찾아줄게요

ABC 파일은 무엇입니까?

• 안녕하세요. 제 컴퓨터에서 ABC라는 파일을 찾았는데 이것이 무엇인지 잘 모르겠습니다. 알려주시면 감사하겠습니다.

• ABC 파일은 TeslaCrypt 암호화 파일 입니다. TeslaCrypt에서 배포한 파일인 것으로 보입니다. 2017-10-22 07:40:00에 처음으로 보고되었으며 2017-10-22 07:40:00에 마지막으로 보고되었습니다.

• TeslaCrypt 프로그램을 다운로드하여 ABC 파일을 열 수 있습니다.

• TeslaCrypt 랜섬웨어 암호화 파일
  
  TeslaCrypt ransomware encrypted file

• !RecoveR!-[a-zA-Z0-9]++ (HTML, PNG, TXT)
  
  +-HELP-RECOVER-+[a-zA-Z0-9]-+ (HTML, PNG, TXT)
  
  +-XXX-HELP-XXX-+[a-zA-Z0-9]-+ (HTML, PNG, TXT)
  
  +REcovER+[a-zA-Z0-9]+ (HTML, PNG, TXT)
  
  -!RecOveR!-[a-zA-Z0-9]

• 연관 링크 #1: 첨부된 링크가 없습니다.

• 연관 링크 #2: 첨부된 링크가 없습니다.

• [2021-07-06 20:29:51] @_alex_il_ It is not the first time the #REvil gang is using this vulnerable defender executable in its infection flow. Attaching a similar dropper to the #Kaseya attack from May. Interesting fact - the actual ransomware payload signature is still valid. https://www.virustotal.com/gui/file/81d0c71f8b282076cd93fb6bb5bfd3932422d033109e2c92572fc49e4abc2471/details https://twitter.com/_alex_il_/status/1412403420217159694/photo/1

• [2021-07-05 12:35:10] @pcrisk Stop/Djvu Ransomware; Extension: .pooe; Sample: https://www.virustotal.com/gui/file/d13309b9c0785d6c0204fdf20146c12cabcdccf85cd65b760c813e8364792904/detection @struppigel @demonslay335 @Amigo_A_

• [2021-07-04 21:36:34] @JoKivFin https://virusscan.jotti.org/en-GB/filescanjob/36tq66do9r https://www.virustotal.com/gui/file/97b10e77177144858e2cfb3447abc4c524da416b221d94de43a611bd718dc9e1/detection

• [2021-07-04 14:53:23] @pollo290987 #redline multilogin.exe d4bfc09f4e75c9eef1ead04768aaabc9 build4 C2: /45.139.236.36:33611

• [2021-06-29 21:43:21] @satontonton file:2.exe hash:b9b57201aeabc5f80c14511cb04610c4 C2(guloader):https\://drive.google\.com/uc?export= download&id= 1mTKPvw8qL27QyRsodxIQX0YLuZz1OgyV

• [2021-06-29 10:05:02] @HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 66 VirusTotal: https://www.virustotal.com/gui/file/dd63c867a97cac9a55e003dabce9c9ffb1714560cb4f9817b977d0b78d16ee47/detection/f-dd63c867a97cac9a55e003dabce9c9ffb1714560cb4f9817b977d0b78d16ee47-1579197524 Threat: Ransom_WCRY.SMALYM (TrendMicro)

• [2021-06-26 03:56:16] @jaimeblascob @James_inthe_box @petrovic082 @benkow_ https://otx.alienvault.com/indicator/file/b54a36accabcb86af3a149c3c61eea88

• [2021-06-23 12:09:25] @DynamicAnalysis @GamerBo62385068 @KelliX84 @ABC11_WTVD Systemic discrimination does exist. Here is one provable example: https://www.aei.org/op-eds/senate-democrats-voted-to-permit-systemic-racism-in-higher-education/

• [2021-06-23 11:51:21] @DynamicAnalysis @GamerBo62385068 @KelliX84 @ABC11_WTVD Actual historians. There many sources like this. so maybe just do some research. https://www.wsws.org/en/articles/2019/12/28/nytr-d28.html

• [2021-06-22 19:58:20] @GossiTheDog Hmm https://www.virustotal.com/gui/file/6ba5ca56062ffcc67ab185b7731a0946f7e486794bb499639925b0f0e02c6d16/detection https://www.virustotal.com/gui/file/f1d1a8b9b8538277e47a6e31293c4b91b2455dc5b9d23d4687f99e9083a92e2b/detection https://www.virustotal.com/gui/file/92a25c6975110c0d736506f8e08a6e52f6d7d8b057d7abcd3426322deefc42c2/detection

