찾아줄게요
ENC 파일은 무엇입니까?
-
안녕하세요. 제 컴퓨터에서 ENC라는 파일을 찾았는데 이것이 무엇인지 잘 모르겠습니다. 알려주시면 감사하겠습니다.
-
ENC 파일은 SimpleLocker 암호화 파일 입니다. SimpleLocker에서 배포한 파일인 것으로 보입니다. 2017-10-19 00:11:00에 처음으로 보고되었으며 2017-10-19 00:11:00에 마지막으로 보고되었습니다.
-
SimpleLocker 프로그램을 다운로드하여 ENC 파일을 열 수 있습니다.
-
SimpleLocker 랜섬웨어 암호화 파일
-
시그니처 정보가 없습니다.
-
연관 링크 #1: 첨부된 링크가 없습니다.
-
연관 링크 #2: 첨부된 링크가 없습니다.
-
-
[2021-07-07 00:55:04] @malware_traffic 2021-07-06 (Tuesday) - #BazarLoader (#BazaLoader) from "Stolen Image Evidence" zip archive led to #CobaltStrike - Encoded binary for Cobalt Strike at: hxxp://46.17.98.191/OuqC8rXGwlN5saz48clBNekGjhs8Kjmf - List of IOCs available at: https://github.com/brad-duncan/IOCs/blob/main/2021-07-06-BazarLoader-with-Cobalt-Strike-IOCs.txt https://twitter.com/malware_traffic/status/1412470165179092992/photo/1
-
[2021-07-05 15:59:38] @maldatabase Top malware families analyzed last week: 1️⃣ #Dridex 2️⃣ #AgentTesla 3️⃣ #RedLine 4️⃣ #AZORult 5️⃣ #LokiBot 6️⃣ #NanoCore 7️⃣ #Quasar 8️⃣ #Remcos 9️⃣ #njRAT ???? #AsyncRAT #Malware #ThreatIntelligence #threatintel #infosec #cybersecurity https://maldatabase.com
-
[2021-07-04 08:32:43] @bad_packets “Blockchain can eliminate the TCP/IP’s fundamental security flaws.” https://web.archive.org/web/20210703220948/ https://www.rsaconference.com/library/blog/understanding-blockchain-security
-
[2021-07-04 00:05:35] @dorkingbeauty1 https://www.shodan.io/host/101.53.153.183 https://otx.alienvault.com/pulse/60e098092d446ce18b66ef0c/related/ #Headset #voip #streamdata #malware #hidden #fake #audio #low #FREQUENCY5FM #freqnetwork
-
[2021-07-02 03:04:06] @James_inthe_box #rustyloader #yara sig (thanks @Anti_Expl0it!): https://gist.github.com/silence-is-best/7b8211fc0ef0f35e1f71fa18fc91856b https://www.hybrid-analysis.com/yara-search/results/0421abd62bcc34b1e0a75b5e5d6a847a956113002cbe9b02be7a96fdf56edb86 cc @bry_campbell
-
[2021-07-02 00:29:27] @James_inthe_box An expanded list of exfil email addresses (working out the bugs to get a better list each month. first try here): https://gist.github.com/silence-is-best/fab43d61573de1ee123727efdad3c77a https://twitter.com/James_inthe_box/status/1410651778769592321/photo/1
-
[2021-07-01 23:13:39] @James_inthe_box A csv formatted list of #malspam campaigns that crossed my path in June to include family. hash. c2.'s and some email exfils: https://gist.github.com/silence-is-best/d5814e07e5637891143762a19eb76479 #retrohunt https://twitter.com/James_inthe_box/status/1410632701871230978/photo/1
-
[2021-07-01 19:49:28] @ffforward 13.82.24.228 on @Azure has been used as #WarzoneRAT #AveMaria C2 for at least 12 days. Latest one from encrypted 7z > https://bazaar.abuse.ch/sample/8a1ceb6687babe6ab82a38ca344d1092a7fc9bd6dbaf3420a3311c50131928ef/ https://tria.ge/210701-nsawm3mcgn https://twitter.com/MBThreatIntel/status/1408064073963429900 https://twitter.com/ffforward/status/1410581320812556290/photo/1
-
[2021-07-01 17:08:11] @pollo290987 #asyncrat REFERENCIAS DE FACTURA PROGRAMADA PENDIENTE DE JUNIO.OLD.XLS.exe 8596052f4363bb3e6a757b49d0a6bc4e C2: /marcelajarakmisdhuakfsg.duckdns.org:5020
