찾아줄게요
CODE 파일은 무엇입니까?
-
안녕하세요. 제 컴퓨터에서 CODE라는 파일을 찾았는데 이것이 무엇인지 잘 모르겠습니다. 알려주시면 감사하겠습니다.
-
CODE 파일은 CryptoMix 암호화 파일 입니다. CryptoMix에서 배포한 파일인 것으로 보입니다. 2017-10-24 17:57:25에 처음으로 보고되었으며 2017-10-24 17:57:25에 마지막으로 보고되었습니다.
-
CryptoMix 프로그램을 다운로드하여 CODE 파일을 열 수 있습니다.
-
CryptoMix 랜섬웨어 암호화 파일
CryptoMix ransomware encrypted file -
# HELP_DECRYPT_YOUR_FILES # (HTML, TXT)
# RESTORING FILES # (HTML, TXT)
HELP_DECRYPT_YOUR_FILES (HTML, TXT)
HELP_YOUR_FILES (HTML, TXT) -
연관 링크 #1: 첨부된 링크가 없습니다.
-
연관 링크 #2: 첨부된 링크가 없습니다.
-
-
[2021-07-07 00:55:04] @malware_traffic 2021-07-06 (Tuesday) - #BazarLoader (#BazaLoader) from "Stolen Image Evidence" zip archive led to #CobaltStrike - Encoded binary for Cobalt Strike at: hxxp://46.17.98.191/OuqC8rXGwlN5saz48clBNekGjhs8Kjmf - List of IOCs available at: https://github.com/brad-duncan/IOCs/blob/main/2021-07-06-BazarLoader-with-Cobalt-Strike-IOCs.txt https://twitter.com/malware_traffic/status/1412470165179092992/photo/1
-
[2021-07-06 13:05:44] @alberto__segura New #Flubot 4.7 sample. Same countries affected. but it is stopped using seed by country. it now selects a DGA seed randomly. The old code is still used to block numbers phone numbers. https://www.virustotal.com/gui/file/fe52bed001f28a4b218bcd0ad31b92fb59022778cf68a1445cf3e8c612a5e04c/detection cc @malwrhunterteam @danlopgom @pr3wtd @JosepAlbors https://twitter.com/alberto__segura/status/1412291656301400064/photo/1
-
[2021-07-05 13:09:43] @ActorExpose Defacement Incident "haven't recovered for an while" ASCII Art? exfil: [email protected]. [email protected] hxxps://www.parjan.nl source code: https://pastebin.com/raw/6apqYbCT @Spam404 @douglasmun @CSAFCert https://twitter.com/ActorExpose/status/1411930269544861698/photo/1
-
[2021-07-03 21:52:38] @dark0pcodes #kasaya REvil entrypoint (despues de desempaquetar). Interesante string "DTrump4Ever". https://www.virustotal.com/gui/file/9b11711efed24b3c6723521a7d7eb4a52e4914db7420e278aa36e727459d59dd/detection https://twitter.com/dark0pcodes/status/1411337089237536768/photo/1
-
[2021-06-29 23:14:20] @h2jazi - Using Donut framework to inject .NET Assembly as Shellcode ref: http://www.pwncode.io/2018/08/macro-used-to-spoof-parent-process.html 8a05471515030c19881a2b3e1e6562d5 project-manager-3592.doc https://twitter.com/h2jazi/status/1409908101759868929/photo/1
-
[2021-06-29 04:30:38] @Arkbird_SOLG @c3rb3ru5d3d53c @malwrhunterteam You can see the convert the hex code of the sequences to asm code. here for the opcodes in x86 : http://ref.x86asm.net/coder32.html Have fun ;-)
-
[2021-06-29 04:03:00] @michalmalik https://www.virustotal.com/gui/file/1a4ffc5fb732585afd5aa2ca5116dcff041896731e08c1a4cf40ee93dce0d785/detection < Shellcode packed with Golang packer https://github.com/jm33-m0/emp3r0r/tree/master/packer (based on Ezuri). tries to connect to 106.13.83.195:8999
-
[2021-06-25 17:12:27] @siri_urz #Ransomware 25E1F52F7CCAEF617700C137C89597AB C:\work\Povlsomware\Mishmash\obj\Debug\Mishmash.pdb Unlock code: pass https://twitter.com/siri_urz/status/1408367477042651138/photo/1
