찾아줄게요
MASTER 파일은 무엇입니까?
-
안녕하세요. 제 컴퓨터에서 MASTER라는 파일을 찾았는데 이것이 무엇인지 잘 모르겠습니다. 알려주시면 감사하겠습니다.
-
MASTER 파일은 BTCWare 암호화 파일 입니다. BTCWare에서 배포한 파일인 것으로 보입니다. 2017-10-20 20:38:46에 처음으로 보고되었으며 2017-10-20 20:38:46에 마지막으로 보고되었습니다.
-
BTCWare 프로그램을 다운로드하여 MASTER 파일을 열 수 있습니다.
-
BTCWare 랜섬웨어 암호화 파일
BTCWare ransomware encrypted file -
!#_DECRYPT_#! (INF)
!#_RESTORE_FILES_#! (INF)
#_HOW_TO_FIX (INF)
#_HOW_TO_FIX_!.hta (HTM)
#_REAMDE_# (INF) -
연관 링크 #1: 첨부된 링크가 없습니다.
-
연관 링크 #2: 첨부된 링크가 없습니다.
-
-
[2021-06-29 23:17:26] @ActorExpose spoof exfil: [email protected] Impersonating: kosaf{.go.}kr "South Korean Government" "전체 사서함 경고" phish: hxxps://www.studychick.com//mmp_llp/appx/?email= xxx eml file download: https://github.com/ActorExpose/email-template-sample/blob/master/___%20___%20__%20(2021-06-29%2012-56).eml @iHeartMalware @CraneHassold @ANeilan @JCyberSec_ @2RunJack2 https://twitter.com/ActorExpose/status/1409908878758879239/photo/1
-
[2021-06-29 14:09:15] @cyb3rops Which rules do I like the most? Answer: the generic ones Remember this when someone tells you that signature based detection is dead Sample https://www.virustotal.com/gui/file/1c89460be0f153e9cf9b2210075f29686d15d1bd168353aed6d0755097e54022/detection Rule info https://valhalla.nextron-systems.com/info/rule/SUSP_EnableContent_String_Gen Rule https://github.com/Neo23x0/signature-base/blob/master/yara/gen_susp_office_dropper.yar#L18 https://twitter.com/cyb3rops/status/1409770925147492356/photo/1
-
[2021-06-29 04:03:00] @michalmalik https://www.virustotal.com/gui/file/1a4ffc5fb732585afd5aa2ca5116dcff041896731e08c1a4cf40ee93dce0d785/detection < Shellcode packed with Golang packer https://github.com/jm33-m0/emp3r0r/tree/master/packer (based on Ezuri). tries to connect to 106.13.83.195:8999
-
[2021-06-22 21:53:07] @phishunt_io #NewPhishing | #phishing #scam ???? /www.rmaster.ru/xls/media/market/wellsfargo.comV3 ???? 185.20.224.22 ☁ Domain names registrar http://REG.RU. Ltd ???? Thawte RSA CA 2018 https://twitter.com/phishunt_io/status/1407350945286135814/photo/1
-
[2021-06-22 05:34:45] @InQuest ???? Malicious file found hosted at: https///github.com/Hardi-St/MobaLedLib_Docu/raw/master/Betatest/MobaLedLib-master.zip SHA256: 6dcc812226ad270cf6eb6b747707b0ac2f76ef63794ede6f10b72adbbf7527da IOC extracted from sample: https://labs.inquest.net/dfi/hash/8dd984f022a1b45b874e3a49cabe7a22ad887020db7625815b65f447538a1c3f
-
[2021-06-21 00:43:02] @ActorExpose Active DHL Phish Exfil: [email protected] @emailrepio hxxps://firstfinancialtrustb.com kit sample: https://github.com/ActorExpose/kit/tree/master/firstfinancialtrustb.com @Spam404 @JCyberSec_ @BushidoToken @PhishKitTracker @Bobby_Presto https://twitter.com/ActorExpose/status/1406668929695629312/photo/1
-
