Search
Keyword: URL
connects to the URL http://{BLOCKED}.{BLOCKED}.90.166:{port number}/29T11/{data} to report infection of the affected system. The variable {port number} may be any of the following: 12130 12131 12128 It
system's IP address: http://icanhazip.com/ It deletes the initially executed copy of itself NOTES: This Trojan connects to the URL http://{BLOCKED}.{BLOCKED}.90.166:{port number}/09SAL11/{data} to report
{807BF02B-3F5F-4570-970A-8AADBAA55AC1} . "36A900E5-0AE5-4ca6-84B4-45A05B42E705}_262144_124160" is decrypted from code section. It uses "Caguen1aMar" as encryption key for communications with the C&C server. It uses the following URL
Windows Vista and 7.) Download Routine This adware downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}nnermyall.ru/* - downloads ext_setup.exe
NOTES: It connects to the following URL to download files: www.{BLOCKED}o.com/setting.doc However, the said page do not exist. It save the downloaded file as: %System%\setting.ini Worm:Win32/Nuqel.BD
shell NOTES: It connects to the following URL to acquire its C&C setting: http://{BLOCKED}.{BLOCKED}xusercontent.com/s/0lkgew1wqqw6h13/20140512.txt However, as of this writing, the server does not contain
{BLOCKED}onguru.com/gate.php NOTES: This Trojan connects to the URL to download a ransom note template. It encrypts the following files and appends "encrypted" to these files: 3ds 3fr 3pr 7z ab4 ac2 accdb
{BLOCKED}dgewiki.info/gate.php NOTES: This Trojan connects to the URL above to download the key used in encrypting the files. It encrypts the following files and appends ".encrypted" to them: wb2 psd p7c p7b
{BLOCKED}gedbase.info/gate.php NOTES: This Trojan connects to the URL above to download the key used in encrypting the files. It encrypts the following files and appends ".encrypted" to them: wb2 psd p7c p7b
{BLOCKED}onguru.com/gate.php NOTES: This Trojan connects to the URL to download a ransom note template. It encrypts the following files and appends .encrypted : 3ds 3fr 3pr 7z ab4 ac2 accdb accde accdr accdt
downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. Other Details This Trojan connects to the
following URL(s) to check for an Internet connection: http://google.com/webhp NOTES: It terminates the following security-related services: AvSynMgr McShield navapsvc It connects to the following URL to
and port number depends on the following file. If the said file is not present, it uses the default proxy settings: {malware path}\mpc.dat It accesses the following URL to read its configuration:
RECYCLE.BIN Recycler TEMP APPDATA AppData Temp ProgramData Microsoft It connects to the following URL to send the victim ID: http://{BLOCKED}lloworld.com/mars.php?id={victim ID} - RAA NOTES: This ransomware
to access the following URL upon visiting any of the targeted bank-related sites: https://{BLOCKED}ommote.com/gate/script/{BOTID}/JP/{target bank-related URL}/{scriptname}.js PWS:Win32/Zbot!rfn
to get the affected system's IP address: http://icanhazip.com/ It deletes the initially executed copy of itself NOTES: This Trojan connects to the URL http://{BLOCKED}.{BLOCKED}.90.166:{port number
"Obter Senha" button will open the browser with the URL https://{BLOCKED}y.com/p/F8S3/ and display the following: https://{BLOCKED}y.com is a legitimate site where people can buy and sell digital products
when visiting malicious sites. Other Details This Coinminer does the following: Accepts the following parameters: -a, --algo=ALGO specify the algorithm to use cryptonight -o, --url=URL URL of mining
credentials from the following: Microsoft Outlook Other Details This Backdoor does the following: It connects to the following URL to download updates of itself and inject it to the currently running process of
1009956 - HPE Intelligent Management Center 'PlatNavigationToBean' URL Expression Language Injection Vulnerability (CVE-2019-5387) 1009902 - HPE Intelligent Management Center 'perfSelectTask' Expression