bdb63669b90800391095f1c262/detection - Exports: StartW - Decrypts and loads RC4 encrypted resource section (HTTPS stager) - JQuery Malleable C2 profile - C2: shopforenz.com https://twitter.com/rufusmbrown/status/1376536507545161732/photo/1
-
[2021-03-29 06:35:51] @_FirehaK Another #decryptor for #Babuk was uploaded to VirusTotal today. Re-uploaded to: https://bazaar.abuse.ch/sample/cbdc8fd073176c4e0328aff65147f37e5d46847de62508e7a3cf12f49a40b799/
-
[2021-03-25 04:47:11] @_FirehaK My YARA rule for #Babuk caught a #decryptor being uploaded to VirusTotal today. I've uploaded it to Malware Bazaar: https://bazaar.abuse.ch/sample/81e7942a1f32fb18e37cf622c5a24b7c54c4792549363fddf9a3a9095a07f23e/ Rather than being a separate application. it looks like the authors copied the ransomware and made it decrypt instead.
-
[2021-03-20 10:05:51] @Arkbird_SOLG Looks like the lite version of #PyXie (Feb 2021 ?) used by GOLD DUPONT group in the past. same RC4 key for decrypt the payload. same algorithm for the strings like analysed by Palo Alto. Sample: https://bazaar.abuse.ch/sample/ade9d821bdff5f9716e1545b8b849a9cb13cffd83569a0abc9ee22fd54a8f9da/ Analysis: https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/2/ https://twitter.com/Arkbird_SOLG/status/1373093399331540992/photo/1
-
[2021-03-12 16:21:51] @fbgwls245 Go #Ransomware 8243DC32479532FCB82669DA4B81A9D1 /home/onebuoy/Desktop/RANSOMEme/ransomware-master/ransomw.go ext: .NASAcry Notes: READ_TO_DECRYPT.html. FILES ENCRYPTED.html @BleepinComputer @demonslay335 @Amigo_A_ @siri_urz @malwrhunterteam https://twitter.com/fbgwls245/status/1370288917363101696/photo/1
-
[2021-03-12 10:15:13] @3XS0 Enjoy seeing password protected maldocs being decrypted with dictionary lists from known campaigns or pivoting into brute force if needed This sample used: 123 https://labs.inquest.net/dfi/sha256/24220a382dc48bfdbef0d90189dce81fd2ef5c15315b03574616aa6432583aea https://www.virustotal.com/gui/file/24220a382dc48bfdbef0d90189dce81fd2ef5c15315b03574616aa6432583aea/detection https://twitter.com/3XS0/status/1370196649872609281/photo/1
-
[2021-03-12 04:22:43] @InQuest Enjoy seeing password protected maldocs being decrypted with dictionary lists from known campaigns or pivoting into brute force if needed This sample used: 123 https://labs.inquest.net/dfi/sha256/24220a382dc48bfdbef0d90189dce81fd2ef5c15315b03574616aa6432583aea https://www.virustotal.com/gui/file/24220a382dc48bfdbef0d90189dce81fd2ef5c15315b03574616aa6432583aea/detection https://twitter.com/InQuest/status/1370107941039316994/photo/1
-
[2021-03-07 17:20:10] @fbgwls245 #MedusaLocker #Ransomware 6F21A85894E91B7082407E08E7C231C8 ext: .1btc Notes: !!!HOW_TO_DECRYPT!!!.mht. README_LOCK.TXT @BleepinComputer @demonslay335 @Amigo_A_ @siri_urz @malwrhunterteam https://twitter.com/fbgwls245/status/1368491652839436290/photo/1
-
[2021-02-26 05:03:12] @XOR_Hex #MustangPanda #PlugX Encrypted Version: https://www.virustotal.com/gui/file/6097cc6d6fdd5304029ccedfd3ef49f0656bcf1c60d769b3344dc5129fcb6224/detection Decryption Key: 0x55. 0x43. 0x57. 0x46. 0x58. 0x69. 0x79. 0x6e. 0x48. 0x50 103.192.226.100:80 103.192.226.100:110 103.192.226.100:8080 103.192.226.100:5938 https://twitter.com/XOR_Hex/status/1365044701192192000/photo/1
-
[2021-02-26 04:48:28] @XOR_Hex #MustangPanda #PlugX Encrypted: https://www.virustotal.com/gui/file/5eaaf8ac2d358c2d7065884b7994638fee3987f02474e54467f14b010a18d028/details XOR Decryption Key: 0x46. 0x74. 0x6f. 0x6b. 0x54. 0x79. 0x62. 0x52. 0x45. 0x44 103.192.226.100:80 103.192.226.100:8000 103.192.226.100:8080 103.192.226.100:110 https://twitter.com/XOR_Hex/status/1365040992123039745/photo/1
-
[2021-02-23 02:11:56] @tccontre18 how #ida (@HexRaysSA) #idapython helps a lot in reversing nested SEH (try{} catch) anti-debugging tricks of gh0strat to decrypt its payload. #trojan #re #Malware #int3 :) blog and simple script: https://tccontre.blogspot.com/2021/02/gh0strat-anti-debugging-nested-seh-try.html https://github.com/tccontre/KnowledgeBase/edit/main/malware_re_tools/iceid_stego_shell_decryptor/readme.md sample: https://bazaar.abuse.ch/sample/70ac339c41eb7a3f868736f98afa311674da61ae12164042e44d6e641338ff1f/ https://twitter.com/tccontre18/status/1363914436650668035/photo/1
-
[2021-02-22 22:31:05] @struppigel This malware is an excellent use case for FLOSS. Statically decode strings and annotate your debugger with decrypted strings in comments (e.g. IDA. x64dbg. ..) https://www.virustotal.com/gui/file/ac38403a3188bfe31850a3710cdd1311abe9f7bdaa0e23add7eda61960572f96/detection https://github.com/fireeye/flare-floss https://twitter.com/struppigel/status/1363858858641391620/photo/1
-
보이스피싱, 불법촬영물, 랜섬웨어, 사이버 안보위협 등에 관련된 사안의 경우 다음과 같은 기관 및 단체의 도움을 받을 수 있습니다. 노모어랜섬(No More Ransom) 경찰청 사이버범죄 신고시스템 국가정보원 민원센터