[2021-06-21 00:13:32] @ActorExpose Amazon Phish Exfil: [email protected]. [email protected] hxxp://msomdndbvsdfservices.com https://github.com/ActorExpose/kit/tree/master/msomdndbvsdfservices.com @emailrepio @PhishKitTracker @JCyberSec_ @BushidoToken @Spam404 @Bobby_Presto https://twitter.com/ActorExpose/status/1406661508575154178/photo/1
-
[2021-06-19 10:11:27] @pollo290987 #MEMZ Storno.bin 84887b550e951055309ca04dab0d0cf7 Giovanni\Downloads\MEMZ-master\MEMZ-master\Storno\Debug\Storno.pdb https://github.com/JmNkS/MEMZ https://twitter.com/pollo290987/status/1406087202199777281/photo/1
-
[2021-06-19 07:56:24] @fbgwls245 #Povlsomware (ALPHA LOCKER) #Ransomware 84BDE248E4F4C504384BB3A3B9703E4EA7E033F9AA1160089FEC9C30AF6632D7 C:\Users\ALPHA_HACKER\Downloads\Povlsomware-master\Povlsomware-master\Povlsomware\obj\Release\Povlsomware.pdb https://twitter.com/fbgwls245/status/1406053214005305345/photo/1
-
[2021-06-16 05:17:57] @VK_Intel ????Breaking:????"The Rise & Demise of Multi-Million #Ransomware Business Empire" | Victimology from Master Key & @IntelAdvanced Cases ????Birth of "#Ransonomics" | #Avaddon Op Salary 1000x Russia's Median Salary | Verifiable Metrics of Intrusion | #YARA v1 https://www.advanced-intel.com/post/the-rise-demise-of-multi-million-ransomware-business-empire https://twitter.com/VK_Intel/status/1404926178553741312/photo/1
-
[2021-06-14 23:24:49] @InQuest First time seeing this @USTreasury themed #DRIDEX maldoc. InQuest Labs: https://labs.inquest.net/dfi/sha256/e3f23870da4be4343f3be2e30cbfb9ee1cdbc10eacab1e9307d5bd902989270c IOC http://www.masterproffoz.com.br the.choptopcougar.com http://edacapulco.com.br 45.79.91.89 157.245.231.228 @James_inthe_box @lazyactivist192 @jcarndt @malwaredisciple https://twitter.com/InQuest/status/1404474918935351300/photo/1
-
[2021-06-11 11:52:12] @InQuest ???? Malicious Office document found hosted at: https///github.com/msxl/msxl.github.io/blob/master/%E7%B4%A7%E6%80%A5%E9%80%9A%E7%9F%A5.dotm?raw= true SHA256: 8c9ec0efda6c90738b94c39739466ef7a21581deb1c669782ecfaa5679e1b709 IOC extracted from sample: https://labs.inquest.net/dfi/hash/2b97a3e0dda4adb1570e0bdd41df852dd7c2e6305c27c36843515bce44cc7b81
-
[2021-06-11 00:23:57] @MBThreatIntel ???? Malspam delivering #AgentTesla via malicious PowerPoint. ➡️ Payload: ia801509.us.archive.org/15/items/black3_202106/black1.txt ➡️ Panel: 103.114.107.28/master/black/login.php https://twitter.com/MBThreatIntel/status/1403040252013412353/photo/1
-
[2021-06-05 00:43:36] @ActorExpose Active phish targeting Swisscom and La Poste (opendir) hxxp://update-your-account.onelinesuccess.com kit download: https://github.com/ActorExpose/kit/tree/master/update-your-account.onelinesuccess.com @JCyberSec_ @ANeilan @Bobby_Presto @PhishKitTracker NuKe: @Spam404 https://twitter.com/ActorExpose/status/1400870868029411332/photo/1
-
[2021-06-05 00:20:03] @ActorExpose phisher; [email protected] phish; hxxp://info.bestrears.co.za/index/NediBalars~STOVEDROP~MAX.htm phishkit sample; https://github.com/ActorExpose/kit/tree/master/info.bestrears.co.za @JCyberSec_ @PhishKitTracker @Bobby_Presto @Spam404 @ANeilan https://twitter.com/ActorExpose/status/1400864940601360386/photo/1
