Search
Keyword: URL
"explorer.exe" .) Other Details This Ransomware does the following: It executes the following commands to shutdown the system within 4 minutes: shutdown -s -t 240 It connects to the following URL for stat
the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}.{BLOCKED}.197.153/krabaldento.exe It saves the files it downloads using the following names:
following: Drops the following file as a copy of "POWERSHELL.exe": %User Profile%\{random capital leters}\{random capital leters}.EXE It connects to the following URL to download and execute codes to its
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It downloads a file from a certain URL then renames it
compromised or malicious website. It requires the arguments found in the website's URL in order to proceed with its intended routine. EXP/FLASH.Lodabytor.T.Gen (Avira) Downloaded from the Internet
affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. Other Details This
-noninteractive -windowstyle hidden -EncodedCommand {base64 encoded powershell command} It connects to the following URL to download and execute a malicious PowerShell script. However, as of this writing, the said
could allow elevation of privilege if users use a specially crafted URL to visit certain websites. These malicious URLs could arrive via spammed messages sent through email or Instant Messaging
CVE-2008-1238 Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials
downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: ldcrlio tt t Java/Exploit
visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}l.com/34/da.exe It saves the files it
malicious URL
\Microsoft.NET\Framework\v3.0\ %Windows%\Microsoft.NET\Framework\v3.5\ %Windows%\Microsoft.NET\Framework\v4.0.30319\ It uses bitsadmin.exe to download the malware from URL to its destination path. The downloaded
2008, and Windows Server 2012.) Other Details This Trojan connects to the following possibly malicious URL: http://{BLOCKED}y.id/temp/AudDrv.exe Note: This URL is accessed upon the execution of the
C:\ProgramData on Windows Vista, 7, and 8. ) Download Routine This Coinminer downloads the file from the following URL and renames the file when stored in the affected system: http://www.{BLOCKED
Description Name: Amazon Phishing - DNS (Response) . This is Trend Micro detection for packets passing through DNS network protocols that can be used as Data Exfiltration. This also indicates a malware infection. Below are some indicators of an infec...
SharePoint Foundation , Groove Server , and MS Office Web Apps . When exploited, the vulnerabilities may lead to any of the following: cross-site scripting elevation of privilege information disclosure URL
Description Name: Callback to URL in Apex Central or Deep Discovery Director User-Defined Suspicious Objects list . This is Trend Micro detection for packets passing through any network protocols that can be used as Command and Control Communication....
bi-directional named pipe: status_34545 status_32212 status_1db0 status_89ca It connects to the following URL to get and execute arbitrary commands: {BLOCKED}.{BLOCKED}.195.203:443/ql8G It does not exploit any
}i.space/ml/tby/pd/log.php Other Details This Trojan does the following: It disguises itself as a login page to download a document: After sending the user credentials, the webpage will be redirected to the following URL