-
[2021-06-22 04:49:22] @1ZRR4H @dark0pcodes Otro dominio relacionado qgam.top (194.147.84.117) ???? Interesante. luego de encriptar la información. obtienen el C2 desde bandakere.tumblr.com para descargar y ejecutar Vidar #Stealer (159.69.20.131). Sample: https://app.any.run/tasks/49ab286b-1f6d-43cd-be3c-11c16f70cb4f/ #Djvu / #STOP -> #Vidar / #Arkei https://twitter.com/1ZRR4H/status/1407093309340852233/photo/1
-
[2021-06-21 15:07:16] @yvesago #phishing @lisalaposte s://www.supergomes.com.br/certiecode/authentification/colis= 237/ VIA p://e-commnucation.apple.stjb-delasalle.fr/ ping @malwrhunterteam @Spam404 @PhishStats https://twitter.com/yvesago/status/1406886422670450689/photo/1
-
[2021-06-20 20:48:03] @rudjosu IF YOU CAN HELP - @miiramoo compiled the python code into an executable. and uploaded it to virus total - https://www.virustotal.com/gui/file/cab6d2df593387a6ee9648ea012b8ae3a8de6e1d39fcd8fd75f249aeadb2281d/behavior/VirusTotal%20ZenBox (clicking this isn't dangerous). Also this is the domain that got sent https://who.is/whois/dimensionlands.com and the emails were all changed to @/levitech.xyz 2/2
-
[2021-06-20 11:05:17] @fbgwls245 85D90010FED526EEF947C440629B82DD #WormLocker F:\Extra Space\Ransomware\WormLocker2.0 SOURCE\WormLocker2.0\WormLocker2.0\obj\Debug\FishLocker.pdb Unlock Code: LUC QPV BTR https://twitter.com/fbgwls245/status/1406463139554619394/photo/1
-
[2021-06-20 01:03:56] @petrovic082 #encoder https://app.any.run/tasks/56b864c8-6d36-4783-a242-34a4531442e5/ https://app.any.run/tasks/d059107e-f6d9-4b10-b976-9b76d163114d/ encode.bat https://textbin.net/raw/syyecpn3ok
-
[2021-06-19 00:11:00] @bad_packets Active DDoS malware payload detected: http://108.249.194.121:39364/Mozi.m ( https://www.virustotal.com/gui/url/4c1f1190a0d9855ee5334aef718b23bb527fca139ca2924b34010061aa664d56/details) Exploit attempt source IP: 108.249.194.121 (????????) Target: Huawei router remote code execution vulnerability CVE-2017-17215 ( https://nvd.nist.gov/vuln/detail/CVE-2017-17215) #threatintel https://twitter.com/bad_packets/status/1405936093107613704/photo/1
-
[2021-06-16 02:18:16] @dubstard ????@Uniswap ⚠ /app.unīswap.com ☣ AS22612 162.0.237.15 ???? @Namecheap ???? Namecheap ????@SectigoHQ @ActorExpose @CryptoPhishing @CryptoScamDB @JAMESWT_MHT @JCyberSec_ @PhishFort @phishunt_io @sniko_ @haydenzadams @nullcookies @Spam404 #phishing #scam #punycode #IDN https://twitter.com/dubstard/status/1404880959447654402/photo/1
-
[2021-06-15 14:00:34] @reecdeep #Lokibot #malware from #shellcode by CVE 2017-11882 https://app.any.run/tasks/9bff6553-ceb7-40fe-abc7-d7da5cc2c895# ????hxxp://107.173.219.35/win/vbc.exe #opendir ????c2: hxxp://aft-forge-tw.com/Bn4/fre.php #infosec #CyberSecurity #cybercrime #Security
-
[2021-06-11 05:20:34] @bad_packets Mass scanning activity detected from 194.48.199.78 (????????) checking for Apache Airflow hosts vulnerable to remote code execution (CVE-2020-11978). #threatintel
-
