찾아줄게요
ONION 파일은 무엇입니까?
-
안녕하세요. 제 컴퓨터에서 ONION라는 파일을 찾았는데 이것이 무엇인지 잘 모르겠습니다. 알려주시면 감사하겠습니다.
-
ONION 파일은 Onion 암호화 파일 입니다. Onion에서 배포한 파일인 것으로 보입니다. 2017-10-20 00:23:12에 처음으로 보고되었으며 2017-10-20 00:23:12에 마지막으로 보고되었습니다.
-
Onion 프로그램을 다운로드하여 ONION 파일을 열 수 있습니다.
-
Onion 랜섬웨어 암호화 파일
Onion ransomware encrypted file -
시그니처 정보가 없습니다.
-
연관 링크 #1: 첨부된 링크가 없습니다.
-
연관 링크 #2: 첨부된 링크가 없습니다.
-
-
[2021-05-24 03:48:29] @JakubKroustek At least they are clear about the infection vector: '.rdp' - '[email protected]' - https://www.virustotal.com/gui/file/d13c712deac973ddd3666c02b76e8c0f2f5a4291078b579e231cdb8f5554efb2/ #CrySiS #Dharma #ransomware
-
[2021-05-19 16:46:31] @Malwaredev #DecryptMyFiles #Ransomware #Onion Page. Accepts Currency in #Dash. #Ransom #price is low as compared to other #Ransomware VTLINK: https://www.virustotal.com/gui/file/a0070951284e17ec843b498d0a11f4a2ebb8ce64c9f27faf7af96124fd691b1e/community @GrujaRS @James_inthe_box @JAMESWT_MHT @JakubKroustek @struppigel @VK_Intel @BleepinComputer @blackorbird https://twitter.com/Malwaredev/status/1394952600584433664/photo/1
-
[2021-05-16 03:20:27] @JakubKroustek '.eye' - '[email protected]' - https://www.virustotal.com/gui/file/60c17e1b9ac86054237c92919df589074bec4f80cd6b2b71d28482f7db3349ba/ #CrySiS #Dharma #ransomware
-
[2021-04-28 13:10:05] @fbgwls245 @JakubKroustek New ext: '.cum' - '[email protected]' - https://www.virustotal.com/gui/file/384017b219a8cba93aa90f7f9ec8992232ec687037c02e3001ab66dfb961fb11/detection #CrySis #Dharma #Ransomware
-
[2021-04-03 04:58:30] @ActorExpose /etnbhivw5fjqytbmvt2o6zle3avqn6rrugfc35kmcmedbbgqbxtknlqd.onion https://twitter.com/TeamDreier/status/1378005931678699521
-
[2021-04-02 02:05:40] @JakubKroustek '.4o4' - '[email protected]' - https://www.virustotal.com/gui/file/df90f27751985b5ae75d7dcd9bbd7a9d6ce65327940511205b4ce19ff2d25280/ #CrySiS #Dharma #ransomware
-
[2021-03-23 12:31:49] @_FirehaK #Babuk sample compiled on 2021-03-15 Only one onion link in this one. sometimes there are two. Looks like "small fella malicious .exe" may be sticking around???? https://bazaar.abuse.ch/sample/1deb1efad2c469198aabbb618285e2229052273cf654ee5925c2540ded224402/ https://twitter.com/_FirehaK/status/1374217295837401094/photo/1
-
[2021-03-12 20:48:58] @dms1899 @apiary This is the one. https://www.theonion.com/busch-gardens-unveils-new-9-600-mile-long-endurance-coa-1819576816
-
[2021-03-10 18:24:22] @benkow_ Osiris. Mexican injects Cnc: http://trqtfidgqmcmqytw. onion/kpanel Uadmin for the injects: https://dlxfreight. bid/uadmin/adm.php https://www.virustotal.com/gui/file/4807f8fce08612cc316476fe34aa497188810fc10102c6c07bf18142655eb252/relations https://twitter.com/benkow_/status/1369594973524553730/photo/1
-
[2021-02-22 15:52:25] @RakeshKrish12 1 of the longest standing panel #Raccoon #Stealer still active since 2019 for various #Hack Campaigns! http://dq7shlx5o67t64ljuzisyp34s3n7vepnhc5ijt5hjh433qzaatyj5bid.onion http://urlhaus.abuse.ch/browse/signature/RaccoonStealer #DarkWeb #deepweb #OSINT #threatintel #infosec #cybersecurity #darknet #Malware #password #netsec #security #cyber #Data #tech https://twitter.com/RakeshKrish12/status/1363758530616942594/photo/1
-
