Search

distributed by the Angler Exploit Kit. This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It terminates itself if it

NOTES: The following image serves as the ransom note of the malware: It does not have rootkit capabilities. It does not exploit any vulnerability. Ransom:Win32/Locky.A (Microsoft); Troj/Locky-HO (Sophos);

It does not have rootkit capabilities. It does not exploit any vulnerability. Ransom:Win32/Locky (Microsoft); Ransom.Locky (Malwarebytes); Trojan-Ransom.Win32.Locky.ash (Kaspersky) Downloaded from the

This is the Trend Micro detection for suspicious files that manifest the characteristics of an exploited JSON format. It is a heuristic detection for a JNLP XML file that may execute a possibly

following means: delivered by exploit kits Installation This Trojan drops the following component file(s): {malware path}\explorer.exe - legitimate rundll32.exe %User Startup%\!{unique ID}{random character 1

following means: delivered by exploit kits Installation This Trojan drops the following component file(s): For Windows XP and below: %User Startup%\!{unique ID}{random character 1}.lnk - component that

following means: delivered by exploit kits Installation This Trojan drops the following component file(s): For Windows XP and below: %User Startup%\!{unique ID}{random character 1}.lnk - component that

following means: delivered by exploit kits Installation This Trojan drops the following component file(s): For Windows XP and below: %User Startup%\!{unique ID}{random character 1}.lnk - component that

servers: Operating System version OS Architecture (if 64 bit version) Service Pack System Language Victim ID NOTES: It does not have rootkit capabilities. It does not exploit any vulnerability.

file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. This malware arrives via the following means: delivered by exploit kits Installation This Trojan

its servers: It reports infection status and unique ID to {BLOCKED}.{BLOCKED}.82.19:443 NOTES: It does not have rootkit capabilities. It does not exploit any vulnerability.

itself after execution. NOTES: It does not have rootkit capabilities. It does not exploit any vulnerability. It performs a man-in-the-browser attack, in which codes are injected into the browser in order

does not have rootkit capabilities. It does not exploit any vulnerability. Backdoor.Emduvi!gen1 (Symantec); Troj/Emdivi-A (Sophos); Trojan:Win32/Xabil.A (Microsoft); W32/Emdivi.WUA!tr (Fortinet);

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be hosted on a website and run when a user

}&utm_term={value}&se_referrer={value} However, as of this writing, the said sites are inaccessible. NOTES: It does not have rootkit capabilities. It does not exploit any vulnerability. Downloaded from the

Description Name: NEMUCOD - HTTP (Request) - Variant 7 . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as N/A. This also indicates a malware infection. Below are some indicators of an infected host:...

Description Name: NEMUCOD - HTTP (Request) - Variant 8 . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are some i...

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It requires being executed with a specific

Other Details This Trojan does not exploit any vulnerability. NOTES: The document contains the following message details luring users to enable macro content: SNH:Script [Dropper] (AVAST);

does the following: Creates the following named pipe and connects to it: MSSE-{Random number}-server It does not exploit any vulnerability. Backdoor:Win64/CobaltStrike.NP!dha (MICROSOFT) ;