Search

Description Name: RECOZEN - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are some indicators of...

Description Name: RECOZEN - HTTP (Request) - Variant 2 . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are some i...

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It takes advantage of certain vulnerabilities. Arrival

This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. However, as of this writing, the said sites are

This worm may be downloaded by other malware/grayware/spyware from remote sites. It uses the Windows Task Scheduler to add a scheduled task that executes the copies it drops. It executes commands

This worm may be downloaded by other malware/grayware/spyware from remote sites. It uses the Windows Task Scheduler to add a scheduled task that executes the copies it drops. It executes commands

This worm may be downloaded by other malware/grayware/spyware from remote sites. It uses the Windows Task Scheduler to add a scheduled task that executes the copies it drops. It executes commands

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a

This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This worm arrives on a system as a file

DATABASE %s? (This command will delete the database) CREATE DATABASE PLEASE_READ_ME_XYZ (This command will create a blank database) CREATE TABLE WARNING (id INT NOT NULL, PRIMARY KEY(id), warning TEXT,

following commands on the database it has bypassed: DROP DATABASE %s← (This command will delete the database) CREATE DATABASE %s;' % 'PLEASE_READ_ME_XYZ ← (This command will create a blank database) CREATE

will create a blank database) CREATE TABLE WARNING (id INT NOT NULL, PRIMARY KEY(id), warning TEXT, Bitcoin_Address TEXT,Email TEXT); ? (This command will create a blank table in the current database)

HOSTS File Modification This Trojan overwrites the system's HOSTS files to prevent users from accessing the following websites: {BLOCKED}.253.22 008.wzhe123.cn {BLOCKED}.253.22 010389.com {BLOCKED

This Worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It takes advantage of software vulnerabilities to

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It takes advantage of certain vulnerabilities. Arrival

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It takes advantage of certain vulnerabilities. Arrival

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It takes advantage of certain vulnerabilities. Arrival

This malware is a PowerShell script responsible for downloading and dropping other files. It is implicated in a malicious cryptocurrency-mining activity that features a malware propagating via

This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Backdoor arrives on a system as a

This worm arrives via removable drives. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops copies of itself