[2021-02-12 19:59:30] @nazywam Up next: German banking (lots of https://*bank*.de) sample: https://bazaar.abuse.ch/sample/01d5f1b32235b5d5ba5970d56639d82aa3d83b57ec08c79b3580fd0c88ef1c29 c2: ylnfkeznzg7o4xjf.onion/kpanel/connect.php mwdb: https://mwdb.cert.pl/blob/d730eecff32b04a5c3f75b09b7f14c86096380ccd3a4a04d4c6e9d3c8813d3cd
-
[2020-12-25 23:20:31] @Emm_ADC_Soft Unknown #ransomware extension: .mijnal Ransom note: OpenTheTorBrouser.html http://vy2hwfycbtogtmxlz3cfdvjk5jai6rlxzz2dseegeuckqmjgia6vxhyd.onion/index.php https://www.virustotal.com/gui/file/a7e267f0726825d7f294df6b421cce93a46bb8381b724f57052045c4782efefa https://app.any.run/tasks/6f9d99e0-5be6-4b78-986c-20a1a0091d40
-
[2020-11-03 21:55:41] @nazywam A alive #kronos/#osiris sample https://bazaar.abuse.ch/sample/111b63f31d1e6855b0bc722107ac4f5668a7f115fd45654625eb41a6160828c6/ ???? c2: http://o3qrynq3djknfebz.onion/kpanel/connect.php (first time seeing this one) No injects returned but it looks to be up and running
-
[2020-10-30 03:30:16] @_brettfitz Other C2 IPs: 208.86.162.249:449 200.116.232.186:449 181.143.186.42:449 164.68.125.210:447 195.123.242.250:447 95.153.31.14:447 Contacted Tor domain 5efxqhk2zhgnc24l.onion https://app.any.run/tasks/23b381b9-cf46-4c22-84cb-c7e79531bb46
-
[2020-10-23 16:43:11] @Kangxiaopao #LV #Ransomware url: http://4to43yp4mng2gdc3jgnep5bt7lkhqvjqiritbv4x2ebj3qun7wz4y2id.onion/ sample: https://www.virustotal.com/gui/file/78b592a2710d81fa91235b445f674ee804db39c8cc34f7e894b4e7b7f6eacaff/detection @Amigo_A_ @demonslay335 Many places imitated #Sodinokibi https://twitter.com/Kangxiaopao/status/1319575086995652609/photo/1
-
[2020-10-15 17:51:55] @Kangxiaopao #Adhubllka #Ransomware ext:see_read_me note:Read_Me.txt url: http://alcx6zctcmhmn3kx.onion/?GGGGGGGG http://helpqvrg3cc5mvb3.onion/ sample: https://www.virustotal.com/gui/file/ad56786f06017e63a6bb8bda9c9f616a0e6a6b036cf9f947addd9c9819668df7/community
-
[2020-09-13 22:06:37] @makflwana #malware #ransomware #medusa extension zotkuk sample - https://app.any.run/tasks/4a697768-6cb3-4df2-81a2-b38ea5dfc911/ … TOR site - hxxp://kwvhrdibgmmpkhkidrby4mccwqpds5za6uo2thcw5gz75qncv7rbhyad.onion/ - currently offline pic.twitter.com/HZJw2atSDw
-
[2020-08-19 17:10:42] @H_Miser Nouvelle vague ce jour. https://www.virustotal.com/gui/file/b53912aff3421ae6da708575e57bc00192ad294e10d5818fda4420f2036398f3/detection … Toujours "packé" dans un innosetup. version tor non publique de Tinynuke c2: hxxp://fizi4aqe7hpsts3r.onion/admin/client.php même config que précédemment. https://twitter.com/H_Miser/status/1291000691029401604 …
-
[2020-08-14 18:33:40] @Jirehlov The same tor address as the #pandemic hunted a few days ago?? https://www.virustotal.com/gui/file/283733d6765a164ec326e72b3f98cad9a00e6c771fabab2da419f790fb521de6/detection … hxxp://dj55huaqbbsnhwngb5rgeq65ns3nteyon7wlp32gkamzs3k2ogrdr5qd.onion/
-
[2020-08-05 22:18:45] @H_Miser Il semble que la France soit à nouveau sous le coup d'une campagne de diffusion de Tinynuke https://www.virustotal.com/gui/file/3083a5717e24a192761d865a9c718945c002bc7ee4be17e9769b8643664b700e/detection … c2: hxxp://pat7qsfjjzqaspph.onion/admin/client.php config (vide): https://pastebin.com/CrxGFyHN Is it 2018 again ?
