Search
Keyword: URL
/tmp/.rksu_sysi.lock It connects to the following URL to get the infected machine's download speed: http://ipv4.download.{BLOCKED}band.com/200MB.zip It sends the gathered information to the following URL: http://
}.{BLOCKED}.201 However as of this writing, the said URL is inaccessible. If a successful connection has been established, the C2 server should reply with the following information: Download links for
a specific file name to proceed with its intended routine. It connects to the following URL to download its component which it will load in its memory and perform its malicious routine: https://d
\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED
\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED
\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED
\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED
link which supposedly points to a success story article. In actual, the URL points to a rogue Finance Reports website with a screenshot of a check amounting to $8,795 highlighted as a sample to tease
name}\Local Settings\Temp on Windows 2000, XP, and Server 2003.) Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: http://
downloaded files are exhibited on the affected system. Information Theft This Trojan accepts the following parameters: "koy" "url" "panel" NOTES: This malware is used as a component of other malware. It
This adware connects to a certain URL in order to send information and receive commands. This may result in the phone's security being compromised. To get a one-glance comprehensive view of the
Settings\Temp on Windows 2000, XP, and Server 2003.) NOTES: This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter
name}\Local Settings\Temp on Windows 2000, XP, and Server 2003.) NOTES: This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on
JAVA_BLACOLE. This is a Java class file that is used to execute an exploit code. Once successful, it may download a possibly malicious file from a certain URL. The URL where this malware downloads the said file
files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to
}ncessurplus.com/adobe/ NOTES: It checks for the installed Java version. If 1.5 It loads a jar file from the following URL and it passes parameters to it: http://{BLOCKED}ncessurplus.com/topic/accidentally-results-stay.php
Details This Trojan requires its main component to successfully perform its intended routine. NOTES: This Trojan downloads the file from the URL specified in the parameter id . It executes the downloaded
Settings\Temp on Windows 2000, XP, and Server 2003.) NOTES: This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter
}o.{BLOCKED}l/wwo7s?fotos={email address of receiver} http://goo.gl/PVwkU?skype={email address of receiver} http://{BLOCKED}o.{BLOCKED}l/WKyb5?profil={email address of receiver} The URL leads the user
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Game\ XYDE Url = "{random values}" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\{30909876-4567-3908-4056-909834565103}\InprocServer32 ThreadingModel =