[2021-06-10 13:08:13] @parsan26 Possible #CVE-2021-33739 in-the-wild exploit : https://www.virustotal.com/gui/file/3a34600201faac1dd440ac084c1fa238312a6f51c6500b814fd50197f600c3d5/detection PDB : C\Users\ghostx\source\repos\test\x64\Release\test.pdb ShellCode connects to C2: 213.164.205.138:8989 https://twitter.com/parsan26/status/1402870197371891716/photo/1
-
[2021-06-09 21:54:56] @RedDrip7 Possible #CVE-2021-33739 in-the-wild exploit : https://www.virustotal.com/gui/file/3a34600201faac1dd440ac084c1fa238312a6f51c6500b814fd50197f600c3d5/detection PDB : C:\Users\ghostx\source\repos\test\x64\Release\test.pdb ShellCode connects to C2: 213.164.205.138:8989 https://twitter.com/RedDrip7/status/1402640362972147717/photo/1
-
[2021-06-05 01:05:41] @malware_traffic 2021-06-04 (Friday) - #Qakbot #(Qbot) infection led to #CobaltStrike on 23.108.57.108 spoofing code.jquery.com and using hesistatesecuritybusiness.com for Cobalt Strike C2 comms https://twitter.com/malware_traffic/status/1400876426497253379/photo/1
-
[2021-06-04 16:29:31] @bl4ckh0l3z @malwrhunterteam #donot #apt ???????????? ????️C2: yoururl.icu ????Strings are base64 encoded. https://twitter.com/bl4ckh0l3z/status/1400746528747175942/photo/1
-
[2021-06-04 15:01:43] @Slvlombardo #Phishing Jour merveilleux Registrati. Deposita. Fai trading #bitcoin Profitto #IoC ????https ://bit.ly/2SUycSZ http://vip.gewinncodesystem.shownew.work/vip/IT/3982/ ???? https://www.virustotal.com/gui/url/f52c382665da00e2fa40b9c5d7891907b542d05dd32c11d7d23977bd00a2f9de/detection https://twitter.com/Slvlombardo/status/1400724433606692865/photo/1
-
[2021-06-04 01:26:56] @bad_packets Mass scanning activity detected from 104.40.252.159 (????????) checking for VMware vSphere hosts vulnerable to remote code execution (CVE-2021-21985). Vendor advisory: https://www.vmware.com/security/advisories/VMSA-2021-0010.html #threatintel
-
[2021-06-03 22:55:57] @reecdeep #BitRat #Malware targeting #Italy ???????? "Re: ordine" XLSX > EXE https://app.any.run/tasks/56ad6fda-2f72-466d-ab16-a058f51c9546 ???? (shellcode): hxxp://5.181.80.126/0b1.exe (C2): 0b1.duckdns.org #infosec #CyberSecurity #cybercrime #Security @guelfoweb @AgidCert @VirITeXplorer @58_158_177_102 @matte_lodi @D3LabIT https://twitter.com/reecdeep/status/1400481387258552326/photo/1
-
[2021-06-03 02:02:09] @ESETresearch In the archive. attackers added a Cobalt Strike loader Acrobat.dll. that loads a Cobalt Strike shellcode. The C&C is 95.217.1.81. Malicious archive on VT: https://www.virustotal.com/gui/file/FF1DCAB09F24A4C314AF3EE829F80127E5B54F5BE2A13E812617F77D0DEEEF57 2/7
-
[2021-06-01 15:00:07] @5h1vang tweet- 1/2 New versions of #Android #Covid #SMSTrojans under development. https://www.virustotal.com/gui/file/87fc5b1a171a535ab65fa53ba2dd422e2fcc4b8ac18dee291b44609c2c13d7d0/detection Similar to @LukasStefanko tweet https://twitter.com/LukasStefanko/status/1387733166195150849 But with following changes: 1. Not yet signed 2. SMS Message encoded in base64 3. Distribution - hxxp://tiny.cc/CO-REGI
-