• [2021-06-20 19:45:02] @HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 56 VirusTotal: https://www.virustotal.com/gui/file/1942cc42e81bd5b1f91a32daff255ba34a5f797f9f0abc220d3f0bdfd633a7c4/detection/f-1942cc42e81bd5b1f91a32daff255ba34a5f797f9f0abc220d3f0bdfd633a7c4-1624165523 Threat: Ransom_WCRY.SMALYM (TrendMicro)

• [2021-06-19 20:22:15] @NaomiSuzuki_ Google先生までが止めに入った偽アプリ nttdocomo.apk でしたが、Nttドコモセキュリティ.apk で何がどうなったのか、誰も反応しなくなりました???? https://www.virustotal.com/gui/file/f59325ccabf9abc3f4948ec409e462d91997f934b84e6fe76b65d4d514ca2f0c/detection https://twitter.com/NaomiSuzuki_/status/1406240913270067205/photo/1

• [2021-06-15 14:00:34] @reecdeep #Lokibot #malware from #shellcode by CVE 2017-11882 https://app.any.run/tasks/9bff6553-ceb7-40fe-abc7-d7da5cc2c895# ????hxxp://107.173.219.35/win/vbc.exe #opendir ????c2: hxxp://aft-forge-tw.com/Bn4/fre.php #infosec #CyberSecurity #cybercrime #Security

• [2021-06-12 23:19:37] @KodaES @360CoreSec @panda_zheng https://www.hybrid-analysis.com/sample/9dac6553b89645ac8d9e0a3dc877d12641e6d05fb52e8de6ae5533b2bdf0abc9/60c4d5420bcafc1bde194fc8 drop: https://www.virustotal.com/gui/file/756b56ed3d4acbc0b766f71cf24ac80c0ca2f372586c43cd27e2b0ea489cd0f8/detection

• [2021-06-11 18:05:29] @InQuest ???? Malicious RTF document found hosted at: https///gotravelexplore.info/ww/s.dot SHA256: 67e07ce7a82f05f36c36685ca246ae7f6e29ec8cd78374e292c28bc303cb7c5d IOC extracted from sample: https://labs.inquest.net/dfi/hash/95a360aa747fc10abc0230047a5271905c601256d2da2c60670a81237ccf35a5

• [2021-06-10 16:55:11] @HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 63 VirusTotal: https://www.virustotal.com/gui/file/c883540807b9a7b029899b505ed459c0043068bc3ba4abc6dda385701a1298e2/detection/f-c883540807b9a7b029899b505ed459c0043068bc3ba4abc6dda385701a1298e2-1622940132 Threat: Ransom_WCRY.SMALYM (TrendMicro)

• [2021-06-06 11:41:11] @SonOfATech https://www.virustotal.com/gui/file/cbb1cdfc7ed5d34afa7432d04302de367d2d53a377ad6b7fc710f501b4835d9d/detection https://www.virustotal.com/gui/file/cd48aed0327993bf1f289d2a1dc2d92cfcdabc1c8a8b12d4eae588cee6440ac3/detection https://www.virustotal.com/gui/file/33c927b3c72f84c079f88bf2d1e1fb5ee162b6f87b729886a32bcde8056e0251/detection

• [2021-06-04 17:00:02] @HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 64 VirusTotal: https://www.virustotal.com/gui/file/0044e04af55e740a58b3684dd927b95a14f7b7bc3abc22ba11dafefa348de058/detection/f-0044e04af55e740a58b3684dd927b95a14f7b7bc3abc22ba11dafefa348de058-1576808930 Threat: Ransom_WCRY.SMALYM (TrendMicro)

• [2021-06-04 13:13:18] @InQuest ???? Malicious RTF document found hosted at: http///bit.do/fQXx8 SHA256: 9e28097f05e88ee88fc04062264da7ce2d6a5c8f5d3776531179c3bf9f5b003d IOC extracted from sample: https://labs.inquest.net/dfi/hash/07ffbabb575117c731872d2d6cda388f2343fdee55d700f8357263a48c0edabc

• [2021-06-03 18:29:39] @JAMESWT_MHT #interesting doc caught by @malwrhunterteam . Doc https://bazaar.abuse.ch/sample/dbe9adb27d314e866d5f15a4179583753c7153bc95a0c1735e52cf55720ee9c0/ Dll https://bazaar.abuse.ch/sample/965abc1014cad586b2e63cab6c7a0f8a4d33505c46d47eda4750b48c5af8adac/ https://bazaar.abuse.ch/sample/4055ca8797b0aef691d55429e0fc5eee84273eee58ad9403dea50f36ef476042/ https://twitter.com/JAMESWT_MHT/status/1400414373546450949/photo/1

