찾아줄게요
ENCRYPTED 파일은 무엇입니까?
-
안녕하세요. 제 컴퓨터에서 ENCRYPTED라는 파일을 찾았는데 이것이 무엇인지 잘 모르겠습니다. 알려주시면 감사하겠습니다.
-
ENCRYPTED 파일은 CryptoLocker 1.0 암호화 파일 입니다. CryptoLocker에서 배포한 파일인 것으로 보입니다. 2017-10-20 05:11:00에 처음으로 보고되었으며 2017-10-20 05:11:00에 마지막으로 보고되었습니다.
-
CryptoLocker 1.0 프로그램을 다운로드하여 ENCRYPTED 파일을 열 수 있습니다.
-
CryptoLocker 1.0 랜섬웨어 암호화 파일
CryptoLocker 1.0 ransomware encrypted file
‘13년 9월 최초 발견된 랜섬웨어의 한 종류로 자동실행 등록이름이 크립토락커(CryptoLocker)로 되어있는 것이 특징
웹사이트 방문 시 취약점을 통해 감염되거나, E-Mail 내 첨부파일을 통해 감염되며, 확장자를 encrypted, ccc로 변경
파일을 암호화한 모든 폴더 내에 복호화 안내파일 2종류를 생성(DECRYPT_INSTRUCTIONS.* / HOW_TO_RESTORE_FILES.*)
윈도우즈 볼륨 쉐도우(Windows Volume Shadow)를 삭제하여 윈도우 시스템 복구가 불가능하게 만듦 -
DECRYPT_INSTRUCTIONS.
HOW_TO_RESTORE_FILES. -
연관 링크 #1: 첨부된 링크가 없습니다.
-
연관 링크 #2: 첨부된 링크가 없습니다.
-
-
[2021-07-01 19:49:28] @ffforward 13.82.24.228 on @Azure has been used as #WarzoneRAT #AveMaria C2 for at least 12 days. Latest one from encrypted 7z > https://bazaar.abuse.ch/sample/8a1ceb6687babe6ab82a38ca344d1092a7fc9bd6dbaf3420a3311c50131928ef/ https://tria.ge/210701-nsawm3mcgn https://twitter.com/MBThreatIntel/status/1408064073963429900 https://twitter.com/ffforward/status/1410581320812556290/photo/1
-
[2021-06-28 03:00:54] @ffforward (Thread) Very well executed unidentified campaign from friday. ????#covid19 #vaccine malspam from /cov19inf.com on @bacloud. with SPF and DKIM. Attached encrypted xlsm with unique(?) password with macro on close that drops 6KB dll loader that downloads 7MB EXE. C2 /usergtarca.com https://twitter.com/ffforward/status/1409240342533181442/photo/1
-
[2021-06-20 13:18:37] @xorhex #MustangPanda #PlugX variant Encrypted: https://www.virustotal.com/gui/file/0246bae3d010d2add808ecc97d8bf8b68f20301bd99f5cef85503894e3ad75cc/detection Decryption Key: 6f 41 68 53 4f 70 69 6b 56 6d Config: 185.239.226.17:965 185.239.226.17:110 103.200.97.189:965 103.200.97.189:110 https://twitter.com/xorhex/status/1406496693735067650/photo/1
-
[2021-05-26 15:10:04] @fbgwls245 #Ransom #ScreenLocker 620E4ECC23C7DC1A608031760107F1A5 "C:\Users\TEST\Desktop" (Extension No Change) Only this folder is encrypted. Unlock Code: unlock c:\Users\Montaser\Documents\Visual Studio 2012\Projects\RansomeWare\RansomeWare\obj\Debug\RansomeWare.pdb https://twitter.com/fbgwls245/status/1397465040991576064/photo/1
-
[2021-05-05 21:42:05] @QuoIntelligence @ESETresearch ???? Document delivered via an encrypted RAR: rheinmetall_job_requirements.rar - 26959c486fa1907a73bf96045af46bc8db3b50052e4cf44df5418999708e6e52 https://www.virustotal.com/gui/file/26959c486fa1907a73bf96045af46bc8db3b50052e4cf44df5418999708e6e52
-
[2021-04-19 00:16:14] @GrujaRS Sample. #SunCrypt #Ransomware! Ransom note;YOUR_FILES_ARE_ENCRYPTED.HTML https://www.virustotal.com/gui/file/ca5751036a12d0a9fba5f2c6cd2bde61b9c40e1607f751c39212b9c9a94c6b5a/detection https://twitter.com/GrujaRS/status/1383831753136119818/photo/1