-
[2020-05-14 04:08:30] @HackDefendr AKO #Ransomware Leaks Site hxxp://37rckgo66iydpvgpwve7b2el5q2zhjw4tv4lmyewufnpx4lhkekxkoqd.onion/ hxxps://app.any.run/tasks/49663926-6085-4556-aa65-01bca6df4372/
-
[2020-04-20 09:19:31] @IpNigh #PhishingKit found on #Phishing site. Threat Actor emails found in dump: [email protected]. [email protected] For more information on kits contact me.
-
[2020-03-06 17:39:16] @reecdeep full Ioc list: hxxp://news-deck.at hxxp://taslks.at hxxp://living-start.at hxxp://ali-express1.at hxxp://ey7kuuklgieop2pq.onion also related to this: https://twitter.com/reecdeep/status/1230407172686827521?s= 20 …
-
[2020-03-03 23:26:57] @reecdeep #ursnif #malware targets #Germany from #maldoc #geofenced h/t @JAMESWT_MHT "info_03_03.doc" c2: aaxvkah7dudzoloq.onion lissavets.at tahhir.at limpopo.at estate-advice.at Key: Gu9foUnsY506KSJ1 #infosec #CyberSecurity #ThreatIntelligence #Threat #infosecurity pic.twitter.com/AJ3ckT6WqX
-
[2020-02-20 01:02:35] @reecdeep #ursnif #Gozi #malware injects RuntimeBroker.exe c2: 6vcatkjlim35nscu.onion winserver-cdn.at regutalor-stat.at Config: version= 217107 soft= 1 server= 12 id= 1000 type= 14 dJReCsX8qWlhQ0kv #threatintel #threathunting #infosec #CyberSecurity pic.twitter.com/FaCREiErbf
-
[2020-02-15 02:05:18] @bartblaze LockBit ransomware seems to come up more. Sandbox runs: https://app.any.run/tasks/c2885073-12aa-4ac6-9525-3322c54fa595 … & https://capesandbox.com/analysis/12816/ Same functionalities as mentioned here (UAC bypasses etc.): https://twitter.com/albertzsigovits/status/1222851577440096256 … - extensive list of backup services to killl. Payment portal: lockbitks2tvnmwk.onion pic.twitter.com/BjpsafMpPH
-
[2020-01-29 01:30:34] @reecdeep #ursnif #malware from #VBS c2: onionpie.at tahhir.at limpopo.at estate-advice.at https://app.any.run/tasks/7937b73c-0f30-4faf-9c81-acf6cf4d7fee … @VK_Intel @JAMESWT_MHT @malwrhunterteam @matte_lodi @merlos1977 @58_158_177_102 @sugimu_sec @JR0driguezB #DFIR #infosec #cybersecurity #ThreatIntel #threathunting pic.twitter.com/Da1mkjVCeI
-
[2020-01-22 23:29:00] @malware_traffic That #ursnif version using onionpie.at has been around for about 3 months now. I think. I've seen it from other malspam campaigns.
-
[2020-01-21 21:54:21] @tiketiketikeke #Emotet 関連ファイルが設置された国内のWebサイトです。 (doc) oniongames.jp 210.224.185.151 AS9371 (SAKURA Internet Inc.) (PTR: www2511.sakura.ne.jp) https://www.virustotal.com/gui/url/0d9f6e8e57ddbc87f2fe22820fe81ee2f54931d3f01beaf2326fc695fe667781/details … https://app.any.run/tasks/e4a4bf29-677d-4ae8-b6f5-47af0c242b0a …
-
[2020-01-18 19:09:12] @tiketiketikeke #Emotet 関連ファイルが設置された国内のWebサイトです。 (exe) oniongames.jp 210.224.185.151 AS9371 (SAKURA Internet Inc.) (PTR: www2511.sakura.ne.jp) https://www.virustotal.com/gui/url/530a06fb8c3adce02cc6ffc5df2f9226d74a0d237d8a3a6999680f7054cc3f4c/details … https://app.any.run/tasks/9fcb5073-32ff-4417-a43f-72edacd538b8 …
-
보이스피싱, 불법촬영물, 랜섬웨어, 사이버 안보위협 등에 관련된 사안의 경우 다음과 같은 기관 및 단체의 도움을 받을 수 있습니다. 노모어랜섬(No More Ransom) 경찰청 사이버범죄 신고시스템 국가정보원 민원센터