-
[2021-07-01 12:12:58] @0xrb #CobaltStrike #Malware #C2 Payload ????????????????: 1.117.117.202:7001/g.pixel MD5: 3d9d196898319b0f02d332f19dad8adc Currently ????????????????????e Country: CN | Shenzhen Tencent Computer Systems Company Limited
-
[2021-06-29 11:25:44] @0xrb @BlackLotusLabs Few more #c2 related to #ReverseRat ankaraembassy.hopto.org coronavirusupdate.ddns.net minofdefence.mooo.com minofdefenceindia.ddns.net pmreference.ddnsking.com cc: @TheHackersNews @blackorbird @_odisseus @r3dbU7z
-
[2021-06-29 04:30:38] @Arkbird_SOLG @c3rb3ru5d3d53c @malwrhunterteam You can see the convert the hex code of the sequences to asm code. here for the opcodes in x86 : http://ref.x86asm.net/coder32.html Have fun ;-)
-
[2021-06-29 01:43:51] @3dzlli رابط المقال بدون الدّوت: https://dossier.substackcom/p/follow-the-science-deadly-delta-variant موقع فحص الروابط: ⬇️ https://www.virustotal.com/gui/home/url
-
[2021-06-28 21:13:32] @James_inthe_box @SwearengenCyber @alex_lanstein @DaveMarcus mail.exe #bitrat #xenarmor c2: 79.134.225.115 edi.exe #remcos c2: 79.134.225.112
-
[2021-06-28 17:45:02] @HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 45 VirusTotal: https://www.virustotal.com/gui/file/b65a61d71b8f8a20aaf335c20a8e4a75a9184c21b08a240eae1b436df42a79c5/detection/f-b65a61d71b8f8a20aaf335c20a8e4a75a9184c21b08a240eae1b436df42a79c5-1624281918 Threat: http://WannaCry.Ransom.Encrypt.DDS (Malwarebytes)
-
[2021-06-28 15:58:15] @maldatabase Top malware families analyzed last week: 1️⃣ #Dridex 2️⃣ #AgentTesla 3️⃣ #AZORult 4️⃣ #Ursnif 5️⃣ #RedLine 6️⃣ #QakBot 7️⃣ #LokiBot 8️⃣ #njRAT 9️⃣ #NanoCore ???? #IcedID #Malware #ThreatIntelligence #threatintel #infosec #cybersecurity https://maldatabase.com
-
[2021-06-28 03:00:54] @ffforward (Thread) Very well executed unidentified campaign from friday. ????#covid19 #vaccine malspam from /cov19inf.com on @bacloud. with SPF and DKIM. Attached encrypted xlsm with unique(?) password with macro on close that drops 6KB dll loader that downloads 7MB EXE. C2 /usergtarca.com https://twitter.com/ffforward/status/1409240342533181442/photo/1
-
[2021-06-25 23:03:53] @James_inthe_box FYI..seen a large uptick in #azorult #malspam this month..attachment names: https://gist.github.com/silence-is-best/24a6e83345701f15aec5d962f8d53bc5 https://twitter.com/James_inthe_box/status/1408455918908444674/photo/1
-
[2021-06-25 19:37:40] @James_inthe_box @GossiTheDog Autoit poop..script is here: https://gist.github.com/silence-is-best/51e49d63c4c53bddd0e1cc353364d1fe
-
[2021-06-23 15:05:08] @abuse_ch Your organizations uses a .com domain for doing business? Keep in mind that TLDcom is maintained by VeriSign and hence under US jurisdiction ???????????? https://www.justice.gov/opa/pr/united-states-seizes-websites-used-iranian-islamic-radio-and-television-union-and-kata-ib
-
[2021-06-23 01:21:34] @ps66uk @AppSecBloke Limited test coverage apparently. Go to Reading next week for the experience https://www.gov.uk/alerts/planned-tests