-
[2021-04-12 22:58:45] @xorhex Pivoting off of https://www.virustotal.com/gui/file/0459e62c5444896d5be404c559c834ba455fa5cae1689c70fc8c61bc15468681/relations (used by a number of samples tied to #RedDelta / #MustangPanda) Leads to https://www.virustotal.com/gui/file/93d33626886e97abf4087f5445b2a02738ea21d8624b3f015625cd646e9d986e/detection Upon extraction. contains an encrypted #RedDelta #PlugX sample: https://www.virustotal.com/gui/file/e4c94cc2e53beb61184f587936ee8134e3ed81872d6ee763cac20557a5f1077c/detection 74668e84ee38695216ef737f389dc55c rainydaysweb.com https://twitter.com/xorhex/status/1381637924308025347/photo/1
-
[2021-04-12 08:56:47] @papa_anniekey これ、通信先が日本なんですよね。 hxxp://13.114.247.134/winhace/*.exe Look at the Analysis of "BILL - APRIL KYC.xlsx" with malicious activity. https://app.any.run/tasks/499bc553-3b4c-4bcf-9444-7c48412f0afa #encrypted #exploit #CVE201711882 #loader @anyrun_app https://twitter.com/papa_anniekey/status/1381426038832439296/photo/1
-
[2021-03-29 21:07:32] @rufusmbrown Undetected ???? #BEACON ???? loader on VT.. https://www.virustotal.com/gui/file/64f6a67a9bfd15f1f363fd13996b530b55fa50bdb63669b90800391095f1c262/detection - Exports: StartW - Decrypts and loads RC4 encrypted resource section (HTTPS stager) - JQuery Malleable C2 profile - C2: shopforenz.com https://twitter.com/rufusmbrown/status/1376536507545161732/photo/1
-
[2021-03-29 04:43:38] @3XS0 #Hiddentear #Ransomware extension .Encrypted Samle https://www.virustotal.com/gui/file/30d595247375a638bb26f8236cc179af2e9b8ea5efe7a345183c2c7b43450bdf/detection https://twitter.com/3XS0/status/1376288901334237186/photo/1
-
[2021-03-28 16:06:35] @3XS0 #Hiddentear #Ransomware extension .Encrypted Samle https://www.virustotal.com/gui/file/30d595247375a638bb26f8236cc179af2e9b8ea5efe7a345183c2c7b43450bdf/detection https://twitter.com/3XS0/status/1376098382100492296/photo/1
-
[2021-03-21 01:35:50] @GrujaRS #Hiddentear #Ransomware extension .Encrypted Samle https://www.virustotal.com/gui/file/30d595247375a638bb26f8236cc179af2e9b8ea5efe7a345183c2c7b43450bdf/detection https://twitter.com/GrujaRS/status/1373327434943234050/photo/1
-
[2021-03-13 03:24:42] @3XS0 #Ransomware #zeppelin https://app.any.run/tasks/0a898244-d655-4fa8-9584-32005e5b8607/ !!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT https://pastebin.com/raw/qK2NgV1R
-
[2021-03-12 16:21:51] @fbgwls245 Go #Ransomware 8243DC32479532FCB82669DA4B81A9D1 /home/onebuoy/Desktop/RANSOMEme/ransomware-master/ransomw.go ext: .NASAcry Notes: READ_TO_DECRYPT.html. FILES ENCRYPTED.html @BleepinComputer @demonslay335 @Amigo_A_ @siri_urz @malwrhunterteam https://twitter.com/fbgwls245/status/1370288917363101696/photo/1