• [2021-06-03 16:23:12] @abuse_ch Malspam with weaponized word document distributing TrickBot (rob96) ???? docx ->.-> exe ???? Domains: micrsoft365 .live download3 .xyz docx: ???? https://bazaar.abuse.ch/sample/4835f6d3b8e1414e0176a9142c154d8b67f3cf0183ce9b230cb240ba110d8140/ dot: ???? https://bazaar.abuse.ch/sample/fd05481da74a6d89ac3c60db954e8f02a85711f9abaf12ede2d4e54eaf06a032/ exe: ???? https://bazaar.abuse.ch/sample/24dd0b8a2e2faff39ea54abc2654d91fdd7349aad14b0537f4d05a6af0b16ebe/ Payload URLs: ???? https://urlhaus.abuse.ch/browse/tag/rob96/ https://twitter.com/abuse_ch/status/1400382550565179395/photo/1

• [2021-06-02 01:14:56] @c3rb3ru5d3d53c #Ousaban #Banker #Malware #Loader ???? 27c36d131fa9bcd51f3af959ded902da https://www.virustotal.com/gui/file/4c00de04fbce7f8f3d8c9c839061c97feabcc71b234b31a858508ee64e86aff0/detection

• [2021-06-01 21:00:02] @HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 65 VirusTotal: https://www.virustotal.com/gui/file/3a56e311e1e5b7c560b741365db26239509dabcc5556b94279bb8a3dc0815e8a/detection/f-3a56e311e1e5b7c560b741365db26239509dabcc5556b94279bb8a3dc0815e8a-1606811419 Threat: Ransom_WCRY.SMALYM (TrendMicro)

• [2021-06-01 16:55:02] @HeliosCert @HeliosCert Sample analysed on #virustotal VirusTotal-Score: 61 VirusTotal: https://www.virustotal.com/gui/file/2e48189373ff777ebc9abcc0a8a50122208dd883f5d3fde880a39605cf60c886/detection/f-2e48189373ff777ebc9abcc0a8a50122208dd883f5d3fde880a39605cf60c886-1573096501 Threat: Ransom:Win32/CVE-2017-0147.A (Microsoft)

• [2021-05-28 23:36:39] @James_inthe_box @KorbenD_Intel @JAMESWT_MHT @malwrhunterteam @Arkbird_SOLG Couple more: https://www.hybrid-analysis.com/string-search/results/b1c906a6fc8e00dabcca668dd769e2e02188b747bdf742ee1af579b56f44159c https://twitter.com/James_inthe_box/status/1398317305755435008/photo/1

• [2021-05-28 10:07:42] @a9990b7de7c240 https://www.virustotal.com/gui/file/ba2bf0c14e263cba35ca07a3ea580c0e6454729dee2d8c41efabce79076299d7/detection. ???? https://twitter.com/a9990b7de7c240/status/1398113723915583490/photo/1

• [2021-05-27 03:57:38] @InQuest ???? Malicious file found hosted at: https///www.nirsoft.net/utils/nircmd.zip SHA256: 5071b54669bb1e88422c6c340204b0b3a0ffd07e2ac1d747ccbd1447abc92948 IOC extracted from sample: https://labs.inquest.net/dfi/hash/90eafb24651dbbd8a0d589f4365b34f7cafe7298f4dc1774a856d3ed4ade3636

• [2021-05-26 01:16:19] @Circuitous__ #TA505 #maldoc with VBA macro PO 474050.xls 8cd09ba1a0a1c52115e5419c92342708 akachi.co.za Also seems like ta505: Inv 820984.xlsb a517f3ba8521abcdfe19b5c627d408bc impress-hrd.mysoftheaven.com 162.144.12.168 larger list https://pastebin.com/DeXjTP2Q https://app.any.run/tasks/1a79583e-3f05-4d58-be61-6944bca8eb2d/ https://twitter.com/Circuitous__/status/1397255222427271169/photo/1

• [2021-05-25 19:30:05] @davidorionmazur @twiss https://www.virustotal.com/gui/url/ac58c32d67fe1d6029b41759e037348822ac1c52815f1fa26ff445bd593f5072/detection https://www.virustotal.com/gui/file/e5093f559ac39aa371a6720f674907b33d10687a1562d71abc9869d1f5b54999/detection The URL comes back as safe and the downloaded file only had one flag. looks like a false positive. And it is definitely the installer wizard for that software. I try not to use sites like that. but that one seems safe.

• [2021-05-25 13:00:39] @jjrruiz @cdmon @CDmonworld * http://virustotal.com/gui/url/f618af990394d204154a3010671458e9a77d0d3ebe25a2e92a59a3c9744babce/detection * http://virustotal.com/gui/url/f31921b34e14e7de716f04023763cef91338c020b82c6d889e7f5b2f2a9a26c8/detection

• 보이스피싱, 불법촬영물, 랜섬웨어, 사이버 안보위협 등에 관련된 사안의 경우 다음과 같은 기관 및 단체의 도움을 받을 수 있습니다. 노모어랜섬(No More Ransom) 경찰청 사이버범죄 신고시스템 국가정보원 민원센터