[2021-05-29 02:10:32] @Jacob_Pimental New #Sodinokibi/#REvil 2.07 variant From a quick glance. I'm not seeing anything different besides some slight code modifications. https://www.hybrid-analysis.com/sample/db59d4ab0aaf660fe778f9190102e1b808bc5d357026736ca335e4858ec512eb/60b13e6206e4227c5f0d909e Link to config: https://gist.github.com/JacobPimental/870792860013396997fc43c0a7d6b535
-
[2021-05-29 01:10:47] @FlotterUsername Windows Defender detects my program that I wrote if my fingers as a trojan. OK. so i allow the "threat". Next day. new malware codename. but now it just _deleted_ my program without warning or undo option. Thanks. @msftsecurity! https://www.virustotal.com/gui/file/0595c73970e8fd57a5f4d7566bd46ad147bd479706a93c6a56305cd370721812/detection
-
[2021-05-28 12:29:23] @jjrruiz @EasyWP #fraudulent account for #phishing: * https://partcelier-banek-esparticulares1-8823c4.ingress-erytho.easywp.com/bseroe/necrolae/3ef73a05b48eba9c141d2d852d704973/publications.php?ip= 328260091code= 139035369&id= 41695960&country= 257559492 * https://partcelier-banek-esparticulares1-8823c4.ingress-erytho.easywp.com/bseroe/necrolae/3ef73a05b48eba9c141d2d852d704973/operaciones.php?assure_nfpb= true&_pageLabel= as_login_page&connexioncompte_2actionEvt= afficher&lieu.x= fr_2156566&8e6ad1fc3e524eb05daca5bfceff94fa * https://partcelier-banek-esparticulares1-8823c4.ingress-erytho.easywp.com/bseroe/necrolae/3ef73a05b48eba9c141d2d852d704973/accounte.php?assure_nfpb= true&_pageLabel= as_login_page&connexioncompte_2actionEvt= afficher&lieu.x= fr_7290258&68ea8df5485a3a213da55b9179fd57f1 * https://partcelier-banek-esparticulares1-8823c4.ingress-erytho.easywp.com/bseroe/necrolae/3ef73a05b48eba9c141d2d852d704973/smsone.php?assure_boba= true&_pageLabel= as_login_page&connexioncompte_2actionEvt= afficher&lieu.x= fr_6387837&c8089de9b02200e2879e90ee00d1f8a4 * https://partcelier-banek-esparticulares1-8823c4.ingress-erytho.easywp.com/bseroe/necrolae/3ef73a05b48eba9c141d2d852d704973/smsone.php?assure_nfpb= true&_pageLabel= as_login_page&connexioncompte_2actionEvt= afficher&lieu.x= fr_4147730&9643d5750646f77f472348722373834d Proofs: https://www.virustotal.com/gui/url/f0874979d8502f6a852044263ddea5e6b3c7fc3b75fd0a92f86185506ac06247 https://www.virustotal.com/gui/url/ff1e423e10732e1b5fe18de608a93dbf43a93d90f2c58d49e9a3a2406c356358 https://www.virustotal.com/gui/url/b229fb77fdfefac1510dc6d8442bcc4e797d242e118bd4ce85f2323a7a20c75a https://www.virustotal.com/gui/url/9b932ca55d6ef76daff129258a830fffcf2549e7b6ab17c2410aa05075f69921
-
[2021-05-27 05:31:17] @Arkbird_SOLG Interesting to see some different structures of code but same injection method for the packets. looks like the oldest version of #Moriya driver without verbose for the debug. H/T @BushidoToken Yara: https://github.com/StrangerealIntel/DailyIOC/tree/master/2021-05-26/Moriya Sample : https://bazaar.abuse.ch/sample/ce21319bd21f76ab0f188a514e8ab1fe6f960c257475e45a23d11125d78df428/ https://twitter.com/Arkbird_SOLG/status/1397681774948491265/photo/1
-
보이스피싱, 불법촬영물, 랜섬웨어, 사이버 안보위협 등에 관련된 사안의 경우 다음과 같은 기관 및 단체의 도움을 받을 수 있습니다. 노모어랜섬(No More Ransom) 경찰청 사이버범죄 신고시스템 국가정보원 민원센터