-
[2021-06-03 05:21:03] @ActorExpose Active Phish (opendir) hxxps://tracksupport-usps.com kit sample: https://github.com/ActorExpose/BEC/tree/master/tracksupport-usps.com @JCyberSec_ @PhishKitTracker @miss_LN_ NuKe @Spam404 https://twitter.com/ActorExpose/status/1400215912880484352/photo/1
-
[2021-05-29 19:43:04] @cyb3rops Since @MSFTSecurity and @Volexity shared so many useful information about APT29 / NOBELIUM. I do my part and share 12 YARA rules Rules https://github.com/Neo23x0/signature-base/blob/master/yara/apt_apt29_nobelium_may21.yar#L47 > I especially like the rule to detect the PDF payloads used by BoomBox PDF https://www.virustotal.com/gui/file/656384c4e5f9fe435d51edf910e7ba28b5c6d183587cf3e8f75fb2d798a01eeb/detection https://twitter.com/cyb3rops/status/1398620909368381440/photo/1
-
[2021-05-28 21:24:27] @ActorExpose Another domain that hasn't been recovered check it out and alert the webmaster for defacement removal. and web directory check. hxxp://www.tce.ac.gov.br/1877.html @certbr
-
[2021-05-27 05:31:17] @Arkbird_SOLG Interesting to see some different structures of code but same injection method for the packets. looks like the oldest version of #Moriya driver without verbose for the debug. H/T @BushidoToken Yara: https://github.com/StrangerealIntel/DailyIOC/tree/master/2021-05-26/Moriya Sample : https://bazaar.abuse.ch/sample/ce21319bd21f76ab0f188a514e8ab1fe6f960c257475e45a23d11125d78df428/ https://twitter.com/Arkbird_SOLG/status/1397681774948491265/photo/1
-
[2021-05-26 05:58:05] @Arkbird_SOLG Another driver of #Moriya backdoor. if somebody is interested by the sample +Yara rule Sample : https://bazaar.abuse.ch/sample/5ae232caeaf2c570e17734820df53afd75907596e7c87960a2aac171cdeccaf7/ Yara https://github.com/StrangerealIntel/DailyIOC/blob/master/2021-05-26/Moriya/MAL_Moriya_May_2021_1.yara cc @cyb3rops @c3rb3ru5d3d53c @JAMESWT_MHT @h2jazi @James_inthe_box @KorbenD_Intel @DrunkBinary https://twitter.com/Arkbird_SOLG/status/1397326130512793603/photo/1
-
[2021-05-19 12:05:08] @InQuest ???? Malicious Office document found hosted at: https///github.com/tconqueror/bla/blob/master/testvba.dotm?raw= true SHA256: d33474b214483ea3de482882ee844ff4985d4187ec71beed9e8c63b266d7368d IOC extracted from sample: https://labs.inquest.net/dfi/hash/c7e0b4fff6eb9dc8deb14ec8c6195c1c9dbdce39d0e241f6bfb1cc52d440382f
-
[2021-05-15 17:55:05] @Finch39487976 #Ransomware YARA rule developed for #DarkSide dll with Monk https://github.com/Finch4/Monk/blob/master/DarkSide/darkside_dll.yar HybridAnalysis: https://www.hybrid-analysis.com/yara-search/results/d8c329c22815e53e25aba6a2c77f84207ccf9559f4bd86fe159818b313d5e3ee Note: I'm testing my project (Monk). this rule doesn't aim to be a professional one.
