Search
Keyword: URL
x11 -> X11 x13 -> X13 x14 -> X14 x15 -> X15 zr5 -> ZR5 -o, --url=URL -> URL of mining server -O, --userpass=U:P -> username:password pair for mining server -u, --user=USERNAME ->
to check for an Internet connection: google.pl It does the following: It connects to the URL "http://bit.ly/2razNDz" which will then be redirected to "http://www.wikihow.com/Send-Bitcoins" It tries to
\software\macromedia\flashplayeractivex It uses the following URL as referrer to access the site where it generates its click-fraud: http://{BLOCKED}litter.com/ It uses the advertisements from the following
objautlink and URL Monikers TippingPoint 27841: HTTP: RTF File Implementing objautlink and URL Monikers Smart Home Network Security 1133594 FILE Microsoft Outlook Remote Code Execution Vulnerability
Coinminer requires the following additional components to properly run: {Coinminer Directory}\config.json It does the following: It accepts the following Parameters: -o, --url=URL URL of mining server -a,
Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to
however, led them to download a bogus Adobe Flash Player update (detected by Trend Micro as TROJ_DLOAD.QK ). This connects to a URL to download TROJ_INJECT.ZZ, which dropped TROJ_ROOTKIT.FX. Normal 0 false
file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: duFJfXw Other Details This Trojan requires its main
List of strings it will monitor usually related to banking URL to send stolen information Stolen Information This spyware sends the gathered information via HTTP POST to the following URL: http://
\ Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} DisplayName = "Search" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} URL =
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\Distribublr Backdoor Routine This worm executes the following commands from a remote malicious user: Access URL using Internet Explorer Download and execute
(DOWNLOAD) - Downloads and execute arbitrary file (EXEC) - Executes command (GET) - Sends GET floods (HELP) - Print Commands (OPENURL) - Opens a URL using a hidden browser (POST) - Sends POST floods
file from a certain URL then renames it before storing it in the affected system. It executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected
\Software\Microsoft\Windows\CurrentVersion senha = "{stolen password}" It then send passwords for the said sites to the following URL via HTTP post: http://{BLOCKED}nerditerr.{BLOCKED}1.f1.k8.com.br/teste.php
does not have any propagation routine. Backdoor Routine This backdoor executes the following commands from a remote malicious user: Download a file Execute downloaded file Get URL to download Sleep for 5
Temporary folder, which is usually C:\Windows\Temp or C:\WINNT\Temp.) NOTES: It reports system infection by sending IP address and infection time to the following URL via HTTP post: http://www.{BLOCKED
GlobalUserOffline = 0 NOTES: It connects to the following URL to inform the remote user about its installation: http://{BLOCKED}.137.85/xml?a=2003&ip=self&kw= TrojanDownloader:Win32/Tracur.AG (Microsoft) Connects to
\ Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} DisplayName = "Search" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} URL =
information, and the URL where it sends its stolen data.
www.google.com {BLOCKED}.{BLOCKED}.118.188 search.yahoo.com {BLOCKED}.{BLOCKED}.118.188 www.bing.com NOTES: It accesses the following URL to notify the malicious user of its installation: http://{BLOCKED}.{BLOCKED