-
[2021-03-12 10:08:52] @3XS0 #Ransomware #zeppelin https://app.any.run/tasks/0a898244-d655-4fa8-9584-32005e5b8607/ !!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT https://pastebin.com/raw/qK2NgV1R
-
[2021-03-05 16:17:46] @ffforward #Ursnif #Gozi targeting ???????? via encrypted zip > Doc. Doc https://bazaar.abuse.ch/sample/621503b3df5c5894eeea6f8ac52479538024caab4dd8c4dd4ec8c2401f05294a/ DLL https://bazaar.abuse.ch/sample/f4ed1a94c984eb8529cd12f138e1ce5d447bc72a94d2ab6f3900641bbcd36e8e/ Config https://tria.ge/210305-a8j2yqp2cx cc @JAMESWT_MHT @andpalmier https://twitter.com/ffforward/status/1367751176834457605/photo/1
-
[2021-03-05 04:20:54] @Arkbird_SOLG I don't see a persistence too. that probably maintained by another tool or executed "on-the-fly" (strange if want in memory only to let the encrypted configuration file in the disk). C2 (over HTTPS) : reyweb.com
-
[2021-03-05 00:43:14] @petrovic082 #Ransomware #zeppelin https://app.any.run/tasks/0a898244-d655-4fa8-9584-32005e5b8607/ !!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT https://pastebin.com/raw/qK2NgV1R
-
[2021-03-01 17:48:53] @tbarabosch #PlugX #MustangPanda 23aa12e7d56be83d7dbde03d3b3773ee (encrypted blob) with mutex "kPysHWLPVOmOloXFyUqf". installation folder "AAM Updatescga". CC "TCP:10.159.5.117:110". and timestamp 2019-12-13. Uploaded from GB. https://www.virustotal.com/gui/file/5b16347c180c8a2e25033ec31ac8728e72a0812b01ea7a312cbb341c6c927d06/details
-
[2021-02-26 05:03:12] @XOR_Hex #MustangPanda #PlugX Encrypted Version: https://www.virustotal.com/gui/file/6097cc6d6fdd5304029ccedfd3ef49f0656bcf1c60d769b3344dc5129fcb6224/detection Decryption Key: 0x55. 0x43. 0x57. 0x46. 0x58. 0x69. 0x79. 0x6e. 0x48. 0x50 103.192.226.100:80 103.192.226.100:110 103.192.226.100:8080 103.192.226.100:5938 https://twitter.com/XOR_Hex/status/1365044701192192000/photo/1
-
[2021-02-26 04:48:28] @XOR_Hex #MustangPanda #PlugX Encrypted: https://www.virustotal.com/gui/file/5eaaf8ac2d358c2d7065884b7994638fee3987f02474e54467f14b010a18d028/details XOR Decryption Key: 0x46. 0x74. 0x6f. 0x6b. 0x54. 0x79. 0x62. 0x52. 0x45. 0x44 103.192.226.100:80 103.192.226.100:8000 103.192.226.100:8080 103.192.226.100:110 https://twitter.com/XOR_Hex/status/1365040992123039745/photo/1
-
[2021-02-23 15:50:32] @reecdeep #Shellcode inside #VelvetSweatshop encrypted XLSX reveals #Lokibot #Malware hxxp://ow.ly/GNEu30rxT59 ⬇️ hxxp://nitengystdylunatsthj.dns.army/engdoc/vbc.exe ???? hxxp://or-logistlcs.com/zoro/zoro3/fre.php #infosec #CyberSecurity #DFIR #cybercrime #cyberattacks #Security #cyber https://twitter.com/reecdeep/status/1364120441430892545/photo/1
-