-
[2021-06-22 09:25:32] @phishunt_io #NewPhishing | #phishing #scam ???? /www.apple.isupport-online.com/inc.php ???? 208.91.197.91 ☁ CONFLUENCE-NETWORK-INC ???? ZeroSSL ECC Domain Secure Site CA https://twitter.com/phishunt_io/status/1407162812380725259/photo/1
-
[2021-06-22 04:49:22] @1ZRR4H @dark0pcodes Otro dominio relacionado qgam.top (194.147.84.117) ???? Interesante. luego de encriptar la información. obtienen el C2 desde bandakere.tumblr.com para descargar y ejecutar Vidar #Stealer (159.69.20.131). Sample: https://app.any.run/tasks/49ab286b-1f6d-43cd-be3c-11c16f70cb4f/ #Djvu / #STOP -> #Vidar / #Arkei https://twitter.com/1ZRR4H/status/1407093309340852233/photo/1
-
[2021-06-22 04:02:59] @AsiifCo Indicadores #Cobaltstrike asociados a muestra en @virustotal. ????????️ https://www.virustotal.com/gui/file/2ad776f5b11fb60d1e98edc7ea58c21888794e418488cf3baa38f5d00789b063/detection #Prevención @AcademicoCert #CTI #Threathunting #incidentresponse #blueteam
-
[2021-06-21 23:40:40] @bad_packets "The SEC has issued letters to firms that were impacted by the breach as it seeks more details into potential insider trading and disclosure failings among other issues." https://www.reuters.com/technology/us-sec-official-says-agency-has-begun-probe-cyber-breach-by-solarwinds-2021-06-21/
-
[2021-06-21 23:09:26] @nokae8 Happy Monday! #qbot #qakbot obama62 is out and about :) DLL D/L: https://urlhaus.abuse.ch/browse/tag/obama62/ Config/C2s: https://tria.ge/210621-lencq3cvrn
-
[2021-06-21 16:16:57] @maldatabase Top malware families analyzed last week: 1️⃣ #Dridex 2️⃣ #AgentTesla 3️⃣ #AZORult 4️⃣ #QakBot 5️⃣ #RedLine 6️⃣ #njRAT 7️⃣ #LokiBot 8️⃣ #NanoCore 9️⃣ #Quasar ???? #FormBook #Malware #ThreatIntelligence #threatintel #infosec #cybersecurity https://maldatabase.com
-
[2021-06-21 04:41:38] @dubstard @clevybencheton http://sony.com/en/SonyInfo/IR/library/presen/er/pdf/19q4_supplement.pdf Kinda funny how apple iPhones use Sony cameras. and thus Sony makes a ton of $ from this. but can't even muster up a phone of their own. Maybe their terrible naming convention drove sales to practically subzero values. Strong LG vibes. https://twitter.com/dubstard/status/1406728976844746755/photo/1
-
[2021-06-20 13:18:37] @xorhex #MustangPanda #PlugX variant Encrypted: https://www.virustotal.com/gui/file/0246bae3d010d2add808ecc97d8bf8b68f20301bd99f5cef85503894e3ad75cc/detection Decryption Key: 6f 41 68 53 4f 70 69 6b 56 6d Config: 185.239.226.17:965 185.239.226.17:110 103.200.97.189:965 103.200.97.189:110 https://twitter.com/xorhex/status/1406496693735067650/photo/1
-
[2021-06-20 07:49:25] @ghost_motley The latest version of UserBenchmark is detected as 'potentially unwanted software' by 14 different Anti-Virus engines. including Microsoft Defender https://www.virustotal.com/gui/file/c321cf889b7b02ee16037bca42657e87ffcadc9e323703cf841e49f89a0d28b7/detection
-
보이스피싱, 불법촬영물, 랜섬웨어, 사이버 안보위협 등에 관련된 사안의 경우 다음과 같은 기관 및 단체의 도움을 받을 수 있습니다. 노모어랜섬(No More Ransom) 경찰청 사이버범죄 신고시스템 국가정보원 민원센터