찾아줄게요
HELLO 파일은 무엇입니까?
-
안녕하세요. 제 컴퓨터에서 HELLO라는 파일을 찾았는데 이것이 무엇인지 잘 모르겠습니다. 알려주시면 감사하겠습니다.
-
HELLO 파일은 Xorist 암호화 파일 입니다. Xorist에서 배포한 파일인 것으로 보입니다. 2017-10-21 16:29:51에 처음으로 보고되었으며 2017-10-21 16:29:51에 마지막으로 보고되었습니다.
-
Xorist 프로그램을 다운로드하여 HELLO 파일을 열 수 있습니다.
-
Xorist 랜섬웨어 암호화 파일
Xorist ransomware encrypted file -
시그니처 정보가 없습니다.
-
연관 링크 #1: 첨부된 링크가 없습니다.
-
연관 링크 #2: 첨부된 링크가 없습니다.
-
-
[2021-07-06 17:59:52] @ActorExpose "Zombi Bot v14" affiliated with Dr Hex (?) exfil: [email protected]. [email protected] @emailrepio https://sellix.io/product/607c7a6a95277 https://twitter.com/ActorExpose/status/1412365675860008961/photo/1
-
[2021-07-04 01:08:18] @micham Hello @Baby_2_Sleep ! Please kindly wakeup for a bit and investigate your #popped #WordPress install. Currently 110 unique IP addresses (of which at least one is bad: 23.105.131.186) have accessed that @Chase #phishing page on your server???? Good luck! https://www.virustotal.com/gui/url/276538f7b1c1a15e8e2a138781d99e37f6e7e1e55b79925a03bf11a8237bf558/detection https://twitter.com/micham/status/1411386332178309124/photo/1
-
[2021-06-04 20:50:01] @JawsIntel @TheDFIRReport Looks like Sysrv-hello to me: https://otx.alienvault.com/indicator/ip/194.145.227.21
-
[2021-05-11 09:43:05] @fbgwls245 .crypted #HelloKitty #Ransomware /Go/src/kitty/kidata/kidata.go https://www.virustotal.com/gui/file/097d28021ffb26cb5b7d2d1377578cd6e2005549e44b5b2491fd310ecf50f7a8/detection CC: @BleepinComputer @demonslay335 @Amigo_A_ @siri_urz @malwrhunterteam @JAMESWT_MHT https://twitter.com/fbgwls245/status/1391946937968914434/photo/1
-
[2021-05-06 02:52:44] @Baaastou @ESETresearch Hello. another sample load same second stage #Lazarus https://www.virustotal.com/gui/file/ffec6e6d4e314f64f5d31c62024252abde7f77acdd63991cb16923ff17828885/detection
-
[2021-04-06 20:34:53] @aRtAGGI After a quiet period for the #RoyalRoad RTF builder it looks like development on the kit continues. L8ter 8.t Hello e.o! #China #APT Encoding Bytes - B0 74 77 46 C:\Users\<UserDir>\AppData\Local\Temp\e.o e.o|cd5db4214b7c71523134a2ef78444e1f https://www.virustotal.com/gui/file/774a54300223b421854d2e90bcf75ae25df75ba9f3da1b9eb01138301cdd258f/relations https://twitter.com/aRtAGGI/status/1379427391181889537/photo/1
-
[2021-03-23 14:54:26] @micham Hello @000webhost_com "docsdrive" on your services spreads a link to malicious software on @onedrive ! Please kindly destroy????. Cheers! https://www.virustotal.com/gui/file/764fe7f46e2d24cf7dd01b42f81fb83a615a7e0a95c0eb31b612ca3ebb175ef1/detection/f-764fe7f46e2d24cf7dd01b42f81fb83a615a7e0a95c0eb31b612ca3ebb175ef1-1616457182 https://twitter.com/micham/status/1374253187570360321/photo/1
-
[2021-03-14 22:37:48] @Tanerbeyhan @MBThreatIntel Hello MalwareBytes. i wonder why this hash is not known by MalwareBytes ??? https://www.virustotal.com/gui/file/a4fb20b15efd72f983f0fb3325c0352d8a266a69bb5f6ca2eba0556c3e00bd15/detection
-
[2021-03-05 19:11:41] @micham Hello @000webhost_com ! The file Vectrum.exe found in hxxps://cheeatzz.000webhostapp.com/VectrumSOFT.zip may be malicious. Please kindly investigate ???? Cheers! VT: 23/71 https://www.virustotal.com/gui/file/f02fe52119ff47fed2e52b28ec2c42a8eae8233b4c588c310dbaef3297b5d768/detection https://twitter.com/micham/status/1367794941682876422/photo/1
-
[2021-03-05 17:44:41] @HarioMenkel Hello #gootkit my old friend.. hxxps://pwamerongen.nl/2020/08/15/welche-rechtsschutzversicherung-deckt-widerruf-darlehensvertrag/ More infos: https://otx.alienvault.com/pulse/6041fd76309033fc658e6785 https://twitter.com/HarioMenkel/status/1367773049316126720/photo/1
-
[2021-02-10 07:06:24] @Arkbird_SOLG Thanks to @Glacius_ for the Oct-Nov samples cc: @BushidoToken @PolarToffee @fwosar @malwrhunterteam @VK_Intel Samples: https://bazaar.abuse.ch/browse/tag/HelloKitty/ ref : https://livecoins.com.br/cemig-e-vitima-de-ransomware-e-responde-no-motherfuckr-para-hackers/
-
[2021-02-06 00:51:56] @ffforward Caught by MDO ???? @Pawp81 Second drop URL dropped hello-world-x64.dll https://www.virustotal.com/gui/file/078ca38607f24fd21a563fa5189843734677b98d5017d5ebb03b2960053b25b5 ????