[2021-02-22 10:56:10] @fbgwls245 #CrySis/#Dharma #ransomware FAF0D4F9EA3E77BE26B3E078CC44FB60 ext: [email protected] .bk Note: FILES ENCRYPTED.txt @BleepinComputer @demonslay335 @Amigo_A_ @malwrhunterteam @siri_urz @JakubKroustek https://twitter.com/fbgwls245/status/1363683976037101574/photo/1
-
[2021-02-09 10:41:45] @housu_jp JADX 1.2.0 has a bug that freezes in "text search". You can check it by decrypting the encrypted payload of the following malware. The bug is not in JADX 1.1.0. https://virustotal.com/gui/file/4704e1c13e2373685f13e706345f14af2fcebcd27bee164e0427b8a16552e059/detection #JADX #FakeSpy
-
[2021-02-05 17:00:05] @reecdeep shellcode deobfuscating shellcode reveals #FormBook #Malware from XLSX encrypted format. hxxp://richelon.in/NewEx/scan0876578909.exe hxxps://richelon.in/NewEx/doc09876578.exe Run: https://app.any.run/tasks/faa6ccec-498e-45da-8282-85896f557bd4 https://tria.ge/210205-b2jtrx4sfa @abuse_ch @James_inthe_box @JRoosen #infosec https://twitter.com/reecdeep/status/1357614966505938946/photo/1
-
[2021-02-05 04:58:20] @XOR_Hex #RedDelta version of #PlugX; this time encrypted with a 13 byte XOR key. 43.254.217.165:110 43.254.217.165:80 Embedded Marker: ja-user-pc ThreatConnect: https://cutt.ly/rkk9wdH VT (encrypted): https://cutt.ly/Akk9t6c 5d2856d38f182cba36a045935ed11a17 #MustangPanda https://twitter.com/XOR_Hex/status/1357433330053038081/photo/1
-
[2021-01-28 06:31:51] @XOR_Hex #CrimsonIAS Backdoor Blog https://cutt.ly/Zj7XCUW TC Link https://cutt.ly/Nj7X33V VT (encrypted) https://cutt.ly/zj7CA87 Has some overlapping similarities with how #MustangPanda's #PlugX was packaged: - 10 byte prepended XOR key - MZ header shellcode - Exported Loader function
-
[2021-01-25 19:39:50] @fr0s7_ #Mailspam #Remcos #Encrypted 1. 9998b2426c516559c118a0e9195fa034 drops another 2. 3c9b171aa4191384845ffc13021f3a7f no detection: https://app.any.run/tasks/5e41e266-b135-4604-b58b-9facafe8d0dd no detection: https://tria.ge/210125-1phadwjde2 c2: moneyds.ddns.net:6332 @InQuest @JAMESWT_MHT @malwrhunterteam @abuse_ch
-
[2021-01-20 18:50:02] @ffforward Heads up. #emotet is back from old new year holiday and has started spamming. Seeing encrypted zips targeting ????????and ???????? so far. https://tria.ge/210120-dx7gmz813a cc @JAMESWT_MHT @James_inthe_box @JRoosen @Cryptolaemus1 https://twitter.com/ffforward/status/1351844430089777152/photo/1
-
[2021-01-19 16:20:07] @reecdeep VelvetSweatshop encrypted xlsx spawns #FormBook #Malware instances via CVE 2017-11882 using obfuscated ShellCode! ➡️ hxxp://chfourmndyanotherwak.dns.navy/chnsfrnd2/winlog.exe (found by @abuse_ch ???? ) ????c2: learnhour.net ????️ https://tria.ge/210119-hnrqmqlghs #infosec #CyberSecurity #DFIR https://twitter.com/reecdeep/status/1351444312672923648/photo/1
-
보이스피싱, 불법촬영물, 랜섬웨어, 사이버 안보위협 등에 관련된 사안의 경우 다음과 같은 기관 및 단체의 도움을 받을 수 있습니다. 노모어랜섬(No More Ransom) 경찰청 사이버범죄 신고시스템 국가정보원 민원센터