Search
Keyword: URL
certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: val prime Other Details This Trojan executes the downloaded file
user’s browser tab and downloads content from a Twitter user’s profile. The cybercriminals use the affected Twitter user’s profile content to hide the malicious URL that the plugin connects to. Once
does not have any information-stealing capability. Other Details This Coinminer accepts the following parameters: -a, --algo=ALGO cryptonight (default) or cryptonight-lite -o, --url=URL URL of mining
to affected computer Delete file/s from affected computer Rename file/s from affected computer Create new directory Search a file from affected computer Download file from url Download file from local
C:\ on all Windows operating system versions.) Download Routine This Trojan connects to the following URL(s) to download its component file(s): http://{BLOCKED}f.biz/ask.txt - updated URL list http://
lower-left will access the following URL (Agreement Page):
http://{BLOCKED}stant.net/agreement.html By default, it will install multiple applications. However, the user can select which applications to install
/usr/bin/.sshd /usr/bin/bsd-port/getty Process that uses the following URL and Ports: {BLOCKED}.{BLOCKED}.{BLOCKED}.86:443 {BLOCKED}.{BLOCKED}.{BLOCKED}.238 {BLOCKED}.{BLOCKED}.{BLOCKED}2.87 :3333 :4444 :5555
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It downloads a file from a certain URL then renames
accepts the following parameters: -a, --algo=ALGO → cryptonight (default) or cryptonight-lite -o, --url=URL → URL of mining server -O, --userpass=U:P → username:password pair for mining server -u, --user
XP, and Server 2003, or C:\Users\{user name} on Windows Vista and 7.) Download Routine This Ransomware downloads the file from the following URL and renames the file when stored in the affected system:
will work abnormally slow. accepts the following parameters: -a, --algo=ALGO cryptonight (default) or cryptonightite -o, --url=URL URL of mining server -O, --userpass=U:P username:password pair for
the following additional components to properly run: {malware path}\iusb3mon.dat -> also detected as TROJ_CIVIRDAT.D NOTES: The downloaded configuration file contains the following information: URL of
infinite sleep command to avoid unloading of memory of process to dump. It sleeps for 21,000 seconds when AvastSvc.exe is running. It needs another plugin/component gforce_dll for its URL spoofing done on
\System32.) Download Routine This spyware downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}idata.com/eng/test/jp1.php?m={random}&os={os version
{BLOCKED}le.com {BLOCKED}a.{BLOCKED}sk.net {BLOCKED}a.{BLOCKED}nest.com {BLOCKED}t.{BLOCKED}e.kz NOTES: This malware is capable of the following: Visit a URL specified by remote server Download and execute
{data/code}" Download/Execute Arbitrary Plugins Uninstall itself Drops and executes the following: %User Temp%\xxm{random}.bat Change the Interval of activity time Change the C&C URL accessed Download and
downloads a file from a certain URL then renames it before storing it in the affected system. It executes downloaded files whose malicious routines are exhibited by the affected system. Arrival Details This
p12 tax It does the following: It connects to the following URL to report the affected system's information: http://{BLOCKED}plin.net/wordpress/wp-includes/oops.php?id=2886098&cname={computer name}&arch
\CurrentControlSet\ services\BITS Type = "272" (Note: The default value data of the said registry entry is "32" .) Download Routine This spyware downloads the file from the following URL and renames the file when
{data/code}" Download/Execute Arbitrary Plugins Uninstall itself Drops and executes the following: %User Temp%\xxm{random}.bat Change the Interval of activity time Change the C&C URL accessed Download and