Search
Keyword: URL
does the following: It executes the following command to ping the specified URL with a specific buffer size: ping 1.1.1.1 -n 5 -w 3000 Ransomware Routine This Ransomware avoids encrypting files with the
system versions.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components:
properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML
the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware
command get local php configuration file get local list of files Information Theft This backdoor accepts the following parameters: URL to send and receive information directory for downloaded file It
following software vulnerabilities to download possibly malicious files: re.exe It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware
downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. Information Theft This Trojan does not
malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. Java/Exploit.BXN(AVG), Exploit:Java/Fashack.D(Microsoft),
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when
port wallet The built file searches for the following files: \Bitcoin\wallet.dat \MultiBit\multibit.wallet It connects to the non-malicious URL http://www.hackforums.net/newreply.php?tid
file from the following URL and renames the file when stored in the affected system: http:/{BLOCKED}.{BLOCKED}.218.107/b2f627/ip_cn.txt (Contains List of IP Addresses) It saves the files it downloads
sequence of specially crafted Internet Control Message Protocol (ICMP) messages to a target system or sends a specially crafted URL request to a server that is serving Web content and has the URL-based
the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}ngroup.com/papifrnd.exe It takes advantage of the following software vulnerabilities to download
like citing current events such as the Covid-19 pandemic to grab the receiver’s attention. The download URL structure, technique used, and macro code is similar to that of a campaign that delivers
Other Details This Trojan does the following: It connects to the following URL to download and execute a script: https://{BLOCKED}.{BLOCKED}.128.147:443/images/static/content/ https://{BLOCKED}.{BLOCKED
user to re-enter their credentials It redirects the webpage to the following URL after sending the user credentials the second time: http://www.{Email Domain} It does not exploit any vulnerability.
following: This backdoor connects to the following URL through UDP communication to get and execute arbitrary codes: {BLOCKED}ge.3057441.ns1.microsoftdata.site However, as of this writing, the said sites are
following: This backdoor connects to the following URL through UDP communication to get and execute arbitrary codes: {BLOCKED}ge.3057441.ns1.microsoftdata.site However, as of this writing, the said sites are
!api/2.0/snippets/lulimpishtum/aqqApa/ae9f1bacccbf90b8221f755a259d1cddb270c79b/files/file Other Details This Trojan connects to the following URL(s) to get the affected system's IP address: https://{BLOCKED}ig.me/ip It does the following: It connects to the following URL to get the