-
[2021-05-15 04:27:20] @Arkbird_SOLG #ATM Interesting to see that #DispCashBR continue to be used. recent samples in April-May 2021. I take the opportunity for share the yara rule: sample: https://bazaar.abuse.ch/sample/432f732a4ecbb86cb3dedbfa881f2733d20cbcc5958ead52823bf0967c133175/ Yara rule: https://github.com/StrangerealIntel/DailyIOC/blob/master/2021-05-14/DispCashBR/ATM_DispCashBR_May_2021_1.yara cc @Bank_Security @BushidoToken @c3rb3ru5d3d53c
-
[2021-05-14 04:11:59] @MBThreatIntel Malspam with .XLSB attachment pushing #Trickbot version 2000029 Maldoc: f53fdbf650f8079b40e9ddb2c7fe41c9 Payload: 0248aa78d8a4d231273d6589edb0a423 Payload URL: mastercarebath.com/wp-netmon.dll https://twitter.com/MBThreatIntel/status/1392950776792698885/photo/1
-
[2021-05-08 02:32:06] @ActorExpose Heads up! Target: First American Title Company phish url: hxxps://noemycliffsuit.xyz/Cd/Borrower/Borrower's-details.shtml kit sample: https://github.com/ActorExpose/BEC/tree/master/noemycliffsuit.xyz @Bobby_Presto @JCyberSec_ @Spam404 @PhishKitTracker @iHeartMalware @CraneHassold https://twitter.com/ActorExpose/status/1390751310773997573/photo/1
-
[2021-05-04 02:57:18] @Racco42 @James_inthe_box @felixw3000 @VK_Intel hxxps://carrerasamericanas.net/repro2hive/h5live-master/js/lib/0YLkHHgkr5e5GkS.php hxxps://demo.learningcentre.co/www/themes/efront2013/images/css_images/qtJJKheJ4uX1p.php hxxps://edwardspowerwashing.com/mQ8HReIBcDnSG.php hxxps://kalyan143.in/pass/S0kpWspb.php
-
[2021-05-02 22:01:13] @ActorExpose SMT. CHANDABEN MOHANBHAI PATEL HOMEOPATHIC MEDICAL COLLEGE hxxp://cmphmc.org/pdf/ you might want to alert the webmaster @IndianCERT
-
[2021-05-01 20:48:36] @Arkbird_SOLG Samples: https://bazaar.abuse.ch/browse/tag/IronPython/ https://bazaar.abuse.ch/sample/65b43e30547ae4066229040c9056aa9243145b9ae5f3b9d0a01a5068ef9a0361/ Yara: https://github.com/StrangerealIntel/DailyIOC/blob/master/2021-05-01/Turla/APT_Turla_IronPython_Apr_2021_1.yara
-
[2021-04-18 07:42:02] @fbgwls245 @malwrhunterteam #Nitro #Ransom 3E0B01D02FD730BB79410FB4B8D909B4 C:\Users\isarh\Desktop\Nitro-Ransomware-master\NitroRansomware\obj\Debug\NitroRansomware.pdb 077FCCC46159F8CCD79FCD50787DB1C9 C:\Users\coazy\Desktop\Source Codes\Nitro-Ransomware-master\NitroRansomware\obj\Debug\NitroRansomware.pdb
-
[2021-04-15 05:56:08] @Arkbird_SOLG That the same SWF file and can be hunted.(a1d0a5484e67d6edc72cd833e976afc0d48afc3cb85670089d3d61e0c139fcc2) Yara: https://github.com/StrangerealIntel/DailyIOC/blob/master/2021-04-14/Underminer/Exp_Underminer_Apr_2021_1.yar cc: @nao_sec @jeromesegura https://twitter.com/Arkbird_SOLG/status/1382467737050521600/photo/1
-
보이스피싱, 불법촬영물, 랜섬웨어, 사이버 안보위협 등에 관련된 사안의 경우 다음과 같은 기관 및 단체의 도움을 받을 수 있습니다. 노모어랜섬(No More Ransom) 경찰청 사이버범죄 신고시스템 국가정보원 민원센터