-
[2021-01-31 03:42:21] @dev47apps @HellooAlbert ¯\_(ツ)_/¯ Looks cryptic. Maybe it doesn't like the IP/location where the website is hosted. The site has been around for a long time. https://www.virustotal.com/gui/url/0af0d7b335726f05a89400f86b06af4a582fcd71883352abe564d67bdb5c5a34/detection
-
[2021-01-29 01:24:14] @p5yb34m #IcedID #TA551: .doc Sample: https://bazaar.abuse.ch/sample/dfffacd10a8887ff9e48cb452696fa8a9b6b83ea3e285b4f7d3692677c8c30fc/ .dll Installer: ://fbfurnace6.com/assets/4621f42aad9738c0992/e93f49079ac08560/67311dcc4b7a6/shaz10?pr= 5dc7155&rccks= 4cc00761&kp= d909e4b6e097ed Process Name: hello.exe https://app.any.run/tasks/2573ec2e-7d32-49e8-89fd-70c09c11f114
-
[2021-01-23 06:07:59] @kitao_n デフォルトのReleaseビルド(x86。最適化O2とGLあり)で誤検知されます。 C++最適化の設定で「O2とGLを両方オフ」に設定すると誤検知されなくなり大丈夫です(処理速度はいくらか落ちます) ↓"Hello World"をビルドしたFileを各ウイルス対策Softエンジンに検証して貰った結果 https://www.virustotal.com/gui/file/9110e4be3db489134694c577c1d676103fb00b361f0ba25facad433294550584/detection https://twitter.com/kitao_n/status/1352739816631197696/photo/1
-
[2021-01-18 01:53:08] @micham Hello @000webhost_com . the subdomain "accountsgoooglecomredirectaccountsmailprotect" serves a malicious file which may be in violation of your TOS. Please kindly investigate.???? Thanks much in advance. Cheers! https://www.virustotal.com/gui/file/79643f68a335183fccfb83389edf8edcf00ad8d2b17c9408be50040ed37466ac/detection https://twitter.com/micham/status/1350863742582460417/photo/1
-
[2021-01-11 22:44:26] @Sami_Lehtinen There are some problems with the exe-folder packer solutions: https://www.virustotal.com/gui/file/027cc7daa86607bb0c3bb28e580d73f6c88148519135ec048055034068ac2876/detection It's being detected as malware even if it's just hello world program.
-
[2021-01-10 12:43:21] @malwaremustd1e Hello @cyb3rops system.dll you YaraScan in @virustotal is Nullsoft (nsis-3.06.1) portable ver's DLL↓ https://www.virustotal.com/gui/file/6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e/community Infos are in my comment. (pic) Do NOT judge a binary because it has a same name as per reported by others. even it has different functions #falsepositive https://twitter.com/malwaremustd1e/status/1348128270798110721/photo/1
-
[2021-01-05 01:19:10] @micham Hello @000webhost_com . it looks like a suspicious file targeting Android users is spread via amazonsellercenter.000webhostapp.com. Please kindly take a look and eventually action. Thanks in advance. Cheers! This analysis from ~one month ago may help: https://www.virustotal.com/gui/file/9795ca3c5d8339a2cdcb537077c7cc0b98b45ff8fa65867cd6ceb7ebf0ff08fc/detection/f-9795ca3c5d8339a2cdcb537077c7cc0b98b45ff8fa65867cd6ceb7ebf0ff08fc-1607132450 https://twitter.com/micham/status/1346144152078020608/photo/1
-
[2020-12-21 00:21:11] @micham Hello @SUPEN_CR . If this site does not belong to you. then you might want to examine and/or take action. https://www.virustotal.com/gui/url/912a4e4acc8456519e3518c2eefd80f4b9d61fd697ae09a406ad33c4153581b9/detection https://twitter.com/micham/status/1340693741091266561/photo/1
-
[2020-12-03 09:38:04] @bomccss 本文の返信として追加される英文は9月時点と変わらず、以下です。 ■本文 Hello. Read the document and let me know what you think. Thanks. (以下、元のメール本文) ■通信先 hxxp://guvenalarm.com.tr/mnsdzu/423323.jpg ■config Botnet: abc106 Campaign: 1606896670
-
[2020-11-22 10:01:17] @wwp96 #HFS #opendir #latentbot #ammyy #Flawedammyy @JAMESWT_MHT 188.13.113.233:2020 hxxp://supremogw46.nanosystems.it/gatewaylist.php hxxp://51.178.161.234:443/$rdgate?ACTION= HELLO&ID= NEW 13ef01c32fa7761f77c6422615544380 11bc606269a161555431bacf37f7c1e4 https://app.any.run/tasks/dff57056-6189-42f1-8905-1aaab917c634/ https://twitter.com/wwp96/status/1330330478260477953/photo/1
-
[2020-11-04 00:53:01] @Abadd00n @getresponse Hello there that scammers are using your platform for phishing and malware distribution: https://www.virustotal.com/gui/file/803ee62c4eb14f05f88e54a56c1b55b23976f83765e60005b861ef96a16b9dcb/detection #phishing https://twitter.com/Abadd00n/status/1323669520972742657/photo/1
-
[2020-10-22 17:21:13] @SendGrid @paritybitnyc @abuse_ch Hello. thanks for reaching out! Please send us the header for the email you've received to our Abuse and Compliance team abuseatsendgrid.com in order to track and stop such accounts from our side. I apologize for any inconvenience generated by this! ~A.C
-
[2020-10-21 03:58:37] @Cryptolaemus1 ://hello.congduhoc.com/logstash-mutate/d/ s://musicrepublicmagazine.com/wp-content/HbW/ s://www.littleforbig.com/menuso/5IW5/ 2/2
-
[2020-10-16 03:01:38] @abel1ma とりあえず 10月16日4時ごろから不審メールがきています。 件名 支払いの詳細 - 注文番号 添付 zipファイル に excelファイル格納 通信先 hxxp://hellomydad.xyz/campo/b/b
-
[2020-09-16 04:45:20] @neonprimetime hello #phishing scam pdf attachment md5 1f1f6c557d674f0069696a7d08e76733 https://www.virustotal.com/gui/file/e9562c13ed6071b1177b8b368422eff7002b8e42917df174f49f1494eb9e4c4c/details … should i click? certainly cause i'm not a robot 1/n pic.twitter.com/hr1wwXDu6r
-
[2020-08-07 01:08:01] @joshis_tweets Hello Yacine. do you have any update on this? Let's look at this practically: This app is malware: https://play.google.com/store/apps/details?id= sms.colorful.message.messaging.convinent … https://www.virustotal.com/gui/file/84d67b791cf2a106399f9513524ef7d8067aa966a71437e33f190a21b50e5e57 … We can see 21 users are infected in the banks we protect. We just reported you the app via your form..
-
[2020-07-28 20:57:58] @JAMESWT_MHT #Hello microsoftnetframework4820190418.duckdns.org 'coded by skype: pjoao1578 #wshrat Vbs Sample caught by @c_APT_ure https://bazaar.abuse.ch/sample/f5c68c7f926367e13c3051e70ab7e37764fba5c194a0d51bd4fc5be03c1c6c3b/ … Drop old payloads caught by @Racco42 https://bazaar.abuse.ch/sample/272e64291748fa8be01109faa46c0ea919bf4baf4924177ea6ac2ee0574f1c1a … https://bazaar.abuse.ch/sample/d65a3033e440575a7d32f4399176e0cdb1b7e4efa108452fcdde658e90722653 … Run https://app.any.run/tasks/024b86d5-6f92-43d4-9b36-1aa7c213c461#… @malwrhunterteam
-
[2020-07-15 17:07:52] @JAMESWT_MHT Hello asacubebotnetcontrolpanel.000webhostapp.com Are you testing your malware today? https://app.any.run/tasks/31efc192-101e-4a5d-86ef-74b58df84b80/ … I will help you http://asacubebotnetcontrolpanel.000webhostapp.com/important/important.exe Good you have just fix it https://app.any.run/tasks/e28d746a-2b64-477d-bcb9-8e0bcddb4423/ … @malwrhunterteam
-
보이스피싱, 불법촬영물, 랜섬웨어, 사이버 안보위협 등에 관련된 사안의 경우 다음과 같은 기관 및 단체의 도움을 받을 수 있습니다. 노모어랜섬(No More Ransom) 경찰청 사이버범죄 신고시스템 국가정보원 민원센터